fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sigmasig

Browse Source
This commit is contained in:
Fabrice Mouhartem
2018-04-13 15:41:25 +02:00
parent ac6699be25
commit 224eb18e88
9 changed files with 994 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
chap-proofs.tex
View File

@ -248,7 +248,7 @@ This definition of advantages models the fact that the adversary is unable to di
Which means that the adversary cannot get a single bit of information about the ciphertext.
This kind of definition are also useful to model anonymity.
For instance in Part~\ref{pa:gs-ac}, the definition of anonymity for group signatures is defined in a similar fashion.
For instance in \cref{sec:RGSdefsecAnon}, the definition of anonymity for group signatures is defined in a similar fashion (\cref{def:anon}).
On the other hand, the security definition for signature scheme is no more an indistinguishability game, but an unforgeability game.
The goal of the adversary is not to distinguish between two distributions, but to forge a new signature from what it learns \emph{via} signature queries.
@ -279,8 +279,8 @@ The security definition of $\indcpa$ is defined as an indistinguishability game.
The first security definition for $\PKE$ was although a simulation-based definition~\cite{GM84}.
In this context, instead of distinguishing between two messages, the goal is to distinguish between two different environments.
In the following we will use the \emph{Real world}/\emph{Ideal world} paradigm~\cite{Can01} to describe those different environments.
Namely, for $\PKE$, it means that for any $\ppt$ adversary~$\widehat{\adv}$ ---\,in the \emph{Real world}\,--- that interacts with a challenger $\cdv$
there exists a $\ppt$ \emph{simulator} $\widehat{\adv}'$ ---\,in the \emph{Ideal world}\,--- that interacts with the same challenger $\cdv'$ with the difference that the functionality $F$ is replaced by a trusted third party in the \emph{Ideal word}.
Namely, for $\PKE$, it means that for any $\ppt$ adversary~$\widehat{\adv}$ --\,in the \emph{Real world}\,-- that interacts with a challenger $\cdv$
there exists a $\ppt$ \emph{simulator} $\widehat{\adv}'$ --\,in the \emph{Ideal world}\,-- that interacts with the same challenger $\cdv'$ with the difference that the functionality $F$ is replaced by a trusted third party in the \emph{Ideal word}.
In other words, it means that the information that $\widehat{\adv}$ obtains from its interaction with the challenger $\cdv$ does not allow $\widehat{\adv}$ to do more things that what it can do with blackbox accesses to the functionality.