diff options
authorChristian Grothoff <>2020-07-12 19:19:13 +0200
committerChristian Grothoff <>2020-07-12 19:19:13 +0200
commit4cfcf842fe6bdd0535cdc64683d3eb79e74bbceb (patch)
parentfdee6830e6470ff4413d5698290146fa7ba5d5c2 (diff)
add reserve state machine
-rw-r--r--doc/system/taler/reserve.pdfbin0 -> 14395 bytes
3 files changed, 30 insertions, 2 deletions
diff --git a/doc/system/taler/design.tex b/doc/system/taler/design.tex
index 36d16774..ff43376a 100644
--- a/doc/system/taler/design.tex
+++ b/doc/system/taler/design.tex
@@ -125,8 +125,8 @@ payment.
% FIXME: who needs to be trusted for anonymity?
A \emph{reserve} refers to a customer's non-anonymous funds at an exchange,
identified by a reserve public key. Suppose a customer wants to convert money
into anonymized digital coins. To do that, the customer first creates a
@@ -149,7 +149,20 @@ customers that lost their reserve private key to eventually recover their
funds. If a wire transfer to the exchange does not include a valid reserve public key,
the exchange transfers the money back to the sender.
-% FIXME: this really needs a diagram
+Figure~\ref{fig:reserve:state} illustrates the state machine for a reserve.
+Long-terms states are shown in boxes, while actions are in circles. The
+final state is in a double-circle.
+A reserve is first {\em filled} by a wire transfer. The amount in it is reduced
+by withdraw operations. If the balance reaches zero, the reserve is
+{\em drained}. If a reserve is not drained after a certain amount of time,
+it is automatically closed. A reserve can also be filled via a recoup
+action in case that the denomination of an unspent coin that was
+withdrawn from the reserve is revoked.
+ \includegraphics{reserve.pdf}
+ \caption{State machine of a reserve.}
+ \label{fig:reserve:states}
Instead of requiring the customer to manually generate reserve key pairs and
copy them onto a wire transfer form, banks can offer tight integration with the
@@ -187,6 +200,7 @@ for acceptance as an IETF Internet Standard.
% FIXME: withdrawal strategy, coin selection
\subsection{Coins and Denominations}
Unlike plain Chaumian e-cash, where a coin just contains a serial number, a
\emph{coin} in Taler is a public/private key pair where the private key is only
known to the owner of the coin.
diff --git a/doc/system/taler/ b/doc/system/taler/
new file mode 100644
index 00000000..af6e3e86
--- /dev/null
+++ b/doc/system/taler/
@@ -0,0 +1,14 @@
+digraph Reserve {
+ filled [color=blue, label="filled reserve", shape="box"];
+ drained [color=blue, label="drained reserve", shape="doublecircle"];
+ transfer->filled;
+ recoup->filled;
+ filled->withdraw;
+ withdraw->drained;
+ withdraw->filled;
+ filled->close;
+ close->drained;
+ drained->recoup;
diff --git a/doc/system/taler/reserve.pdf b/doc/system/taler/reserve.pdf
new file mode 100644
index 00000000..5225bded
--- /dev/null
+++ b/doc/system/taler/reserve.pdf
Binary files differ