This commit is contained in:
parent
52425244ef
commit
ec37a83922
15
cw/cw.tex
15
cw/cw.tex
@ -201,28 +201,29 @@
|
||||
a = \frac{s' - s}{h - h'}
|
||||
$$
|
||||
|
||||
\subsection{6.2}
|
||||
\subsubsection{6.2.1}
|
||||
\subsection*{6.2}
|
||||
\subsubsection*{6.2.1}
|
||||
To sign a contract $C$ Alice first chooses 2 random values $r$ and $c_2$ then $z$ is callulated $z=g^r\times y_b^{c_2}$. After we have $z$ we can calculate the intermidary value $c$, $c = H(y_a, y_b, C, z)$. After having $c$ we calculate $c_1$, $c_1 = c - c_2$. $c_1$ is then used to callulate $s = r - c1 \times a mod q$. The signature is $(c_1, c_2, s)$
|
||||
\subsubsection{6.2.2}
|
||||
\subsubsection*{6.2.2}
|
||||
No because Alice only needs Bob's public key which is publicly avaiable
|
||||
\subsubsection{6.2.3}
|
||||
\subsubsection*{6.2.3}
|
||||
The signature is verified if the equation holds
|
||||
$$c_1 + c_2 = H(y_a, y_b, C, g^s\times y_a^{c_1} \times y_b^{c_2} mod p )$$
|
||||
\subsubsection{6.2.4}
|
||||
\subsubsection*{6.2.4}
|
||||
No because the signature is generated from multiple public keys and Alice's private key therefore chris will not be able to tell who signed the contract
|
||||
|
||||
\subsection*{6.3}
|
||||
\subsubsection*{6.3.1}
|
||||
The encryption works because the numbers that were chosen by Alice and Bo b make this equation work
|
||||
$$(m^{r_a})^{r_b} = m$$
|
||||
$$(m^{r_a})^{r_b} = m (\text{mod } p)$$
|
||||
|
||||
which means that
|
||||
|
||||
$$((((m^{r_{a\text{ alice}}})^{r_{a\text{ bob}}})^{r_{b\text{ alice}}})^{r_{b\text{ bob}}}) = m$$
|
||||
$$(((m^{r_{a\text{ alice}}})^{r_{a\text{ bob}}})^{r_{b\text{ alice}}})^{r_{b\text{ bob}}}) = m (\text{mod } p$$
|
||||
|
||||
in this case $r_a$ from alice cancels $r_b$ from alice, and $r_a$ from bob cancels $r_b$ from bob
|
||||
\subsubsection*{6.3.2}
|
||||
To send an encrypted message using this system
|
||||
|
||||
|
||||
\section*{7}
|
||||
|
Reference in New Issue
Block a user