Notations
This commit is contained in:
parent
47a1d3fd95
commit
4289c4331c
@ -218,7 +218,7 @@ Two examples of security game are given in Figure~\ref{fig:sec-game-examples}: t
|
|||||||
\pcwhile \adv(\texttt{query}, vk, \mathsf{st}, \oracle{sign}{sk,\cdot} ) \pcdo
|
\pcwhile \adv(\texttt{query}, vk, \mathsf{st}, \oracle{sign}{sk,\cdot} ) \pcdo
|
||||||
;\\
|
;\\
|
||||||
(m^\star, \sigma^\star) \gets \adv(\texttt{forge}, vk, \mathsf{st}) \\
|
(m^\star, \sigma^\star) \gets \adv(\texttt{forge}, vk, \mathsf{st}) \\
|
||||||
\pcreturn (vk, \ensemble{sign} m^\star, \sigma^\star)
|
\pcreturn (vk, \ensemble{sign}, m^\star, \sigma^\star)
|
||||||
}}
|
}}
|
||||||
}
|
}
|
||||||
\caption{Some security games examples} \label{fig:sec-game-examples}
|
\caption{Some security games examples} \label{fig:sec-game-examples}
|
||||||
@ -227,7 +227,11 @@ Two examples of security game are given in Figure~\ref{fig:sec-game-examples}: t
|
|||||||
\index{Reduction!Advantage}
|
\index{Reduction!Advantage}
|
||||||
The \indcpa{} game is an \emph{indistinguishability} game. Meaning that the goal for the adversary $\mathcal A$ against this game is to distinguish between two messages from different distributions.
|
The \indcpa{} game is an \emph{indistinguishability} game. Meaning that the goal for the adversary $\mathcal A$ against this game is to distinguish between two messages from different distributions.
|
||||||
To model this, for any adversary $\adv$, we define a notion of \emph{advantage} for the $\indcpa$ game as
|
To model this, for any adversary $\adv$, we define a notion of \emph{advantage} for the $\indcpa$ game as
|
||||||
\[ \advantage{\indcpa}{\adv}(\lambda) = \left| \Pr\left[ \Exp{\indcpa}{\adv,1}(\lambda) = 1 \right] - \Pr\left[ \Exp{\indcpa}{\adv, 0}(\lambda) = 1\right] \right|.\]
|
\[
|
||||||
|
\advantage{\indcpa}{\adv}(\lambda)
|
||||||
|
\triangleq
|
||||||
|
\left| \Pr\left[ \Exp{\indcpa}{\adv,1}(\lambda) = 1 \right] - \Pr\left[ \Exp{\indcpa}{\adv, 0}(\lambda) = 1\right] \right|.
|
||||||
|
\]
|
||||||
|
|
||||||
We say that a $\PKE$ scheme is $\indcpa$ if for any $\ppt$ $\adv$, the advantage of $\mathcal A$ in the $\indcpa$ game is negligible with respect to $\lambda$.
|
We say that a $\PKE$ scheme is $\indcpa$ if for any $\ppt$ $\adv$, the advantage of $\mathcal A$ in the $\indcpa$ game is negligible with respect to $\lambda$.
|
||||||
|
|
||||||
@ -242,7 +246,11 @@ The goal of the adversary is not to distinguish between two distributions, but t
|
|||||||
Those signature queries are provided by an oracle \oracle{sign}{sk,\cdot}, which on input $m$ returns the signature $\sigma = \Sigma.\mathsf{sign}(sk, m)$ and add $\sigma$ to $\ensemble{sign}$. The initialization of these sets and the behaviour of oracle may be omitted in the rest of this thesis for the sake of readability.
|
Those signature queries are provided by an oracle \oracle{sign}{sk,\cdot}, which on input $m$ returns the signature $\sigma = \Sigma.\mathsf{sign}(sk, m)$ and add $\sigma$ to $\ensemble{sign}$. The initialization of these sets and the behaviour of oracle may be omitted in the rest of this thesis for the sake of readability.
|
||||||
|
|
||||||
For EU-CMA, the advantage of an adversary $\adv$ is defined as
|
For EU-CMA, the advantage of an adversary $\adv$ is defined as
|
||||||
\[ \advantage{\textrm{EU-CMA}}{\adv}(\lambda) = \Pr\left[ \Sigma.\mathsf{verif}(vk, m^\star, \sigma^\star) = \top~\land~ \sigma^\star \notin \ensemble{sign} \right]. \]
|
\[
|
||||||
|
\advantage{\textrm{EU-CMA}}{\adv}(\lambda)
|
||||||
|
\triangleq
|
||||||
|
\Pr\left[ \Sigma.\mathsf{verif}(vk, m^\star, \sigma^\star) = \top~\land~ \sigma^\star \notin \ensemble{sign} \right].
|
||||||
|
\]
|
||||||
|
|
||||||
And a signature scheme is considered unforgeable under chosen message attacks if for any $\ppt$ adversary $\adv$, the advantage of $\adv$ is negligible with respect to $\lambda$.
|
And a signature scheme is considered unforgeable under chosen message attacks if for any $\ppt$ adversary $\adv$, the advantage of $\adv$ is negligible with respect to $\lambda$.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user