[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-donau] branch master updated: edits
|
From: |
gnunet |
|
Subject: |
[taler-donau] branch master updated: edits |
|
Date: |
Tue, 03 Oct 2023 15:12:38 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository donau.
The following commit(s) were added to refs/heads/master by this push:
new 8e2c7d0 edits
8e2c7d0 is described below
commit 8e2c7d055926e7929b93edc80a9a1f5f77b2f853
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Tue Oct 3 15:12:32 2023 +0200
edits
---
doc/flows/main.tex | 86 +++++++++++++++++++++++++++++-------------------------
1 file changed, 47 insertions(+), 39 deletions(-)
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index 3d2e322..fb5a769 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -21,24 +21,30 @@
\section{Definitions}
\begin{itemize}
- \item $DU :=$ \textbf{donation unit} = Smallest structure representing a
donation confirmation unit, e.g. receipt for CHF1, CHF2. Equivalent in Taler is
"coin".
- \item $BDU :=$ blinded DU
- \item $DR :=$ \textbf{donation receipt} = collection of DUs for one donation
- \item $BDR :=$ collection of BDUs
- \item $DS_{year} :=$ \textbf{donation statement} = sum of DRs for one
specific year and specific donor
- \item $b :=$ blinding factor
- \item $H :=$ cryptographic hash function
+\item $DU :=$ \textbf{donation unit} = Smallest structure representing a
donation confirmation unit, e.g. receipt for CHF1, CHF2. Equivalent in Taler is
"denomination".
+ \item $UDID := $ unique identifier of a donor by tax ID, made unique per
donation to obtain unique $DR$s per donation
+ \item $BDID :=$ blinded $UDID$, blinded for privacy of the donor
\item $BS :=$ BDU blinded signature made with a donation unit secret key
(from DONAU)
\item $S :=$ unblinded BS
- \item $DUi, Si, DRi...$ := number entities if there are more than one eg.
DU1,DU2...
+ \item $DR :=$ \textbf{donation receipt} = $UDID$ with $S$ signature of DONAU
affirming donation over the respectiv amount as given by the DU associated with
the signature
+ \item $DRs :=$ collection of $DR$s
+ \item $DS_{year} :=$ \textbf{donation statement} = confirmation over the
total amount of DRs produced for a specific year and specific donor (DID)
+ \item $b :=$ blinding factor
+ \item $H :=$ cryptographic hash function
+ \item $DUi, Si, DRi, \ldots$ := number entities if there are more than one
e.g. $DU1$, $DU2$ ...
\item $BS_{kj}$ or $S_{kj} \Rightarrow kj$ := specific DONAU public key used
to attribute a specific value to a DU, e.g. k1 gives the DU a value of 1, k2 a
value of 2...
\end{itemize}
-\subsection{Donation Unit (DU)}
-The NONCE is used to uniquely distinguish DU of the same value ("create a
fresh DU"). Otherwise the DONAU would refuse DUs containing donations of equal
amount to the same charity, since this would be seen as "double spending". To
simplify the thought process, the NONCE can be thought of as a "DU ID".
+\subsection{Unique Donor ID (UDID)}
+
+The NONCE is used to uniquely distinguish donor IDs of the same value
+("create a fresh donor ID"). Otherwise the DONAU would refuse DUs
+containing donations of equal amount to the same charity, since this
+would be seen as "double spending" (or rather, double claiming of
+tax deduction for the same donation).
\begin{align}
- DU := \langle H(TAXID, SALT), NONCE \rangle
+ UDID := \langle H(TAXID, SALT), NONCE \rangle
\end{align}
\section{Overview}
@@ -46,70 +52,73 @@ The NONCE is used to uniquely distinguish DU of the same
value ("create a fresh
\subsection{Step 0: Initial setup}
\begin{enumerate}
- \item key generation for blind signatures and statement signing. Distribute
the keys.
- \item The charity generates their own key pair.
+ \item Key generation for blind signatures and statement signing by the
DONAU. Distribution of the keys to charities, donors and tax authorities
(possibly on-demand via REST API). Let $ki$ be the private key for $i$ DU and
$Pi$ be the corresponding public key.
+ \item The charity generates their own key pair (charity pub/priv).
\item The DONAU administrator registers the public key of the charity and
sets the yearly donation limit for the charities.
\end{enumerate}
\subsection{Attest donation}
\subsubsection{Step 1: Donor donates to charity}
\begin{enumerate}
- \item The donor downloads the DU public keys for the corresponding year from
the DONAU.
+ \item The donor downloads the DU public keys $P1, P4$ for the corresponding
year from the DONAU.
- \item To donate 5 Euros the donor has to generate 2 DUs (a 1 Euro and 4 Euro
DU). The donor generates DUs $DU1$ and $DU2$ which include a salted hash of the
tax number (here TAXID) and a NONCE. % not DUs, DRs!
+ \item To donate 5 Euros the donor has to generate 2 UDIDs (for 1 Euro and 4
Euro DU).
+ The donor generates UDIDs $U1$ and $U2$ which include a salted hash of the
tax number
+ (here TAXID) and a NONCE.
\begin{align}
- DU1 = \langle H(TAXID, SALT), NONCE_1 \rangle \\ % These are (prototypes)
for DRs! DUs are the 1 EUR and 4 EUR!
- DU2 = \langle H(TAXID, SALT), NONCE_2 \rangle % Maybe call these UDIDs?
(Unique Donor Ids)
+ U1 = \langle H(TAXID, SALT), NONCE_1 \rangle \\ % These are (prototypes)
for DRs! DUs are the 1 EUR and 4 EUR!
+ U2 = \langle H(TAXID, SALT), NONCE_2 \rangle % Maybe call these UDIDs?
(Unique Donor Ids)
\end{align}
\item The donor blinds the DUs using two different blinding factors $b_1,
b_2$.
\begin{align}
- BDU1 = blind(b_1,DU1) \\ % BDR!
- BDU2 = blind(b_2,DU2) % This is RSA-style blinding, in the abstract just
use "blind(b_1,UDID)"
+ BU1 = \langle blind(b_1,U1, P1), H(P1) \rangle \\ % BDR!
+ BU2 = \langle blind(b_2,U2, P4), H(P4) \rangle
\end{align}
-\item The donor sends the blinded DUs (BDR) $BDU1$ and $BDU2$ as well as the
payment of 5 Euros.
+\item The donor sends the blinded UDIDs (BDIDs) $BU1$ and $BU2$ as well as the
payment of 5 Euros.
\end{enumerate}
-\subsubsection{Charity sends signed DUs to DONAU}
+\subsubsection{Charity sends signed BDIDs to DONAU}
\begin{enumerate}
- \item The charity verifies that the amount requested for signing is lower or
equal to the effective amount of the donation.
- \item The charity signs (using EdDSA) a structure containing all unsigned
DUs coming from the donor. % Exactly: unsigned!
+\item The charity verifies that the amount requested (based on the $H(Px)$)
+ for signing is lower or equal to the effective amount of the donation.
+ \item The charity signs (using EdDSA) a structure containing all unsigned
BDIDs coming from the donor.
\item The charity sends this structure and the signature to the DONAU.
\end{enumerate}
-\subsubsection{DONAU sends back blind signed DUs to charity}
+\subsubsection{DONAU sends back blind signed UDIDs to charity}
\begin{enumerate}
\item The DONAU:
\begin{enumerate}
- \item verifies the charity Signature on the structure.
- \item increments the current year amount of the charity by the total
amount of the BDR, if the increment does not exceed the annual limit.
- \item blind signs (using RSA/Schnorr) all the DUs
+ \item verifies the charity signature on the structure.
+ \item increments the current year amount of the charity by the total
amount of the BDIDs, if the increment does not exceed the annual limit.
+ \item blind signs all the BDIDs using the private keys $k_i$ matching
the public keys $H(Pi)$
\begin{align}
- BS1_{k1} = sign(BDU1, k1)
- BS2_{k4} = sign(BDU2, k4)
+ BS1 &:= sign(BU1, k_1) \\
+ BS2 &:= sign(BU2, k_4)
\end{align}
- \item sends back the blind signed DUs to the charity
+ \item sends back the blind signatures to the charity
\end{enumerate}
- \item The charity transmits the blind signed DUs to the donor.
+ \item The charity transmits the blind signatures to the donor.
\item The donor unblinds the signatures.
\begin{align}
- S1_{k1} = unblind(BS1_{k1}, b_1) \\
- S2_{k4} = unblind(BS2_{k4}, b_2)
+ S1_{k1} &= unblind(BS1, b_1) \\
+ S2_{k4} &= unblind(BS2, b_2)
\end{align}
\end{enumerate}
\subsection{Step 2: Donor sends DR to DONAU, DONAU sends back donation
statement (DS)}
\begin{enumerate}
- \item The donor sends the collection of all $(DUi, Si, kj)$ to the DONAU.
The DR is always sent to the DONAU right after the donor has unblinded the DUs.
- \item For each $(DUi, Si, kj)$ The DONAU...
+ \item The donor sends the collection of all $\langle BDUIi, Si, H(Pj)
\rangle$ to the DONAU. The DR is always sent to the DONAU right after the donor
has unblinded the DUs.
+ \item For each $\langle DUi, Si, H(Pj) \rangle$ The DONAU...
\begin{itemize}
- \item check if $kj$ is stored and get the corresponding year.
- \item verifies if $Si$ is a correct signature with the corresponding
secret key.
+ \item check if $Pj$ is stored and get the corresponding year and donation
unit (amount donated).
+ \item verifies if $Si$ is a correct signature with the corresponding
public key $Pj$.
\item verifies that the hash of the TAXID and the salt is the same as in
other DUs (how to solve the problem with multiple wallets?) % => Each wallet
must simply obtain a separate DS!
\item verifies that the nonce is different from each ever used nonce of
this donor for the corresponding year.
\item if all of this is the case, it adds the amount corresponding to the
public key to the total donation amount for the year.
@@ -118,7 +127,7 @@ The NONCE is used to uniquely distinguish DU of the same
value ("create a fresh
year and hashed TAXID+salt and sends signature and the total amount so far
back to the donor.
\begin{align}
- DS = sign(total amount, year, hash(TAXID, salt))
+ DS := sign(total amount, year, H(TAXID, salt))
\end{align}
\end{enumerate}
@@ -133,7 +142,6 @@ The NONCE is used to uniquely distinguish DU of the same
value ("create a fresh
\item DS received from the DONAU
\item year
\item amount for the year
-
\end{itemize}
\item The validator scans the QR code and validates that the signature
corresponds to the current DONAU DS signing key.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-donau] branch master updated: edits,
gnunet <=