1. Grammar: p. 1, Consensus is a key . . . 2. When you put the footnote at the end of a sentence, the superscript follows the period, rather than proceeds it. This was done incorrectly repeatedly, e.g., starting on p. 2, subsystem of the GNUnet framework 3 . should be subsystem of the GNUnet framework. 3 . Then “users. [LI16].” (p. 15), etc.. 3. Similarly, when a sentence or group of sentences gets a reference, the terminating period goes after the references. So, for example, on p. 6 you should not write . . . attract criminal activity. [Ric16]. but, instead, . . . attract criminal activity [Ric16]. 4. p. 7, provider 1.5. → provider (Figure 1.5). 5. p. 7, single chapter → single chapters. 6. p. 15, I appreciated the short and rather harsh critique of blockchains. How do you explain their meteoric rise (if you see it that way) despite these facts? An nonspecialist article that adequately explained this “paradox” would be cool, maybe targeted for The Atlantic. 7. p. 20, instruct their wallet to create a reserve 8. p. 20, from URLs or QR codes 9. p. 22, do you not mean to write the merchant can specify a deadline before which the exchange must issue . . .? 10. p. 23, to prevent “useless” operations . . . unattractive → to make “useless” operations . . . unattractive 11. p. 23, Yet another type of fees → Yet another type of fee 12. p. 24, might not even justified → might not be justified 13. p. 25, A revoked coin cannot be spend (→ spent) 14. p. 26, maximum number of D-coins not maximum amount of D-coins 15. p. 26, The sentence beginning The payback protocol could use some copy editing. 16. p. 28, would be abe to modify 17. p. 29, by Cannard → by Cannard and Gouget 18. p. 30, One of the earliest mentions. 19. p. 33, of the block spend → of the block spent 20. p. 41 and later. The wrong papers ([Poi05], [Sho04], [Cor00]) are being credited for 4provable security, the notion of which is usually credited go [GM82/GM85] (although credit should arguably be shared more broadly with Blum and Yao, for example). Only one of the papers you’re siting here is even a survey. 21. p. 41 and later. “i.e.” invariably needs a comma after it, “i.e.,”, which will also fix the spacing issue you are getting from missing L A TEXthinking you have ended the sentence 22. p. 41:,extra period, and comma, in Q.”, 23. p. 42. [Lin17] is not an appropriate reference of the idea of simulation-based definitions. The idea might be credited to GMR85/89 (zero-knowledge). 24. p. 43, paragraph 3. I would not regard the use of oracles in game-based definitions as an extension of Turing machines. However you might formalize the adversary’s computation (in a RAM model, as a program in some programming language, whatever), we can no doubt embellish that model by adding oracles. Turing machines are perhaps the most awkward way of doing it! 25. p. 43, paragraph beginning “While oracles”. I would, similarly, regard oracles as even less related to interactive protocols. At least the way that I use this term, interactive protocols are stylized two-party interactions used for defining the complexity class IP. They were originally defined, rather informally, with interactive Turing Machines. Better expositions eliminated that language. 26. p. 45. I’m not sure the origins of the DDH or CDH assumptions, but it certainly precedes [Bon98]. That is a good exposition on the assumption, however. In general, make sure it is clear if you are crediting the originators of an idea or an exposition of it you are fond of. You can always signal that latter by saying something like “nicely described by Boneh [Bon98].” 27. p. 45. [Bel+98] isn’t the right reference for IND-CPA unless you have narrowed the scope to the symmetric setting. 28. p. 48–57. I think it would be a Herculian job to truly verify this syntax and these games, and I won’t really try to do so. Maybe you can tell me how these evolved and were debugged. 29. pp. 57–58. Polynomial is with respect to λ + κ? Negligible in with respect to which in which games? Maybe adjust language so that this is explicit in the key definitions of this section. Also good to remind the reader of the different semantics of λ and κ. 30. p. 57, extra slash in Def. 3.4.1. 31. pp. 58–60. You describe the syntax for four primitives on which you base your construc- tion, but do you formalize the security properties you demand for each of these primitives? I wasn’t seeing it. Then, 32. p. 64, your theorem on Anonymity (Theorem 1) omits the complexity assumptions that 5are required for this to go through, 33. p. 67, and the same holds for Theorems 3 and 4. 34. p. 72, util 35. p. 83, the the 36. p. 82, the payment is [the] same as 37. p. 82, an URL → a URL 38. p. 84, is generally is 39. p. 84–85, tipping is normally by a customer to a merchant, not the other way around ;-) 40. p. 89, the the 41. p. 98, To reduce the perceived performance — what you write is not what you mean :-) 42. p. 101–113. The various protocols in section 4.7 — I am not really clear how these relate to the more abstractly described protocols of Chapter 3. It is not simply that you are instantiating earlier mechanisms with concrete primitives; much more seems to be going on. Are there concrete claims being made as to the security of these constructions? 43. p. 114, happyiness → happiness. 44. pp. 123–154. I liked this chapter, but it did feel somewhat out of place compared to the rest of the thesis. It still carried some vestiges of being a paper (for example, the chapter speaks a couple of time of its being a paper, rather than a chapter ), and read like one. The writing seemed to assume more of the user, and it was a bit disorganized compared to the rest of the presentation. Now I have never felt that a dissertation needed to be all that unified to be good (theses that amalgamate vaguely related papers are fine by me), so this this isn’t a big deal. But it might help to switch the order of Chapters 5 and 6, as it did feel jarring to go back to go back to GNU Taler with the BSC stuff intervening. And a little bit more of a transition to the current Chapter 5 would be good. 45. p. 125. I felt confused why you weren’t making any requirement on the ṽ i values relative to the original v j values. 46. pp. 131–132. I didn’t understand what the formal requirement on R is supposed to be. Is this any function where R(S) ⊆ S, R(R(S)) = R(S)? At the end of 5.3.1, I still wasn’t certain what precisely a BSC protocol was required to deliver. Being more formal would help. 47. And where is the theorem that a specified protocol has achieved BSC? Theorem 5 is about graded broadcast. 48. p. 152. It would probably good to return to the mention made earlier on the potential relationship between GNU Taler and BSU, if that was a serious possibility. 649. p. 155-157. The Conclusion, and similar idea from the Introduction, are quite powerful. I would repeat the suggestion we could really use a nonspecialist article, in a venue like The Atlantic, on approaches for payment and their is socio-political implications. 50. References. Don’t use et al. in the names of authors in a bibliography ([Gil17+], [Gue00+], etc.). The “+” is fine in a label, but in the actual biography, all authors deserve to be named. 51. References. Proofread for capitalization and typos in titles—things like “byzantine” [ML14] or the quote marks in [KM07]. 52. A final pass over the thesis should deal with all the overfull hboxes. ------------------------------------------------ Batch 1: Global: s/Blockchain/blockchain/g # despite in titles s/Blockchains/blockchains/g # dito s/e.g. $text/e.g., $text/g # as redacted for RFCs s/i.e. $text/i.e., $text/g # dito s/free software/Free Software/g # consistency s/Web/web/ # ? (if not World Wide Web (WWW) s/proof-of-work/Proof-of-Work/g # consistency s/proof-of-stake/Proof-of-Stake/g # dito s/zero knowledge proof/Zero-Knowledge Proof/ig # dito s/denial of service attack/denial-of-service attack/ig # dito s/Website/website/ig # dito s/chosen plaintext attack/chosen-plaintext attack/ig # dito s/polynomial time algorithm/polynomial-time algorithm/ig # dito 16: - s/the the/the/ - s/merchant or customer/a merchant or a customer needs/ 17: - w/withdraw/withdrawal/ - s/of coin/of a coin/ 18: - "deanyonmiza-" breaks blockquote 19: - s/that allows/that allow/ - s/that payee/that the payee/ - s/would now requested/would now be requested/ 26: - s/(super)set/(super-)set/ # ? 29: - s/An complete/A complete/ 31: - "We assume the contact information of the exchange is known to both customer and merchant from the start, including that the customer can authenticate the merchant, for example by using X.509 certificates [Yee13]." (Is there also something else than X.509 for auth?) 32: s/Subsequently /Subsequently, / # ? s/from URLs or QR code/from a URL or a QR code/ 34: "A useful application for sharing are peer-to-peer payments between mutually trusting parties, such as families and friends." # 36: - s/withdraw private key/withdrawal private key/ - s/GNU Taler what would/GNU Taler which would/ 40: - "The following modifications are made:" # blank line above? 43: - s/to a different blind signature/to different blind signature/ 44: - s/preserved preserved/preserved/ 45: - "in a distributed and decentralized manner" # even though there's a centralization tendency (as you wrote earlier) towards actors in abundance of computational power and persistent memory (to hold the ledger) - s/block spend/block spent/ # ? - "While it was originally believed that PoW consensus process is resistant against attackers that have less than a 51% majority of computational power, closer analysis has shown that a 21% majority sufficies [ES18]." # You might want to add there was already a successful 51% attack from an hard fork of BTC, Bitcoin Gold (BTG): http://fortune.com/2018/05/29/bitcoin-gold-hack/ 47: - s/in a stack-based/in stack-based/ 49: - "As with card payment systems, these oligopolies are politically dangerous [Run11], and the lack of competition can result in excessive profit taking that may require political solutions [Jon15] to the resulting market failure." # 51: - "In this case, even if the financial damages are ultimately covered by the bank, the customer always has to deal with the procedure of notifying the bank in the first place. As a result, customers must remain wary about using their cards, which limits their online shopping [ibi14, p. 50]." # 53/54: - "Contrary to what the name might suggest, a protocol that is “provably secure” is not necessarily secure in practice [KM07; Dam07]." & "Furthermore a provably secure protocol does not always lend itself easily to a secure implementation [...]" # Like cybervoting ? :D 58: - "Useful techniques for hops are, for example:" # add blank line above? - s/small failure events/small-failure events/ig # ?; check also globally 59: - s/In practice this identifier/In practice, this identifier # ? ------------------------------------------------ Batch 2: Global: - s/polynomial time adversary/polynomial-time adversary/g # ? 62: - "The customer only records the refresh operation identifier rid in refreshIds [ pkCustomer ] ," # breaking blockquote 64: - s/the adversary/The adversary/ # new sentence; check the sentence, too: seems somewhat gramatically broken - "The customer and withdraw identifier wid are obtained from the WithdrawRequest transcript T ." # breaks blockquote 65: - s/Additionally gives/Additionally, gives/ # ? 66: - "We define a helper procedure" # add blank line above? 69: - "game is negligibly close to 1/ for any polynomial time adversary A ." # is there something missing after "1/ "? 71: - s/anunblinded/an unblinded/ - s/blind signature protocols/blind-signature protocols/ # ? - "We require the following two security properties for BlindSign:" # blank line above? - s/and has been signed/has been signed/ - s/game can defined/game can be defined/ 72: - "We require the following security properties to hold for CoinSignKx:" # blank line above? - s/random shared secret/random-shared secet/ # ?; or "randomly shared secret", otherwise? - "Using these primitives, we now instantiate the syntax of our income-transparent e-cash scheme:" # add blank live above? 76: - "From the information theoretically secure blinding," # Lang broken? - s/completeness/completedness/ # check also globally 78: - "In order to win the conservation game, the adversary must increase withdrawn [ pkCustomer ] # breaks blockquote - s/Similarly for/Similarly, for/ # ? - s/Thus only remaining option for the adversary to decrease v C or v S is with the O RefreshPickup and O Deposit oracles respectively./Thus, the only remaining option for the adversary is to decrease v C or v S with the O RefreshPickup and O Deposit oracles, respectively./ # commata, +"is", -"is"; check carefully - s/Thus the adversary/Thus, the adversary/ 79: - "We consider the directed forest" # semantics / words fine here? 80: - "We shall prove" # blank line above? - s/Furthermore for an/Furthermore, for an/ - s/exhibit different outcomes/exhibiting different outcomes/ # ? ------------------------------------ Global: -s/e-mail/email/g # In RFC contexts usually "email" -s/signalling/signaling/g # American English (as used otherwise, AFAICS) -s/, for example $text/, for example, $text/g # AFAICS as with "e.g." 84: - s/util the reserve/until the reserve/ 86: - s/The later constraints is/The later constraints are/ 88: - "The exchange uses the master key to sign the following data offline:" # blank line above? - s/The denominations offered by the exchange, explained further in Section 4.1.3./The denominations offered by the exchange is explained further in Section 4.1.3./ # -comma, +"is" 89: - s/with this coin respectively/with this coin, respectively/ # +comma 90: - s/It is however unavoidable/It is, however, unavoidable/ 92: - s/Thus the merchant’s/Thus, the merchant’s/ 93: - "In order to settle the payment, the customer must sign a deposit permission for" # blank line above? 94: - "The following steps illustrate a typical payment with the online shop alice-shop. example.com." # break blockquote; and: blank line above? 95: - URI vs. URL used in same context # unify; suggestion: use URL on this page 96: - s/Furthermore current/Furthermore, current/ - s/digital restriction management/digital restrictions management/ # plural 97: - s/Furthermore the merchant/Furthermore, the merchant/ 98: - s/the fulfillment_url, which identifies the resources that is being paid for/the fulfillment_url, which identifies the resources that is being paid for, / # +comma (list item) 100: - "The merchant triggers giving a tip with an HTTP 402 response that has the" # Isn't that sentence part broken? - s/tip pickup URL/tip-pickup URL/ # ? --------------------------------------- Global: - s/dataflow/data flow/ig # Acc. to dict.leo.org: https://dict.leo.org/german-english/dataflow s/wall clock time/wall-clock time/g 101: - s/the the/the/ 102: - s/For demonstration purposes and integration testing we/For demonstration purposes and integration testing, we/ # +comma 103: - "All three processes exchange data via the same database. Only taler-exchange-httpd" # breaking blockquote - "currently only PostgreSQL is supported as a database." # Is the API to access a DBMS abstracted or specific to PostgreSQL? - "wirewatch" # \emph{wirewatch}? 105: - "The taler-auditor process generates a report with the following informa- tion:" # blank line above? 106: - Figure 4.9: s/private backend/Private Backend/ # ?; consistency - Figure 4.9: s/public backend/Public Backend/ # ?; consistency - Figure 4.9: s/customer browser/Customber Browser/ # ?; consistency - "The backend API is divided into two types of HTTP endpoints:" # blank line above? 107: - "http://flask.pocoo.org/" # \footnote{\url{http://flask.pocoo.org/}} ? 109: - s/and backoffice respectively/and backoffice, respectively./ 110: - "Cryptographic operations run in an isolated process implemented as a Web- Worker 12 . This design allows the relatively slow cryptographic operations to run concurrently in the background in multiple threads. Since the crypto WebWorkers are started on-demand, the wallet only uses minimal resources when not actively used." # :D :D 113: - s/Effectively /Effectively, / - s/Furthermore /Furthermore, / 114: - "We use the following algorithms:" # blank line above? - s/full domain hash/full-domain hash/ # ? 115: - "We use the following algorithms, defined informally here:" # blank line above? - s/existing, processed deposit/existing processed deposit/ # ?; -comma - "h. Returns the existing" # initial word missing? 117: - s/naïve/naive/ # ? Check: https://dict.leo.org/german-english/naive - "We use the following algorithms, defined informally here:" # blank line above? 118: - Figure 4.13: s/The customer can identify themselves/The customer can identify itself/ 124: - "We use the following algorithms, defined informally here:" # blank line above? - s/that were previously send/that were previously sent/ # past tense 126: - s/Even on a low-end smartphone devices/Even on a low-end smartphone device/ # singular - s/operations remains/operations remain/ 127: - s/coins instead of transaction/coins instead of transactions/ # plural? - s/random value to be spend/random value to be spent/ - s/5000/5,000/ # unify (in other parts of the text this notation was used) - s/10000/10,000/ # dito - s/1250/1,250/ # dito 128: - s/Furthermore /Furthermore, / - s/10000/10,000/ # unify - s/exchange respectively/exchange, respectively/ 129: - Check numbers for notations, e.g., TBD: s/10000/10,000/ -- https://vecirex.net ------------------------------- Global: - Check notations for numbers, e.g., s/1000/1,000/g # unify - s/internet/Internet/g # ? 131: - "and exchanges an be operated securely even without TLS." # s/an/can/ ? 132: - s/Furthermore /Furthermore, / 133: - Figure 422: s/on exchange's latency/on an exchange's latency/ # ? - s/as we the user experience/as well as the user experience/ 134: - s/to be effectly/to be effective/ 135: - s/In practice /In practice, / 136: - s/finite time bound/finite-time bound/ # ? - "In summary, we make the following contributions in this paper:" # blank line above? 138: - s/this is problem is present/this is a problem present/ 140: - s/thus peers/thus, peers/ 141: - "Under the hood, an IBF of size n is an array of n buckets. Each bucket holds three values:" # blank line above? 142: - s/can not/cannot/ 143: - "We now give a definition of set-union consensus that is motivated by practical applications to secure multiparty computation protocols such as electronic voting, which are discussed in more detail in Section 5.7." # Wuaaaaaaaaaah! :D 144: - s/For example /For example, / 147: - "The Gradecast is adapted as follows:" # blank line above? 148: - "We give a correctness proof that generalizes Feldman’s proof for Gradecast of single values [Fel88, Section 4.1]. # blank line above? -- https://vecirex.net ---------------------------- ALLES GUTE HEUTE! * * * Global: - s/optimised/optimized/g # American English (as used otherwise, AFAICS) - s/Central Bank Issued Currencies/Central-Bank-Issued Currencies/ig # ? - s/centrally banked/centrally-banked/g #? 151: - "Xeon E5-2630 CPU, and GNUnet SVN revision 36765. We used the gnunet-consensus-prof" # blockquote broken -- very hard 159: - s/the leader the effect/the leader, the effect/ 162: - s/Typically the public key/Typically, the public key/ 167: - "Currencies serve three key functions in society: [Man10]" # blank line above? - s/anti money-laundering/anti-money-laundering/ 168: - "As GNU Taler is free software, even without backing by a central bank, Taler would not suffer from these drawbacks arising from the use of proprietary technology. Furthermore, Taler-style electronic cash comes with some unique benefits:" # blank line above? 169: - "What we offer to society is an open and free (as in free speech) system with mechanisms to audit merchants’ income, instead of proprietary systems controlled by a few oligopoly companies." # :D 189: - The Internet-Draft is marked expired, October 9, 2018; use newest version or just point to: https://datatracker.ietf.org/doc/draft-dold-payto/ -- https://vecirex.net