Add line on RSA-FDH to Taler paper.

I could obviously say more, and I really should clean up the text around it, but not now.
2016-04-29 04:19:52 +02:00 · 2016-04-29 04:19:52 +02:00 · e7d4ccec98
commit e7d4ccec98
parent e7e14f3009
2 changed files with 8 additions and 9 deletions
--- a/doc/paper/taler.bib
+++ b/doc/paper/taler.bib
@ -206,16 +206,8 @@
  url="https://eprint.iacr.org/2001/002"
 }

-@misc{cryptoeprint:2001:002,
-    author = {M. Bellare and C. Namprempre and D. Pointcheval and M. Semanko},
-    title = {The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme},
-    howpublished = {Cryptology ePrint Archive, Report 2001/002},
-    year = {2001},
-    note = {\url{http://eprint.iacr.org/}},
-}

-
-@inbook{RSA-KTIvCTI,
+@inbook{RSA-HDF-KTIvCTI,
  author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and Semanko, Michael",
  editor="Syverson, Paul",
  chapter="The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme",
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@ -418,11 +418,18 @@ and that he paid his obligations.
 Neither the merchant nor the customer may have any ability to {\em
  effectively} defraud the exchange or the state collecting taxes.  Here,
 ``effectively'' means that the expected return for fraud is negative.
+In particular, Taler employs a full domain hash (FDH) with RSA signatures
+so that ``one-more forgery'' is hard assuming the RSA known-target
+inversion problem is hard.\cite[Theorem12]{RSA-HDF-KTIvCTI}
+% \cite[Theorem 6.2]{OneMoreInversion}
 Note that customers do not need to be trusted in any way, and that in
 particular it is never necessary for anyone to try to recover funds
 from customers using legal means.


+
+
+
 \subsection{Taxability and Entities}

 As electronic coins are trivially copied between machines, we should