You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a few gaps in the security proofs that should ideally be closed
MAC_GGM security is based on stronger assumptions than standard ones, and precludes adaptive adversaries, see @AdamISZ's blog post for more discussion
proof of unlinkability between issuance and presentation for serial number with Ruben's optimization, this should be trivial with the same approach as the proof of unlinkability in CPZ19
proof that the serial number is binding, again this seems straight forward
I have an upcoming deadline at the end of February, but I would also like to spend some time on these questions afterwards. Especially, MAC_GGM bugs me. It would be super cool if we could base the security of our used MAC not on the generic group model (GGM), but on a more solid cryptographic assumption. Certain constructions proven to be secure in the GGM can turn out to be really just snake-oil. Generally speaking, security proofs in the GGM should be taken with a grain of salt.
We have a few gaps in the security proofs that should ideally be closed
MAC_GGM
security is based on stronger assumptions than standard ones, and precludes adaptive adversaries, see @AdamISZ's blog post for more discussionis any other formalism needed for privacy?
The text was updated successfully, but these errors were encountered: