diff options
| author | Jeffrey Burdges <burdges@gnunet.org> | 2017-06-02 15:55:49 +0200 | 
|---|---|---|
| committer | Jeffrey Burdges <burdges@gnunet.org> | 2017-06-02 15:55:49 +0200 | 
| commit | 9f7e3bb2bd494860c31aa534942de85636cb91a8 (patch) | |
| tree | 7daf93f69cfbe14cd77aa82ebad72ea6c3a649cb /doc/paper/taler.tex | |
| parent | b21705882156f73c6623f76b719fcaadc3d26555 (diff) | |
More on RSA-KTI
Diffstat (limited to 'doc/paper/taler.tex')
| -rw-r--r-- | doc/paper/taler.tex | 12 | 
1 files changed, 10 insertions, 2 deletions
| diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 96db7c6d..bfe8987b 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -509,7 +509,7 @@ financial reserve.  In addition, Taler includes an \emph{auditor} who  assures customers and merchants that the exchange operates correctly.  %\vspace{-0.3cm} -\subsection{Security considerations} +\subsection{Security considerations}\label{subsec:security_rough}  %\vspace{-0.3cm}  As a payment system, Taler naturally needs to make sure that coins are @@ -559,7 +559,7 @@ limiting the exchange's financial liability.  On the cryptographic side, a Taler exchange demands that coins use a  full domain hash (FDH) to make so-called ``one-more forgery'' attacks  provably hard, assuming the RSA known-target inversion problem is -hard~\cite[Theorem 12]{RSA-HDF-KTIvCTI}.  For a withdrawn coin, +hard~\cite[Theorem 12]{RSA-FDH-KTIvCTI}.  For a withdrawn coin,  violating the customers anonymity cryptographically requires recognizing  a random blinding factor from a random element of the group of  integers modulo the denomination key's RSA modulus, which appears @@ -1466,6 +1466,14 @@ protocol is never used.  \subsection{Exculpability arguments} +In \S\ref{subsec:security_rough}, +we quoted \cite[Theorem 12]{RSA-FDH-KTIvCTI} that RSA-FDH blind +signatures are secure against ``one-more forgery'' attacks, assuming + the RSA known-target inversion problem is hard. +We note as well that ``one-more forgery'' attacks cover both the +refresh operation as well as the withdrawal operarion + \cite[Definition 12]{RSA-FDH-KTIvCTI,OneMoreInversion}. +  \begin{lemma}\label{lemma:double-spending}  The exchange can detect, prevent, and prove double-spending.  \end{lemma} | 
