taler/talks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

final touches

Browse Source
This commit is contained in:
Özgür Kesim 2022-12-31 15:13:27 +01:00
parent 95907445c0
commit b55a190875
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
hip2022/hip2022.tex
View File

@ -439,7 +439,7 @@ Searching for functions \uncover<2->{with the following signatures}
\item generates $(\commitment_1,\dots,\commitment_\kappa)$
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)||\dots||H(\commitment_\kappa, \beta_\kappa)\right)$
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item sends $\commitment_0$ and $h_0$ to $\Exchange$
\end{enumerate}
\item[$\Exchange$:]
@ -453,7 +453,7 @@ Searching for functions \uncover<2->{with the following signatures}
\item[$\Exchange$:]
\begin{enumerate}
\item[6.] compares $h_0$ and
$H\left(H(\commitment_1, \beta_1)||...||h_\gamma||...||H(\commitment_\kappa, \beta_\kappa)\right)$
$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
\end{enumerate}
\end{itemize}
@ -710,7 +710,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{description}
\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
Sign a message with ECDSA using private key
$p_\blue{\minage}$. The signature $\sigma$ is the
$p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the
attestation.
\end{description}
@ -720,11 +720,11 @@ Searching for functions \uncover<2->{with the following signatures}
Merchant gets
\begin{itemize}
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
\item Signature $\sigma$
\item Signature $\sigma_\blue{\minage}$
\end{itemize}
\begin{description}
\item<4->[To \blue{Verify} a minimum age (group) $\minage$:]~\\
Verify the ECDSA-Signature $\sigma$ with public key $q_\minage$.
\item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
\end{description}
}
\vfill
@ -785,15 +785,15 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{minipage}{\textwidth}
\tiny
\begin{description}
\item[Game $\Game{FA}(\lambda)$: Forging an attest]~\\
1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega(\lambda) $\\
\item[Game $\Game{FA}$: Forging an attest]~\\
1. $(\age, \omega) \drawfrom \N_{\Age-1}\times\Omega $\\
2. $(\commitment, \pruf) \leftarrow \Commit(\age, \omega) $\\
3. $(\minage, \attest) \leftarrow \Adv(\age, \commitment, \pruf)$\\
4. Return 0 if $\minage \leq \age$\\
5. Return $\Verify(\minage,\commitment,\attest)$\\
\vfill
\item[Requirement:]~\\
$\Forall_{\Adv}: \Probability\Big[\Game{FA}(\lambda) = 1\Big] \le \negl(\lambda)$
$\Forall_{\Adv}: \Probability\Big[\Game{FA} = 1\Big] \le \negl$
\end{description}
\end{minipage}
\column{0.7\textwidth}
@ -905,17 +905,16 @@ Searching for functions \uncover<2->{with the following signatures}
\label{fr:bindingToCoins}
To bind an age commitment $\commitment$ to a coin $C_p$, instead of
signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs}
\begin{center}
$H(C_p, \orange{H(\commitment)})$
\end{center}
blindly signing \[ H(C_p), \]
$\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs}
\[ H\left(C_p\parallel\orange{H(\commitment)}\right) \]
\vfill
Verfication of a coin now requires $H(\commitment)$, too:
\begin{center}
$1 \stackrel{?}{=}
\mathsf{SigCheck}\big(H(C_p, \orange{H(\commitment)}), D_p, \sigma_p\big)$
\end{center}
Therefore, verfication of a coin now requires $H(\commitment)$, too:
\[
1 \stackrel{?}{=}
\mathsf{SigCheck}\big(H\left(C_p\parallel\orange{H(\commitment)}\right), D_p, \sigma_p\big)
\]
\vfill
\end{frame}
@ -929,7 +928,7 @@ Searching for functions \uncover<2->{with the following signatures}
\node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$};
\draw[<->] (Guardian) to node[sloped,above,align=center]
{{\sf withdraw}\orange{, using}\\ $H(C_p\orange{, H(\commitment)})$} (Exchange);
{{\sf withdraw}\orange{, using}\\ $H(C_p\orange{\parallel H(\commitment)})$} (Exchange);
\draw[<->] (Client) to node[sloped,below,align=center]
{{\sf refresh} \orange{ + }\\ \orange{$\DeriveCompare$}} (Exchange);
\draw[<->] (Client) to node[sloped, below]
@ -1108,14 +1107,15 @@ Searching for functions \uncover<2->{with the following signatures}
\end{itemize}
\item[B:]
\begin{itemize}
\item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}}
\item signs $m'$, by calculating
$\sigma' := (m')^d \mod N$ {\hfill \scriptsize \textit{(B doesn't learn $m$)}}
\item sends $\sigma'$ to A.
\item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
\item[] \scriptsize Note: $(m')^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
\end{itemize}
\item[A:]\begin{itemize}
\item unblinds $\sigma'$ by calculating
\[ \sigma := \sigma'*b^{-1} (= m^d) \]
\item[]$\sigma$ is a valid RSA signature to message $m$.
\item[$\implies$]$\sigma$ is a valid RSA signature to message $m$.
\end{itemize}
\end{itemize}
\hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}}