[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-donau] branch master updated: [doc] some corrections
|
From: |
gnunet |
|
Subject: |
[taler-donau] branch master updated: [doc] some corrections |
|
Date: |
Tue, 03 Oct 2023 14:04:03 +0200 |
This is an automated email from the git hooks/post-receive script.
lukas-matyja pushed a commit to branch master
in repository donau.
The following commit(s) were added to refs/heads/master by this push:
new a2ce3c4 [doc] some corrections
a2ce3c4 is described below
commit a2ce3c4abe9f3a1a677cabc72e8ed4e8261a778f
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
AuthorDate: Tue Oct 3 14:03:46 2023 +0200
[doc] some corrections
---
doc/flows/main.tex | 52 +++++++++++++++++++++-------------------------------
1 file changed, 21 insertions(+), 31 deletions(-)
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index 30879ab..a635b7f 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -41,20 +41,18 @@ The NONCE is used to uniquely distinguish DU of the same
value ("create a fresh
DU := \langle H(TAXID, SALT), NONCE \rangle
\end{align}
-% TODO example
-
\section{Overview}
\includegraphics[width=\textwidth]{overview}
-% FIXME: step 0 lacks DONAU key generation (keys for blind signatures, signing
keys) and distribution
\subsection{Step 0: Initial setup}
\begin{enumerate}
+ \item key generation for blind signatures and statement signing. Distribute
the keys.
\item The charity generates their own key pair.
\item The DONAU administrator registers the public key of the charity and
sets the yearly donation limit for the charities.
\end{enumerate}
-% Group steps 1-3, they are really one sub-protocol altogether!
-\subsection{Step 1: Donor donates to charity}
+\subsection{Attest donation}
+\subsubsection{Step 1: Donor donates to charity}
\begin{enumerate}
\item The donor downloads the DU public keys for the corresponding year from
the DONAU.
@@ -67,86 +65,78 @@ The NONCE is used to uniquely distinguish DU of the same
value ("create a fresh
\item The donor blinds the DUs using two different blinding factors $b_1,
b_2$.
\begin{align}
- BDU1 = BDU1 \cdot b_1^{e_{1EUR}} \mod n_{1EUR} \\ % BDR!
- BDU2 = BDU2 \cdot b_2^{e_{4EUR}} \mod n_{4EUR} % This is RSA-style
blinding, in the abstract just use "blind(b_1,UDID)"
+ BDU1 = blind(b_1,DU1) \\ % BDR!
+ BDU2 = blind(b_2,DU2) % This is RSA-style blinding, in the abstract just
use "blind(b_1,UDID)"
\end{align}
-\item The Donor signs the DUs using the correct DONAU public keys. This gives
the DUs their respective value.
- % Eh, the DONOR never signs anything. Why should they. The DONAU does the
signing! This is very wrong!
- \begin{align}
- BS1_{pk/k1} = sign_{pk/k1}(BDU1) \\
- BS2_{pk/k4} = sign_{pk/k4}(BDU2)
- \end{align}
+\item The donor sends the blinded DUs (BDR) $BDU1$ and $BDU2$ as well as the
payment of 5 Euros.
-\item The donor sends the blinded DUs (BDR) $BDU1$ and $BDU2$ as well as the
signatures $BS1_{pk/k1}$ and $BS2_{pk/k4}$ to the charity in addition to the
payment of 5 Euros.
- % No BS1/BS2: those are *returned* from DONAU!
\end{enumerate}
-\subsection{Step 2: Charity sends signed DUs to DONAU}
+\subsubsection{Charity sends signed DUs to DONAU}
\begin{enumerate}
\item The charity verifies that the amount requested for signing is lower or
equal to the effective amount of the donation.
\item The charity signs (using EdDSA) a structure containing all unsigned
DUs coming from the donor. % Exactly: unsigned!
\item The charity sends this structure and the signature to the DONAU.
\end{enumerate}
-\subsection{Step 3: DONAU sends back blind signed DUs to charity}
+\subsubsection{DONAU sends back blind signed DUs to charity}
\begin{enumerate}
\item The DONAU:
\begin{enumerate}
\item verifies the charity Signature on the structure.
- \item verifies the signature of every DU with it's private keys. % Back
to crypto course for you. Which key does one verify signatures with?
\item increments the current year amount of the charity by the total
amount of the BDR, if the increment does not exceed the annual limit.
\item blind signs (using RSA/Schnorr) all the DUs
\begin{align}
- BS1_{sk/k1} = BDU1^{(d_{E1})} \emph{mod ?} \\ % Yes, but do more
abstract signing (blind-sign) here, not necessarily RSA
- BS2_{sk/k4} = BDU2^{(d_{E4})} \emph{mod ?}
+ BS1_{k1} = sign(BDU1, k1)
+ BS2_{k4} = sign(BDU2, k4)
\end{align}
\item sends back the blind signed DUs to the charity
\end{enumerate}
\item The charity transmits the blind signed DUs to the donor.
\item The donor unblinds the signatures.
\begin{align}
- S1_{sk/k1} = BS1_{sk/k1} \cdot b^{-1} \mod n_1 \\ % again, ideally more
abstract
- S2_{sk/k4} = BS2_{sk/k4} \cdot b^{-1} \mod n_2
+ S1_{k1} = unblind(BS1_{k1}, b_1) \\
+ S2_{k4} = unblind(BS2_{k4}, b_2)
\end{align}
\end{enumerate}
-\subsection{Step 4: Donor sends DR to DONAU, DONAU sends back donation
statement (DS)}
+\subsection{Step 2: Donor sends DR to DONAU, DONAU sends back donation
statement (DS)}
\begin{enumerate}
- \item The donor sends the collection of all $(DUi, Si, kj)$ to the DONAU.
The DR is always sent to the DONAU right after the donor has unblinded the DUs.
The corresponding year is sent with. % Not sure we need the year!
+ \item The donor sends the collection of all $(DUi, Si, kj)$ to the DONAU.
The DR is always sent to the DONAU right after the donor has unblinded the DUs.
\item For each $(DUi, Si, kj)$ The DONAU...
\begin{itemize}
- \item verifies that $kj$ is one of the valid public keys corresponding to
the year indicated. % Why not simply lookup year from key?
+ \item check if $kj$ is stored and get the corresponding year.
\item verifies if $Si$ is a correct signature with the corresponding
secret key.
\item verifies that the hash of the TAXID and the salt is the same as in
other DUs (how to solve the problem with multiple wallets?) % => Each wallet
must simply obtain a separate DS!
\item verifies that the nonce is different from each ever used nonce of
this donor for the corresponding year.
\item if all of this is the case, it adds the amount corresponding to the
public key to the total donation amount for the year.
\end{itemize}
- \item The DONAU then signs over the amount, % => total
+ \item The DONAU then signs over the total amount,
year and hashed TAXID+salt and sends signature and the total amount so far
back to the donor.
\begin{align}
- sign(total amount, year, hash(TAXID, salt)) % Call the result *something*.
(DS)?
+ DS = sign(total amount, year, hash(TAXID, salt))
\end{align}
\end{enumerate}
-\subsection{Step 5: Donor sends QR Code to validator (tax office)}
+\subsection{Step 3: Donor sends QR Code to validator (tax office)}
\begin{enumerate}
\item The donor generates a QR code containing the following and sends it to
the validator/tax office:
\begin{itemize}
+ \item version of the protocol (one byte)
\item TAXID
\item salt
- \item signature received from the DONAU % DS?
+ \item DS received from the DONAU
\item year
\item amount for the year
- \item version of the protocol (one byte) % probably should be first ;-)
+
\end{itemize}
\item The validator scans the QR code and validates that the signature
corresponds to the current DONAU DS signing key.
- % => step 0 lacked DONAU DS signing key setup & distribution ...
\end{enumerate}
\end{document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.