From f79065eb701517828eb98f8d499a3eeff4fef8c0 Mon Sep 17 00:00:00 2001 From: Fabrice Mouhartem Date: Thu, 14 Jun 2018 18:14:38 +0200 Subject: [PATCH] Typos --- chap-ZK.tex | 2 +- chap-sigmasig.tex | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/chap-ZK.tex b/chap-ZK.tex index 43e8328..ff91fa2 100644 --- a/chap-ZK.tex +++ b/chap-ZK.tex @@ -267,7 +267,7 @@ Quasi-adaptive \NIZK (\QANIZK)~\cite{JR13} are \NIZK where the common reference \end{figure} \index{Zero Knowledge!Schnorr's protocol} -Schnorr's methodology to construct proofs is based on the $\Sigma$-protocol technique to design zero-knowledge proofs. +Schnorr's methodology~\cite{Sch96} to construct proofs is based on the $\Sigma$-protocol technique to design zero-knowledge proofs. It has been introduced in order to prove the knowledge of a discrete logarithm (which can bee seen at the relation $R_{\mathsf{dlog}} = \{ (h, a) \in \GG \times \ZZ_p \mid h = g^a \}$ with $\GG = \langle g \rangle$ be a cyclic group of prime order $p > 2$) and is described in Figure~\ref{fig:schnorr-dlog}. An interpretation of this methodology is the following: given a commitment scheme $(\Setup, \Commit, \Verify)$, where the randomness $r$ used in $\Commit$ is made explicit, the first move of the prover $P$ consists in binding the randomness used in the commitment scheme $r$ using the transmitted value $\rho = g^r$, then the verifier asks the prover to commit to a challenge message $c$ using the randomness carried by $\rho$, and the prover sends the opening for this commitment $\open$. diff --git a/chap-sigmasig.tex b/chap-sigmasig.tex index 3a91c10..b3ed7ee 100644 --- a/chap-sigmasig.tex +++ b/chap-sigmasig.tex @@ -2,9 +2,8 @@ % \addcontentsline{tof}{chapter}{\protect\numberline{\thechapter} Signatures de groupe dynamique à base de couplages} % \label{ch:sigmasig} %------------------------------------------------- - In this chapter, we aim at lifting the \textit{signature with efficient protocols} from~\cite{LPY15} into the random oracle model in order to get an efficient construction~\cite{BR93}. -Signatures with efficient protocols in the Camenish and Lysyanskaya fashion~\cite{CL04a} are digital signatures which come with companion zero-knowledge proofs that allow a signature holder to prove knowledge of the signature of a commited message as well as proving possession of a hidden message-signature pair in a zero-knowledge manner. +Signatures with efficient protocols in the Camenish and Lysyanskaya fashion~\cite{CL04a} are digital signatures which come with two companion protocols: a protocol whereby a signer can obliviously sign a committed message known only to the user and a zero-knowledge proof to efficiently attest possession of a hidden message-signature pair. This building block proved useful in the design of many efficient anonymity-related protocols such as anonymous credentials~\cite{Cha85,CL01}, which are similar to group signatures except that anonymity is irrevocable (meaning that there is no opening authority). In other words, an anonymous credential scheme involves one (or more) credential issuer(s) and a set of users who have a long term secret key which can be seen as their digital identity, and pseudonyms that can be seen as commitments to their secret key.