Notational cleanups

This commit is contained in:
Jeff Burdges 2016-08-09 00:35:33 +02:00
parent eb28eaf320
commit 0155774136

View File

@ -640,7 +640,7 @@ Now the customer carries out the following interaction with the exchange:
to request withdrawal of $C$; here, $B_b$ denotes Chaum-style blinding with to request withdrawal of $C$; here, $B_b$ denotes Chaum-style blinding with
blinding factor $b$. blinding factor $b$.
\item The exchange checks if the same withdrawal request was issued before; \item The exchange checks if the same withdrawal request was issued before;
in this case, it sends $S_{K}(B)$ to the customer.% in this case, it sends $S_K(B)$ to the customer.%
\footnote{$S_K$ denotes a Chaum-style blind signature with private key $K_s$.} \footnote{$S_K$ denotes a Chaum-style blind signature with private key $K_s$.}
If this is a fresh withdrawal request, the exchange performs the following transaction: If this is a fresh withdrawal request, the exchange performs the following transaction:
\begin{enumerate} \begin{enumerate}
@ -783,7 +783,7 @@ generator of the elliptic curve.
the transfer key pair $T^{(i)} := \left(t^{(i)}_s,T^{(i)}_p\right)$ the transfer key pair $T^{(i)} := \left(t^{(i)}_s,T^{(i)}_p\right)$
and old coin key pair $C' := \left(c_s', C_p'\right)$, and old coin key pair $C' := \left(c_s', C_p'\right)$,
so that $K_i = H(t^{(i)}_s C'_p)$ too. so that $K_i = H(t^{(i)}_s C'_p)$ too.
Now the customer applies key derivtion functions to $K_i$ to generate Now the customer applies key derivtion functions $\KDF_?$ to $K_i$ to generate
\begin{itemize} \begin{itemize}
\item a blinding factor $b^{(i)} = \FDH_K(\KDF_{\textrm{blinding}}(K_i))$. \item a blinding factor $b^{(i)} = \FDH_K(\KDF_{\textrm{blinding}}(K_i))$.
\item $c_s^{(i)} = \KDF_{\textrm{Ed25519}}(K_i)$ \item $c_s^{(i)} = \KDF_{\textrm{Ed25519}}(K_i)$
@ -1243,22 +1243,22 @@ data being committed to disk are represented in between $\langle\rangle$.
\item[$t^{(i)}_s$]{private transfer key, a scalar} \item[$t^{(i)}_s$]{private transfer key, a scalar}
\item[$T^{(i)}_p$]{public transfer key, point on a curve (same curve must be used for $C_p$)} \item[$T^{(i)}_p$]{public transfer key, point on a curve (same curve must be used for $C_p$)}
\item[$T^{(i)}$]{public-private transfer key pair $T^{(i)} := (t^{(i)}_s,T^{(i)}_s)$} \item[$T^{(i)}$]{public-private transfer key pair $T^{(i)} := (t^{(i)}_s,T^{(i)}_s)$}
\item[$\vec{T}$]{Vector of $T^{(i)}$} \item[$\vec{t}$]{Vector of $t^{(i)}_s$}
\item[$c_s^{(i)}$]{Secret key corresponding to a fresh coin, scalar on a curve} \item[$c_s^{(i)}$]{Secret key corresponding to a fresh coin, scalar on a curve}
\item[$C_p^{(i)}$]{Public key corresponding to $c_s^{(i)}$, point on a curve} \item[$C_p^{(i)}$]{Public key corresponding to $c_s^{(i)}$, point on a curve}
\item[$C^{(i)}$]{Public-private coin key pair $C^{(i)} := (c_s^{(i)}, C_p^{(i)})$} \item[$C^{(i)}$]{Public-private coin key pair $C^{(i)} := (c_s^{(i)}, C_p^{(i)})$}
\item[$\vec{C}$]{Vector of $C^{(i)}$ (public and private keys)} % \item[$\vec{C}$]{Vector of $C^{(i)}$ (public and private keys)}
\item[$b^{(i)}$]{Blinding factor for RSA-style blind signatures} \item[$b^{(i)}$]{Blinding factor for RSA-style blind signatures}
\item[$\vec{b}$]{Vector of $b^{(i)}$} \item[$\vec{b}$]{Vector of $b^{(i)}$}
\item[$B^{(i)}$]{Blinding of $C_p^{(i)}$} \item[$B^{(i)}$]{Blinding of $C_p^{(i)}$}
\item[$\vec{B}$]{Vector of $B^{(i)}$} \item[$\vec{B}$]{Vector of $B^{(i)}$}
\item[$K_i$]{Symmetric encryption key derived from ECDH operation via hashing} \item[$K_i$]{Symmetric encryption key derived from ECDH operation via hashing}
\item[$E_{K_i}()$]{Symmetric encryption using key $K_i$} % \item[$E_{K_i}()$]{Symmetric encryption using key $K_i$}
\item[$E^{(i)}$]{$i$-th encryption of the private information $(c_s^{(i)}, b_i)$} % \item[$E^{(i)}$]{$i$-th encryption of the private information $(c_s^{(i)}, b_i)$}
\item[$\vec{E}$]{Vector of $E^{(i)}$} % \item[$\vec{E}$]{Vector of $E^{(i)}$}
\item[$\cal{R}$]{Tuple of revealed vectors in cut-and-choose protocol, \item[$\cal{R}$]{Tuple of revealed vectors in cut-and-choose protocol,
where the vectors exclude the selected index $\gamma$} where the vectors exclude the selected index $\gamma$}
\item[$\overline{K_i}$]{Encryption keys derived by the verifier from DH} \item[$\overline{K_i}$]{Link secrets derived by the verifier from DH}
\item[$\overline{B^{(i)}}$]{Blinded values derived by the verifier} \item[$\overline{B^{(i)}}$]{Blinded values derived by the verifier}
\item[$\overline{T_p^{(i)}}$]{Public transfer keys derived by the verifier from revealed private keys} \item[$\overline{T_p^{(i)}}$]{Public transfer keys derived by the verifier from revealed private keys}
\item[$\overline{c_s^{(i)}}$]{Private keys obtained from decryption by the verifier} \item[$\overline{c_s^{(i)}}$]{Private keys obtained from decryption by the verifier}