From c9fadfb9b9711477e647f879a38e2f10be952e94 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Sun, 22 Apr 2018 00:56:10 +0200
Subject: pull bound on #coins into proof

---
 games/games.tex | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/games/games.tex b/games/games.tex
index 00401f2..e8a271f 100644
--- a/games/games.tex
+++ b/games/games.tex
@@ -733,8 +733,7 @@ Let $G \in \mathbb{E}$ be the generator of the Ed25519 curve (with Edwards coord
 \subsection{Fairness}
 
 \begin{theorem}
-Assuming unforgeability of signatures (EUF-CMA) and an adversary that makes at most $q$ queries
-to \ora{Withdraw} or \ora{Refresh}, Taler satisfies Fairness.
+Assuming unforgeability of signatures (EUF-CMA), Taler satisfies Fairness.
 \end{theorem}
 
 \begin{proof}
@@ -744,6 +743,10 @@ to \ora{Withdraw} or \ora{Refresh}, Taler satisfies Fairness.
 We construct an adversary against EUF-CMA from an adversary $\mathcal{A}$
 against Fairness.
 
+Let $q$ be a bound (perhaps polynomial in the security parameter) on the
+number of coins created by the adversary (via \ora{Withdraw} or
+\ora{Refresh}).
+
 Our goal is to embed the EUF-CMA challenge into one of the coins obtained via
 \ora{Withdraw} or \ora{Refresh} from uncorrupted users.  We adjust \ora{Withdraw} and \ora{Refresh}
 so that the challenge is used as public key for the coin with probability
-- 
cgit v1.2.3