diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-04-29 15:44:00 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-04-29 15:44:00 +0200 |
commit | b5d0fa21679e889a458f7d43afeef5c90dbd891c (patch) | |
tree | 52cb3bfce392f2dcb7f15f0c25d753bc527ceb3f /comments.txt | |
parent | ba1ff59b56cbc3946f70cafe6ed80c9aacc15afa (diff) | |
download | dold-thesis-phd-b5d0fa21679e889a458f7d43afeef5c90dbd891c.tar.gz dold-thesis-phd-b5d0fa21679e889a458f7d43afeef5c90dbd891c.tar.bz2 dold-thesis-phd-b5d0fa21679e889a458f7d43afeef5c90dbd891c.zip |
comments.txt
Diffstat (limited to 'comments.txt')
-rw-r--r-- | comments.txt | 571 |
1 files changed, 571 insertions, 0 deletions
diff --git a/comments.txt b/comments.txt new file mode 100644 index 0000000..8898e62 --- /dev/null +++ b/comments.txt @@ -0,0 +1,571 @@ +1. Grammar: p. 1, Consensus is a key . . . +2. When you put the footnote at the end of a sentence, the superscript follows the period, +rather than proceeds it. This was done incorrectly repeatedly, e.g., starting on p. 2, +subsystem of the GNUnet framework 3 . should be subsystem of the GNUnet framework. 3 . +Then “users. [LI16].” (p. 15), etc.. +3. Similarly, when a sentence or group of sentences gets a reference, the terminating period +goes after the references. So, for example, on p. 6 you should not write . . . attract criminal +activity. [Ric16]. but, instead, . . . attract criminal activity [Ric16]. +4. p. 7, provider 1.5. → provider (Figure 1.5). +5. p. 7, single chapter → single chapters. +6. p. 15, I appreciated the short and rather harsh critique of blockchains. How do you +explain their meteoric rise (if you see it that way) despite these facts? An nonspecialist +article that adequately explained this “paradox” would be cool, maybe targeted for The +Atlantic. +7. p. 20, instruct their wallet to create a reserve +8. p. 20, from URLs or QR codes +9. p. 22, do you not mean to write the merchant can specify a deadline before which the +exchange must issue . . .? +10. p. 23, to prevent “useless” operations . . . unattractive → to make “useless” operations . . . +unattractive +11. p. 23, Yet another type of fees → Yet another type of fee +12. p. 24, might not even justified → might not be justified +13. p. 25, A revoked coin cannot be spend (→ spent) +14. p. 26, maximum number of D-coins not maximum amount of D-coins +15. p. 26, The sentence beginning The payback protocol could use some copy editing. +16. p. 28, would be abe to modify +17. p. 29, by Cannard → by Cannard and Gouget +18. p. 30, One of the earliest mentions. +19. p. 33, of the block spend → of the block spent +20. p. 41 and later. The wrong papers ([Poi05], [Sho04], [Cor00]) are being credited for +4provable security, the notion of which is usually credited go [GM82/GM85] (although +credit should arguably be shared more broadly with Blum and Yao, for example). Only +one of the papers you’re siting here is even a survey. +21. p. 41 and later. “i.e.” invariably needs a comma after it, “i.e.,”, which will also fix the +spacing issue you are getting from missing L A TEXthinking you have ended the sentence +22. p. 41:,extra period, and comma, in Q.”, +23. p. 42. [Lin17] is not an appropriate reference of the idea of simulation-based definitions. +The idea might be credited to GMR85/89 (zero-knowledge). +24. p. 43, paragraph 3. I would not regard the use of oracles in game-based definitions as an +extension of Turing machines. However you might formalize the adversary’s computation +(in a RAM model, as a program in some programming language, whatever), we can no +doubt embellish that model by adding oracles. Turing machines are perhaps the most +awkward way of doing it! +25. p. 43, paragraph beginning “While oracles”. I would, similarly, regard oracles as even +less related to interactive protocols. At least the way that I use this term, interactive +protocols are stylized two-party interactions used for defining the complexity class IP. +They were originally defined, rather informally, with interactive Turing Machines. Better +expositions eliminated that language. +26. p. 45. I’m not sure the origins of the DDH or CDH assumptions, but it certainly precedes +[Bon98]. That is a good exposition on the assumption, however. In general, make sure it +is clear if you are crediting the originators of an idea or an exposition of it you are fond +of. You can always signal that latter by saying something like “nicely described by Boneh +[Bon98].” +27. p. 45. [Bel+98] isn’t the right reference for IND-CPA unless you have narrowed the scope +to the symmetric setting. +28. p. 48–57. I think it would be a Herculian job to truly verify this syntax and these games, +and I won’t really try to do so. Maybe you can tell me how these evolved and were +debugged. +29. pp. 57–58. Polynomial is with respect to λ + κ? Negligible in with respect to which in +which games? Maybe adjust language so that this is explicit in the key definitions of this +section. Also good to remind the reader of the different semantics of λ and κ. +30. p. 57, extra slash in Def. 3.4.1. +31. pp. 58–60. You describe the syntax for four primitives on which you base your construc- +tion, but do you formalize the security properties you demand for each of these primitives? +I wasn’t seeing it. Then, +32. p. 64, your theorem on Anonymity (Theorem 1) omits the complexity assumptions that +5are required for this to go through, +33. p. 67, and the same holds for Theorems 3 and 4. +34. p. 72, util +35. p. 83, the the +36. p. 82, the payment is [the] same as +37. p. 82, an URL → a URL +38. p. 84, is generally is +39. p. 84–85, tipping is normally by a customer to a merchant, not the other way around ;-) +40. p. 89, the the +41. p. 98, To reduce the perceived performance — what you write is not what you mean :-) +42. p. 101–113. The various protocols in section 4.7 — I am not really clear how these relate +to the more abstractly described protocols of Chapter 3. It is not simply that you are +instantiating earlier mechanisms with concrete primitives; much more seems to be going +on. Are there concrete claims being made as to the security of these constructions? +43. p. 114, happyiness → happiness. +44. pp. 123–154. I liked this chapter, but it did feel somewhat out of place compared to the +rest of the thesis. It still carried some vestiges of being a paper (for example, the chapter +speaks a couple of time of its being a paper, rather than a chapter ), and read like one. +The writing seemed to assume more of the user, and it was a bit disorganized compared +to the rest of the presentation. Now I have never felt that a dissertation needed to be all +that unified to be good (theses that amalgamate vaguely related papers are fine by me), +so this this isn’t a big deal. But it might help to switch the order of Chapters 5 and 6, +as it did feel jarring to go back to go back to GNU Taler with the BSC stuff intervening. +And a little bit more of a transition to the current Chapter 5 would be good. +45. p. 125. I felt confused why you weren’t making any requirement on the ṽ i values relative +to the original v j values. +46. pp. 131–132. I didn’t understand what the formal requirement on R is supposed to be. +Is this any function where R(S) ⊆ S, R(R(S)) = R(S)? At the end of 5.3.1, I still wasn’t +certain what precisely a BSC protocol was required to deliver. Being more formal would +help. +47. And where is the theorem that a specified protocol has achieved BSC? Theorem 5 is about +graded broadcast. +48. p. 152. It would probably good to return to the mention made earlier on the potential +relationship between GNU Taler and BSU, if that was a serious possibility. +649. p. 155-157. The Conclusion, and similar idea from the Introduction, are quite powerful. +I would repeat the suggestion we could really use a nonspecialist article, in a venue like +The Atlantic, on approaches for payment and their is socio-political implications. +50. References. Don’t use et al. in the names of authors in a bibliography ([Gil17+], [Gue00+], +etc.). The “+” is fine in a label, but in the actual biography, all authors deserve to be +named. +51. References. Proofread for capitalization and typos in titles—things like “byzantine” +[ML14] or the quote marks in [KM07]. +52. A final pass over the thesis should deal with all the overfull hboxes. + + + +------------------------------------------------ + +Batch 1: + + +Global: +s/Blockchain/blockchain/g # despite in titles +s/Blockchains/blockchains/g # dito +s/e.g. $text/e.g., $text/g # as redacted for RFCs +s/i.e. $text/i.e., $text/g # dito +s/free software/Free Software/g # consistency +s/Web/web/ # ? (if not World Wide Web (WWW) +s/proof-of-work/Proof-of-Work/g # consistency +s/proof-of-stake/Proof-of-Stake/g # dito +s/zero knowledge proof/Zero-Knowledge Proof/ig # dito +s/denial of service attack/denial-of-service attack/ig # dito +s/Website/website/ig # dito +s/chosen plaintext attack/chosen-plaintext attack/ig # dito +s/polynomial time algorithm/polynomial-time algorithm/ig # dito + +16: +- s/the the/the/ +- s/merchant or customer/a merchant or a customer needs/ + +17: +- w/withdraw/withdrawal/ +- s/of coin/of a coin/ + +18: +- "deanyonmiza-" breaks blockquote + +19: +- s/that allows/that allow/ +- s/that payee/that the payee/ +- s/would now requested/would now be requested/ + +26: +- s/(super)set/(super-)set/ # ? + +29: +- s/An complete/A complete/ + +31: +- "We assume the contact information of the exchange is known to both +customer +and merchant from the start, including that the customer can +authenticate the +merchant, for example by using X.509 certificates [Yee13]." +(Is there also something else than X.509 for auth?) + +32: +s/Subsequently /Subsequently, / # ? +s/from URLs or QR code/from a URL or a QR code/ + +34: +"A useful application for sharing are peer-to-peer payments between +mutually trusting parties, such as families and friends." # + +36: +- s/withdraw private key/withdrawal private key/ +- s/GNU Taler what would/GNU Taler which would/ + +40: +- "The following modifications are made:" # blank line above? + +43: +- s/to a different blind signature/to different blind signature/ + +44: +- s/preserved preserved/preserved/ + +45: +- "in a distributed and decentralized manner" # even though there's a +centralization tendency (as you wrote earlier) towards actors in +abundance of computational power and persistent memory (to hold the ledger) +- s/block spend/block spent/ # ? +- "While it was originally believed that PoW consensus +process is resistant against attackers that have less than a 51% majority +of computational power, closer analysis has shown that a 21% majority +sufficies [ES18]." # You might want to add there was already a +successful 51% attack from an hard fork of BTC, Bitcoin Gold (BTG): +http://fortune.com/2018/05/29/bitcoin-gold-hack/ + +47: +- s/in a stack-based/in stack-based/ + +49: +- "As with card payment systems, these oligopolies are politically +dangerous [Run11], +and the lack of competition can result in excessive profit taking that +may require +political solutions [Jon15] to the resulting market failure." # + +51: +- "In this case, +even if the financial damages are ultimately covered by the bank, the +customer +always has to deal with the procedure of notifying the bank in the first +place. As +a result, customers must remain wary about using their cards, which +limits their +online shopping [ibi14, p. 50]." # + +53/54: +- "Contrary to what the name might suggest, a protocol that is “provably +secure” +is not necessarily secure in practice [KM07; Dam07]." & "Furthermore a +provably secure protocol does not always lend itself easily to a +secure implementation [...]" # Like cybervoting ? :D + +58: +- "Useful techniques for hops are, for example:" # add blank line above? +- s/small failure events/small-failure events/ig # ?; check also globally + +59: +- s/In practice this identifier/In practice, this identifier # ? + + + + +------------------------------------------------ +Batch 2: + +Global: +- s/polynomial time adversary/polynomial-time adversary/g # ? + +62: +- "The customer only records the refresh operation identifier rid in +refreshIds [ pkCustomer ] ," # breaking blockquote + +64: +- s/the adversary/The adversary/ # new sentence; check the sentence, +too: seems somewhat gramatically broken +- "The customer and withdraw identifier wid are obtained from the +WithdrawRequest +transcript T ." # breaks blockquote + +65: +- s/Additionally gives/Additionally, gives/ # ? + +66: +- "We define a helper procedure" # add blank line above? + +69: +- "game is negligibly close to 1/ for any polynomial time adversary A ." +# is there something missing after "1/ "? + +71: +- s/anunblinded/an unblinded/ +- s/blind signature protocols/blind-signature protocols/ # ? +- "We require the following two security properties for BlindSign:" # +blank line above? +- s/and has been signed/has been signed/ +- s/game can defined/game can be defined/ + +72: +- "We require the following security properties to hold for CoinSignKx:" +# blank line above? +- s/random shared secret/random-shared secet/ # ?; or "randomly shared +secret", otherwise? +- "Using these primitives, we now instantiate the syntax of our +income-transparent +e-cash scheme:" # add blank live above? + +76: +- "From the information theoretically secure blinding," # Lang broken? +- s/completeness/completedness/ # check also globally + +78: +- "In order to win the conservation game, the adversary must increase +withdrawn [ pkCustomer ] # breaks blockquote +- s/Similarly for/Similarly, for/ # ? +- s/Thus only remaining option for the adversary to decrease v C or v S +is with the O RefreshPickup and O Deposit oracles respectively./Thus, +the only remaining option for the adversary is to decrease v C or v S +with the +O RefreshPickup and O Deposit oracles, respectively./ # commata, +"is", +-"is"; check carefully +- s/Thus the adversary/Thus, the adversary/ + +79: +- "We consider the directed forest" # semantics / words fine here? + +80: +- "We shall prove" # blank line above? +- s/Furthermore for an/Furthermore, for an/ +- s/exhibit different outcomes/exhibiting different outcomes/ # ? + + +------------------------------------ + + + + +Global: +-s/e-mail/email/g # In RFC contexts usually "email" +-s/signalling/signaling/g # American English (as used otherwise, AFAICS) +-s/, for example $text/, for example, $text/g # AFAICS as with "e.g." + +84: +- s/util the reserve/until the reserve/ + +86: +- s/The later constraints is/The later constraints are/ + +88: +- "The exchange uses the master key to sign the following data offline:" +# blank line above? +- s/The denominations offered by the exchange, explained further in +Section 4.1.3./The denominations offered by the exchange is explained +further in Section 4.1.3./ # -comma, +"is" + +89: +- s/with this coin respectively/with this coin, respectively/ # +comma + +90: +- s/It is however unavoidable/It is, however, unavoidable/ + +92: +- s/Thus the merchant’s/Thus, the merchant’s/ + +93: +- "In order to settle the payment, the customer must sign a deposit +permission for" # blank line above? + +94: +- "The following steps illustrate a typical payment with the online shop +alice-shop. example.com." # break blockquote; and: blank line above? + +95: +- URI vs. URL used in same context # unify; suggestion: use URL on this page + +96: +- s/Furthermore current/Furthermore, current/ +- s/digital restriction management/digital restrictions management/ # +plural + +97: +- s/Furthermore the merchant/Furthermore, the merchant/ + +98: +- s/the fulfillment_url, which identifies the resources that is being paid +for/the fulfillment_url, which identifies the resources that is being paid +for, / # +comma (list item) + +100: +- "The merchant triggers giving a tip with an HTTP 402 response that has +the" # Isn't that sentence part broken? +- s/tip pickup URL/tip-pickup URL/ # ? + + +--------------------------------------- + + + +Global: +- s/dataflow/data flow/ig # Acc. to dict.leo.org: +https://dict.leo.org/german-english/dataflow +s/wall clock time/wall-clock time/g + +101: +- s/the the/the/ + +102: +- s/For demonstration purposes and integration testing we/For +demonstration purposes and integration testing, we/ # +comma + +103: +- "All three processes exchange data via the same database. Only +taler-exchange-httpd" # breaking blockquote +- "currently only PostgreSQL is supported as a database." # Is the API +to access a DBMS abstracted or specific to PostgreSQL? +- "wirewatch" # \emph{wirewatch}? + +105: +- "The taler-auditor process generates a report with the following informa- +tion:" # blank line above? + +106: +- Figure 4.9: s/private backend/Private Backend/ # ?; consistency +- Figure 4.9: s/public backend/Public Backend/ # ?; consistency +- Figure 4.9: s/customer browser/Customber Browser/ # ?; consistency +- "The backend API is divided into two types of HTTP endpoints:" # blank +line above? + +107: +- "http://flask.pocoo.org/" # \footnote{\url{http://flask.pocoo.org/}} ? + +109: +- s/and backoffice respectively/and backoffice, respectively./ + +110: +- "Cryptographic operations run in an isolated process implemented as a Web- +Worker 12 . This design allows the relatively slow cryptographic +operations to run concurrently in the background in multiple threads. +Since the crypto WebWorkers are started on-demand, the wallet only uses +minimal resources when not actively used." # :D :D + +113: +- s/Effectively /Effectively, / +- s/Furthermore /Furthermore, / + +114: +- "We use the following algorithms:" # blank line above? +- s/full domain hash/full-domain hash/ # ? + +115: +- "We use the following algorithms, defined informally here:" # blank +line above? +- s/existing, processed deposit/existing processed deposit/ # ?; -comma +- "h. Returns the existing" # initial word missing? + +117: +- s/naïve/naive/ # ? Check: https://dict.leo.org/german-english/naive +- "We use the following algorithms, defined informally here:" # blank +line above? + +118: +- Figure 4.13: s/The customer can identify themselves/The customer can +identify itself/ + +124: +- "We use the following algorithms, defined informally here:" # blank +line above? +- s/that were previously send/that were previously sent/ # past tense + +126: +- s/Even on a low-end smartphone devices/Even on a low-end smartphone +device/ # singular +- s/operations remains/operations remain/ + +127: +- s/coins instead of transaction/coins instead of transactions/ # plural? +- s/random value to be spend/random value to be spent/ +- s/5000/5,000/ # unify (in other parts of the text this notation was used) +- s/10000/10,000/ # dito +- s/1250/1,250/ # dito + +128: +- s/Furthermore /Furthermore, / +- s/10000/10,000/ # unify +- s/exchange respectively/exchange, respectively/ + +129: +- Check numbers for notations, e.g., TBD: s/10000/10,000/ +-- +https://vecirex.net + +------------------------------- + + + +Global: +- Check notations for numbers, e.g., s/1000/1,000/g # unify +- s/internet/Internet/g # ? + +131: +- "and exchanges an be operated securely even without TLS." # s/an/can/ ? + +132: +- s/Furthermore /Furthermore, / + +133: +- Figure 422: s/on exchange's latency/on an exchange's latency/ # ? +- s/as we the user experience/as well as the user experience/ + +134: +- s/to be effectly/to be effective/ + +135: +- s/In practice /In practice, / + +136: +- s/finite time bound/finite-time bound/ # ? +- "In summary, we make the following contributions in this paper:" # +blank line above? + +138: +- s/this is problem is present/this is a problem present/ + +140: +- s/thus peers/thus, peers/ + +141: +- "Under the hood, an IBF of size n is an array of n buckets. Each +bucket holds +three values:" # blank line above? + +142: +- s/can not/cannot/ + +143: +- "We now give a definition of set-union consensus that is motivated by +practical applications to secure multiparty computation protocols such +as electronic voting, which are discussed in more detail in Section +5.7." # Wuaaaaaaaaaah! :D + +144: +- s/For example /For example, / + +147: +- "The Gradecast is adapted as follows:" # blank line above? + +148: +- "We give a correctness proof that generalizes Feldman’s proof for +Gradecast of +single values [Fel88, Section 4.1]. # blank line above? +-- +https://vecirex.net + +---------------------------- + + + + +ALLES GUTE HEUTE! + +* * * + +Global: +- s/optimised/optimized/g # American English (as used otherwise, AFAICS) +- s/Central Bank Issued Currencies/Central-Bank-Issued Currencies/ig # ? +- s/centrally banked/centrally-banked/g #? + +151: +- "Xeon E5-2630 CPU, and GNUnet SVN revision 36765. We used the +gnunet-consensus-prof" # blockquote broken -- very hard + +159: +- s/the leader the effect/the leader, the effect/ + +162: +- s/Typically the public key/Typically, the public key/ + +167: +- "Currencies serve three key functions in society: [Man10]" # blank +line above? +- s/anti money-laundering/anti-money-laundering/ + +168: +- "As GNU Taler is free software, even without backing by a central +bank, Taler would not suffer from these drawbacks arising from the use +of proprietary technology. Furthermore, Taler-style electronic cash +comes with some unique benefits:" # blank line above? + +169: +- "What we offer to society is an open and free (as in free speech) +system with mechanisms to audit merchants’ income, instead of +proprietary systems controlled by a few oligopoly companies." # :D + +189: +- The Internet-Draft is marked expired, October 9, 2018; use newest +version or just point to: https://datatracker.ietf.org/doc/draft-dold-payto/ + +-- +https://vecirex.net + + + |