From 1c2ec959418692dcb0912c42cc55eccf78f20faf Mon Sep 17 00:00:00 2001
From: Philipp Muth <muth@seceng.informatik.tu-darmstadt.de>
Date: Mon, 2 May 2022 11:01:40 +0200
Subject: [PATCH] kicked todos in chap 2

---
 ACNS/keyexchange.tex | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ACNS/keyexchange.tex b/ACNS/keyexchange.tex
index e8f8064..06d70f7 100644
--- a/ACNS/keyexchange.tex
+++ b/ACNS/keyexchange.tex
@@ -128,7 +128,7 @@ where \(E_0\sample \mathcal E\), \(E_1 = \left[s_0\right] E_0\) and \(s_i = f\pa
 This approach does not agree with the threshold group action, for which a shareholder \(P_i\)'s output in the round-robin approach is \(E^k \gets \left[L_{i,S'} s_i \right] E^{k-1}\) rather than \(E^k \gets \left[s_i\right]E^{k-1}\), where \(E^{k-1}\) denotes the previous shareholder's output. Futhermore, authorised sets need not contain all shareholders. \autoref{example.conflict} illustrates a further conflict with of the PVP with the threshold group action.
 %This does not fit the threshold group action, since, for an authorised set \(S'\), a shareholder \(P_i\)'s contribution to the round-robin approach is not \(E^k \gets \left[s_i\right]E^{k-1}\), where \(E^{k-1}\) denotes the previous shareholder's output, but \(E^k \gets \left[L_{i,S'} s_i \right] E^{k-1}\). Authorised sets also do not necessarily contain all shareholders \(\set{P_1, \ldots, P_n}\). The following example illustrates a further conflict with of the PVP with the threshold group action.
 
-\todo{kick or shorten to remark?}
+%\todo{kick or shorten to remark?}
 \begin{example}
 	Let \(\sk\) be a secret key generated and shared by \(\mathsf{KeyGen}\). That is each shareholder \(P_i\) holds
 	\[\set{s_i, \set{s_{ij}}_{P_j \in S}, \set{s_{ji}}_{P_j \in S}}.\]
@@ -229,7 +229,7 @@ We arrive at our decapsulation protocol, executed by a superauthorised set \(S^\
 		\begin{equation}
 			\mathsf{ZK}.V\paren*{\left(R_k,R_k'\right), \left(E^{k-1},E^k\right), zk}.
 		\label{eq.ver2}\end{equation}
-		\todo{really publish $s_{ij}$? yes, no actual info is leaked}
+		%\todo{really publish $s_{ij}$? yes, no actual info is leaked}
 		If \eqref{eq.ver1} fails, \(P_j\) issues a complaint against \(P_i\). If \(P_i\) is convicted of cheating by more than \(\nicefrac{\# S^\ast}{2}\) shareholders, decapsulation is restarted with an \({S^\ast}'\in \Gamma^+\), so that \(P_i \not \in {S^\ast}'\).
 		If \eqref{eq.ver2} fails, the decapsulation is restarted outright with \({S^\ast}' \in \Gamma^+\), so that \(P_i \not\in{S^\ast}'\).
 	%\item If \(\mathsf{ZK}.V\paren*{\left(R_k, R_k'\right), \left(E^{k-1},E^k\right),zk}\) fails to verify, decapsulation is restarted with a set \({S^\ast}'\in\Gamma^+\), where \(P_i\not\in{S^\ast}'\).
-- 
GitLab