diff options
Diffstat (limited to 'taler-fc19/paper.tex')
| -rw-r--r-- | taler-fc19/paper.tex | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index abfcecf..baa7b14 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -782,7 +782,7 @@ We require the following two security properties for $\textsc{BlindSign}$: set of all possible blinded messages. Then the distribution of
\[ \left\{ (m, \sigma, \overline{m}, \overline{\sigma}) \,\middle|
\begin{array}{c}
- m\, \randsel M,
+ m\, \randsel M, \\
\overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m), \\
\overline{\sigma} \leftarrow \algo{Sign}_{BS}(\V{sk}, \overline{m}), \\
\sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \overline{\sigma})
@@ -790,11 +790,13 @@ We require the following two security properties for $\textsc{BlindSign}$: \right\} \]
must be computationally
indistinguishable from
- \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
- m \randsel M,
- \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) )
- x \randsel \overline{M},
+ \[ \left\{ (m, \sigma, x, \sigma_x) \,\middle|\,
+ \begin{array}{c}
+ m \randsel M, \\
+ \sigma \leftarrow \algo{UnblindSig}_{BS}(r, m, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m)) ) \\
+ x \randsel \overline{M}, \\
\sigma_x \leftarrow \algo{UnblindSig}_{BS}(r, x, \algo{Sign}_{BS}(\V{sk}, \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), x)) )
+ \end{array}
\right\}. \]
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
|