diff options
| -rw-r--r-- | games/games.tex | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/games/games.tex b/games/games.tex index 4ec9e94..dfe9527 100644 --- a/games/games.tex +++ b/games/games.tex @@ -718,10 +718,10 @@ then Taler satisfies {anonymity}. we replace the FD-PRF that produces the blinding factor with a uniformly random function, also on the full domain of the RSA modulus. At this point, any advantage of our adversary amounts to an advantage in - distinguishing our random blinding factor from - $\textrm{FDH}_N(C_1) / \textrm{FDH}(C_2) \mod N$, - which violates the FD-PRF assumption inherent in our FDH assumption. - + distinguishing a random blinding factor from a random blinding factor + multiplied by $\textrm{FDH}_N(C_1) / \textrm{FDH}(C_2) \mod N$, + which violates the randomness of the blinding factor. + We conclude the success probability for $\mathbb{G}_3$ is $1/2$ and hence . the success probability for $\mathit{Exp}_{\cal A}^{anon}(1^\lambda, \kappa, b)$ is at most $1/2 + \epsilon_{DDH} + \epsilon_{PRF}$, as desired. |