8 lines
1.3 KiB
TeX
8 lines
1.3 KiB
TeX
\section{The Ed-GGM}
|
|
|
|
The subsequent section will determine specific bounds on the difficulty of particular variations of the discrete logarithm and one-more discrete logarithm problems introduced in previous proofs. These proofs are carried out in the generic group model. In the generic group model, group elements are represented as random bitstrings, and the adversary can only execute group operations by invoking an oracle.
|
|
|
|
In order to establish a generic group model for twisted Edwards curves, it's essential to examine the group structure. As demonstrated in Section \ref{sec:sdlog_imlies_igame}, a twisted Edwards curve can be broken down into a collection of cyclic subgroups. The generating set for this twisted Edwards curve is defined as a set of generators for these cyclic subgroups. With a fixed generating set, every point on the twisted Edwards curve can be uniquely expressed as a linear combination of the generators in that set. Consequently, the adversary is given the entire generator set as the description of the twisted Edwards curve. Additionally, the adversary has access to a group operation oracle, GOp, which, when supplied with two labels and a bit indicating whether the group elements should be added or subtracted, outputs the label of the resulting group element.
|
|
|
|
\input{sections/edggm/sdlog}
|
|
\input{sections/edggm/omdl} |