diff options
author | Jeff Burdges <burdges@gnunet.org> | 2018-09-15 15:41:28 +0200 |
---|---|---|
committer | Jeff Burdges <burdges@gnunet.org> | 2018-09-15 15:41:28 +0200 |
commit | 7ab5f8759ff93e8152b88eda5e14fad7a925c43f (patch) | |
tree | c89de12f32703d22a9ada3a35b6061d9a476d67f | |
parent | 542881fab046e294b302596eba5e80cf35f1c29b (diff) | |
download | papers-7ab5f8759ff93e8152b88eda5e14fad7a925c43f.tar.gz papers-7ab5f8759ff93e8152b88eda5e14fad7a925c43f.tar.bz2 papers-7ab5f8759ff93e8152b88eda5e14fad7a925c43f.zip |
Add sigma to blindness property
-rw-r--r-- | taler-fc19/paper.tex | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index fde7bf4..8ea12ed 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -780,10 +780,20 @@ We require the following two security properties for $\textsc{BlindSign}$: \begin{itemize}
\item \emph{blindness}: Let $M$ be the set of all possible messages and $\overline{M}$ be the
set of all possible blinded messages. Then the distribution of
- \[ \left\{ (m, \overline{m}) \,\middle| m\, \randsel M, \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m) \right\} \]
+ \[ \left\{ (m, \simga, \overline{m}, \overline{\simga}) \,\middle|
+ m\, \randsel M,
+ \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m),
+ \overline{\simga} \leftarrow \algo{Sign}_{BS}(\V{sk}, \overline{m}),
+ \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \overline{\sigma})
+ \right\} \]
must be computationally
indistinguishable from
- \[ \left\{ (m, x) \,\middle|\, m \randsel M, x \randsel \overline{M} \right\}. \]
+ \[ \left\{ (m, \simga, x, \simga_x) \,\middle|\,
+ m \randsel M,
+ \sigma \eftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) )
+ x \randsel \overline{M},
+ \sigma_x \leftarrow \algo{UnblindSig}_{BS}(r, x, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), x)) )
+ \right\}. \]
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
\end{itemize}
|