[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-donau] branch master updated: [doc] major rewrite
|
From: |
gnunet |
|
Subject: |
[taler-donau] branch master updated: [doc] major rewrite |
|
Date: |
Mon, 16 Oct 2023 21:13:38 +0200 |
This is an automated email from the git hooks/post-receive script.
johannes-casaburi pushed a commit to branch master
in repository donau.
The following commit(s) were added to refs/heads/master by this push:
new 70cbe3a [doc] major rewrite
70cbe3a is described below
commit 70cbe3ae5c477e015dc5e6a94b122e1b35620b23
Author: Casaburi Johannes <johannes.casaburi@students.bfh.ch>
AuthorDate: Mon Oct 16 21:13:08 2023 +0200
[doc] major rewrite
---
doc/flows/main.tex | 165 +++++++++++++++++++++++++++--------------------------
1 file changed, 83 insertions(+), 82 deletions(-)
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index 19940c7..749bca4 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -12,7 +12,7 @@
% Colour table cells
\usepackage[table]{xcolor}
-\title{DONAU protocol overview}
+\title{Donau protocol overview}
\author{Johannes Casaburi \and Pius Loosli \and Lukas Matyja}
\date{\today}
@@ -21,130 +21,131 @@
\section{Definitions}
\begin{itemize}
-\item $DU :=$ \textbf{donation unit} = Smallest structure representing a
donation confirmation unit, i.e. accepted values that compose a donation
(examples: CHF1, CHF2, EUR1, EUR2). Equivalent in Taler is "denomination".
- \item $UDID := $ \textbf{unique donor identifier} of a donor by tax ID, made
unique per donation to obtain unique $DR$s per donation
- \item $BDID :=$ blinded $UDID$, blinded for privacy of the donor
- \item $BS :=$ BDU blinded signature made with a donation unit secret key
(from DONAU)
- \item $S :=$ unblinded BS
- \item $DR :=$ \textbf{donation receipt} = $UDID$ with $S$ signature of DONAU
affirming donation over the respectiv amount as given by the DU associated with
the signature
- \item $DRs :=$ collection of $DR$s
- \item $DS_{year} :=$ \textbf{donation statement} = confirmation over the
total amount of DRs produced for a specific year and specific donor (DID)
- \item $b :=$ blinding factor
- \item $H :=$ cryptographic hash function
- \item $DUi, Si, DRi, \ldots$ := number entities if there are more than one
e.g. $DU1$, $DU2$ ...
- \item $BS_{kj}$ or $S_{kj} \Rightarrow kj$ := specific DONAU public key used
to attribute a specific value to a DU, e.g. k1 gives the DU a value of 1, k2 a
value of 2...
-\end{itemize}
+ \item \textbf{Cryptographic Hash Function} $H$
+
+ \item \textbf{Signing Function} $Sign$
+
+ \item \textbf{Blind Signing Function} $BSign$
+
+ \item \textbf{Signature} $S$
+
+ \item \textbf{Blind Signature} $B$
-\subsection{Unique Donor ID (UDID)}
+ \item \textbf{Blinding Factor} $b$
-The NONCE is used to uniquely distinguish donor IDs of the same value
-("create a fresh donor ID"). Otherwise the DONAU would refuse DUs
-containing donations of equal amount to the same charity, since this
-would be seen as "double spending" (or rather, double claiming of
-tax deduction for the same donation).
+ \item \textbf{Donation Unit} $DU = (K_{pub}, K_{priv})$: Smallest structure
representing a donation confirmation unit. Consists of a Public key $K_{pub}$
and Private key $K_{priv}$. Equivalent in Taler is "denomination".
-\begin{align}
- UDID := \langle H(TAXID, SALT), NONCE \rangle
-\end{align}
+ \item \textbf{Unique Donor Identifier} $UDI = \langle H(TAXID, SALT), NONCE
\rangle$
+
+ \item \textbf{Blinded Unique Donor Identifier} $BUDI = \langle B_{UDI},
H(K_{pub}) \rangle$, blinded to protect the privacy of the donor
+
+ \item \textbf{Donation Receipt} $DR = \langle UDI, S_{UDI}, H(K_{pub})
\rangle$
+
+ \item \textbf{Donation Statement} $DS$: Signature to attest the amount
donated in a particular year by a specific donor.
+
+\end{itemize}
\section{Overview}
\includegraphics[width=\textwidth]{overview}
-\subsection{Step 0: Initial setup}
+\subsection{Step 0: Key generation and Initial setup}
\begin{enumerate}
- \item Key generation for blind signatures and statement signing by the
DONAU. Distribution of the keys to charities, donors and tax authorities
(possibly on-demand via REST API). Let $ki$ be the private key for $i$ DU and
$Pi$ be the corresponding public key.
- \item The charity generates their own key pair (charity pub/priv).
- \item The DONAU administrator registers the public key of the charity and
sets the yearly donation limit for the charities.
+ \item The Donau generates a public key $D_{pub}$ and private key $D_{priv}$.
+
+ \item The Donau generates the donation units ($DU$'s) consisting of
$K_{pub}^x$ and $K_{priv}^x$ where $x$ is the associated value.
+
+ \item The charity generates the key pair $(C_{pub}, C_{priv})$.
+
+ \item The Donau administrator registers the public key $C_{pub}$ and sets
the yearly donation limit for the charities.
\end{enumerate}
\subsection{Step 1: Attest donation}
\subsubsection{Donor donates to charity}
\begin{enumerate}
- \item The donor downloads the DU public keys $P1, P4$ for the corresponding
year from the DONAU.
+ \item The donor downloads the $DU$'s public keys $K_{pub}^x$ for the
corresponding year from the Donau.
- \item To donate 5 Euros the donor has to generate 2 UDIDs (for 1 Euro and 4
Euro DU).
- The donor generates UDIDs $U1$ and $U2$ which include a salted hash of the
tax number
- (here TAXID) and a NONCE.
+ \item The donor generates a $UDI = \langle H(TAXID, SALT), NONCE \rangle$
for every $DU$.
- \begin{align}
- U1 = \langle H(TAXID, SALT), NONCE_1 \rangle \\
- U2 = \langle H(TAXID, SALT), NONCE_2 \rangle
- \end{align}
+ \item The donor blinds the $UDI$'s using a \textbf{different} blinding
factor $b$ for every $UDI$.
- \item The donor blinds the UDIDs using two different blinding factors $b_1,
b_2$.
\begin{align}
- BU1 = \langle blind(b_1,U1, P1), H(P1) \rangle \\
- BU2 = \langle blind(b_2,U2, P4), H(P4) \rangle
+ B_{UDI} &= BSign(b,UDI, K_{pub}) \\
+ BUDI &= \langle B_{UDI}, H(K_{priv}) \rangle
\end{align}
-\item The donor sends the blinded UDIDs (BDIDs) $BU1$ and $BU2$ as well as the
payment of 5 Euros.
-
+\item The donor sends the $BUDI$'s as well as the corresponding payment to the
charity.
\end{enumerate}
-\subsubsection{Charity sends signed BDIDs to DONAU}
+\subsubsection{Charity sends signed $BUDI$'s to Donau}
\begin{enumerate}
-\item The charity verifies that the amount requested (based on the $H(Pi)$)
- for signing is lower or equal to the effective amount of the donation.
- \item The charity signs (using EdDSA) a structure containing all unsigned
BDIDs coming from the donor.
- \item The charity sends this structure and the signature to the DONAU.
+ \item The charity verifies that the amount requested (based on the
$H(K_{pub})$) for signing is lower or equal to the effective amount of the
donation.
+
+ \item The charity signs (using EdDSA) a structure containing all unsigned
$BUDI$'s coming from the donor.
+
+ \begin{align}
+ S_C = Sign(\langle BUDI_1, BDUI_2, .. \rangle, C_{priv})
+ \end{align}
+
+ \item The charity sends this structure and the signature $S_C$ to the Donau.
\end{enumerate}
-\subsubsection{DONAU sends back blind signed UDIDs to charity}
+\subsubsection{Donau sends back the blind signed $UDI$'s to charity}
\begin{enumerate}
- \item The DONAU:
+ \item The Donau:
\begin{enumerate}
- \item verifies the charity signature on the structure.
- \item increments the current year amount of the charity by the total
amount of the BDIDs, if the increment does not exceed the annual limit.
- \item blind signs all the BDIDs using the private keys $k_i$ matching
the public keys $H(Pi)$.
+ \item verifies the signature $S_C$ on the structure.
+
+ \item increments the current amount of donations received per year of
the charity. This value is increased by the total amount of the $BUDI$'s, if
the increment does not exceed the annual limit.
+
+ \item blind signs all the $BUDI$'s using the $DU$ private keys
$K_{priv}$ matching the public keys used in $H(K_{pub})$.
+
\begin{align}
- BS1 &:= sign(BU1, k_1) \\
- BS2 &:= sign(BU2, k_4)
+ S_D = Sign(BUDI, K_{priv})
\end{align}
- \item sends back the blind signatures to the charity.
+
+ \item sends back the blind signatures ($S_D$'s) to the charity.
\end{enumerate}
+
\item The charity transmits the blind signatures to the donor.
- \item The donor unblinds the signatures.
+
+ \item The donor unblinds the $BUDI$'s to get the signed $UDI$'s. This
results in the \textbf{Donation Receipt} $DR$ consisting of the $UDI$, the
signature $S_{UDI}$ and the Hash of the $DU$ public key $H(K_{pub})$.
+
\begin{align}
- S1_{k1} &= unblind(BS1, b_1) \\
- S2_{k4} &= unblind(BS2, b_2)
+ S_{UDI} &= B^{-1}(BUDI, S_D, b) \\
+ DR &= \langle UDI, S_{UDI}, H(K_{pub}) \rangle
\end{align}
\end{enumerate}
-
-\subsection{Step 2: Donor sends DRs to DONAU, DONAU sends back donation
statement (DS)}
+\subsection{Step 2: Donor sends the $DR$'s to the Donau to get the
\textbf{Donation Statement} $DS$.}
\begin{enumerate}
- \item The donor sends the collection of all $\langle DUi, Si, H(Pj)
\rangle$, also called DRs, to the DONAU. The DRs are sent manually once a year.
- \item For each $\langle DUi, Si, H(Pj) \rangle$ The DONAU...
-
+ \item The donor sends the collection of all $DR$'s, to the Donau. The $DR$'s
are sent manually once a year.
+ \item For each $DR$ the Donau:
\begin{itemize}
- \item check if $Pj$ is stored and get the corresponding year and donation
unit (amount donated).
- \item verifies if $Si$ is a correct signature with the corresponding
public key $Pj$.
- \item verifies that the hash of the TAXID and the salt is the same as in
other DRs (With multiple wallets each wallet must simply obtain a separate DS!).
- \item verifies that the nonce is different from each ever used nonce of
this donor for the corresponding year.
- \item if all of this is the case, it adds the amount corresponding to the
public key to the total donation amount for the year.
+ \item checks that $K_{pub}$ is valid.
+
+ \item verifies that the signature $S_{UDI}$ is correct using the
corresponding public key $K_{pub}$.
+
+ \item verifies that the hash of the $TAXID$ and the $SALT$ is the same as
in other $DR$'s (With multiple wallets each wallet must simply obtain a
separate $DS$!).
+
+ \item verifies that the $NONCE$ is unique and was not used before by the
donor for the corresponding year.
\end{itemize}
- \item The DONAU then signs over the total amount,
- year and hashed TAXID+salt and sends signature and the total amount so far
back to the donor.
- \begin{align}
- DS := sign(total amount, year, H(TAXID, salt))
- \end{align}
+ \item The Donau signs over the total amount,
+ year and $H(TAXID, SALT)$ and sends the signature and the total amount
so far back to the donor. This results in the \textbf{Donation Statement} $DS$.
+ \begin{align}
+ DS = Sign(\langle AMOUNT_{Total}, YEAR, H(TAXID, SALT) \rangle,
D_{priv})
+ \end{align}
\end{enumerate}
-\subsection{Step 3: Donor sends QR Code to validator (tax office)}
+\subsection{Step 3: Donor sends the QR Code to a validator (tax office)}
\begin{enumerate}
- \item The donor generates a QR code containing the following and sends it to
the validator/tax office:
- \begin{itemize}
- \item version of the protocol (one byte)
- \item TAXID
- \item salt
- \item DS received from the DONAU
- \item year
- \item amount for the year
- \end{itemize}
+ \item The donor generates a QR code:
+ \begin{align}
+ QR = \langle TAXID, SALT, DS, YEAR, AMOUNT \rangle
+ \end{align}
-\item The validator scans the QR code and validates that the signature
corresponds to the current DONAU DS signing key.
+ \item The validator scans the QR code and verifies the signature in the $DS$.
\end{enumerate}
\end{document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-donau] branch master updated: [doc] major rewrite,
gnunet <=