taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

typos

Browse Source
This commit is contained in:
Christian Grothoff 2017-05-16 11:26:22 +02:00
parent 5ea3021e82
commit 917a2dee0f
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/paper/taler.tex
View File

@ -1455,7 +1455,7 @@ if given coin creation transcripts and possibly fewer
coin deposit transcripts for coins from the creation transcripts, coin deposit transcripts for coins from the creation transcripts,
then produce a corresponding creation and deposit transcript. then produce a corresponding creation and deposit transcript.
We say a probabilistic polynomial time (PPT) adversary $A$ We say a probabilistic polynomial time (PPT) adversary
{\em links} coins if it has a non-negligible advantage in {\em links} coins if it has a non-negligible advantage in
solving the linking problem, when given the private keys solving the linking problem, when given the private keys
of the exchange. of the exchange.
@ -1483,7 +1483,7 @@ adversary can recognize blinding factors then they link coins after
first computing $b_{i,j} = b_i m_i^d / m_j^d \mod n$ for all $i,j$. first computing $b_{i,j} = b_i m_i^d / m_j^d \mod n$ for all $i,j$.
\end{proof} \end{proof}
We now know the following because Taler used SHA512 adopted to be We now know the following because Taler uses SHA512 adopted to be
a FDH to be the blinding factor. a FDH to be the blinding factor.
\begin{corollary} \begin{corollary}
@ -1535,7 +1535,7 @@ We may now conclude that Taler remains unlinkable even with the refresh protocol
\begin{theorem} \begin{theorem}
In the random oracle model, any PPT adversary with an advantage In the random oracle model, any PPT adversary with an advantage
in linking Taler coins has an advantage in breaking elliptic curve in linking Taler coins has an advantage in breaking elliptic curve
Diffie-Hellman key exchange on curve25519. Diffie-Hellman key exchange on Curve25519.
\end{theorem} \end{theorem}
We do not distinguish between information known by the exchange and We do not distinguish between information known by the exchange and