[taler-anastasis] branch master updated: rename escrow method

[gnunet]

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new 453ff5f  rename escrow method
453ff5f is described below

commit 453ff5f6b0c3f84401268cce6f3288cb16a7fe60
Author: Dennis Neufeld <dennis.neufeld@students.bfh.ch>
AuthorDate: Wed Jun 10 16:32:37 2020 +0000

    rename escrow method
---
 doc/thesis/design.tex                |  19 +++++++++----------
 doc/thesis/glossary.tex              |  27 ++++++++++++++-------------
 doc/thesis/images/keys_anastasis.png | Bin 100045 -> 128549 bytes
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/doc/thesis/design.tex b/doc/thesis/design.tex
index efd1bdf..1753000 100644
--- a/doc/thesis/design.tex
+++ b/doc/thesis/design.tex
@@ -41,9 +41,8 @@ The figure~\ref{fig:keys_anastasis} gives an overview of the 
keys used in Anasta
 \noindent In the following the keys shown in the 
figure~\ref{fig:keys_anastasis} on 
 page~\pageref{fig:keys_anastasis} are explained:
 
-FIXME IDENTITY KEY -> KDF\_ID
 \begin{description}
-       \item[identity key] {The {\em identity key} is derived from the user 
attributes and a
+       \item[kdf id] {The {\em kdf id} is derived from the user attributes and 
a
        randomly generated server salt provided by the escrow provider using 
Argon2. It is used to derive 
        the {\em private account key}, the {\em symmetric key 1} and the {\em 
symmetric key 2}.}
        \item[private account key] {The {\em private account key} is used to 
sign the {\em encrypted
@@ -87,11 +86,11 @@ recover their core secret.
 \subsection{The recovery document}
 
 A {\em recovery document} includes all the information a user needs to
-recover access to their core secret. It specifies a set of {\em escrow
+recover access to their core secret. It specifies a set of {\em authentication
   methods}, which specify how the user should convince the Anastasis
-server that they are ``real''. Escrow methods can for example include
+server that they are ``real''. Authentication methods can for example include
 SMS-based verification, Video-identification or a security
-question. For each escrow method, the Anastasis server is provided
+question. For each authentication method, the Anastasis server is provided
 with (initially encrypted) {\em truth}, that is data the Anastasis
 operator may learn during the recovery process to authenticate the
 user. Examples for truth would be a phone number (for SMS), a picture
@@ -100,15 +99,15 @@ answer. A strong adversary is assumed to be able to learn 
the truth,
 while weak adversaries must not (except if they are the provider and
 then they may learn it only during key recovery).
 
-In addition to a set of escrow methods and associated Anastasis server
+In addition to a set of authentication methods and associated Anastasis server
 operators, the recovery document also specifies {\em policies}, which
-describe the combination(s) of the escrow methods that suffice to
+describe the combination(s) of the authentication methods that suffice to
 obtain access to the core secret. For example, a policy could say that
-the escrow methods ``$A$ and $B$'' suffice, and a second policy may
+the authentication methods ``$A$ and $B$'' suffice, and a second policy may
 permit ``$A$ and $C$''. A different user may choose to use the policy
 that ``$A$ and $B$ and $C$'' are all required. Anastasis imposes no
 limit on the number of policies in a recovery document, or the set of
-providers or escrow methods involved in guarding a user’s secret. Weak
+providers or authentication methods involved in guarding a user’s secret. Weak
 adversaries must not be able to deduce information about a user’s
 recovery document (except for meta data such as its length or
 approximate creation time, which may be exposed to an adversary which
@@ -306,7 +305,7 @@ recovery_document_encrypt(kdf_id, recovery_document)
 \end{lstlisting}
 
 \begin{description}
-       \item[encrypted\_recovery\_document] {The encrypted recovery document 
which contains the escrow methods, policies and the encrypted core secret.}
+       \item[encrypted\_recovery\_document] {The encrypted recovery document 
which contains the authentication methods, policies and the encrypted core 
secret.}
        \item[encrypted\_key\_share] {The encrypted key\_share which the escrow 
provider must release upon successful authentication.}
        \item[nonce] {Nonce which is used to generate keys and ivs which are 
used for the encryption. The nonce must contain either eks or erd.}
        \item[encrypted\_data] {The encrypted data contains the either a 
recovery document or a key share which was encrypted and the nonce and the 
aes\_gcm\_tag. To be able to decrypt it the first 32Bytes are the nonce and the 
next 12 Bytes are the aes\_gcm\_tag.}
diff --git a/doc/thesis/glossary.tex b/doc/thesis/glossary.tex
index e6bc657..b689e10 100644
--- a/doc/thesis/glossary.tex
+++ b/doc/thesis/glossary.tex
@@ -1,14 +1,15 @@
 \section*{Glossary}
-\addcontentsline{toc}{section}{Glossary}
-\textbf{recovery document}, a data structure which contains a set of policies 
and challenges. \\
-\textbf{policy}, a policy is a list of challenges which need to be solved to 
recover the core secret.\\
-\textbf{challenge}, a challenge is a data structure which holds information 
about a user authentication for a escrow provider.\\
-\textbf{truth}, truth is a data structure which defines how a user 
authentication is performed, it also contains the key share which is released 
upon successful authentication..\\
-\textbf{escrow provider}, this is referred  to servers which operate 
Anastasis.\\
-\textbf{key share}, a key share is a random byte sequence which is combined 
with other key shares to create a policy key.\\
-\textbf{core secret}, the core secret is the data which the user wants to 
protect with Anastasis. \\
-\textbf{master key}, the master key is a randomly generated key which is used 
to encrypt the user's core secret. \\
-\textbf{policy key}, every policy holds a separate policy key which is built 
through the combination of the key shares. The policy key is used to encrypt 
the master key.\\
-\textbf{kdf\_id}, the kdf\_id is an Argon2 hash over the user's unforgettable 
password.\\
-
-FIXME authentication method!!
+%\addcontentsline{toc}{section}{Glossary}
+\begin{description}
+       \item[recovery document] {A data structure which contains a set of 
policies and challenges.}
+       \item[policy] {A policy is a list of challenges which need to be solved 
to recover the core secret.}
+       \item[challenge] {A challenge is a data structure which holds 
information about a user authentication for a escrow provider.}
+       \item[truth] {A truth is a data structure which defines how a user 
authentication is performed, it also contains the key share which is released 
upon successful authentication.}
+       \item[escrow provider] {An escrow provider is referred  to servers 
which operate Anastasis.}
+       \item[key share] {A key share is a random byte sequence which is 
combined with other key shares to create a policy key.}
+       \item[core secret] {The core secret is the data which the user wants to 
protect with Anastasis.}
+       \item[master key] {The master key is a randomly generated key which is 
used to encrypt the user's core secret.}
+       \item[policy key] {Every policy holds a separate policy key which is 
built through the combination of the key shares. The policy key is used to 
encrypt the master key.}
+       \item[kdf id] {The kdf id is an Argon2 hash over the user's 
unforgettable password.}
+       \item[authentication method] {An authentication method specifies how 
the user should convince the escrow provider that he is authorized to get a key 
share.}
+\end{description}
\ No newline at end of file
diff --git a/doc/thesis/images/keys_anastasis.png 
b/doc/thesis/images/keys_anastasis.png
index 85a43f6..a6730a3 100644
Binary files a/doc/thesis/images/keys_anastasis.png and 
b/doc/thesis/images/keys_anastasis.png differ

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.