summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2018-09-25 11:19:01 +0200
committerFlorian Dold <florian.dold@gmail.com>2018-09-25 11:19:01 +0200
commit739b36cab367f66aeb6ff2d95974e7d1776bd4da (patch)
tree7ad24f0ba08069dd3f66ff203c9377019a14b18f
parent4815e930dde9bb82fff9255d898c759c21e35c81 (diff)
downloadpapers-739b36cab367f66aeb6ff2d95974e7d1776bd4da.tar.gz
papers-739b36cab367f66aeb6ff2d95974e7d1776bd4da.tar.bz2
papers-739b36cab367f66aeb6ff2d95974e7d1776bd4da.zip
typos
-rw-r--r--taler-fc19/paper.tex16
1 files changed, 8 insertions, 8 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex
index 7b66903..2a1cc6e 100644
--- a/taler-fc19/paper.tex
+++ b/taler-fc19/paper.tex
@@ -947,22 +947,22 @@ Using these primitives, we now instantiate the syntax:
The customer's wallet looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs,
transfer secrets and new coin key pairs. The customer sends the reveal message
\begin{equation*}
- \pi_3 = T_\gamma, \overline{m}_\gamma,
+ \pi_3 := T_\gamma, \overline{m}_\gamma,
(s_1, \dots, s_{\gamma-1}, s_{\gamma+1}, \dots, s_\kappa)
\end{equation*}
and signature
\begin{equation*}
- \V{sig}_{3'} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0,
- \V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, T_\gamma, \overline{m}_\gamma))
+ \V{sig}_{3} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0,
+ \V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, \pi_3))
\end{equation*} to the exchange.
- The exchange checks the signature $\V{sig}_{3'}$ and then computes for $i \ne \gamma$:
+ The exchange checks the signature $\V{sig}_{3}$ and then computes for $i \ne \gamma$:
\begin{align*}
(t_i', T_i') &\leftarrow \algo{KeyGen}^*_{CSK}(s_i, 1^\lambda)\\
x_i' &\leftarrow \algo{Kx}(t_i, \V{pkCoin}_0)\\
(\V{skCoin}_i', \V{pkCoin}_i') &\leftarrow
\algo{KeyGen}^*_{CSK}(x_i', 1^\lambda) \\
- h_T' &:= H_{pck}(T'_1, \dots, T_{\gamma-1}, T_\gamma, T_{\gamma+1}', \dots, T_\kappa')
+ h_T' &:= H_{pck}(T'_1, \dots, T'_{\gamma-1}, T_\gamma, T_{\gamma+1}', \dots, T_\kappa')
\end{align*}
and simulates the blinding protocol with recorded transcripts (without signing each message,
as indicated by the dot ($\cdot$) instead of a signing secret key), obtaining
@@ -1002,7 +1002,7 @@ Using these primitives, we now instantiate the syntax:
For each completed refresh on $\V{pkCoin}_0$ recorded in the exchange's
database, the exchange sends the following data back to the customer: the
signed commit message $(\V{sig}_1, \pi_1)$, the transfer public key
- $T_\gamma$, the signature $\V{sig}_{3'}$, the blinded signature $\overline{\sigma}_\gamma$, and the
+ $T_\gamma$, the signature $\V{sig}_{3}$, the blinded signature $\overline{\sigma}_\gamma$, and the
transcript $\mathcal{T}_{(B*,\gamma)}$ of the customer's and exchange's messages
during the \algo{Blind} protocol execution.
@@ -1019,7 +1019,7 @@ Using these primitives, we now instantiate the syntax:
\item Simulate the blinding protocol with the message transcript received from the exchange to obtain
$(\overline{m}_\gamma, r_\gamma)$.
\item Check that $\algo{Verify}_{CSK}(\V{pkCoin}_0,
- \V{pkD}_u, \V{skCoin}_0,(\mathcal{T}_{(B*,\gamma)}, \overline{m}_\gamma), \V{sig}_{3'})$
+ \V{pkD}_u, \V{skCoin}_0,(\mathcal{T}_{(B*,\gamma)}, \overline{m}_\gamma), \V{sig}_{3})$
indicates a valid signature, abort otherwise.
\item Unblind the signature to obtain $\sigma_\gamma \leftarrow \algo{UnblindSig}(r_\gamma, \V{pkCoin}_\gamma, \overline{\sigma}_\gamma)$
\item (Re-)add the coin $(\V{skCoin}_\gamma, \V{pkCoin}_\gamma, \V{pkD}_u, \sigma_\gamma)$ to the customer's wallet.
@@ -1088,7 +1088,7 @@ with the generic instantiation.
verification. In that case, the game is aborted instead.
Observe that in case this failure event happens, the adversary must have forged a
- signature on $\V{sig}_{3'}$ on values not signed by the customer, yielding
+ signature on $\V{sig}_{3}$ on values not signed by the customer, yielding
an existential forgery. Thus $\left| \Prb{\mathbb{G}_0 = 1} - \Prb{\mathbb{G}_1 = 1}
\right|$ is negligible.