diff options
| author | Jeff Burdges <burdges@gnunet.org> | 2018-09-15 15:29:37 +0200 |
|---|---|---|
| committer | Jeff Burdges <burdges@gnunet.org> | 2018-09-15 15:29:37 +0200 |
| commit | b80aeaf149146a1cb57caabf1205f2a42f015c80 (patch) | |
| tree | 9b92aa4f9d83544dd90324c64be0d4168e839eb8 | |
| parent | e4930121ff1a61cbe08422e4d7358d51a90df682 (diff) | |
| download | papers-b80aeaf149146a1cb57caabf1205f2a42f015c80.tar.gz papers-b80aeaf149146a1cb57caabf1205f2a42f015c80.tar.bz2 papers-b80aeaf149146a1cb57caabf1205f2a42f015c80.zip | |
Consolodate oracle names
| -rw-r--r-- | taler-fc19/paper.tex | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index fa3baf8..db7fd45 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -473,6 +473,8 @@ adversary can send and receive messages. \end{itemize}
We write \oraSet{All} for the set of all the oracles we just defined.
+We also let $\oraSet{NoShare} := \oraSet{All} - \{ \ora{Share} \}$
+stand for access to all oracles except the share oracle.
The exchange does not need to be corrupted with an oracle. A corrupted exchange
is modeled by giving the adversary the appropriate oracles and the exchange
@@ -523,8 +525,6 @@ anonymity game if they have a non-negligible advantage in correlating spending o with the withdrawal or refresh operations that created a coin used in the
spending operation.
-Let $\oraSet{Anon} := \oraSet{All} - \{ \ora{Share} \}$ stand for access to all oracles
-except the share oracle.
Let $b$ be the bit that will determine the mapping between customers and spend
operations, which the adversary must guess.
@@ -544,7 +544,7 @@ in $\mathfrak{R}$. \begin{enumerate}
\setlength\itemsep{0em}
\item $(\V{sksE}, \V{pksE}, \V{skM}, \V{pkM}) \leftarrow {\prt{A}}()$
- \item $(\V{pkCustomer}_0, \V{pkCustomer}_1, \V{transactionId}_0, \V{transactionId}_1, f) \leftarrow {\prt{A}}^{\oraSet{Anon}}()$
+ \item $(\V{pkCustomer}_0, \V{pkCustomer}_1, \V{transactionId}_0, \V{transactionId}_1, f) \leftarrow {\prt{A}}^{\oraSet{NoShare}}()$
\item Select distinct fresh coins
\begin{align*}
\V{coin}_0 &\in \V{wallet}[\V{pkCustomer}_0]\\
@@ -558,7 +558,7 @@ in $\mathfrak{R}$. &\algo{Deposit}(\prt{A}(), \prt{M}(\V{skM}, \V{pksE}, \V{dp}_i)) \\
&\mathfrak{R}_i \leftarrow \algo{Refresh}(\prt{A}(), \prt{C}(\V{pkCustomer}_i, \V{pksE}, \V{coin}_{i-b}))
\end{align*}
- \item $b' \leftarrow {\cal A}^{\oraSet{Anon}}(\mathfrak{R}_0, \mathfrak{R}_1)$ \\
+ \item $b' \leftarrow {\cal A}^{\oraSet{NoShare}}(\mathfrak{R}_0, \mathfrak{R}_1)$ \\
\item Return $0$ if $\ora{Spend}$ was used by the adversary on the coin handles
for $\V{coin}_0$ or $\V{coin}_1$ or $\ora{CorruptCustomer}$ was used on $\V{pkCustomer}_0$ or $\V{pkCustomer}_1$.
\item If $b = b'$ return $1$, otherwise return $0$.
@@ -582,9 +582,6 @@ completed withdrawals, payments or refreshes, as well as other (transient) misbehavior from the exchange or merchant do not result in the customer losing
money or privacy.
-Let $\oraSet{Conserv} := \oraSet{All} - \{\ora{Share}\}$ stand for access to the
-all oracles except the sharing oracle.
-
\begin{figure}
\fbox{\begin{minipage}{\textwidth}
\small
@@ -593,7 +590,7 @@ all oracles except the sharing oracle. \begin{enumerate}
\setlength\itemsep{0em}
\item $(\V{sksE}, \V{pksE}) \leftarrow \mathrm{ExchangeKeygen}(1^\lambda, 1^\kappa, M)$
- \item $\V{pkCustomer} \leftarrow {\cal A}^{\oraSet{Conserv}}(\V{pksE})$
+ \item $\V{pkCustomer} \leftarrow {\cal A}^{\oraSet{NoShare}}(\V{pksE})$
\item Return $0$ if $\V{pkCustomer}$ is not an uncorrupted, registered user.
\item \label{game:conserv:run} Run $\algo{WithdrawPickup}$ for each withdraw identifier $\V{wid}$
and $\algo{RefreshPickup}$ for each refresh identifier $\V{rid}$ that the user
@@ -631,9 +628,6 @@ coins with parties that they do not fully trust. Intuitively, adversarial customers win if they can obtain more valid coins than
they legitimately withdraw.
-Let $\oraSet{Forge} := \oraSet{All}$ stand for access to the all
-oracles.
-
\begin{figure}
\fbox{\begin{minipage}{\textwidth}
\small
@@ -642,7 +636,7 @@ oracles. \begin{enumerate}
\setlength\itemsep{0em}
\item $(skE, pkE) \leftarrow \mathrm{ExchangeKeygen}()$
- \item $(C_0, \dots, C_\ell) \leftarrow \mathcal{A}^{\oraSet{Forge}}(pkExchange)$
+ \item $(C_0, \dots, C_\ell) \leftarrow \mathcal{A}^{\oraSet{All}}(pkExchange)$
\item Return $0$ if any $C_i$ is not of the form $(\V{skCoin}, \V{pkCoin}, \V{pkD}, \V{coinCert})$
or any $\V{coinCert}$ is not a valid signature by $\V{pkD}$ on the respective $\V{pkCoin}$.
\item Return $1$ if the sum of the unspent value of valid coins in $C_0
@@ -669,9 +663,6 @@ an explicit goal. The Link protocol introduces the threat of losing exclusive control of coins (despite having the option to refresh them) that were received
without being visible as income to the exchange.
-Let $\oraSet{Income} := \oraSet{All}$ stand for access to the
-all oracles.
-
\begin{figure}
\fbox{\begin{minipage}{\textwidth}
\small
@@ -680,7 +671,7 @@ all oracles. \begin{enumerate}
\setlength\itemsep{0em}
\item $(skE, pkE) \leftarrow \mathrm{ExchangeKeygen}()$
- \item $(\V{coin}_1, \dots, \V{coin}_\ell) \leftarrow \mathcal{A}^{\oraSet{Income}}(pkExchange)$
+ \item $(\V{coin}_1, \dots, \V{coin}_\ell) \leftarrow \mathcal{A}^{\oraSet{All}}(pkExchange)$
(The $\V{coin}_i$ must be coins, including secret key and signature by the
denomination, for the adversary to win. However these coins need not be
|