Behavior

chap-GS-LWE.tex

@@ -1541,7 +1541,7 @@ Hence, the difference $\mathbf{h} = \mathbf{z}' - \mathbf{z}_{i^\star} \in \ZZ^{
   The adversary's view  remains the same as in $\mathsf{Game}^{(d)}~1$, analogously to the security proof of the GPV IBE~\cite{GPV08}.
   \smallskip
 
-  \item[$\textsf{Game}^{(d)}$~3:] Here, we will change the behaviour of the opening algorithm.
+  \item[$\textsf{Game}^{(d)}$~3:] Here, we will change the behavior of the opening algorithm.
   Namely, at each fresh oracle query, we still store the matrices $\mathbf{E}_{0,\vk} \in \Zq^{m \times 2m}$  and, at the beginning of the game, the challenger
   samples an uniformly random $\mathbf{B^\star} \in \Zq^{n \times m}$ that is later used in place of $\mathbf{B}$ to answer $H_0$-queries.
   To answer the adversary's queries of the opening of a signature