diff options
author | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-26 13:22:44 +0100 |
---|---|---|
committer | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-26 13:22:44 +0100 |
commit | 8d81debfa235a2deb895331a982ab4a88133d500 (patch) | |
tree | 31b1fc8e27468c2d26089e24fcfbc0983be7074e /games/games.tex | |
parent | eb1a189cf0a7132f68871344fd315b1f98d6cf28 (diff) | |
download | papers-8d81debfa235a2deb895331a982ab4a88133d500.tar.gz papers-8d81debfa235a2deb895331a982ab4a88133d500.tar.bz2 papers-8d81debfa235a2deb895331a982ab4a88133d500.zip |
More comments on refresh tree
Diffstat (limited to 'games/games.tex')
-rw-r--r-- | games/games.tex | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/games/games.tex b/games/games.tex index 1909d26..6b56689 100644 --- a/games/games.tex +++ b/games/games.tex @@ -104,7 +104,10 @@ In particular, our double spending protections ensure the value ascribed to each refresh or spend by a coin does not exceed the coin's denomination and that all coins's leaving a particular refresh have denominations that together do not exceed the refresh's value. -As a result, this graph becomes simply a path when we only have one denomination. +As a result, this graph becomes simply a path when we only have one +denomination. +We observe that leaf edges might only have an origin operation with no +destination operations. \subsection{Algorithms} @@ -249,8 +252,10 @@ Let \oraSet{Anon} stand for access to the oracles \setlength\itemsep{0em} \item $(\V{skE}, \V{pkE}, \V{skM}, \V{pkM}) \leftarrow {\prt{A}}()$ \\ Our adversary controls the exchange and a merchant. - \comment{TODO: EXPLAIN: Note that this only means that $\prt{A}$ has the exchange secret key, it - does not automatically receive transcripts and it does not have access to any exchange data structures \textit{unless} indicated by the oracles} + \footnote{We emphasize that our oracles give the adversary all data + a real exchange learns, but we do not give our adversary access to + our simulation's data structures because they include data only + known by the customers.} \item $(\V{pkU}_0, \V{pkU}_1, \V{contract}_0, \V{contract}_1) \leftarrow {\prt{A}}^{\oraSet{Anon}}()$ \\ Our adversary creates two users and two contract, along with some coins open which it calls oracles freely. @@ -359,8 +364,7 @@ We have auditors to address adversarial exchanges who attempt to defraud users, but only with weaker legal security assurances. We restrict to a single denomination here for simplicity, but -the reader is welcome to reformulate the game in terms of the - value of coins instead of the number of coins. +the reader may replace $C_n$ by the leaf coins in the refresh tree. Let \oraSet{Fair} stand for access to the oracles \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend}, @@ -388,7 +392,10 @@ Let \oraSet{Fair} stand for access to the oracles Intuitively, adversarial customers win if they can forge more valid coins than they withdraw. -We again restrict to a single denomination here for simplicity. + +We again restrict to a single denomination for simplicity, but +the reader could reformulate the game in terms of values instead of + the number of coins. Let \oraSet{Forge} stand for access to the oracles \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend}, @@ -413,7 +420,12 @@ of corrupted players, but the exchange has no record of withdrawal or spending for it. In this, we exploit that our adversary cannot delete from non-corrupted customer's wallets, even though they can direct protocol interactions by non-corrupted customers. -We again restrict to a single denomination here for simplicity. + +We again restrict to a single denomination for simplicity, but +the reader could reformulate the game in terms of values instead of + the number of coins. +We note that adapting the security proof below by requires replacing + the proof's special value $R_C$ by a suitably defined edge partial anti-chain. Let \oraSet{Income} stand for access to the oracles \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend}, |