Claim of security is:
assume a sUT for distribution D(z) defined as follows:
Two simulators \(SSetup, SEval\)
Probably Sim_pUT.Setup is the same as Sim_sUT.Setup
Sim_pUT.Eval(xquery, C):
The above is Sim_pUT.
To argue indstinguishability between real and ideal:
we observe the analogy with the sUT experiment and observe that if this did not hold then somebody could break the sUT experiment with the other adverary letting a "Reshare" correspond to TrapEval invocations.
The following hybrid is not valid anymore
where hyb is an experimetn where replace the Reshare step at time T with a call to the following:
OBS: the above steps return something distributed exactly as \(\mathcal{O}^{ideal}_{sUT}(trapdquery, T)\)
Statement: The construction in (what is currently) 5.2 is secure for distribution D as formalized above.
The proof is the same as for the other paper in their vanilla UT model. We just need to show simulability for the special queries of the sUT for the distribution above. We o
\(UTSetup() \rightarrow (pk, sk_1, ..., skN, trapd)\)
Simulate \(SInject()\) in some way…
\(SEval(tag, F^\text{resh}_{T,epk}) \to \text{shares of ciphertext}\)
Let's assume that tag = "reshare" and C is the right F_reshare (with honest time and honets pke)
Given the ciphertexts, SEval generates shares through SS
Let us define the ciphertexts.
Given in input hssk, we need to define ciphertexts such that they all open to something of the following type
\[Dec(ct_i) = (R_i, \sigma_i)\]
where \(\sigma_R\) is a valid signature, that is:
\(HS.Vfy(hspk, R_i, \sigma_i, sgntag := "(i,T)") = 1\)
The other simulator samples \(\rho\)
\(SEval(hssk, F^\text{resh}_{epk}):\)
– sample \(R_i\), sign it and obtain \(\sigma_i\)
– \(ct_i \gets Enc(epk_i, R_i, \sigma_i)\)
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe