taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

improve documentation on which invariants are checked by which auditor helper

Browse Source
This commit is contained in:
Christian Grothoff 2020-07-14 21:10:55 +02:00
parent 62d5aae119
commit ef0eb9e5bf
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/system/taler/design.tex
View File

@ -555,7 +555,7 @@ security of an exchange as part of the certification process.
\subsubsection{Compromise of Signing Keys}
\subsubsection{Compromise of Signing Keys} \label{sec:signkey:compromise}
When a signing key is compromised, the attacker can pretend to be a
merchant and forge deposit confirmations. To forge a deposit

26
doc/system/taler/implementation.tex
View File

@ -1056,23 +1056,29 @@ auditor.
The list of invariants checked by this tool thus includes:
\begin{itemize}
\item emergency on denominations because the value or number
\item Testing for an
emergency on denominations because the value or number
of coins deposited exceeds the value or number of coins
issued; if this happens, the exchange should revoke the
respective denomination.
\item various arithmetic inconsistencies from exchanges
\item Checking for arithmetic inconsistencies from exchanges
not properly calculating balances or fees during the
various coin operations (withdraw, deposit, melt, refund);
\item signatures being wrong for denomination key revocation,
coin denomination signature,
or coin operations (deposit, melt, refund, recoup)
\item denomination keys not being known to the auditor
\item denomination keys being actually revoked if a recoup
is granted
\item coins being melted but not (yet) recouped
\item That signatures are correct for denomination key revocation,
coin denominations,
and coin operations (deposit, melt, refund, recoup)
\item That denomination keys are known to the auditor.
\item That denomination keys were actually revoked if a recoup
is granted.
\item Whether there exists refresh sessions from coins that
have been melted but not (yet) revealed
(this can be harmless and no fault of the exchange, but
could also be indicative of an exchange failing to process
certain requests in a timely fashion)
certain requests in a timely fashion).
\item That the refund deadline is not after
the wire deadline (while harmless, such a deposit
makes inconsistent requirements and should have been
rejected by the exchange).
\end{itemize}