From b55a19087512af000ee1b5cc00d71536df2ce197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Sat, 31 Dec 2022 15:13:27 +0100 Subject: [PATCH] final touches --- hip2022/hip2022.tex | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/hip2022/hip2022.tex b/hip2022/hip2022.tex index a79a76c..119e065 100644 --- a/hip2022/hip2022.tex +++ b/hip2022/hip2022.tex @@ -439,7 +439,7 @@ Searching for functions \uncover<2->{with the following signatures} \item generates $(\commitment_1,\dots,\commitment_\kappa)$ and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\ by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$ - \item calculates $h_0:=H\left(H(\commitment_1, \beta_1)||\dots||H(\commitment_\kappa, \beta_\kappa)\right)$ + \item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ \item sends $\commitment_0$ and $h_0$ to $\Exchange$ \end{enumerate} \item[$\Exchange$:] @@ -453,7 +453,7 @@ Searching for functions \uncover<2->{with the following signatures} \item[$\Exchange$:] \begin{enumerate} \item[6.] compares $h_0$ and - $H\left(H(\commitment_1, \beta_1)||...||h_\gamma||...||H(\commitment_\kappa, \beta_\kappa)\right)$ + $H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ \item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$. \end{enumerate} \end{itemize} @@ -710,7 +710,7 @@ Searching for functions \uncover<2->{with the following signatures} \begin{description} \item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\ Sign a message with ECDSA using private key - $p_\blue{\minage}$. The signature $\sigma$ is the + $p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the attestation. \end{description} @@ -720,11 +720,11 @@ Searching for functions \uncover<2->{with the following signatures} Merchant gets \begin{itemize} \item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $ - \item Signature $\sigma$ + \item Signature $\sigma_\blue{\minage}$ \end{itemize} \begin{description} - \item<4->[To \blue{Verify} a minimum age (group) $\minage$:]~\\ - Verify the ECDSA-Signature $\sigma$ with public key $q_\minage$. + \item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\ + Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$. \end{description} } \vfill @@ -785,15 +785,15 @@ Searching for functions \uncover<2->{with the following signatures} \begin{minipage}{\textwidth} \tiny \begin{description} - \item[Game $\Game{FA}(\lambda)$: Forging an attest]~\\ - 1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega(\lambda) $\\ + \item[Game $\Game{FA}$: Forging an attest]~\\ + 1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega $\\ 2. $(\commitment, \pruf) \leftarrow \Commit(\age, \omega) $\\ 3. $(\minage, \attest) \leftarrow \Adv(\age, \commitment, \pruf)$\\ 4. Return 0 if $\minage \leq \age$\\ 5. Return $\Verify(\minage,\commitment,\attest)$\\ \vfill \item[Requirement:]~\\ - $\Forall_{\Adv}: \Probability\Big[\Game{FA}(\lambda) = 1\Big] \le \negl(\lambda)$ + $\Forall_{\Adv}: \Probability\Big[\Game{FA} = 1\Big] \le \negl$ \end{description} \end{minipage} \column{0.7\textwidth} @@ -905,17 +905,16 @@ Searching for functions \uncover<2->{with the following signatures} \label{fr:bindingToCoins} To bind an age commitment $\commitment$ to a coin $C_p$, instead of - signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs} - \begin{center} - $H(C_p, \orange{H(\commitment)})$ - \end{center} + blindly signing \[ H(C_p), \] + $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs} + \[ H\left(C_p\parallel\orange{H(\commitment)}\right) \] \vfill - Verfication of a coin now requires $H(\commitment)$, too: - \begin{center} - $1 \stackrel{?}{=} - \mathsf{SigCheck}\big(H(C_p, \orange{H(\commitment)}), D_p, \sigma_p\big)$ - \end{center} + Therefore, verfication of a coin now requires $H(\commitment)$, too: + \[ + 1 \stackrel{?}{=} + \mathsf{SigCheck}\big(H\left(C_p\parallel\orange{H(\commitment)}\right), D_p, \sigma_p\big) + \] \vfill \end{frame} @@ -929,7 +928,7 @@ Searching for functions \uncover<2->{with the following signatures} \node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$}; \draw[<->] (Guardian) to node[sloped,above,align=center] - {{\sf withdraw}\orange{, using}\\ $H(C_p\orange{, H(\commitment)})$} (Exchange); + {{\sf withdraw}\orange{, using}\\ $H(C_p\orange{\parallel H(\commitment)})$} (Exchange); \draw[<->] (Client) to node[sloped,below,align=center] {{\sf refresh} \orange{ + }\\ \orange{$\DeriveCompare$}} (Exchange); \draw[<->] (Client) to node[sloped, below] @@ -1108,14 +1107,15 @@ Searching for functions \uncover<2->{with the following signatures} \end{itemize} \item[B:] \begin{itemize} - \item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}} + \item signs $m'$, by calculating + $\sigma' := (m')^d \mod N$ {\hfill \scriptsize \textit{(B doesn't learn $m$)}} \item sends $\sigma'$ to A. - \item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$ + \item[] \scriptsize Note: $(m')^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$ \end{itemize} \item[A:]\begin{itemize} \item unblinds $\sigma'$ by calculating \[ \sigma := \sigma'*b^{-1} (= m^d) \] - \item[]$\sigma$ is a valid RSA signature to message $m$. + \item[$\implies$]$\sigma$ is a valid RSA signature to message $m$. \end{itemize} \end{itemize} \hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}}