Fix typos. Replace proof that PRPs are PRFs. Other fixes.

[doc/ips] / auth-sig.tex

diff --git a/auth-sig.tex b/auth-sig.tex
index b3322ac..8faff1e 100644 (file)
--- a/auth-sig.tex
+++ b/auth-sig.tex
@@ -29,7 +29,7 @@
   
   We recognize several different types of forgeries which can be made:
   \begin{itemize}
-  \item An \emph{existiential forgery} occurs when an adversary creates a
+  \item An \emph{existential forgery} occurs when an adversary creates a
     valid signature for some arbitrary message not of its choosing.
   \item An \emph{selective forgery} occurs when an adversary creates a valid
     signature for a message that it chooses.
@@ -183,9 +183,9 @@
 \end{slide}
 
 \begin{slide}
-  \head{Fixing RSA, 2: \PKCS1 padding (cont.)}
+  \head{\PKCS1 signature padding (cont.)}
 
-  Diagramatically, \PKCS1 signature looks like this:
+  Diagrammatically, \PKCS1 signature looks like this:
   \begin{tabular}[C]{r|c|c|c|c|c|} \hlx{c{2-6}v}
     \hex{00} & \hex{01} &
     \hex{FF} \hex{FF} \ldots \hex{FF} &
@@ -314,7 +314,7 @@
   \[ \Pr[F] = \Pr[F \land N] + \Pr[F \land \lnot N]
      \quad \text{so} \quad
      \Pr[F \land \lnot N] = \Pr[F] - \Pr[F \land N]. \]%
-  From the above discussion, we ahave
+  From the above discussion, we have
   \[ \Pr[V \land N] = \Pr[F \land N]
      \quad \text{and} \quad
      \Pr[V \land \lnot N] \ge \frac{1}{q_H} \Pr[F \land \lnot N]. \]%
@@ -563,7 +563,7 @@
   
   Most of the \ABORT statements in the main inverter routine detect incorrect
   signatures.  The final one, asserting $x \notin \Xid{I}{map}$, can't happen
-  unless the signaure is a duplicate of one we already gave.
+  unless the signature is a duplicate of one we already gave.
   
   The \ABORT{}s in $H$ and \id{sign} detect conditions in which the
   adversary has successfully distinguished its simulated environment from