Try to make this justification stronger and more precise
This commit is contained in:
parent
9b1cd4b3fd
commit
3efde62c44
@ -72,3 +72,21 @@
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@Inbook{Abdalla2000,
|
||||
author="Abdalla, Michel and Bellare, Mihir",
|
||||
editor="Okamoto, Tatsuaki",
|
||||
title="Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques",
|
||||
bookTitle="Advances in Cryptology --- ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security Kyoto, Japan, December 3--7, 2000 Proceedings",
|
||||
year="2000",
|
||||
publisher="Springer Berlin Heidelberg",
|
||||
address="Berlin, Heidelberg",
|
||||
pages="546--559",
|
||||
isbn="978-3-540-44448-0",
|
||||
doi="10.1007/3-540-44448-3_42",
|
||||
doi_url="http://dx.doi.org/10.1007/3-540-44448-3_42",
|
||||
url="https://link.springer.com/chapter/10.1007/3-540-44448-3_42"
|
||||
}
|
||||
|
||||
|
||||
|
@ -1335,7 +1335,7 @@ exchange can even invent coins whole cloth.
|
||||
We may now remove the encrpytion by appealing to the random oracle
|
||||
model~\cite{BR-RandomOracles}.
|
||||
|
||||
\begin{lemma}[\cite{??}]
|
||||
\begin{lemma}%[\cite{??}]
|
||||
Consider a protocol that commits to random data by encrypting it
|
||||
using a secret derived from a Diffe-Hellman key exchange.
|
||||
In the random oracle model, we may replace this encryption with
|
||||
@ -1345,6 +1345,11 @@ functions to the same secret.
|
||||
% TODO: Too general probably?
|
||||
% TODO: IND-CPA again?
|
||||
|
||||
Indeed, we expect doing so to increase practical security as in
|
||||
\cite{Abdalla2000}, and adding the random oracle assumption need not
|
||||
reduce security if it focuses more attention on the usage of hash
|
||||
functions throughout the protocol.
|
||||
|
||||
\begin{proof}
|
||||
We work with the usual instantiation of the random oracle model as
|
||||
returning a random string and placing it into a database for future
|
||||
@ -1356,6 +1361,10 @@ that we encrypt in the old encryption based version of Taler.
|
||||
Now our random oracle scheme with $R$ gives the same result as our
|
||||
scheme that encrypts random data, so the encryption becomes
|
||||
superfluous and may be omitted.
|
||||
|
||||
We require the security of the original encryption operation reduced
|
||||
to the security of the Diffe-Hellman key exchange, which remains a
|
||||
requirement of the derived protocol.
|
||||
\end{proof}
|
||||
|
||||
We may now conclude that Taler remains unlinkable even with the refresh protocol.
|
||||
|
Loading…
Reference in New Issue
Block a user