summaryrefslogtreecommitdiff
path: root/taler-fc19/paper.tex
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2018-09-25 10:29:22 +0200
committerFlorian Dold <florian.dold@gmail.com>2018-09-25 10:29:22 +0200
commit5ded568f83b7eb405c4e74c3a9142e7b25d718b6 (patch)
tree1037d494f4f4893035863719b86fbf7d2b72be46 /taler-fc19/paper.tex
parent6318b2836fbee3c21e83a1c2d33a87981e34fe4a (diff)
downloadpapers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.tar.gz
papers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.tar.bz2
papers-5ded568f83b7eb405c4e74c3a9142e7b25d718b6.zip
blindness
Diffstat (limited to 'taler-fc19/paper.tex')
-rw-r--r--taler-fc19/paper.tex18
1 files changed, 2 insertions, 16 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex
index e69c073..e863d19 100644
--- a/taler-fc19/paper.tex
+++ b/taler-fc19/paper.tex
@@ -775,24 +775,10 @@ We require the following two security properties for $\textsc{BlindSign}$:
\begin{itemize}
\item \emph{blindness}: Let $M$ be the set of all possible messages and $\overline{M}$ be the
set of all possible blinded messages. Then the distribution of
- \[ \left\{ (m, \sigma, \overline{m}, \overline{\sigma}) \,\middle|
- \begin{array}{c}
- m\, \randsel M, \\
- \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m), \\
- \overline{\sigma} \leftarrow \algo{Sign}_{BS}(\V{sk}, \overline{m}), \\
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \overline{\sigma})
- \end{array}
- \right\} \]
+ \[ \left\{ (m, \overline{m}) \,\middle| m\, \randsel M, \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m) \right\} \]
must be computationally
indistinguishable from
- \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
- \begin{array}{c}
- m \randsel M, \\
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) ) \\
- x \randsel \overline{M}, \\
- \sigma_x \leftarrow \algo{UnblindSig}_{BS}(r, x, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), x)) )
- \end{array}
- \right\}. \]
+ \[ \left\{ (m, x) \,\middle|\, m \randsel M, x \randsel \overline{M} \right\}. \]
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
\end{itemize}