gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-donau] branch master updated: -fixes

From: gnunet
Subject: [taler-donau] branch master updated: -fixes
Date: Tue, 31 Oct 2023 10:54:38 +0100 
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository donau.

The following commit(s) were added to refs/heads/master by this push:
     new de2204f  -fixes
de2204f is described below

commit de2204f122a52145a9c67e79b3dc19f779e8c1c4
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Oct 31 10:54:33 2023 +0100

    -fixes
---
 doc/flows/definitions.tex | 81 ++++++++++++++++++++++++-----------------------
 doc/flows/main.tex        | 22 ++++++-------
 2 files changed, 53 insertions(+), 50 deletions(-)

diff --git a/doc/flows/definitions.tex b/doc/flows/definitions.tex
index f9c37d1..2c5d832 100644
--- a/doc/flows/definitions.tex
+++ b/doc/flows/definitions.tex
@@ -6,67 +6,70 @@
 
 \subsection{Definitions}
 \begin{itemize}
-  \item \textbf{Cryptographic Hash Function} $H(m) := h$ where $m$ is a 
message and $h$ the resulting hash.
+  \item \textbf{Cryptographic Hash Function} $h := H(m)$ where $m$ is a 
message and $h$ the resulting hash.
   
-  \item \textbf{Blinding function} $blind(m, b)$ where $m$ is the message to 
blind and $b$ the blinding factor to apply. The blinding can be done with 
either the RSA blind signature scheme or the Blinded Clause-Schnorr signature 
scheme.
-  
-  \item \textbf{Keygen} TODO
+  \item \textbf{BlindKeygen} $\langle K_x^{pub}, K_x^{priv} \rangle := 
Keygen^B(\omega)$ where $\omega$ is a source of entropy and $x$ is the 
associated value (e.g. 2 EUR).
+    The resulting key pair represents a donation unit. The result is a public 
key $K_x^{pub}$ and private key $K_x^{priv}$. The equivalent in Taler is a 
"denomination".
+
+  \item \textbf{DonauKeygen} $\langle D^{pub}, D^{priv} \rangle := 
Keygen^D(\omega)$
+
+  \item \textbf{CharityKeygen} $\langle C^{pub}, C^{priv} \rangle := 
Keygen^C(\omega)$
+
+  \item \textbf{Donor Identifier} $i := H(\texttt{taxid}, s)$ where $s$ is a 
random salt with sufficient entropy to prevent guessing attacks to invert the 
hash function.
+    
+  \item \textbf{Unique Donor Identifier} $u := \langle i, n \rangle$ where $n$ 
is a high-entropy nonce to make the resulting hash unique per donation.
+
+  \item \textbf{Blinding function} $\overline{u} := blind(u, b, K_x^{pub})$ 
where $u$ is the value to blind, $b$ the blinding factor to apply and 
$K_x^{pub}$ the public key of
+    the donation unit that will be used for signing. The blinding can be done 
with either the RSA blind signature scheme or the Blinded Clause-Schnorr 
signature scheme.
+    The $\overline{u}$ is a blinded unique donor identifier which is blinded 
to protect the privacy of the donor.  
 
   \item \textbf{Signing}
     \begin{itemize}
       \item \textbf{Classic/lightweight signing (e.g. EdDSA):} 
       \begin{align}
-        \fbox{$\sigma := sign(m,k)$}
+        \fbox{$s := sign(m,k^{priv})$}
       \end{align}
-      where $m$ is a message and $k$ is the private key used to sign the 
message.\\
+      where $m$ is a message and $k^{priv}$ is the private key used to sign 
the message, for example $k^{priv} = D^{priv}$ or $k^{priv} = C^{priv}$.\\
       Applications:
       \begin{itemize}
-        \item A charity signs a collection of \emph{BUDI-key-pair} before 
transfering them to the Donau to issue \emph{Donation Receipts}
-        \item The Donau computes the \emph{donation statement signature} for a 
donor for a specific year
+      \item Signatures over \textbf{Blinded Unique Donor Identifier-key-pair} 
or \textbf{BUDI-key-pairs}:
+        \begin{align}
+          \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$} \\
+          \vec{\mu}_s := sign(\vec{\mu},C^{priv})
+        \end{align}
+        where $H(K_x^{pub})$ indicates which donation unit key should be used 
by the Donau to sign the resulting donation receipt. Thus, this hash carries 
the information about the exact value the final donation receipt should carry.
+
+        A charity signs a collection of \emph{BUDI-key-pair} before 
transfering them to the Donau to issue \emph{Donation Receipts}
+      \item Signing over \textbf{Donation Statement signatures}:
+        \begin{align}
+          \sigma := \langle i, a_\Sigma, \texttt{year} \rangle \\
+          \fbox{$\sigma_s := sign(\sigma, D^{priv})$}
+        \end{align}
+        where $D^{priv}$ is the private key from the Donau.
+        These signatures attest the amount donated in a particular year by a 
specific donor.
+
+        The Donau computes the \emph{donation statement signature} for a donor 
for a specific year
       \end{itemize}
       
       \item \textbf{Blind signing(e.g. RSA/CS):}
-      \begin{align}
-        \fbox{$\overline{\beta} := blind\_sign(\overline{m},k)$}
+        \begin{align}
+        \fbox{$\overline{\beta} := blind\_sign(\overline{u},K_x^{priv})$}
       \end{align}
-      where $\overline{m}$ is a blinded message and $k$ is the private key 
used to blind sign the message.\\
+      where $\overline{u}$ is a blinded value and $K_x^{priv}$ is the private 
key used to blind sign the message.\\
       Application:
       \begin{itemize}
         \item The Donau blind signs \emph{Blinded Unique Donor Identifier}s 
received from the charity with the private key matching the public key in the 
received \emph{BUDI-key-pair}
       \end{itemize}
     \end{itemize}
-
-  \item \textbf{Donation Unit} $ := (K_x^{pub}, K_x^{priv})$ where $x$ is the 
associated value (e.g. 2EUR):
-    Smallest structure representing a donation confirmation unit.
-    Consists of a Public key $K_x^{pub}$ and Private key $K_x^{priv}$. 
Equivalent in Taler is "denomination".
-
-  \item \textbf{Donor Identifier} $i := H(\texttt{taxid}, \texttt{salt})$
-    
-  \item \textbf{Unique Donor Identifier} $u := \langle i, \texttt{nonce} 
\rangle$
-  where \texttt{nonce} ...%TODO
-
-  \item \textbf{Blinded Unique Donor Identifier} 
-  \begin{align}
-    \fbox{$\overline{u} := blind(u)$}
-  \end{align}
-  blinded to protect the privacy of the donor
   
-  \begin{itemize}
-   \item \textbf{Blinded Unique Donor Identifier-key-pair} or 
\textbf{BUDI-key-pair}
-  \begin{align}
-      \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$}
-  \end{align}
-where $H(K_x^{pub})$ indicates which donation unit key should be used by the 
Donau to sign the resulting donation receipt. Thus, this hash carries the 
information about the exact value the final donation receipt should carry.
-  \end{itemize}
 
+  \item UNBLINDING!
+
+  \item Verify (blind + unblind versions)!
 
+  \item Charity signing request.
+    
   \item \textbf{Donation Receipt} $r := \langle u, \beta, H(K_x^{pub}) 
\rangle$ where $\beta$ is the unblinded signature: Sent to the Donau to get the 
donation Statement.
 
-  \item \textbf{Donation Statement signature}
-  Signature to attest the amount donated in a particular year by a specific 
donor.
-  \begin{align}
-\fbox{$\sigma_s := sign(\langle i, \texttt{amount}_{total}, \texttt{year} 
\rangle, D^{priv})$}
-\end{align}
-where $D^{priv}$ is the private key from the Donau.
 
 \end{itemize}
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index 224d330..ac6489b 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -64,18 +64,18 @@
 %   TODO make footnote out of this
   (if one donation unit is present more than once in the sum, then there is 
more than one unique donor identifier required for said donation unit. This 
depnds upon the offered donation units.)}
     \begin{align}
-      i &= H(\texttt{taxid, salt})\\ 
-      u_1 &= \langle i, \texttt{nonce}_1 \rangle \\
-      u_2 &= \langle i, \texttt{nonce}_2 \rangle \\
-      u_3 &= \langle i, \texttt{nonce}_3 \rangle \\
+        i :&= H(\texttt{taxid, salt})\\ 
+      u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\
+      u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\
+      u_3 :&= \langle i, \texttt{nonce}_3 \rangle 
     \end{align}
 
   \item The donor blinds the \emph{unique donor identifiers} using a 
\textbf{different} blinding factor $b$ for every \emph{unique donor 
identifier}.\\
   \emph{Example:}
   \begin{align}
-    \overline u_1 &= blind (u_1, b_1) \\
-    \overline u_2 &= blind (u_2, b_2) \\
-    \overline u_3 &= blind (u_3, b_3) \\
+    \overline u_1 :&= blind (u_1, b_1) \\
+    \overline u_2 :&= blind (u_2, b_2) \\
+    \overline u_3 :&= blind (u_3, b_3) 
   \end{align}
   
   \item So far, the \emph{unique donor identifiers} do not carry information 
about their value. The \textbf{intended effective value is now indicated} by 
grouping each \emph{unique donor identifier} with the according (hash of the) 
\emph{donation unit} public key $P^{pub}_x$. \\
@@ -85,12 +85,12 @@
   
   \emph{Example: Note: The public key is not in relation with the sequential 
index of the budi-key-pair, it only relates to the value of the pair!}
   \begin{align}
-       \overline \mu_1 &= \langle \overline u_1, 
\color{red}{P^{pub}_1}\color{black}{} \rangle \\
-       \overline \mu_2 &= \langle \overline u_2, 
\color{red}{P^{pub}_2}\color{black}{} \rangle \\
-       \overline \mu_3 &= \langle \overline u_3, 
\color{red}{P^{pub}_4}\color{black}{} \rangle \\
+       \overline \mu_1 :&= \langle \overline u_1, 
H(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
+       \overline \mu_2 :&= \langle \overline u_2, 
H(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
+       \overline \mu_3 :&= \langle \overline u_3, 
H(\color{red}{K^{pub}_4}\color{black}{}) \rangle 
   \end{align}
 
-  \item The donor sends the $BKP$'s as well as the corresponding payment to 
the charity.
+  \item The donor sends the $\vec{\mu}$ as well as the corresponding payment 
to the charity.
 \end{enumerate}
 
 \subsubsection{Charity sends signed $BKP$'s to Donau}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]