be precise about domain of generated values
This commit is contained in:
parent
028fd5bedf
commit
3fbf12b6f7
@ -70,6 +70,9 @@
|
|||||||
%\setcopyright{cagovmixed}
|
%\setcopyright{cagovmixed}
|
||||||
|
|
||||||
|
|
||||||
|
\newcommand\inecc{\in \mathbb{Z}_{|\mathbb{E}|}}
|
||||||
|
\newcommand\inept{\in {\mathbb{E}}}
|
||||||
|
\newcommand\inrsa{\in \mathbb{Z}_{|\mathrm{dom}(\FDH_K)|}}
|
||||||
% DOI
|
% DOI
|
||||||
\acmDOI{10.475/123_4}
|
\acmDOI{10.475/123_4}
|
||||||
|
|
||||||
@ -813,8 +816,8 @@ exchange and one of its public denomination public keys $K_p$ whose
|
|||||||
value $K_v$ corresponds to an amount the customer wishes to withdraw.
|
value $K_v$ corresponds to an amount the customer wishes to withdraw.
|
||||||
We let $K_s$ denote the exchange's private key corresponding to $K_p$.
|
We let $K_s$ denote the exchange's private key corresponding to $K_p$.
|
||||||
We use $\FDH_K$ to denote a full-domain hash where the domain is the
|
We use $\FDH_K$ to denote a full-domain hash where the domain is the
|
||||||
public key $K_p$. Now the customer carries out the following
|
modulos of the public key $K_p$. Now the customer carries out the
|
||||||
interaction with the exchange:
|
following interaction with the exchange:
|
||||||
|
|
||||||
% FIXME: These steps occur at very different points in time, so probably
|
% FIXME: These steps occur at very different points in time, so probably
|
||||||
% they should be restructured into more of a protocol description.
|
% they should be restructured into more of a protocol description.
|
||||||
@ -824,9 +827,9 @@ interaction with the exchange:
|
|||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
\item The customer randomly generates:
|
\item The customer randomly generates:
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item reserve key $W := (w_s,W_p)$ with private key $w_s$ and public key $W_p := w_sG$,
|
\item reserve key $W := (w_s,W_p)$ with private key $w_s \inecc$ and public key $W_p := w_sG \inept$,
|
||||||
\item coin key $C := (c_s,C_p)$ with private key $c_s$ and public key $C_p := c_s G$,
|
\item coin key $C := (c_s,C_p)$ with private key $c_s$ and public key $C_p := c_s G \inept$,
|
||||||
\item blinding factor $b$
|
\item RSA blinding factor $b \inrsa$.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
The customer first persists\footnote{When we say ``persist'', we mean that the value
|
The customer first persists\footnote{When we say ``persist'', we mean that the value
|
||||||
is stored in such a way that it can be recovered after a system crash, and
|
is stored in such a way that it can be recovered after a system crash, and
|
||||||
@ -1005,9 +1008,9 @@ than the comparable use of zk-SNARKs in ZeroCash~\cite{zerocash}.
|
|||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
\item %[POST {\tt /refresh/melt}]
|
\item %[POST {\tt /refresh/melt}]
|
||||||
For each $i = 1,\ldots,\kappa$, the customer randomly generates
|
For each $i = 1,\ldots,\kappa$, the customer randomly generates
|
||||||
a transfer private key $t^{(i)}_s$ and computes
|
a transfer private key $t^{(i)}_s \inecc$ and computes
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
\item the transfer public key $T^{(i)}_p := t^{(i)}_s G$ and
|
\item the transfer public key $T^{(i)}_p := t^{(i)}_s G \inept$ and
|
||||||
\item the new coin secret seed $L^{(i)} := H(c'_s T_p^{(i)})$.
|
\item the new coin secret seed $L^{(i)} := H(c'_s T_p^{(i)})$.
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
We have computed $L^{(i)}$ as a Diffie-Hellman shared secret between
|
We have computed $L^{(i)}$ as a Diffie-Hellman shared secret between
|
||||||
|
Loading…
Reference in New Issue
Block a user