diff options
| -rw-r--r-- | taler-fc19/paper.tex | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index 1200ae7..7d34165 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -805,14 +805,14 @@ We require the following security properties to hold for $\textsc{CoinSignKx}$: \item \emph{key exchange completeness}:
Any probabilistic polynomial-time adversary has only negligible chance to find
- a degenerate key pair $(\V{sk}_A, \V{sk}_B)$ such that for some
+ a degenerate key pair $(\V{sk}_A, \V{pk}_A)$ such that for some
honestly generated key pair
$(\V{sk}_B, \V{pk}_B) \leftarrow \algo{KeyGen}_{CSK}(1^\lambda)$
the key exchange fails, that is
\begin{equation*}
\algo{Kex}_{CSK}(\V{sk}_A, \V{pk}_B) \neq \algo{Kex}_{CSK}(\V{sk}_B, \V{pk}_A),
\end{equation*}
- but the adversary can still produce a pair $(m, \sigma)$ such that $\algo{Verify}_{BS}(\V{pk}_A, m, \sigma) = 1$.
+ while the adversary can still produce a pair $(m, \sigma)$ such that $\algo{Verify}_{BS}(\V{pk}_A, m, \sigma) = 1$.
\item \emph{key exchange security}: The output of $\algo{Kx}_{CSK}$ must be computationally
indistinguishable from a random shared secret of the same length, for inputs that have been
|