masterthesis/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex

\subsection{\igame $=>$ UF-NMA (ROM)}

This section shows that \igame implies the UF-NMA security if the EdDSA signature scheme using the Algebraic Group Model. The section starts by first providing an intuition if the proof followed by the detailed security proof.

\begin{figure}
	\hrule
	\begin{multicols}{2}
		\large
		\begin{algorithmic}[1] 
			\Statex \underline{\game \igame}
			\State \quad $a \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
			\State \quad $\groupelement{A} \assign a \groupelement{B}$
			\State \quad $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$	
			\State \quad \Return $\exists \groupelement{R}^*, \ch^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - \ch^* \groupelement{A}) \wedge (\groupelement{R}^*, \ch^*) \in Q$		
		\end{algorithmic}
		\columnbreak
		\begin{algorithmic}[1] 
			\Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
			\State \quad $\ch_i \randomsample \{0,1\}^{2b}$
			\State \quad $Q \assign Q \cup \{ (\groupelement{R}_i, \ch_i) \}$
			\State \quad \Return $\ch_i$
		\end{algorithmic}
	\end{multicols}
	\hrule
	\caption{\igame}
	\label{game:igame}
\end{figure}