From 44ef2b48321fbd8630a2bce77d7fc82d084e905f Mon Sep 17 00:00:00 2001
From: Philipp Muth <muth@seceng.informatik.tu-darmstadt.de>
Date: Fri, 9 Sep 2022 17:54:43 +0200
Subject: [PATCH] added conclusion slide, minor

---
 ACNS/presentation/key_exchange.tex |  6 ++--
 ACNS/presentation/main.tex         | 10 ++++++
 ACNS/presentation/motivation.tex   | 54 ++++++++++++++++++++++--------
 3 files changed, 53 insertions(+), 17 deletions(-)

diff --git a/ACNS/presentation/key_exchange.tex b/ACNS/presentation/key_exchange.tex
index eacdcb1..ea7cd14 100644
--- a/ACNS/presentation/key_exchange.tex
+++ b/ACNS/presentation/key_exchange.tex
@@ -10,14 +10,14 @@
 	\begin{definition}[Piecewise Verifiable Proof \cite{DBLP:conf/asiacrypt/BeullensKV19}]
 		A party proves knowledge of a polynomial \(f\) for a statement
 		\[x = \left(\left(E_0,E_1\right),s_1,\ldots, s_n\right),\]
-		where \(E_1 = \left[f\paren* 0\right] E_0\) and \(s_i = f\paren* i\) for \(i=1,\ldots, n\).
+		where \(E_1 = \left[f\paren* 0\right] E_0\) and \(s_i = f\paren* i \in \ZZ_p\) for \(i=1,\ldots, n\).
 	\end{definition}
 \end{frame}
 
 \begin{frame}
 	\frametitle{What to do?}
 	\begin{itemize}
-		\item Transfer PVP and ZK proof to the threshold setting
+		\item Transfer PVP proof to threshold setting
 		\item Integrate both to decapsulation protocol to achieve active security
 		\item Prove, that resulting protocol is at least as secure as original decapsulation
 	\end{itemize}
@@ -61,7 +61,7 @@
 	\frametitle{A Shareholder \(P_i\)'s Turn in the Decapsulation Protocol}
 	Let \(S^\ast\) be a superauthorised set of shareholders executing the decapsulation protocol.
 	\begin{enumerate}
-		\item Ascertain \(E^{k-1} \in \mathcal E\), where \(E^{k-1}\) is previous shareholder's output.
+		\item Ascertain \(E^{k-1} \in \mathcal E\), where \(E^{k-1}\) is previous shareholder's output of \(E^0 = c\)
 		\item Sample \(R_k \sample \mathcal E\), compute \(R_k'\gets \left[L_{i,S^\ast}s_i\right] R_k\).
 		\item Compute and publish
 			\begin{align*}
diff --git a/ACNS/presentation/main.tex b/ACNS/presentation/main.tex
index a7e52bf..bcfd27d 100644
--- a/ACNS/presentation/main.tex
+++ b/ACNS/presentation/main.tex
@@ -28,6 +28,16 @@
 
 \input{generalsss}
 
+\begin{frame}
+	\frametitle{Conclusion}
+	\begin{itemize}
+		\item Transfer PVP to threshold setting
+		\item Actively secure key exchange mechanism
+		\item Transformed into signature scheme
+		\item Define, which field of secret sharing schemes is compatible
+	\end{itemize}
+\end{frame}
+
 \section{References}
 \begin{frame}[allowframebreaks]
 	\bibliographystyle{amsalpha}
diff --git a/ACNS/presentation/motivation.tex b/ACNS/presentation/motivation.tex
index a32d71d..f276bb2 100644
--- a/ACNS/presentation/motivation.tex
+++ b/ACNS/presentation/motivation.tex
@@ -39,7 +39,7 @@
 \begin{frame}
 	\frametitle{Secret Sharing Schemes}
 	\begin{itemize}
-		\item Distribute a secret \(s\) among \(n\) shareholders via 
+		\item Distribute a secret \(s\) among shareholders \(P_1,\ldots, P_n\) via 
 			\[ \mathcal S.\share\paren* s\]
 		\item Reconstruct a shared secret via
 			\[ \SH.\rec\paren*{\set{s_i}_{P_i \in S'}} \]
@@ -53,27 +53,26 @@
 
 \end{frame}
 
-\begin{frame}
+\begin{frame}%[allowframebreaks]
 	\frametitle{Key Exchange Mechanisms}
-
 	\begin{center}
 	\begin{tikzpicture}
 		\begin{scope}[minimum size = .7cm]
 			\node [alice] (alice) at (-3,0){Alice};
 			\node [bob] (bob) at (3,0){Bob};
 		\end{scope}
-		\pause
+		%\pause
 		\node [left = .5 of alice] (pair) {$\left(\sk,\pk\right)$};
 		%\node [above = 3 of alice] (pk) {$\pk$};
 		%\draw [->] (alice) -- (pk);
-		\pause
+		%\pause
 		\node [above = 2.5 of bob] (encaps) {$\encaps \paren* \pk$};
 		\node [above = 0.5 of bob] (keybob) {$\key$};
 		%\node [above = 2.5 of alice] (cipher) {$c$};
 		\node (cipher) at ($(encaps)+(-6,0)$) {$c$};
 		\draw [->] (encaps) -- (cipher);
 		\draw [->] (encaps) -- (keybob);
-		\pause
+		%\pause
 
 		\node [above = 1.5 of alice] (decaps) {$\decaps\paren *{\sk,c}$};
 		\draw [->] (cipher) -- (decaps);
@@ -87,6 +86,30 @@
 	\end{center}
 \end{frame}
 
+\begin{frame}
+	\frametitle{Key Exchange Mechanisms in a HHS}
+	\begin{pchstack}[center,space=2em]
+	\procedure[space=auto]{$\keygen()$}{
+		\sk \sample \ZZ_p\\
+		\pk \gets \left[\sk\right] E_0\\
+		\pcreturn \left(\sk,\pk\right)
+	}
+	\vspace{1em}
+	\procedure[space=auto]{$\encaps\paren* \pk$}{
+		b \sample \mathcal G\\
+		\key \gets b \ast \pk\\
+		c \gets b \ast E_0\\
+		\pcreturn \left(\key,c\right)
+	}
+	\vspace{1em}
+	\procedure[space=auto]{$\decaps\paren*{\sk,c}$}{
+		\key \gets \left[\sk\right] c\\
+		\pcreturn \key
+		}
+	\end{pchstack}
+
+\end{frame}
+
 \begin{frame}
 	\frametitle{A Decapsulation Protocol with Shared Secret Key \cite{FeoM20}}
 
@@ -104,14 +127,14 @@
 		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
 		
 		\pause
-		\node [right=of sh1] (cipher) {$E_0 = c$};
+		\node [right=of sh1] (cipher) {$E^0 = c$};
 		\coordinate [left = of sh2] (bla) ;
 		\draw [->] (cipher) -- (sh1);
 
 		\pause
-		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E_0$} (sh2) ;
-		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left] {$ E^2 = \left[L_{2,S'} s_2\right] E_1$} (sh3) ;
-		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E_2$} (sh4) ;
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E^0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left] {$ E^2 = \left[L_{2,S'} s_2\right] E^1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E^2$} (sh4) ;
 		\node [right = of sh4] (key) {$\key = \left[L_{4,S'} s_4\right] E^3$};
 		\draw [->] (sh4) -- (key);
 
@@ -121,6 +144,9 @@
 
 \begin{frame}
 	\frametitle{Features of the Protocol}
+	\begin{block}{Threshold Group Action}
+		\[E^{\# S'} = \left[L_{j,S'}s_j\right] \left(\left[\ldots\right]E^{0}\right) =  \left[\sum_{P_i\in S'} L_{i,S'}s_i\right] E^0 = \left[s\right] c.\]
+	\end{block}
 	\begin{block}{Advantages}
 		\begin{itemize}
 			\item Simulatable
@@ -150,14 +176,14 @@
 		\draw [help lines] (sk) edge (sh1) edge (sh2) edge (sh3) edge (sh4);
 		
 		%\pause
-		\node [right=of sh1] (cipher) {$E_0 = c$};
+		\node [right=of sh1] (cipher) {$E^0 = c$};
 		\coordinate [left = of sh2] (bla) ;
 		\draw [->] (cipher) -- (sh1);
 
 		%\pause
-		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E_0$} (sh2) ;
-		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left, color = red] {$ {E^2} \neq \left[L_{2,S'} s_2\right] E_1$} (sh3) ;
-		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E_2$} (sh4) ;
+		\draw [->, >=Stealth, bend right] (sh1) edge node [midway, above] {$ E^1 = \left[L_{1,S'} s_1\right] E^0$} (sh2) ;
+		\draw [->, >=Stealth, bend right] (sh2) edge node [midway, left, color = red] {$ {E^2} \neq \left[L_{2,S'} s_2\right] E^1$} (sh3) ;
+		\draw [->, >=Stealth, bend right] (sh3) edge node [midway, below] {$ E^3 = \left[L_{3,S'} s_3\right] E^2$} (sh4) ;
 		\node [right = of sh4] (key) {$\key = \left[L_{4,S'} s_4\right] E^3$};
 		\draw [->] (sh4) -- (key);
 
-- 
GitLab