[GNUnet-SVN] [taler-exchange] 02/02: Merge branch 'master' of ssh://tale

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-exchange] 02/02: Merge branch 'master' of ssh://tale

From:	gnunet
Subject:	[GNUnet-SVN] [taler-exchange] 02/02: Merge branch 'master' of ssh://taler.net/exchange
Date:	Tue, 16 May 2017 14:04:15 +0200

This is an automated email from the git hooks/post-receive script.

burdges pushed a commit to branch master
in repository exchange.

commit 88d633526d704c4ab9193cb23e01a41f0225e1ba
Merge: 468a373 7ce6700
Author: Jeffrey Burdges <address@hidden>
AuthorDate: Tue May 16 14:03:41 2017 +0200

    Merge branch 'master' of ssh://taler.net/exchange
    
    I need to refine the text for real after this sloppy merge

 doc/paper/taler.tex | 164 +++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 124 insertions(+), 40 deletions(-)

diff --cc doc/paper/taler.tex
index 1a695e1,9cff69e..607390e
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@@ -1284,8 -1353,10 +1353,10 @@@ We thank people (anonymized)
  %Jacob Appelbaum for productive discussions and support.
  \newpage
  
- \bibliographystyle{alpha}
- \bibliography{taler,rfc,ro}
+ \bibliographystyle{ACM-Reference-Format}
 -\bibliography{taler} 
++\bibliography{taler,ro} % rfc
+ 
 -\end{document}
++\end{document} %TODO: What?!?
  
  %\vfill
  %\begin{center}
@@@ -1491,41 -1563,36 +1562,47 @@@ any adversary with an advantage for lin
  rise to an adversary with an advantage for recognizing SHA512 output.
  \end{corollary}
  
- There was an earlier encryption-based version of the Taler protocol
- in which refresh operated consisted of $\kappa$ normal coin withdrawals
- encrypted using the secret $t^{(i)} C$ where $C = c G$ is the coin being
- refreshed and $T^{(i)} = t^{(i)} G$ is the transfer key.
+ We will now consider the impact of the refresh operation.  For the
+ sake of the argument, we will first consider an earlier
+ encryption-based version of the protocol in which refresh operated
+ consisted of $\kappa$ normal coin withdrawals where the commitment
+ consisted of the blinding factors and private keys of the fresh coins
+ encrypted using the secret $t^{(i)} C_s$ where $C_s = c_s G$ of the
+ dirty coin $C$ being refreshed and $T^{(i)} = t^{(i)} G$ is the
+ transfer key.\footnote{We abandoned that version as it required
+   slightly more storage space and the additional encryption
+   primitive.}
  
  \begin{proposition}
 -Assuming the encryption used is ??? secure, and that
 - the independence of $c_s$, $t$, and the new coins' key materials, then
 -any PPT adversary with an advantage for linking Taler coins gives
 -rise to an adversary with an advantage for recognizing SHA512 output.
 +Assuming the encryption used is semantically (IND-CPA) secure, and
- that the independence of $c$, $t$, and the new coins key materials, 
++that the independence of $c_s$, $t$, and the new coins' key materials, 
 +then any probabilistic polynomial time (PPT) adversary with an
 +advantage for linking Taler coins gives rise to an adversary with
 + an advantage for recognizing SHA512 output.
  \end{proposition}
  
 +In fact, the exchange can launch an chosen cphertext attack against
 +the customer by providing different ciphertexts.  Yet, the resulting
 +plaintext is implicitly authenticated becuase after decryption
 +the customer unblinds and checks the signature by the denomination
 +key.  
 +
 +If this check does not check out, then the wallet must abandon
 +this coin and report the exchange's fraudulent activity.
 +
  % TODO: Is independence here too strong?
  
- We may now remove the encrpytion by appealing to the random oracle model
- \cite{BR-RandomOracles}.
+ We may now remove the encrpytion by appealing to the random oracle
+ model~\cite{BR-RandomOracles}.
  
  \begin{lemma}[\cite{??}]
  Consider a protocol that commits to random data by encrypting it
  using a secret derived from a Diffe-Hellman key exchange.
  In the random oracle model, we may replace this encryption with
- a hash function derives the random data by applying hash functions
- to the same secret.
+ a hash function which derives the random data by applying hash
+ functions to the same secret.
  \end{lemma}
 +% TODO: IND-CPA again?  Anything else?
  
  \begin{proof}
  We work with the usual instantiation of the random oracle model as

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [taler-exchange] branch master updated (7ce6700 -> 88d6335), gnunet, 2017/05/16
- [GNUnet-SVN] [taler-exchange] 02/02: Merge branch 'master' of ssh://taler.net/exchange, gnunet <=
- [GNUnet-SVN] [taler-exchange] 01/02: IND-CPA maybe?, gnunet, 2017/05/16

Prev by Date: [GNUnet-SVN] [taler-exchange] branch master updated (7ce6700 -> 88d6335)
Next by Date: [GNUnet-SVN] [taler-exchange] 01/02: IND-CPA maybe?
Previous by thread: [GNUnet-SVN] [taler-exchange] branch master updated (7ce6700 -> 88d6335)
Next by thread: [GNUnet-SVN] [taler-exchange] 01/02: IND-CPA maybe?
Index(es):
- Date
- Thread