|
| From: | Fabian Kirsch |
| Subject: | Re: [Taler] G the generator |
| Date: | Sun, 04 Oct 2015 06:12:28 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 |
Dear all, Have a look at the paragraphs in the screenshots. http://www.krautchan.net/download/1443931492001.png/01_linking_in_general.png http://www.krautchan.net/download/1443931492002.png/02a_refreshing_in_general.png Encrypt(..) is containing all the stuff that happens with DH and E_K(..)... L is the tuple that was called (E,T_p) before. What was called step 6 and 7 before, was giving the mint enoughinfo to "break" the nongamma-link-encryption and checking if they were created fair.
Here my two cents:1.) For understanding the concept, it is good to start with a high-level description. 1.a) the presented notation of an encrypted message for C' directly matches what everybody expects the Link to be 2.) If the best implementation choice is "we encrypt our link-info by combining DH with symmetric crypto but the DH has to be with EC" there should be arguments for that.
greetings Fabian
Am 03.10.2015 um 18:04 schrieb Fabian Kirsch:Hi Luis, "DH + Encryption by K_i" is used to build the link-Message. So (T_p, E) is a message, which can be read by anyone knowing c'_s. And such message could be created by anyone using C_p. After all that is a selfbrew asymetric crypto. Sending (c_s, b) to C'. I am going to write it down more clearly after dinner. See you Fabian Am 03.10.2015 um 17:14 schrieb Luis Ressel:[..] Encryption is not needed at all, I guess you meant "signature scheme". Also, in the linking protocol, the private coin keys are used in a DH-like manner, so there are in fact some additional requirements. Regards, Luis Ressel
| [Prev in Thread] | Current Thread | [Next in Thread] |