Re: [Taler] S, B, B^-1

taler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] S, B, B^-1

From:	Luis Ressel
Subject:	Re: [Taler] S, B, B^-1
Date:	Thu, 1 Oct 2015 16:23:34 +0200

On Thu, 01 Oct 2015 09:25:15 +0200
Raphael Arias <address@hidden> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi,
> 
> On 09/30/2015 03:06 PM, address@hidden wrote:
> > On the next to last page:
> > 
> > "S_K(.) and B_b(.) commute" i don't think that is true..
> > 
> > and unblinding is not the inverse of blinding (at least in RSA).
> > 
> > All that is given is: U(S(B(X))) = S(X)
> 
> I can agree with at least the last 2 lines of this. I am not sure
> about the first point.
> 
> Best regards,
> Raphael

With Chaum's standard RSA blinding scheme, the first claim is true as
well: B_b(S_K(m)) = b^e * m^d mod n /= b * m^d mod n = S_K(B_b(m)).

Regards,
Luis Ressel

[Prev in Thread]

Current Thread

[Next in Thread]

[Taler] S, B, B^-1, fabian . kirsch, 2015/10/08
- Re: [Taler] S, B, B^-1, Raphael Arias, 2015/10/08
  - Re: [Taler] S, B, B^-1, Luis Ressel <=

Prev by Date: Re: [Taler] presenting refreshment
Next by Date: Re: [Taler] clarifying refresh
Previous by thread: Re: [Taler] S, B, B^-1
Next by thread: [Taler] overline Typo or misunderstanding
Index(es):
- Date
- Thread