[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-donau] branch master updated: [doc] review main.tex
|
From: |
gnunet |
|
Subject: |
[taler-donau] branch master updated: [doc] review main.tex |
|
Date: |
Sun, 12 Nov 2023 09:11:13 +0100 |
This is an automated email from the git hooks/post-receive script.
lukas-matyja pushed a commit to branch master
in repository donau.
The following commit(s) were added to refs/heads/master by this push:
new 8c66d81 [doc] review main.tex
8c66d81 is described below
commit 8c66d819be60ff2c57edc7585a9d1ee36307daa0
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
AuthorDate: Sun Nov 12 09:11:51 2023 +0100
[doc] review main.tex
---
doc/flows/definitions.tex | 4 +--
doc/flows/main.tex | 75 ++++++++++++++++++++++++-----------------------
2 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/doc/flows/definitions.tex b/doc/flows/definitions.tex
index 2c5d832..845a0e3 100644
--- a/doc/flows/definitions.tex
+++ b/doc/flows/definitions.tex
@@ -34,8 +34,8 @@
\begin{itemize}
\item Signatures over \textbf{Blinded Unique Donor Identifier-key-pair}
or \textbf{BUDI-key-pairs}:
\begin{align}
- \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$} \\
- \vec{\mu}_s := sign(\vec{\mu},C^{priv})
+ \mu := \langle \overline{u}, H(K_x^{pub}) \rangle \\
+ \fbox{$\vec{\mu}_s := sign(\vec{\mu},C^{priv})$}
\end{align}
where $H(K_x^{pub})$ indicates which donation unit key should be used
by the Donau to sign the resulting donation receipt. Thus, this hash carries
the information about the exact value the final donation receipt should carry.
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
index ac6489b..67de0af 100644
--- a/doc/flows/main.tex
+++ b/doc/flows/main.tex
@@ -33,18 +33,18 @@
\subsection{Key generation and initial setup}
\subsubsection{Initial Donau setup}
\begin{enumerate}
- \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$.
+ \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$
for EdDSA signing.
- \item The Donau generates the \emph{donation units} consisting of
$K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
+ \item The Donau generates the \emph{donation unit keys} consisting of
$K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
\end{enumerate}
\subsubsection{Charity setup (Charity side and Donau side)}
\begin{enumerate}
- \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and
downloads the \emph{donation units} from the donau.
+ \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and
downloads the \emph{donation unit public keys} from the donau.
- \item The \textbf{charity} transmits $C^{pub}$ to the party responsible for
Donau administration using a \textbf{secure channel}.
+ \item The \textbf{charity} transmits $C^{pub}$ and the desired yearly
donation limit to the party responsible for Donau administration using a
\textbf{secure channel}.
- \item The party in charge of \textbf{Donau administration} ensures that the
applying party is authentic and if it is publicly recognized as charity
organisation. Furthermore, it ensures that all eventual other checks required
by law are done. If everything is clear, it registers the public key $C^{pub}$
and sets the yearly donation limit for the charitiy.
+ \item The party in charge of \textbf{Donau administration} ensures that the
applying party is authentic and if it is publicly recognized as charity
organisation. Furthermore, it ensures that all eventual other checks required
by law are done. If everything is clear, it registers the public key $C^{pub}$
and sets the requested yearly donation limit for the charitiy.
\end{enumerate}
@@ -54,17 +54,15 @@
\subsubsection{Donor donates to charity and transmits unique donor ids (future
donation receipts)}
\begin{enumerate}
- \item The donor downloads the \emph{donation unit} public keys $K_x^{pub}$
for the corresponding year from the Donau. (if not already done)
+ \item The donor downloads the \emph{donation unit public keys} $K_x^{pub}$
for the corresponding year from the Donau. (if not already done)
\item The donor splits the donation amount into a sum of \emph{donation
units} offered by the Donau. \\
\emph{Example: With donation units \{1,2,4\} available, and a donation with
a total value of 7, the donation amount is split into the sum 4+2+1.}
\item The donor generates as many \emph{unique donor identifiers} as there
are terms in the calculated sum.
- \emph{Example: In our example, there will be 3 unique donor identifiers: one
per donation unit, so one for the value 4, one for the value 2, one for the
value 1.\\
-% TODO make footnote out of this
- (if one donation unit is present more than once in the sum, then there is
more than one unique donor identifier required for said donation unit. This
depnds upon the offered donation units.)}
+ \emph{Example: In our example, there will be 3 unique donor identifiers: one
per donation unit, so one for the value 4, one for the value 2, one for the
value 1}.\footnote{If one donation unit is present more than once in the sum,
then there is more than one unique donor identifier required for said donation
unit. This depends upon the offered donation units.}
\begin{align}
- i :&= H(\texttt{taxid, salt})\\
+ i :&= h(\texttt{taxid, salt})\\
u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\
u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\
u_3 :&= \langle i, \texttt{nonce}_3 \rangle
@@ -73,37 +71,40 @@
\item The donor blinds the \emph{unique donor identifiers} using a
\textbf{different} blinding factor $b$ for every \emph{unique donor
identifier}.\\
\emph{Example:}
\begin{align}
- \overline u_1 :&= blind (u_1, b_1) \\
- \overline u_2 :&= blind (u_2, b_2) \\
- \overline u_3 :&= blind (u_3, b_3)
+ \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\
+ \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\
+ \overline u_3 :&= blind (u_3, b_3, K_4^{pub})
\end{align}
- \item So far, the \emph{unique donor identifiers} do not carry information
about their value. The \textbf{intended effective value is now indicated} by
grouping each \emph{unique donor identifier} with the according (hash of the)
\emph{donation unit} public key $P^{pub}_x$. \\
- We call these pairs \emph{blinded unique donor identifier-key-pair}, or
\emph{budi-key-pair} for short\\
+ \item So far, the \emph{unique donor identifiers} do not carry information
about their value. The \textbf{intended effective value is now indicated} by
grouping each \emph{unique donor identifier} with the according (hash of the)
\emph{donation unit public key} $K^{pub}_x$. \\
+ We call these pairs \emph{blinded unique donor identifier-key-pair},
\emph{budi-key-pair} or even shorter BKP.\\
\\
It is only the \textbf{intended effective} value because the value will only
be attributed later on with the signature of the Donau.
\emph{Example: Note: The public key is not in relation with the sequential
index of the budi-key-pair, it only relates to the value of the pair!}
\begin{align}
- \overline \mu_1 :&= \langle \overline u_1,
H(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
- \overline \mu_2 :&= \langle \overline u_2,
H(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
- \overline \mu_3 :&= \langle \overline u_3,
H(\color{red}{K^{pub}_4}\color{black}{}) \rangle
+ \overline \mu_1 :&= \langle \overline u_1,
h(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
+ \overline \mu_2 :&= \langle \overline u_2,
h(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
+ \overline \mu_3 :&= \langle \overline u_3,
h(\color{red}{K^{pub}_4}\color{black}{}) \rangle \\ \\
+ \vec{\mu} :&= \langle \overline \mu_1,
+ \overline \mu_2,\overline \mu_3
+ \rangle
\end{align}
- \item The donor sends the $\vec{\mu}$ as well as the corresponding payment
to the charity.
+ \item The donor sends all \emph{BKP's} the $\vec{\mu}$ as well as the
corresponding payment to the charity.
\end{enumerate}
\subsubsection{Charity sends signed $BKP$'s to Donau}
\begin{enumerate}
- \item The charity verifies that the amount requested (based on the
$H(K_x^{pub})$) for signing is lower or equal to the effective amount of the
donation.
+ \item The charity verifies that the amount requested (based on the
$h(K_x^{pub})$) for signing is lower or equal to the effective amount of the
donation.
\item The charity signs (using EdDSA) a structure containing all unsigned
$BKP$'s coming from the donor.
\begin{align}
- \sigma_c = \Sigma(\langle BKP_1, BKP_2, ..., BKP_i \rangle, C^{priv})
+ \sigma_c = sign(\vec{\mu}, C^{priv})
\end{align}
- \item The charity sends this structure and the signature $\sigma$ to the
Donau.
+ \item The charity sends this structure $\vec{\mu}$ and the signature
$\sigma$ to the Donau.
\end{enumerate}
\subsubsection{Donau sends back the blind signed $UDI$'s to charity}
@@ -114,30 +115,32 @@
\item increments the current amount of donations received per year of
the charity. This value is increased by the total amount of the $BUDI$'s, if
the increment does not exceed the annual limit.
- \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the
$DU$ private keys $K_x^{priv}$ matching the public keys $H(K^{pub})$ used in
the $BKP$'s.
+ \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the
\emph{donation unit private keys} $K_x^{priv}$ matching the public keys
$h(K^{pub})$ used in the $BKP$'s.
\begin{align}
- \overline{\beta_1} = {B}(BUDI_1, K_x^{priv}) \\
- ... \\
- \overline{\beta_i} = {B}(BUDI_i, K_x^{priv})
+ \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\
+ \overline{\beta_2} = blind\_sign(\overline u_2, K_2^{priv}) \\
+ \overline{\beta_3} = blind\_sign(\overline u_3, K_4^{priv})
\end{align}
- \item sends back the blind signatures $\overline{\beta_1}, ...,
\overline{\beta_i}$ to the charity.
+ \item sends back all created blind signatures
+ $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ to the
charity.
\end{enumerate}
\item The charity forwards the blind signatures to the donor.
- \item The donor unblinds the signed $BUDI$'s $\overline{\beta_1}, ...,
\overline{\beta_i}$ to get the signatures $\beta_1, ..., \beta_i$. This results
in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the
$UDI$, the signature $\beta$ and the Hash of the $DU$ public key $H(K_x^{pub})$.
+ \item The donor unblinds the signatures of the $BUDI$'s to get the
signatures of the $UDI$'s. This results in a collection of \textbf{Donation
Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the
Hash of the \emph{donation unit public key} $h(K_x^{pub})$.
\begin{align}
\beta_1 &= Unblind(\overline{\beta_1}, b_1) \\
- ... \\
- \beta_i &= Unblind(\overline{\beta_i}, b_i)
+ \beta_2 &= Unblind(\overline{\beta_i}, b_i) \\
+ \beta_3 &= Unblind(\overline{\beta_i}, b_i)
\end{align}
\begin{align}
- DR_1 &= \langle UDI_1, \beta_1, H(K_x^{pub}) \rangle \\
- ... \\
- DR_i &= \langle UDI_i, \beta_i, H(K_x^{pub}) \rangle
+ r_1 &= \langle UDI_1, \beta_1, h(K_1^{pub}) \rangle \\
+ r_2 &= \langle UDI_2, \beta_2, h(K_2^{pub})
+ \rangle \\
+ r_3 &= \langle UDI_3, \beta_3, h(K_4^{pub}) \rangle
\end{align}
\end{enumerate}
@@ -145,7 +148,7 @@
\subsubsection{Donor sends the \emph{Donation receipts} to the Donau to get
the \emph{Donation Statement}.}
\begin{enumerate}
- \item The donor sends the collection of all \emph{donation receipts r} to
the Donau. This happens manually once per period.\\\
+ \item The donor sends the collection of all \emph{donation receipts} $r_1,
r_2, r_3$ to the Donau. This happens manually once per period.\\\
It is not done continuously to obtain \emph{unlinkability} between the
\textbf{issuance} of the donation receipts (which happens upon donation) and
their \textbf{submission} for the \emph{donation statement}.
\item For each \emph{donation receipt} the Donau:
\begin{itemize}
@@ -153,9 +156,7 @@
\item verifies that the signature $\beta$ is correct using the
corresponding public key $K_x^{pub}$.
- \item verifies that the \emph{donor identifier} is the same as in other
\emph{donation receipts}
-% TODO: put this as footnote
- (With multiple wallets each wallet must simply obtain a separate
\emph{donation statement}!).
+ \item verifies that the \emph{donor identifier} is the same as in other
\emph{donation receipts}.\footnote{With multiple wallets each wallet must
simply obtain a separate \emph{donation statement}!}
\item verifies that the $\texttt{nonce}$ is unique and was not used before
by the donor for the corresponding year.
\end{itemize}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-donau] branch master updated: [doc] review main.tex,
gnunet <=