Please note that the following macros are fixed at compile time of LibTMCG and cannot be changed by your application. They are only provided here for informational purposes.
Defines the number of iterations for the Miller-Rabin primality test. The default value is
64which implies a soundness error probability \le 4^-64.
Defines the security parameter \ell_e of Groth's interactive shuffle argument [Gr05]. The default value is
80which implies a soundness error probability \le 2^-80. For the intended purposes of LibTMCG this bound seems to be reasonable.
Defines the security parameter (field size in bit) of the group G which is used by the card encoding scheme of Barnett and Smart [BS03]. The underlying assumptions are DDH, CDH, and DLOG. The default value is
1024.
Defines the security parameter (subgroup size in bit) of the group G which is used by the card encoding scheme of Barnett and Smart [BS03]. The underlying assumptions are DLSE (related to DDH) and DLOG. The default value is
160.
Defines the message digest algorithm for digital signatures and the Fiat-Shamir heuristic (see TODO). The security of the most non-interactive zero-knowledge proofs (NIZK) is related to the so-called random oracle model, i.e., we suppose that the instantiated hash function behaves like an ideal random function (which cannot hold in a real world scenario). However, this assumption seems to be reasonable, if the hash function is collision-resistant and carefully implemented. The default value
GCRY_MD_RMD1601 chooses the hash algorithm RIPEMD-160 (see TODO) which has an output length of 160 bit. Thus we gain a security level of approximately 2^80, assuming that a birthday-attack is the best known attack against this hash function.
Defines the length (in characters w.r.t.
TMCG_MPZ_IO_BASE) for the distinctive suffix of the unique TMCG key identifier. The default value is8which spans a reasonable name space for at least 2^20 different TMCG keys (seeTMCG_PublicKey).Each key identifier starts with the string
"ID"followed by the decimal encoded value ofTMCG_KEYID_SIZEand the appended carret symbol"^". The final suffix containsTMCG_KEYID_SIZEalphanumerical characters from the self signature of TMCG key. The signature has enough entropy included to be used as unique key identifier.
Defines the security parameter (number of iterations) of the NIZK proof (stage 1) which convince all verifiers that the TMCG key was correctly generated. The default value is
16which implies a soundness error probability \le d^-16, where d = \rm gcd(m, \phi(m)). This parameter is only relevant for the card encoding scheme of Schindelhauer.
Defines the security parameter (number of iterations) of the NIZK proof (stage 2) which convince all verifiers that the TMCG key was correctly generated. The default value is
128which implies a soundness error probability \le 2^-128. This parameter is only relevant for the card encoding scheme of Schindelhauer.
Defines the security parameter (number of iterations) of the NIZK proof (stage 3) which convince all verifiers that the TMCG key was correctly generated. The default value is
128which implies a soundness error probability \le 2^-128. This parameter is only relevant for the card encoding scheme of Schindelhauer.
Defines the required minimum version number of the GNU Crypto Library. The default value is
"1.2.0". During the initialization of LibTMCG (seeinit_libTMCG) it is checked, whether the version number of the linked shared object fulfil this condition.
Defines the required minimum version number of the GNU Multiple Precision Arithmetic Library. The default value is
"4.1.0". During the initialization of LibTMCG (seeinit_libTMCG) it is checked, whether the version number provided by the header file gmp.h and used at compile time of LibTMCG fulfil this condition.
Defines the maximum number of players. The default value is
32. This parameter is only relevant for the card encoding scheme of Schindelhauer.
Defines the maximum number of bits to represent the card type in the scheme of Schindelhauer. On the other hand, this value determines the maximum size of the message space in the scheme of Barnett and Smart. The default value is
8which implies that 256 different card types are possible.
Defines the input and output base of the
std::iostreamoperators<<and>>which are used to encode large integers (mpz_t). The default value is36which is currently the largest base supported by the GNU Multiple Precision Arithmetic Library.
Defines the security parameter k_0 (in characters) of the PRab scheme (see Bellare, Rogaway: The Exact Security of Digital Signatures – How to Sign with RSA and Rabin, 1996). The default value is
20which implies a security level around 2^80.
Defines the security parameter (size of the modulus m = p \cdot q in bit) of the TMCG key. The underlying assumptions are QRA and FACTOR. The default value is
1024. This parameter is only relevant for TMCG keys and Schindelhauer's encoding scheme.
Defines the security parameter s_0 (in characters) of the Rabin-SAEP scheme (see Boneh: Simplified OAEP for the RSA and Rabin Functions, 2002). The default value is
20which implies a security around 2^80 against CCA (Chosen Ciphertext Attacks).
Defines whether shortened commitments are used in the shuffle verification procedure of Schindelhauer. The default value is
true, because it will decrease the communication complexity significantly. However, as an immediate consequence the soundness property is violated, if the used hash functionTMCG_GCRY_MD_ALGOis broken.
Defines the maximum size of admissible exponents (in bit) used by fast exponentiation procedures. The default value is
2048. Note that this parameter has a strong influence on the amount of memory allocated by LibTMCG since it determines the size of the precomputed tables. However, it should be at least greater thanTMCG_DDH_SIZEandTMCG_QRA_SIZE.