Add line on RSA-FDH to Taler paper.

I could obviously say more, and I really should clean up the text
around it, but not now.
This commit is contained in:
Jeff Burdges 2016-04-29 04:19:52 +02:00
parent e7e14f3009
commit e7d4ccec98
2 changed files with 8 additions and 9 deletions

View File

@ -206,16 +206,8 @@
url="https://eprint.iacr.org/2001/002" url="https://eprint.iacr.org/2001/002"
} }
@misc{cryptoeprint:2001:002,
author = {M. Bellare and C. Namprempre and D. Pointcheval and M. Semanko},
title = {The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme},
howpublished = {Cryptology ePrint Archive, Report 2001/002},
year = {2001},
note = {\url{http://eprint.iacr.org/}},
}
@inbook{RSA-HDF-KTIvCTI,
@inbook{RSA-KTIvCTI,
author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and Semanko, Michael", author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and Semanko, Michael",
editor="Syverson, Paul", editor="Syverson, Paul",
chapter="The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme", chapter="The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme",

View File

@ -418,11 +418,18 @@ and that he paid his obligations.
Neither the merchant nor the customer may have any ability to {\em Neither the merchant nor the customer may have any ability to {\em
effectively} defraud the exchange or the state collecting taxes. Here, effectively} defraud the exchange or the state collecting taxes. Here,
``effectively'' means that the expected return for fraud is negative. ``effectively'' means that the expected return for fraud is negative.
In particular, Taler employs a full domain hash (FDH) with RSA signatures
so that ``one-more forgery'' is hard assuming the RSA known-target
inversion problem is hard.\cite[Theorem12]{RSA-HDF-KTIvCTI}
% \cite[Theorem 6.2]{OneMoreInversion}
Note that customers do not need to be trusted in any way, and that in Note that customers do not need to be trusted in any way, and that in
particular it is never necessary for anyone to try to recover funds particular it is never necessary for anyone to try to recover funds
from customers using legal means. from customers using legal means.
\subsection{Taxability and Entities} \subsection{Taxability and Entities}
As electronic coins are trivially copied between machines, we should As electronic coins are trivially copied between machines, we should