From 917a2dee0f4af66722f2a83d20e016b26af972bd Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 16 May 2017 11:26:22 +0200 Subject: [PATCH] typos --- doc/paper/taler.tex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 9d787bede..c32adc1b9 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -1455,7 +1455,7 @@ if given coin creation transcripts and possibly fewer coin deposit transcripts for coins from the creation transcripts, then produce a corresponding creation and deposit transcript. -We say a probabilistic polynomial time (PPT) adversary $A$ +We say a probabilistic polynomial time (PPT) adversary {\em links} coins if it has a non-negligible advantage in solving the linking problem, when given the private keys of the exchange. @@ -1483,7 +1483,7 @@ adversary can recognize blinding factors then they link coins after first computing $b_{i,j} = b_i m_i^d / m_j^d \mod n$ for all $i,j$. \end{proof} -We now know the following because Taler used SHA512 adopted to be +We now know the following because Taler uses SHA512 adopted to be a FDH to be the blinding factor. \begin{corollary} @@ -1535,7 +1535,7 @@ We may now conclude that Taler remains unlinkable even with the refresh protocol \begin{theorem} In the random oracle model, any PPT adversary with an advantage in linking Taler coins has an advantage in breaking elliptic curve -Diffie-Hellman key exchange on curve25519. +Diffie-Hellman key exchange on Curve25519. \end{theorem} We do not distinguish between information known by the exchange and