[tripe] / doc / wrestlers.tex

%%% -*-latex-*-
%%%
%%% $Id: wrestlers.tex,v 1.3 2001/06/22 19:41:31 mdw Exp $
%%%
%%% Description of the Wrestlers Protocol
%%%
%%% (c) 2001 Mark Wooding
%%%

%%%----- Revision history ---------------------------------------------------
%%%
%%% $Log: wrestlers.tex,v $
%%% Revision 1.3  2001/06/22 19:41:31  mdw
%%% Restart with different structure and rather more formal objectives.
%%%
%%% Revision 1.2  2001/02/22 09:09:05  mdw
%%% Partially through reworking.
%%%
%%% Revision 1.1  2001/02/16 21:43:33  mdw
%%% Initial versions of documentation.
%%%

\documentclass{article}
\usepackage{amssymb}
\usepackage{amstext}

\errorcontextlines=999
\makeatletter

\title{The Wrestlers Protocol: proof-of-receipt and secure key exchange}
\author{Mark Wooding \and Clive Jones}

\bibliographystyle{alpha}

\newtheorem{theorem}{Theorem}
\newenvironment{proof}[1][Proof]{%
  \par\noindent\textbf{#1.} %
}{%
  \penalty\@M\hfill\vadjust{}%
  \penalty\z@\relax\vadjust{}%
  \penalty\@M\hfill$\square$%
  \par%
}

\begin{document}

\maketitle
\begin{abstract}
  Fill this in later.
\end{abstract}
\tableofcontents
\newpage

%%%--------------------------------------------------------------------------

\section{Introduction}
% Some waffle here about the desirability of a key-exchange protocol that
% doesn't leave signatures lying around, followed by an extended report of
% the various results.

%%%--------------------------------------------------------------------------

\section{A simple authentication protocol}
% Present the basic Diffie-Hellman-based authenticator, and prove that an
% authentication oracle is useless if the hash function has appropriate
% properties.

Suppose that $G$ is some cyclic group of order $q$, generated by an element
$g$, in which the decision Diffie-Hellman problem \cite{Boneh:1998:DDP} is
hard.  Alice can choose a private key $1 < \alpha < q$ and publish her
corresponding public key $A = g^\alpha$.  Later, Bob can verify that he's
talking to Alice by choosing a random $1 < \beta < q$ and sending Alice a
\emph{challenge} $B = g^\beta$.  If she replies with $B^\alpha$, Bob accepts
that he's talking to Alice, otherwise he doesn't.

%%%--------------------------------------------------------------------------

\section{An MT-authenticator}
% Use the protocol of the previous section as an MT-authenticator, within the
% meaning of [Canetti:2001:AKE].

%%%--------------------------------------------------------------------------

\section{A key-exchange protocol}
% Present the Wrestlers protocol in all its glory.  Show, by means of the
% previous proofs, that the Wrestlers protocol is simulatable in the
% authenticated model using a much simpler protocol.  Show that the simpler
% protocol is SK-secure.

%%%----- That's all, folks --------------------------------------------------

\bibliography{cryptography,mdw-crypto}
\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: "wrestlers"
%%% End:
Commit	Line	Data
74eb47db	1	%%% --latex--
74eb47db	2	%%%
90d03a85	3	%%% $Id: wrestlers.tex,v 1.3 2001/06/22 19:41:31 mdw Exp $
74eb47db	4	%%%
	5	%%% Description of the Wrestlers Protocol
	6	%%%
	7	%%% (c) 2001 Mark Wooding
	8	%%%
	9
	10	%%%----- Revision history ---------------------------------------------------
	11	%%%
	12	%%% $Log: wrestlers.tex,v $
90d03a85	13	%%% Revision 1.3 2001/06/22 19:41:31 mdw
	14	%%% Restart with different structure and rather more formal objectives.
	15	%%%
874aed51	16	%%% Revision 1.2 2001/02/22 09:09:05 mdw
	17	%%% Partially through reworking.
	18	%%%
74eb47db	19	%%% Revision 1.1 2001/02/16 21:43:33 mdw
	20	%%% Initial versions of documentation.
	21	%%%
	22
	23	\documentclass{article}
	24	\usepackage{amssymb}
90d03a85	25	\usepackage{amstext}
74eb47db	26
90d03a85	27	\errorcontextlines=999
90d03a85	28	\makeatletter
74eb47db	29
90d03a85	30	\title{The Wrestlers Protocol: proof-of-receipt and secure key exchange}
90d03a85	31	\author{Mark Wooding \and Clive Jones}
74eb47db	32
90d03a85	33	\bibliographystyle{alpha}
74eb47db	34
90d03a85	35	\newtheorem{theorem}{Theorem}
	36	\newenvironment{proof}[1][Proof]{%
	37	\par\noindent\textbf{#1.} %
	38	}{%
	39	\penalty\@M\hfill\vadjust{}%
	40	\penalty\z@\relax\vadjust{}%
	41	\penalty\@M\hfill$\square$%
	42	\par%
	43	}
74eb47db	44
90d03a85	45	\begin{document}
74eb47db	46
90d03a85	47	\maketitle
	48	\begin{abstract}
	49	Fill this in later.
	50	\end{abstract}
	51	\tableofcontents
	52	\newpage
74eb47db	53
90d03a85	54	%%%--------------------------------------------------------------------------
74eb47db	55
90d03a85	56	\section{Introduction}
	57	% Some waffle here about the desirability of a key-exchange protocol that
	58	% doesn't leave signatures lying around, followed by an extended report of
	59	% the various results.
74eb47db	60
90d03a85	61	%%%--------------------------------------------------------------------------
74eb47db	62
74eb47db	63	\section{A simple authentication protocol}
90d03a85	64	% Present the basic Diffie-Hellman-based authenticator, and prove that an
	65	% authentication oracle is useless if the hash function has appropriate
	66	% properties.
74eb47db	67
90d03a85	68	Suppose that $G$ is some cyclic group of order $q$, generated by an element
	69	$g$, in which the decision Diffie-Hellman problem \cite{Boneh:1998:DDP} is
	70	hard. Alice can choose a private key $1 < \alpha < q$ and publish her
	71	corresponding public key $A = g^\alpha$. Later, Bob can verify that he's
	72	talking to Alice by choosing a random $1 < \beta < q$ and sending Alice a
	73	\emph{challenge} $B = g^\beta$. If she replies with $B^\alpha$, Bob accepts
	74	that he's talking to Alice, otherwise he doesn't.
874aed51	75
90d03a85	76	%%%--------------------------------------------------------------------------
874aed51	77
90d03a85	78	\section{An MT-authenticator}
	79	% Use the protocol of the previous section as an MT-authenticator, within the
	80	% meaning of [Canetti:2001:AKE].
74eb47db	81
90d03a85	82	%%%--------------------------------------------------------------------------
74eb47db	83
90d03a85	84	\section{A key-exchange protocol}
	85	% Present the Wrestlers protocol in all its glory. Show, by means of the
	86	% previous proofs, that the Wrestlers protocol is simulatable in the
	87	% authenticated model using a much simpler protocol. Show that the simpler
	88	% protocol is SK-secure.
74eb47db	89
	90	%%%----- That's all, folks --------------------------------------------------
	91
90d03a85	92	\bibliography{cryptography,mdw-crypto}
74eb47db	93	\end{document}
	94
	95	%%% Local Variables:
	96	%%% mode: latex
	97	%%% TeX-master: "wrestlers"
	98	%%% End: