10 lines
2.5 KiB
TeX
10 lines
2.5 KiB
TeX
\subsection{Notation}
|
|
|
|
\subsubsection{General Notation}
|
|
|
|
% TODO: Notation mit residual ring und finite field abklären.
|
|
For an integer n, $\field{n}$ is defined as the residual ring $\mathbb{Z}/n\mathbb{Z}$. $a \randomsample A$ denotes sampling the element $a$ from a non-empty set $A$ uniformly at random. $\assign$ denotes a deterministic assignment of a variable. $\{0,1\}^n$ is a bitstring of length n, while $\{0,1\}^*$ denotes a finite bitstring of arbitrary length. $(x,y)$ is a tuple of the two elements $x$ and $y$. $\{x,y\}$ is a set of the elements $x$ and $y$. At the beginning of a game a set is initialized to be the empty set $\{\}$. $\sum$ denotes a table and $\sum[x]$ denotes the value of the table at position $x$. Each position of the table is uninitialized at the beginning of the game. An uninitialized position in the table is denoted with the bottom symbol $\bot$. A function $f: \mathbb{N} \rightarrow \mathbb{R}$ is called negligible if there exists a $N \in \mathbb{N}$ for all polynomials $p$ so that $\forall n \geq N: f(n) < \frac{1}{p(n)}$. All algorithms are probabilistic polynomial time (ppt) unless stated otherwise. $o \randomassign \adversary{A}(I)$ denotes running the algorithm $\adversary{A}$ with input $I$ and uniformly random coins and $o$ describing its output. If $\adversary{A}$ has additionally access to an oracle $O$ this is denoted as $o \randomassign \adversary{A}^{O(\inp)}(I)$. A security game consists of a main procedure and optionally some oracle procedures. When the game is played, the main procedure is run and adversary $\adversary{A}$ is given some inputs and access to the oracle procedures. Based on the output of the adversary $\adversary{A}$ and its oracle calls, the main procedure outputs $1$ or $0$ depending on whether the adversary $\adversary{A}$ won the game.
|
|
|
|
\subsubsection{Algebraic Notation}
|
|
|
|
A group description is denoted as a tuple $\mathbf{G} = (L, \mathbb{G}, \groupelement{B})$ with $\mathbb{G}$ being a cyclic group of prime order $L$ generated by group element $\groupelement{B}$. The group uses additive notation for its group law and group elements are denoted by uppercase letters $\groupelement{A}$. Encoded group elements are denoted by underlining $\encoded{A}$. Further information on the encoding of group elements can be found in section \ref{sec:eddsa}. It is assumed that there exists a group generation algorithm that, upon inputting $1^\secparamter$, outputs a group description $\mathbf{G}$ with $L$ being $\secparamter$ bits in length. |