-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathHashedDDHMultiChal.game
More file actions
48 lines (39 loc) · 1.31 KB
/
HashedDDHMultiChal.game
File metadata and controls
48 lines (39 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// Multi-challenge Hashed Decisional Diffie-Hellman assumption.
// Left: (pk, g^r, H(pk^r)) -- hash of real DH shared secret
// Right: (pk, g^r, random) -- independent random bitstring
//
// Includes a Hash oracle so the same game works for both standard model
// and ROM. In the standard model, giving the adversary an oracle for a
// function it can already compute does not change security.
Game Left(Group G, Int n, Function<GroupElem<G>, BitString<n>> H) {
GroupElem<G> pk;
GroupElem<G> Initialize() {
ModInt<G.order> a <- ModInt<G.order>;
pk = G.generator ^ a;
return pk;
}
BitString<n> Hash(GroupElem<G> x) {
return H(x);
}
[GroupElem<G>, BitString<n>] Challenge() {
ModInt<G.order> r <- ModInt<G.order>;
return [G.generator ^ r, H(pk ^ r)];
}
}
Game Right(Group G, Int n, Function<GroupElem<G>, BitString<n>> H) {
GroupElem<G> pk;
GroupElem<G> Initialize() {
ModInt<G.order> a <- ModInt<G.order>;
pk = G.generator ^ a;
return pk;
}
BitString<n> Hash(GroupElem<G> x) {
return H(x);
}
[GroupElem<G>, BitString<n>] Challenge() {
ModInt<G.order> r <- ModInt<G.order>;
BitString<n> h <- BitString<n>;
return [G.generator ^ r, h];
}
}
export as HashedDDHMultiChal;