From 741af6ed6d65f9a970a0e0c8246f7b7f186cb949 Mon Sep 17 00:00:00 2001
From: Philipp Muth <muth@seceng.informatik.tu-darmstadt.de>
Date: Thu, 8 Sep 2022 18:34:44 +0200
Subject: [PATCH] slides done (hopefully)

---
 ACNS/presentation/generalsss.tex | 18 +++++++++++++++++-
 ACNS/presentation/main.tex       |  2 +-
 ACNS/presentation/motivation.tex | 14 +++++++++++---
 ACNS/presentation/preamble.tex   |  1 +
 ACNS/presentation/signatures.tex | 12 ++++++++++++
 5 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/ACNS/presentation/generalsss.tex b/ACNS/presentation/generalsss.tex
index 807e2a9..ba9d357 100644
--- a/ACNS/presentation/generalsss.tex
+++ b/ACNS/presentation/generalsss.tex
@@ -1,4 +1,20 @@
 
-\section{General Access Structures and Secret Sharing Schemes}
+\section{General Secret Sharing Schemes}
 \begin{frame}
+	\frametitle{Necessary Characteristics for Compatibility}
+	\begin{itemize}
+		\item Independent reconstruction: a shareholder's input in reconstructing a secret is independent of other shares
+		\item Self-contained reconstruction: the shares of a secret live in the same space as the secret to enable two-level sharing
+		\item Compatibility with zero-knowledge proof and the piecewise verifiable proof in the HHS 
+	\end{itemize}
+\end{frame}
+
+\begin{frame}
+	\frametitle{Examples}
+	\begin{itemize}
+		\item Shamir's polynomial secret sharing: compatible (our protocol was initially based on it)
+		\item Tassa's hierarchical threshold secret sharing \cite{DBLP:conf/tcc/Tassa04}: compatible (extension of Shamir's approach)
+		\item Damgard and Thorbek's linear integer secret sharing \cite{DBLP:conf/pkc/DamgardT06}: incompatible, since it is only computationally hiding
+		\item Additive secret sharing: incompatible, because superauthorised sets of shareholders do not exist
+	\end{itemize}
 \end{frame}
diff --git a/ACNS/presentation/main.tex b/ACNS/presentation/main.tex
index 85e1df6..eca9040 100644
--- a/ACNS/presentation/main.tex
+++ b/ACNS/presentation/main.tex
@@ -31,6 +31,6 @@
 \section{References}
 \begin{frame}[allowframebreaks]
 	\bibliographystyle{amsalpha}
-	\bibliography{pqc}
+	\bibliography{pqc,local_bib}
 \end{frame}
 \end{document}
diff --git a/ACNS/presentation/motivation.tex b/ACNS/presentation/motivation.tex
index d6bce6b..02f05b6 100644
--- a/ACNS/presentation/motivation.tex
+++ b/ACNS/presentation/motivation.tex
@@ -38,9 +38,17 @@
 
 \begin{frame}
 	\frametitle{Secret Sharing Schemes}
-
-	\begin{definition}[Superauthorises Sets]
-
+	\begin{itemize}
+		\item Distribute a secret \(s\) among \(n\) shareholders via 
+			\[ \mathcal S.\share\paren* s\]
+		\item Reconstruct a shared secret via
+			\[ \SH.\rec\paren*{\set{s_i}_{P_i \in S'}} \]
+			for an authorised set \(S'\in \Gamma\). 
+	\end{itemize}
+
+	\begin{definition}[Superauthorised Sets]
+		A \highlight{superauthorised set} of shareholders is a set \(S^\ast\), so that
+		\[\forall P \in S^\ast \colon S^\ast \setminus\set{P} \in \Gamma.\]
 	\end{definition}
 
 \end{frame}
diff --git a/ACNS/presentation/preamble.tex b/ACNS/presentation/preamble.tex
index afdcc77..162e8cb 100644
--- a/ACNS/presentation/preamble.tex
+++ b/ACNS/presentation/preamble.tex
@@ -117,6 +117,7 @@
 \newcommand\decaps{\mathsf{Decaps}}
 \newcommand\encaps{\mathsf{Encaps}}
 \newcommand\keygen{\mathsf{KeyGen}}
+\providecommand\highlight[1]{\emph{#1}}
 
 \DeclarePairedDelimiter{\paren}{\lparen}{\rparen}
 \DeclarePairedDelimiter{\bracket}{[}{]}
diff --git a/ACNS/presentation/signatures.tex b/ACNS/presentation/signatures.tex
index abbe11a..b95a377 100644
--- a/ACNS/presentation/signatures.tex
+++ b/ACNS/presentation/signatures.tex
@@ -1,4 +1,16 @@
 
 \section{Deriving a Signature Scheme}
 \begin{frame}
+	\begin{block}{Why actively secure signature schemes?}
+		Correctness of a signature is easily verified with the public key and the signed message.
+
+		BUT: An incorrect signature does not identify the misbehaving shareholder.
+	\end{block}
+	\begin{block}{Signature Scheme}
+		\begin{itemize}
+			\item \(\keygen\): Keep \(\keygen\) of the key exchange mechanism, i.e., the secret key is two-level shared among parties \(P_1,\ldots,P_n\)
+			\item \(\sign\): Apply Fiat-Shamir-transform \cite{C:FiaSha86} to the decapsulation protocol, resulting in a signing protocol with secret shared secret key
+			\item \(\verify\): Arises naturally from the Fiat-Shamir-transformation
+		\end{itemize}
+	\end{block}
 \end{frame}
-- 
GitLab