added conclusion slide, minor

ACNS/presentation/key_exchange.tex

@@ -10,14 +10,14 @@
 	\begin{definition}[Piecewise Verifiable Proof \cite{DBLP:conf/asiacrypt/BeullensKV19}]
 		A party proves knowledge of a polynomial \(f\) for a statement
 		\[x = \left(\left(E_0,E_1\right),s_1,\ldots, s_n\right),\]
-		where \(E_1 = \left[f\paren* 0\right] E_0\) and \(s_i = f\paren* i\) for \(i=1,\ldots, n\).
+		where \(E_1 = \left[f\paren* 0\right] E_0\) and \(s_i = f\paren* i \in \ZZ_p\) for \(i=1,\ldots, n\).
 	\end{definition}
 \end{frame}
 
 \begin{frame}
 	\frametitle{What to do?}
 	\begin{itemize}
-		\item Transfer PVP and ZK proof to the threshold setting
+		\item Transfer PVP proof to threshold setting
 		\item Integrate both to decapsulation protocol to achieve active security
 		\item Prove, that resulting protocol is at least as secure as original decapsulation
 	\end{itemize}
@@ -61,7 +61,7 @@
 	\frametitle{A Shareholder \(P_i\)'s Turn in the Decapsulation Protocol}
 	Let \(S^\ast\) be a superauthorised set of shareholders executing the decapsulation protocol.
 	\begin{enumerate}
-		\item Ascertain \(E^{k-1} \in \mathcal E\), where \(E^{k-1}\) is previous shareholder's output.
+		\item Ascertain \(E^{k-1} \in \mathcal E\), where \(E^{k-1}\) is previous shareholder's output of \(E^0 = c\)
 		\item Sample \(R_k \sample \mathcal E\), compute \(R_k'\gets \left[L_{i,S^\ast}s_i\right] R_k\).
 		\item Compute and publish
 			\begin{align*}

ACNS/presentation/main.tex

@@ -28,6 +28,16 @@
 
 \input{generalsss}
 
+\begin{frame}
+	\frametitle{Conclusion}
+	\begin{itemize}
+		\item Transfer PVP to threshold setting
+		\item Actively secure key exchange mechanism
+		\item Transformed into signature scheme
+		\item Define, which field of secret sharing schemes is compatible
+	\end{itemize}
+\end{frame}
+
 \section{References}
 \begin{frame}[allowframebreaks]
 	\bibliographystyle{amsalpha}

ACNS/presentation/motivation.tex

@@ -39,7 +39,7 @@
 \begin{frame}
 	\frametitle{Secret Sharing Schemes}
 	\begin{itemize}
-		\item Distribute a secret \(s\) among \(n\) shareholders via 
+		\item Distribute a secret \(s\) among shareholders \(P_1,\ldots, P_n\) via 
 			\[ \mathcal S.\share\paren* s\]
 		\item Reconstruct a shared secret via
 			\[ \SH.\rec\paren*{\set{s_i}_{P_i \in S'}} \]
@@ -53,27 +53,26 @@
 
 \end{frame}
 
-\begin{frame}
+\begin{frame}%[allowframebreaks]
 	\frametitle{Key Exchange Mechanisms}
-
 	\begin{center}
 	\begin{tikzpicture}
 		\begin{scope}[minimum size = .7cm]
 			\node [alice] (alice) at (-3,0){Alice};
 			\node [bob] (bob) at (3,0){Bob};
 		\end{scope}
-		\pause
+		%\pause
 		\node [left = .5 of alice] (pair) {$\left(\sk,\pk\right)$};
 		%\node [above = 3 of alice] (pk) {$\pk$};
 		%\draw [->] (alice) -- (pk);
-		\pause
+		%\pause
 		\node [above = 2.5 of bob] (encaps) {$\encaps \paren* \pk$};
 		\node [above = 0.5 of bob] (keybob) {$\key$};
 		%\node [above = 2.5 of alice] (cipher) {$c$};
 		\node (cipher) at ($(encaps)+(-6,0)$) {$c$};
 		\draw [->] (encaps) -- (cipher);
 		\draw [->] (encaps) -- (keybob);
-		\pause
+		%\pause
 
 		\node [above = 1.5 of alice] (decaps) {$\decaps\paren *{\sk,c}$};
 		\draw [->] (cipher) -- (decaps);
@@ -87,6 +86,30 @@
 	\end{center}
 \end{frame}
 
+\begin{frame}
+	\frametitle{Key Exchange Mechanisms in a HHS}
+	\begin{pchstack}[center,space=2em]
+	\procedure[space=auto]{$\keygen()$}{
+		\sk \sample \ZZ_p\\
+		\pk \gets \left[\sk\right] E_0\\
+		\pcreturn \left(\sk,\pk\right)
+	}
+	\vspace{1em}
+	\procedure[space=auto]{$\encaps\paren* \pk$}{
+		b \sample \mathcal G\\
+		\key \gets b \ast \pk\\
+		c \gets b \ast E_0\\
+		\pcreturn \left(\key,c\right)
+	}
+	\vspace{1em}
+	\procedure[space=auto]{$\decaps\paren*{\sk,c}$}{
+		\key \gets \left[\sk\right] c\\
+		\pcreturn \key
+		}
+	\end{pchstack}
+
+\end{frame}
+
 \begin{frame}
 	\frametitle{A Decapsulation Protocol with Shared Secret Key \cite{FeoM20}}
 
@@ -104,14 +127,14 @@
 		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
 		
 		\pause
-		\node [right=of sh1] (cipher) {$E_0 = c$};
+		\node [right=of sh1] (cipher) {$E^0 = c$};
 		\coordinate [left = of sh2] (bla) ;
 		\draw [->] (cipher) -- (sh1);
 
 		\pause
-		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E_0$} (sh2) ;
-		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left] {$ E^2 = \left[L_{2,S'} s_2\right] E_1$} (sh3) ;
-		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E_2$} (sh4) ;
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E^0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left] {$ E^2 = \left[L_{2,S'} s_2\right] E^1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E^2$} (sh4) ;
 		\node [right = of sh4] (key) {$\key = \left[L_{4,S'} s_4\right] E^3$};
 		\draw [->] (sh4) -- (key);
 
@@ -121,6 +144,9 @@
 
 \begin{frame}
 	\frametitle{Features of the Protocol}
+	\begin{block}{Threshold Group Action}
+		\[E^{\# S'} = \left[L_{j,S'}s_j\right] \left(\left[\ldots\right]E^{0}\right) =  \left[\sum_{P_i\in S'} L_{i,S'}s_i\right] E^0 = \left[s\right] c.\]
+	\end{block}
 	\begin{block}{Advantages}
 		\begin{itemize}
 			\item Simulatable
@@ -150,14 +176,14 @@
 		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
 		
 		%\pause
-		\node [right=of sh1] (cipher) {$E_0 = c$};
+		\node [right=of sh1] (cipher) {$E^0 = c$};
 		\coordinate [left = of sh2] (bla) ;
 		\draw [->] (cipher) -- (sh1);
 
 		%\pause
-		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E_0$} (sh2) ;
-		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left, color = red] {$ {E^2} \neq \left[L_{2,S'} s_2\right] E_1$} (sh3) ;
-		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E_2$} (sh4) ;
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E^0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left, color = red] {$ {E^2} \neq \left[L_{2,S'} s_2\right] E^1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E^2$} (sh4) ;
 		\node [right = of sh4] (key) {$\key = \left[L_{4,S'} s_4\right] E^3$};
 		\draw [->] (sh4) -- (key);