Notational cleanups
This commit is contained in:
parent
eb28eaf320
commit
0155774136
@ -640,7 +640,7 @@ Now the customer carries out the following interaction with the exchange:
|
|||||||
to request withdrawal of $C$; here, $B_b$ denotes Chaum-style blinding with
|
to request withdrawal of $C$; here, $B_b$ denotes Chaum-style blinding with
|
||||||
blinding factor $b$.
|
blinding factor $b$.
|
||||||
\item The exchange checks if the same withdrawal request was issued before;
|
\item The exchange checks if the same withdrawal request was issued before;
|
||||||
in this case, it sends $S_{K}(B)$ to the customer.%
|
in this case, it sends $S_K(B)$ to the customer.%
|
||||||
\footnote{$S_K$ denotes a Chaum-style blind signature with private key $K_s$.}
|
\footnote{$S_K$ denotes a Chaum-style blind signature with private key $K_s$.}
|
||||||
If this is a fresh withdrawal request, the exchange performs the following transaction:
|
If this is a fresh withdrawal request, the exchange performs the following transaction:
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
@ -783,7 +783,7 @@ generator of the elliptic curve.
|
|||||||
the transfer key pair $T^{(i)} := \left(t^{(i)}_s,T^{(i)}_p\right)$
|
the transfer key pair $T^{(i)} := \left(t^{(i)}_s,T^{(i)}_p\right)$
|
||||||
and old coin key pair $C' := \left(c_s', C_p'\right)$,
|
and old coin key pair $C' := \left(c_s', C_p'\right)$,
|
||||||
so that $K_i = H(t^{(i)}_s C'_p)$ too.
|
so that $K_i = H(t^{(i)}_s C'_p)$ too.
|
||||||
Now the customer applies key derivtion functions to $K_i$ to generate
|
Now the customer applies key derivtion functions $\KDF_?$ to $K_i$ to generate
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item a blinding factor $b^{(i)} = \FDH_K(\KDF_{\textrm{blinding}}(K_i))$.
|
\item a blinding factor $b^{(i)} = \FDH_K(\KDF_{\textrm{blinding}}(K_i))$.
|
||||||
\item $c_s^{(i)} = \KDF_{\textrm{Ed25519}}(K_i)$
|
\item $c_s^{(i)} = \KDF_{\textrm{Ed25519}}(K_i)$
|
||||||
@ -1243,22 +1243,22 @@ data being committed to disk are represented in between $\langle\rangle$.
|
|||||||
\item[$t^{(i)}_s$]{private transfer key, a scalar}
|
\item[$t^{(i)}_s$]{private transfer key, a scalar}
|
||||||
\item[$T^{(i)}_p$]{public transfer key, point on a curve (same curve must be used for $C_p$)}
|
\item[$T^{(i)}_p$]{public transfer key, point on a curve (same curve must be used for $C_p$)}
|
||||||
\item[$T^{(i)}$]{public-private transfer key pair $T^{(i)} := (t^{(i)}_s,T^{(i)}_s)$}
|
\item[$T^{(i)}$]{public-private transfer key pair $T^{(i)} := (t^{(i)}_s,T^{(i)}_s)$}
|
||||||
\item[$\vec{T}$]{Vector of $T^{(i)}$}
|
\item[$\vec{t}$]{Vector of $t^{(i)}_s$}
|
||||||
\item[$c_s^{(i)}$]{Secret key corresponding to a fresh coin, scalar on a curve}
|
\item[$c_s^{(i)}$]{Secret key corresponding to a fresh coin, scalar on a curve}
|
||||||
\item[$C_p^{(i)}$]{Public key corresponding to $c_s^{(i)}$, point on a curve}
|
\item[$C_p^{(i)}$]{Public key corresponding to $c_s^{(i)}$, point on a curve}
|
||||||
\item[$C^{(i)}$]{Public-private coin key pair $C^{(i)} := (c_s^{(i)}, C_p^{(i)})$}
|
\item[$C^{(i)}$]{Public-private coin key pair $C^{(i)} := (c_s^{(i)}, C_p^{(i)})$}
|
||||||
\item[$\vec{C}$]{Vector of $C^{(i)}$ (public and private keys)}
|
% \item[$\vec{C}$]{Vector of $C^{(i)}$ (public and private keys)}
|
||||||
\item[$b^{(i)}$]{Blinding factor for RSA-style blind signatures}
|
\item[$b^{(i)}$]{Blinding factor for RSA-style blind signatures}
|
||||||
\item[$\vec{b}$]{Vector of $b^{(i)}$}
|
\item[$\vec{b}$]{Vector of $b^{(i)}$}
|
||||||
\item[$B^{(i)}$]{Blinding of $C_p^{(i)}$}
|
\item[$B^{(i)}$]{Blinding of $C_p^{(i)}$}
|
||||||
\item[$\vec{B}$]{Vector of $B^{(i)}$}
|
\item[$\vec{B}$]{Vector of $B^{(i)}$}
|
||||||
\item[$K_i$]{Symmetric encryption key derived from ECDH operation via hashing}
|
\item[$K_i$]{Symmetric encryption key derived from ECDH operation via hashing}
|
||||||
\item[$E_{K_i}()$]{Symmetric encryption using key $K_i$}
|
% \item[$E_{K_i}()$]{Symmetric encryption using key $K_i$}
|
||||||
\item[$E^{(i)}$]{$i$-th encryption of the private information $(c_s^{(i)}, b_i)$}
|
% \item[$E^{(i)}$]{$i$-th encryption of the private information $(c_s^{(i)}, b_i)$}
|
||||||
\item[$\vec{E}$]{Vector of $E^{(i)}$}
|
% \item[$\vec{E}$]{Vector of $E^{(i)}$}
|
||||||
\item[$\cal{R}$]{Tuple of revealed vectors in cut-and-choose protocol,
|
\item[$\cal{R}$]{Tuple of revealed vectors in cut-and-choose protocol,
|
||||||
where the vectors exclude the selected index $\gamma$}
|
where the vectors exclude the selected index $\gamma$}
|
||||||
\item[$\overline{K_i}$]{Encryption keys derived by the verifier from DH}
|
\item[$\overline{K_i}$]{Link secrets derived by the verifier from DH}
|
||||||
\item[$\overline{B^{(i)}}$]{Blinded values derived by the verifier}
|
\item[$\overline{B^{(i)}}$]{Blinded values derived by the verifier}
|
||||||
\item[$\overline{T_p^{(i)}}$]{Public transfer keys derived by the verifier from revealed private keys}
|
\item[$\overline{T_p^{(i)}}$]{Public transfer keys derived by the verifier from revealed private keys}
|
||||||
\item[$\overline{c_s^{(i)}}$]{Private keys obtained from decryption by the verifier}
|
\item[$\overline{c_s^{(i)}}$]{Private keys obtained from decryption by the verifier}
|
||||||
|
Loading…
Reference in New Issue
Block a user