[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-donau] branch master updated: -fixes
From: |
gnunet |
Subject: |
[taler-donau] branch master updated: -fixes |
Date: |
Tue, 31 Oct 2023 10:54:38 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository donau.
The following commit(s) were added to refs/heads/master by this push:
new de2204f -fixes
de2204f is described below
commit de2204f122a52145a9c67e79b3dc19f779e8c1c4
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Oct 31 10:54:33 2023 +0100
-fixes
---
doc/flows/definitions.tex | 81 ++++++++++++++++++++++++-----------------------
doc/flows/main.tex | 22 ++++++-------
2 files changed, 53 insertions(+), 50 deletions(-)
diff --git a/doc/flows/definitions.tex b/doc/flows/definitions.tex
index f9c37d1..2c5d832 100644
--- a/doc/flows/definitions.tex
+++ b/doc/flows/definitions.tex
@@ -6,67 +6,70 @@
\subsection{Definitions}
\begin{itemize}
- \item \textbf{Cryptographic Hash Function} $H(m) := h$ where $m$ is a
message and $h$ the resulting hash.
+ \item \textbf{Cryptographic Hash Function} $h := H(m)$ where $m$ is a
message and $h$ the resulting hash.
- \item \textbf{Blinding function} $blind(m, b)$ where $m$ is the message to
blind and $b$ the blinding factor to apply. The blinding can be done with
either the RSA blind signature scheme or the Blinded Clause-Schnorr signature
scheme.
-
- \item \textbf{Keygen} TODO
+ \item \textbf{BlindKeygen} $\langle K_x^{pub}, K_x^{priv} \rangle :=
Keygen^B(\omega)$ where $\omega$ is a source of entropy and $x$ is the
associated value (e.g. 2 EUR).
+ The resulting key pair represents a donation unit. The result is a public
key $K_x^{pub}$ and private key $K_x^{priv}$. The equivalent in Taler is a
"denomination".
+
+ \item \textbf{DonauKeygen} $\langle D^{pub}, D^{priv} \rangle :=
Keygen^D(\omega)$
+
+ \item \textbf{CharityKeygen} $\langle C^{pub}, C^{priv} \rangle :=
Keygen^C(\omega)$
+
+ \item \textbf{Donor Identifier} $i := H(\texttt{taxid}, s)$ where $s$ is a
random salt with sufficient entropy to prevent guessing attacks to invert the
hash function.
+
+ \item \textbf{Unique Donor Identifier} $u := \langle i, n \rangle$ where $n$
is a high-entropy nonce to make the resulting hash unique per donation.
+
+ \item \textbf{Blinding function} $\overline{u} := blind(u, b, K_x^{pub})$
where $u$ is the value to blind, $b$ the blinding factor to apply and
$K_x^{pub}$ the public key of
+ the donation unit that will be used for signing. The blinding can be done
with either the RSA blind signature scheme or the Blinded Clause-Schnorr
signature scheme.
+ The $\overline{u}$ is a blinded unique donor identifier which is blinded
to protect the privacy of the donor.
\item \textbf{Signing}
\begin{itemize}
\item \textbf{Classic/lightweight signing (e.g. EdDSA):}
\begin{align}
- \fbox{$\sigma := sign(m,k)$}
+ \fbox{$s := sign(m,k^{priv})$}
\end{align}
- where $m$ is a message and $k$ is the private key used to sign the
message.\\
+ where $m$ is a message and $k^{priv}$ is the private key used to sign
the message, for example $k^{priv} = D^{priv}$ or $k^{priv} = C^{priv}$.\\
Applications:
\begin{itemize}
- \item A charity signs a collection of \emph{BUDI-key-pair} before
transfering them to the Donau to issue \emph{Donation Receipts}
- \item The Donau computes the \emph{donation statement signature} for a
donor for a specific year
+ \item Signatures over \textbf{Blinded Unique Donor Identifier-key-pair}
or \textbf{BUDI-key-pairs}:
+ \begin{align}
+ \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$} \\
+ \vec{\mu}_s := sign(\vec{\mu},C^{priv})
+ \end{align}
+ where $H(K_x^{pub})$ indicates which donation unit key should be used
by the Donau to sign the resulting donation receipt. Thus, this hash carries
the information about the exact value the final donation receipt should carry.
+
+ A charity signs a collection of \emph{BUDI-key-pair} before
transfering them to the Donau to issue \emph{Donation Receipts}
+ \item Signing over \textbf{Donation Statement signatures}:
+ \begin{align}
+ \sigma := \langle i, a_\Sigma, \texttt{year} \rangle \\
+ \fbox{$\sigma_s := sign(\sigma, D^{priv})$}
+ \end{align}
+ where $D^{priv}$ is the private key from the Donau.
+ These signatures attest the amount donated in a particular year by a
specific donor.
+
+ The Donau computes the \emph{donation statement signature} for a donor
for a specific year
\end{itemize}
\item \textbf{Blind signing(e.g. RSA/CS):}
- \begin{align}
- \fbox{$\overline{\beta} := blind\_sign(\overline{m},k)$}
+ \begin{align}
+ \fbox{$\overline{\beta} := blind\_sign(\overline{u},K_x^{priv})$}
\end{align}
- where $\overline{m}$ is a blinded message and $k$ is the private key
used to blind sign the message.\\
+ where $\overline{u}$ is a blinded value and $K_x^{priv}$ is the private
key used to blind sign the message.\\
Application:
\begin{itemize}
\item The Donau blind signs \emph{Blinded Unique Donor Identifier}s
received from the charity with the private key matching the public key in the
received \emph{BUDI-key-pair}
\end{itemize}
\end{itemize}
-
- \item \textbf{Donation Unit} $ := (K_x^{pub}, K_x^{priv})$ where $x$ is the
associated value (e.g. 2EUR):
- Smallest structure representing a donation confirmation unit.
- Consists of a Public key $K_x^{pub}$ and Private key $K_x^{priv}$.
Equivalent in Taler is "denomination".
-
- \item \textbf{Donor Identifier} $i := H(\texttt{taxid}, \texttt{salt})$
-
- \item \textbf{Unique Donor Identifier} $u := \langle i, \texttt{nonce}
\rangle$
- where \texttt{nonce} ...%TODO
-
- \item \textbf{Blinded Unique Donor Identifier}
- \begin{align}
- \fbox{$\overline{u} := blind(u)$}
- \end{align}
- blinded to protect the privacy of the donor
- \begin{itemize}
- \item \textbf{Blinded Unique Donor Identifier-key-pair} or
\textbf{BUDI-key-pair}
- \begin{align}
- \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$}
- \end{align}
-where $H(K_x^{pub})$ indicates which donation unit key should be used by the
Donau to sign the resulting donation receipt. Thus, this hash carries the
information about the exact value the final donation receipt should carry.
- \end{itemize}
+ \item UNBLINDING!
+
+ \item Verify (blind + unblind versions)!
+ \item Charity signing request.
+
\item \textbf{Donation Receipt} $r := \langle u, \beta, H(K_x^{pub})
\rangle$ where $\beta$ is the unblinded signature: Sent to the Donau to get the
donation Statement.
- \item \textbf{Donation Statement signature}
- Signature to attest the amount donated in a particular year by a specific
donor.
- \begin{align}
-\fbox{$\sigma_s := sign(\langle i, \texttt{amount}_{total}, \texttt{year}
\rangle, D^{priv})$}
-\end{align}
-where $D^{priv}$ is the private key from the Donau.
\end{itemize}
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index 224d330..ac6489b 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -64,18 +64,18 @@
% TODO make footnote out of this
(if one donation unit is present more than once in the sum, then there is
more than one unique donor identifier required for said donation unit. This
depnds upon the offered donation units.)}
\begin{align}
- i &= H(\texttt{taxid, salt})\\
- u_1 &= \langle i, \texttt{nonce}_1 \rangle \\
- u_2 &= \langle i, \texttt{nonce}_2 \rangle \\
- u_3 &= \langle i, \texttt{nonce}_3 \rangle \\
+ i :&= H(\texttt{taxid, salt})\\
+ u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\
+ u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\
+ u_3 :&= \langle i, \texttt{nonce}_3 \rangle
\end{align}
\item The donor blinds the \emph{unique donor identifiers} using a
\textbf{different} blinding factor $b$ for every \emph{unique donor
identifier}.\\
\emph{Example:}
\begin{align}
- \overline u_1 &= blind (u_1, b_1) \\
- \overline u_2 &= blind (u_2, b_2) \\
- \overline u_3 &= blind (u_3, b_3) \\
+ \overline u_1 :&= blind (u_1, b_1) \\
+ \overline u_2 :&= blind (u_2, b_2) \\
+ \overline u_3 :&= blind (u_3, b_3)
\end{align}
\item So far, the \emph{unique donor identifiers} do not carry information
about their value. The \textbf{intended effective value is now indicated} by
grouping each \emph{unique donor identifier} with the according (hash of the)
\emph{donation unit} public key $P^{pub}_x$. \\
@@ -85,12 +85,12 @@
\emph{Example: Note: The public key is not in relation with the sequential
index of the budi-key-pair, it only relates to the value of the pair!}
\begin{align}
- \overline \mu_1 &= \langle \overline u_1,
\color{red}{P^{pub}_1}\color{black}{} \rangle \\
- \overline \mu_2 &= \langle \overline u_2,
\color{red}{P^{pub}_2}\color{black}{} \rangle \\
- \overline \mu_3 &= \langle \overline u_3,
\color{red}{P^{pub}_4}\color{black}{} \rangle \\
+ \overline \mu_1 :&= \langle \overline u_1,
H(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
+ \overline \mu_2 :&= \langle \overline u_2,
H(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
+ \overline \mu_3 :&= \langle \overline u_3,
H(\color{red}{K^{pub}_4}\color{black}{}) \rangle
\end{align}
- \item The donor sends the $BKP$'s as well as the corresponding payment to
the charity.
+ \item The donor sends the $\vec{\mu}$ as well as the corresponding payment
to the charity.
\end{enumerate}
\subsubsection{Charity sends signed $BKP$'s to Donau}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-donau] branch master updated: -fixes,
gnunet <=