Security and co-CDH Assumption

We use

to represent the adversaryโ€™s advantage in attacking the scheme S, for an adversary that makes at most Qsig signature queries, at most QH0 queries to H0, and at most QH1 queries to H1. We say that the scheme S is secure if for all efficient adversaries the advantage is negligible.

The co-CDH assumption is that the security of the scheme S relies on the standard co-CDH assumption in the bilinear group (G_0, G_1). The assumption states that for all efficient algorithms A,

where วซ is a neglible quantity and where ฮฑ, ฮฒ โ† Z_q.

Last updated