Name		Name	Last commit message	Last commit date
parent directory ..
BLT_Instance.ec		BLT_Instance.ec
Case1.ec		Case1.ec
Case2.ec		Case2.ec
Case3.ec		Case3.ec
Case4.ec		Case4.ec
Dummy_Tag.ec		Dummy_Tag.ec
Properties.ec		Properties.ec
Pure_Wrap.ec		Pure_Wrap.ec
README.md		README.md
Security.ec		Security.ec

README.md

Repository

At each moment t, repository contains a pair of a tag and a message

   R.get(t : int) : (message * tag) option

More specifically, the valid signature of message m at time t must contain an entry R.get(t) = Some (m, tag sk t).

Adversary can only read from the repository:

  R.put(x : hash) := {
    t := t + 1;
    r[t] = x;    
    return t;
  }

Sketch of the proof of EUF

Assume that A makes a forgery.

Oracle not used: Tag-system is unsafe.
Oracle used at time t and signature is forged for time t'.

2.1. t < t': Tag-system is unsafe.

2.2. t > t': Tag-system is unsafe.

2.3. t = t': This case is impossible since the adversary succeeded with a forgery only if the message is fresh (which did not happen for the reason that repository contains plain message).