diff options
| author | Jeff Burdges <burdges@gnunet.org> | 2018-04-23 17:54:07 +0200 |
|---|---|---|
| committer | Jeff Burdges <burdges@gnunet.org> | 2018-04-23 17:54:07 +0200 |
| commit | 8d861622af8ea10f2a36b30f40a6919357424928 (patch) | |
| tree | effa7f976de1e32a80fff5bb5c8b93cfe616444a /games | |
| parent | a787f1ac538074234a029677676364333e53920c (diff) | |
| download | papers-8d861622af8ea10f2a36b30f40a6919357424928.tar.gz papers-8d861622af8ea10f2a36b30f40a6919357424928.tar.bz2 papers-8d861622af8ea10f2a36b30f40a6919357424928.zip | |
Another fix
Diffstat (limited to 'games')
| -rw-r--r-- | games/games.tex | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/games/games.tex b/games/games.tex index 4ec9e94..dfe9527 100644 --- a/games/games.tex +++ b/games/games.tex @@ -718,10 +718,10 @@ then Taler satisfies {anonymity}. we replace the FD-PRF that produces the blinding factor with a uniformly random function, also on the full domain of the RSA modulus. At this point, any advantage of our adversary amounts to an advantage in - distinguishing our random blinding factor from - $\textrm{FDH}_N(C_1) / \textrm{FDH}(C_2) \mod N$, - which violates the FD-PRF assumption inherent in our FDH assumption. - + distinguishing a random blinding factor from a random blinding factor + multiplied by $\textrm{FDH}_N(C_1) / \textrm{FDH}(C_2) \mod N$, + which violates the randomness of the blinding factor. + We conclude the success probability for $\mathbb{G}_3$ is $1/2$ and hence . the success probability for $\mathit{Exp}_{\cal A}^{anon}(1^\lambda, \kappa, b)$ is at most $1/2 + \epsilon_{DDH} + \epsilon_{PRF}$, as desired. |