diff options
Diffstat (limited to 'doc/bachelor_thesis/content/main.tex')
| -rw-r--r-- | doc/bachelor_thesis/content/main.tex | 205 |
1 files changed, 0 insertions, 205 deletions
diff --git a/doc/bachelor_thesis/content/main.tex b/doc/bachelor_thesis/content/main.tex deleted file mode 100644 index 2e24741..0000000 --- a/doc/bachelor_thesis/content/main.tex +++ /dev/null @@ -1,205 +0,0 @@ -% \documentclass{article} -% -% \usepackage[english]{babel} -% \usepackage[utf8]{inputenc} -% \usepackage{amsmath,amssymb} -% \usepackage{parskip} -% \usepackage{graphicx} -% -% \graphicspath{ {./images/} } -% -% % Margins -% \usepackage[top=3cm, left=3cm, right=3cm, bottom=3cm]{geometry} -% % Colour table cells -% \usepackage[table]{xcolor} -% % diagram packages -% \usepackage{tikz, pgfplots} -% \usetikzlibrary{positioning} -% -% \title{Donau protocol overview} -% \author{Johannes Casaburi \and Pius Loosli \and Lukas Matyja} -% \date{\today} -% -% \begin{document} -% \maketitle -% -% \newpage -% -% \input{definitions.tex} - -\section{Overview} -\subsection{Donation: spend and get donation receipt} -\includegraphics[width=\textwidth]{02-donate} - -\subsection{Get donation statement for taxes after tax period} -\includegraphics[width=\textwidth]{03-donation-statement} - -\newpage -\section{Protocol Detail} - -\subsection{Key generation and initial setup} -\subsubsection{Initial Donau setup} -\begin{enumerate} - \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$ for EdDSA signing. - - \item The Donau generates the \emph{donation unit keys} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value. -\end{enumerate} - -\subsubsection{Charity setup (Charity side and Donau side)} -\begin{enumerate} - \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and downloads the \emph{donation unit public keys} from the donau. - - \item The \textbf{charity} transmits $C^{pub}$ and the desired yearly donation limit to the party responsible for Donau administration using a \textbf{secure channel}. - - \item The party in charge of \textbf{Donau administration} ensures that the applying party is authentic and if it is publicly recognized as charity organisation. Furthermore, it ensures that all eventual other checks required by law are done. If everything is clear, it registers the public key $C^{pub}$ and sets the requested yearly donation limit for the charitiy. -\end{enumerate} - - -\subsection{Continuously during tax period: get donation receipts} -\subsubsection{Overview} - - -\subsubsection{Donor donates to charity and transmits unique donor ids (future donation receipts)} -\begin{enumerate} - \item The donor downloads the \emph{donation unit public keys} $K_x^{pub}$ for the corresponding year from the Donau. (if not already done) - - \item The donor splits the donation amount into a sum of \emph{donation units} offered by the Donau. \\ - \emph{Example: With donation units \{1,2,4\} available, and a donation with a total value of 7, the donation amount is split into the sum 4+2+1.} - - \item The donor generates as many \emph{unique donor identifiers} as there are terms in the calculated sum. - \emph{Example: In our example, there will be 3 unique donor identifiers: one per donation unit, so one for the value 4, one for the value 2, one for the value 1}.\footnote{If one donation unit is present more than once in the sum, then there is more than one unique donor identifier required for said donation unit. This depends upon the offered donation units.} - \begin{align} - i :&= h(\texttt{taxid, salt})\\ - u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\ - u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\ - u_3 :&= \langle i, \texttt{nonce}_3 \rangle - \end{align} - - \item The donor blinds the \emph{unique donor identifiers} using a \textbf{different} blinding factor $b$ for every \emph{unique donor identifier}.\\ - \emph{Example:} - \begin{align} - \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\ - \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\ - \overline u_3 :&= blind (u_3, b_3, K_4^{pub}) - \end{align} - - \item So far, the \emph{unique donor identifiers} do not carry information about their value. The \textbf{intended effective value is now indicated} by grouping each \emph{unique donor identifier} with the according (hash of the) \emph{donation unit public key} $K^{pub}_x$. \\ - We call these pairs \emph{blinded unique donor identifier-key-pair}, \emph{budi-key-pair} or even shorter BKP.\\ - \\ - It is only the \textbf{intended effective} value because the value will only be attributed later on with the signature of the Donau. - - \emph{Example: Note: The public key is not in relation with the sequential index of the budi-key-pair, it only relates to the value of the pair!} - \begin{align} - \overline \mu_1 :&= \langle \overline u_1, h(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\ - \overline \mu_2 :&= \langle \overline u_2, h(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\ - \overline \mu_3 :&= \langle \overline u_3, h(\color{red}{K^{pub}_4}\color{black}{}) \rangle - \end{align} - \begin{align} - \vec{\mu} :&= \langle \overline \mu_1, - \overline \mu_2,\overline \mu_3 - \rangle - \end{align} - \item The donor sends all \emph{BKP's} the $\vec{\mu}$ as well as the corresponding payment to the charity. -\end{enumerate} - -\subsubsection{Charity sends signed $BKP$'s to Donau} -\begin{enumerate} - \item The charity verifies that the amount requested (based on the $h(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation. - - \item The charity signs (using EdDSA) a structure containing all unsigned $BKP$'s coming from the donor. - - \begin{align} - \sigma_c = sign(\vec{\mu}, C^{priv}) - \end{align} - - \item The charity sends this structure $\vec{\mu}$ and the signature $\sigma_c$ to the Donau. -\end{enumerate} - -\subsubsection{Donau sends back the blind signed $UDI$'s to charity} -\begin{enumerate} - \item The Donau: - \begin{enumerate} - \item verifies the signature $\sigma_c$ on the structure. - - \begin{align} - verify(\vec{\mu},\sigma_c, C^{pub}) - \end{align} - - \item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the $BUDI$'s, if the increment does not exceed the annual limit. - - \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the \emph{donation unit private keys} $K_x^{priv}$ matching the public keys $h(K^{pub})$ used in the $BKP$'s. - - \begin{align} - \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\ - \overline{\beta_2} = blind\_sign(\overline u_2, K_2^{priv}) \\ - \overline{\beta_3} = blind\_sign(\overline u_3, K_4^{priv}) - \end{align} - - \item sends back all created blind signatures - $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ to the charity. - \end{enumerate} - - \item The charity forwards the blind signatures to the donor. - - \item The donor verifies the signatures. - - \begin{align} - verify\_blind(u_1,\overline{\beta_1}, K_1^{pub}) \\ - verify\_blind(u_2,\overline{\beta_2}, K_2^{pub}) \\ - verify\_blind(u_3,\overline{\beta_3}, K_4^{pub}) - \end{align} - - \item The donor unblinds the signatures of the $BUDI$'s to get the signatures of the $UDI$'s. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the Hash of the \emph{donation unit public key} $h(K_x^{pub})$. - - \begin{align} - \beta_1 &= Unblind(\overline{\beta_1}, b_1, K_1^{pub}) \\ - \beta_2 &= Unblind(\overline{\beta_2}, b_2, K_2^{pub}) \\ - \beta_3 &= Unblind(\overline{\beta_3}, b_3, K_4^{pub}) - \end{align} - \begin{align} - r_1 &= \langle UDI_1, \beta_1, h(K_1^{pub}) \rangle \\ - r_2 &= \langle UDI_2, \beta_2, h(K_2^{pub}) - \rangle \\ - r_3 &= \langle UDI_3, \beta_3, h(K_4^{pub}) \rangle - \end{align} -\end{enumerate} - -\subsection{After effective tax period: get tax statement for period from Donau} - -\subsubsection{Donor sends the \emph{Donation receipts} to the Donau to get the \emph{Donation Statement}.} -\begin{enumerate} - \item The donor sends the collection of all \emph{donation receipts} $r_1, r_2, r_3$ to the Donau. This happens manually once per period.\\\ - It is not done continuously to obtain \emph{unlinkability} between the \textbf{issuance} of the donation receipts (which happens upon donation) and their \textbf{submission} for the \emph{donation statement}. - \item For each \emph{donation receipt} the Donau: - \begin{itemize} - \item checks that $K_x^{pub}$ is known. - - \item verifies that the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$. - - \item verifies that the \emph{donor identifier} is the same as in other \emph{donation receipts}.\footnote{With multiple wallets each wallet must simply obtain a separate \emph{donation statement}!} - - \item verifies that the $\texttt{nonce}$ is unique and was not used before by the donor for the corresponding year. - \end{itemize} - - \item The Donau signs over the total \texttt{amount}, - \texttt{year} and \emph{donor identifier} and sends the signature and the total amount so far back to the donor. This results in a final signature called the \textbf{\emph{Donation Statement signature}}. - - \begin{align} - \sigma_s = sign(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle, D^{priv}) - \end{align} -\end{enumerate} - -\subsubsection{Donor sends the QR Code to a validator (tax office)} -\begin{enumerate} - \item The donor generates a QR code which contains the following: - \begin{align} - \texttt{QR} = \langle \texttt{taxid}, \texttt{salt}, \texttt{year}, \texttt{amount}, \text{$\sigma_s$} \rangle - \end{align} - - \item The validator scans the QR code and verifies the signature $\sigma_s$. - - \begin{align} - verify(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle,\sigma_s, D^{pub}) - \end{align} -\end{enumerate} - |