taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Try to make this justification stronger and more precise

Browse Source
This commit is contained in:
Jeffrey Burdges 2017-05-16 16:42:11 +02:00
parent 9b1cd4b3fd
commit 3efde62c44
No known key found for this signature in database
GPG Key ID: ABAC7FD1CC100A74
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/paper/rom.bib
View File

@ -72,3 +72,21 @@
} }
@Inbook{Abdalla2000,
author="Abdalla, Michel and Bellare, Mihir",
editor="Okamoto, Tatsuaki",
title="Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques",
bookTitle="Advances in Cryptology --- ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security Kyoto, Japan, December 3--7, 2000 Proceedings",
year="2000",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="546--559",
isbn="978-3-540-44448-0",
doi="10.1007/3-540-44448-3_42",
doi_url="http://dx.doi.org/10.1007/3-540-44448-3_42",
url="https://link.springer.com/chapter/10.1007/3-540-44448-3_42"
}

11
doc/paper/taler.tex
View File

@ -1335,7 +1335,7 @@ exchange can even invent coins whole cloth.
We may now remove the encrpytion by appealing to the random oracle We may now remove the encrpytion by appealing to the random oracle
model~\cite{BR-RandomOracles}. model~\cite{BR-RandomOracles}.
\begin{lemma}[\cite{??}] \begin{lemma}%[\cite{??}]
Consider a protocol that commits to random data by encrypting it Consider a protocol that commits to random data by encrypting it
using a secret derived from a Diffe-Hellman key exchange. using a secret derived from a Diffe-Hellman key exchange.
In the random oracle model, we may replace this encryption with In the random oracle model, we may replace this encryption with
@ -1345,6 +1345,11 @@ functions to the same secret.
% TODO: Too general probably? % TODO: Too general probably?
% TODO: IND-CPA again? % TODO: IND-CPA again?
Indeed, we expect doing so to increase practical security as in
\cite{Abdalla2000}, and adding the random oracle assumption need not
reduce security if it focuses more attention on the usage of hash
functions throughout the protocol.
\begin{proof} \begin{proof}
We work with the usual instantiation of the random oracle model as We work with the usual instantiation of the random oracle model as
returning a random string and placing it into a database for future returning a random string and placing it into a database for future
@ -1356,6 +1361,10 @@ that we encrypt in the old encryption based version of Taler.
Now our random oracle scheme with $R$ gives the same result as our Now our random oracle scheme with $R$ gives the same result as our
scheme that encrypts random data, so the encryption becomes scheme that encrypts random data, so the encryption becomes
superfluous and may be omitted. superfluous and may be omitted.
We require the security of the original encryption operation reduced
to the security of the Diffe-Hellman key exchange, which remains a
requirement of the derived protocol.
\end{proof} \end{proof}
We may now conclude that Taler remains unlinkable even with the refresh protocol. We may now conclude that Taler remains unlinkable even with the refresh protocol.