zenon/applied-cryptography
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add solution for 5k

Browse Source
This commit is contained in:
Tobias Eidelpes 2022-06-21 18:28:39 +02:00
parent f88ba99774
commit eb599a6b0a
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
exam/ex.tex
View File

@ -332,7 +332,24 @@
Futhermore, the commitment is also not vulnerable to dictionary attacks, Futhermore, the commitment is also not vulnerable to dictionary attacks,
as is common with stored password hashes on the server's side. as is common with stored password hashes on the server's side.
\item \TODO \item The signer calculates a commitment with a predefined soundness error.
Then the signer calculates the challenge by taking the hash of the message
to be signed and the commitment. Afterwards, it will run the protocol
again and calculate a response for the created challenge (hash) and the
commitment. The signature is a tuple of the commitment and the response.
The verifier can calculate the challenge on its own from the message and
the commitment and then verifies that the response matches the commitment
for that challenge. If it does, the signature is valid, otherwise it is
invalid.
The signature is $\mathsf{EUF}$-$\mathsf{CMA}$ secure if
$\mathsf{ID}_{\mathrm{CGI2}}$ satisfies special soundness and honest
verifier zero-knowledge, which it does. Futhermore, it is secure if the
attacker has a negligible probability of finding a valid signature for a
message which has not been queried before. This rests on the fact that
finding an isomorphism for a specific commitment and challenge which
matches the response is hard.
\item \TODO \item \TODO