final touches

This commit is contained in:
Özgür Kesim 2022-12-31 15:13:27 +01:00
parent 95907445c0
commit b55a190875

View File

@ -439,7 +439,7 @@ Searching for functions \uncover<2->{with the following signatures}
\item generates $(\commitment_1,\dots,\commitment_\kappa)$ \item generates $(\commitment_1,\dots,\commitment_\kappa)$
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\ and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$ by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)||\dots||H(\commitment_\kappa, \beta_\kappa)\right)$ \item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item sends $\commitment_0$ and $h_0$ to $\Exchange$ \item sends $\commitment_0$ and $h_0$ to $\Exchange$
\end{enumerate} \end{enumerate}
\item[$\Exchange$:] \item[$\Exchange$:]
@ -453,7 +453,7 @@ Searching for functions \uncover<2->{with the following signatures}
\item[$\Exchange$:] \item[$\Exchange$:]
\begin{enumerate} \begin{enumerate}
\item[6.] compares $h_0$ and \item[6.] compares $h_0$ and
$H\left(H(\commitment_1, \beta_1)||...||h_\gamma||...||H(\commitment_\kappa, \beta_\kappa)\right)$ $H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$. \item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
\end{enumerate} \end{enumerate}
\end{itemize} \end{itemize}
@ -710,7 +710,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{description} \begin{description}
\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\ \item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
Sign a message with ECDSA using private key Sign a message with ECDSA using private key
$p_\blue{\minage}$. The signature $\sigma$ is the $p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the
attestation. attestation.
\end{description} \end{description}
@ -720,11 +720,11 @@ Searching for functions \uncover<2->{with the following signatures}
Merchant gets Merchant gets
\begin{itemize} \begin{itemize}
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $ \item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
\item Signature $\sigma$ \item Signature $\sigma_\blue{\minage}$
\end{itemize} \end{itemize}
\begin{description} \begin{description}
\item<4->[To \blue{Verify} a minimum age (group) $\minage$:]~\\ \item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
Verify the ECDSA-Signature $\sigma$ with public key $q_\minage$. Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
\end{description} \end{description}
} }
\vfill \vfill
@ -785,15 +785,15 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{minipage}{\textwidth} \begin{minipage}{\textwidth}
\tiny \tiny
\begin{description} \begin{description}
\item[Game $\Game{FA}(\lambda)$: Forging an attest]~\\ \item[Game $\Game{FA}$: Forging an attest]~\\
1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega(\lambda) $\\ 1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega $\\
2. $(\commitment, \pruf) \leftarrow \Commit(\age, \omega) $\\ 2. $(\commitment, \pruf) \leftarrow \Commit(\age, \omega) $\\
3. $(\minage, \attest) \leftarrow \Adv(\age, \commitment, \pruf)$\\ 3. $(\minage, \attest) \leftarrow \Adv(\age, \commitment, \pruf)$\\
4. Return 0 if $\minage \leq \age$\\ 4. Return 0 if $\minage \leq \age$\\
5. Return $\Verify(\minage,\commitment,\attest)$\\ 5. Return $\Verify(\minage,\commitment,\attest)$\\
\vfill \vfill
\item[Requirement:]~\\ \item[Requirement:]~\\
$\Forall_{\Adv}: \Probability\Big[\Game{FA}(\lambda) = 1\Big] \le \negl(\lambda)$ $\Forall_{\Adv}: \Probability\Big[\Game{FA} = 1\Big] \le \negl$
\end{description} \end{description}
\end{minipage} \end{minipage}
\column{0.7\textwidth} \column{0.7\textwidth}
@ -905,17 +905,16 @@ Searching for functions \uncover<2->{with the following signatures}
\label{fr:bindingToCoins} \label{fr:bindingToCoins}
To bind an age commitment $\commitment$ to a coin $C_p$, instead of To bind an age commitment $\commitment$ to a coin $C_p$, instead of
signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs} blindly signing \[ H(C_p), \]
\begin{center} $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs}
$H(C_p, \orange{H(\commitment)})$ \[ H\left(C_p\parallel\orange{H(\commitment)}\right) \]
\end{center}
\vfill \vfill
Verfication of a coin now requires $H(\commitment)$, too: Therefore, verfication of a coin now requires $H(\commitment)$, too:
\begin{center} \[
$1 \stackrel{?}{=} 1 \stackrel{?}{=}
\mathsf{SigCheck}\big(H(C_p, \orange{H(\commitment)}), D_p, \sigma_p\big)$ \mathsf{SigCheck}\big(H\left(C_p\parallel\orange{H(\commitment)}\right), D_p, \sigma_p\big)
\end{center} \]
\vfill \vfill
\end{frame} \end{frame}
@ -929,7 +928,7 @@ Searching for functions \uncover<2->{with the following signatures}
\node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$}; \node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$};
\draw[<->] (Guardian) to node[sloped,above,align=center] \draw[<->] (Guardian) to node[sloped,above,align=center]
{{\sf withdraw}\orange{, using}\\ $H(C_p\orange{, H(\commitment)})$} (Exchange); {{\sf withdraw}\orange{, using}\\ $H(C_p\orange{\parallel H(\commitment)})$} (Exchange);
\draw[<->] (Client) to node[sloped,below,align=center] \draw[<->] (Client) to node[sloped,below,align=center]
{{\sf refresh} \orange{ + }\\ \orange{$\DeriveCompare$}} (Exchange); {{\sf refresh} \orange{ + }\\ \orange{$\DeriveCompare$}} (Exchange);
\draw[<->] (Client) to node[sloped, below] \draw[<->] (Client) to node[sloped, below]
@ -1108,14 +1107,15 @@ Searching for functions \uncover<2->{with the following signatures}
\end{itemize} \end{itemize}
\item[B:] \item[B:]
\begin{itemize} \begin{itemize}
\item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}} \item signs $m'$, by calculating
$\sigma' := (m')^d \mod N$ {\hfill \scriptsize \textit{(B doesn't learn $m$)}}
\item sends $\sigma'$ to A. \item sends $\sigma'$ to A.
\item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$ \item[] \scriptsize Note: $(m')^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
\end{itemize} \end{itemize}
\item[A:]\begin{itemize} \item[A:]\begin{itemize}
\item unblinds $\sigma'$ by calculating \item unblinds $\sigma'$ by calculating
\[ \sigma := \sigma'*b^{-1} (= m^d) \] \[ \sigma := \sigma'*b^{-1} (= m^d) \]
\item[]$\sigma$ is a valid RSA signature to message $m$. \item[$\implies$]$\sigma$ is a valid RSA signature to message $m$.
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}} \hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}}