diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-09-25 10:29:22 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-09-25 10:29:22 +0200 |
commit | 5ded568f83b7eb405c4e74c3a9142e7b25d718b6 (patch) | |
tree | 1037d494f4f4893035863719b86fbf7d2b72be46 /taler-fc19/paper.tex | |
parent | 6318b2836fbee3c21e83a1c2d33a87981e34fe4a (diff) | |
download | papers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.tar.gz papers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.tar.bz2 papers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.zip |
blindness
Diffstat (limited to 'taler-fc19/paper.tex')
-rw-r--r-- | taler-fc19/paper.tex | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index e69c073..e863d19 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -775,24 +775,10 @@ We require the following two security properties for $\textsc{BlindSign}$: \begin{itemize}
\item \emph{blindness}: Let $M$ be the set of all possible messages and $\overline{M}$ be the
set of all possible blinded messages. Then the distribution of
- \[ \left\{ (m, \sigma, \overline{m}, \overline{\sigma}) \,\middle|
- \begin{array}{c}
- m\, \randsel M, \\
- \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m), \\
- \overline{\sigma} \leftarrow \algo{Sign}_{BS}(\V{sk}, \overline{m}), \\
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \overline{\sigma})
- \end{array}
- \right\} \]
+ \[ \left\{ (m, \overline{m}) \,\middle| m\, \randsel M, \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m) \right\} \]
must be computationally
indistinguishable from
- \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
- \begin{array}{c}
- m \randsel M, \\
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) ) \\
- x \randsel \overline{M}, \\
- \sigma_x \leftarrow \algo{UnblindSig}_{BS}(r, x, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), x)) )
- \end{array}
- \right\}. \]
+ \[ \left\{ (m, x) \,\middle|\, m \randsel M, x \randsel \overline{M} \right\}. \]
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
\end{itemize}
|