diff options
| author | Jeff Burdges <burdges@gnunet.org> | 2018-04-21 19:04:35 +0200 |
|---|---|---|
| committer | Jeff Burdges <burdges@gnunet.org> | 2018-04-21 19:04:35 +0200 |
| commit | c152ac149a18b04e492b90adc7989302653943d1 (patch) | |
| tree | dc2a01a8836a9d6a348b9e107aa5c37f216b1644 /games | |
| parent | d151fe3cfe549705884d4bb2893b97671c285081 (diff) | |
| download | papers-c152ac149a18b04e492b90adc7989302653943d1.tar.gz papers-c152ac149a18b04e492b90adc7989302653943d1.tar.bz2 papers-c152ac149a18b04e492b90adc7989302653943d1.zip | |
split by denominations
Diffstat (limited to 'games')
| -rw-r--r-- | games/games.tex | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/games/games.tex b/games/games.tex index 32d5c4e..22ced86 100644 --- a/games/games.tex +++ b/games/games.tex @@ -775,12 +775,14 @@ from the operation of $\cal A$. % Also let $C_{m+1}, ..., C_n$ denote % might refines our usage of ROM or something. We now know $\cal A$ made at most $m$ withdrawal and refresh oracle queries to obtain the $m+1$ RSA signatures %, aka inversions, - on the $Y_i := \textrm{FDH}_N(C_i)$ with $0 \le i \le m$. -% + on the $Y_i := \textrm{FDH}_{\V{pkDenom}_i}C_i)$ with $0 \le i \le m$, + where $\V{pkDenom}_i$ if the denomination key of $C_i$. + It follows that $\cal A$ has produced one-more forgery in the sense - of \cite[Definition 11]{RSA-FDH-KTIvCTI} , + of \cite[Definition 11]{RSA-FDH-KTIvCTI}, also \cite[Definition 4 \& 5, pp. 369]{Pointcheval_n_Stern}, -so RSA-KTI cannot be hard by \cite[Theorem 12]{RSA-FDH-KTIvCTI}, + for at least one $\V{pkDenom_i} \in \V{pkE}$. +We conclude that RSA-KTI cannot be hard by \cite[Theorem 12]{RSA-FDH-KTIvCTI}, and our random oracle assumption. % % So $\cal A$ wins this RSA-CTI game with its random sampling to produce |