More comments on refresh tree

1 files changed, 19 insertions, 7 deletions

diff --git a/games/games.tex b/games/games.tex
index 1909d26..6b56689 100644
--- a/games/games.tex
+++ b/games/games.tex
@@ -104,7 +104,10 @@ In particular, our double spending protections ensure the value ascribed
 to each refresh or spend by a coin does not exceed the coin's denomination
 and that all coins's leaving a particular refresh have denominations that
 together do not exceed the refresh's value.
-As a result, this graph becomes simply a path when we only have one denomination.
+As a result, this graph becomes simply a path when we only have one
+denomination.
+We observe that leaf edges might only have an origin operation with no
+destination operations. 
 
 
 \subsection{Algorithms}
@@ -249,8 +252,10 @@ Let \oraSet{Anon} stand for access to the oracles
   \setlength\itemsep{0em}
   \item $(\V{skE}, \V{pkE}, \V{skM}, \V{pkM}) \leftarrow {\prt{A}}()$ \\
     Our adversary controls the exchange and a merchant.
-    \comment{TODO: EXPLAIN: Note that this only means that $\prt{A}$ has the exchange secret key, it
-    does not automatically receive transcripts and it does not have access to any exchange data structures \textit{unless} indicated by the oracles}
+    \footnote{We emphasize that our oracles give the adversary all data
+    a real exchange learns, but we do not give our adversary access to
+    our simulation's data structures because they include data only
+    known by the customers.}
   \item $(\V{pkU}_0, \V{pkU}_1, \V{contract}_0, \V{contract}_1) \leftarrow {\prt{A}}^{\oraSet{Anon}}()$ \\
     Our adversary creates two users and two contract,
     along with some coins open which it calls oracles freely.
@@ -359,8 +364,7 @@ We have auditors to address adversarial exchanges who attempt to defraud
 users, but only with weaker legal security assurances.  
 
 We restrict to a single denomination here for simplicity, but
-the reader is welcome to reformulate the game in terms of the
- value of coins instead of the number of coins.
+the reader may replace $C_n$ by the leaf coins in the refresh tree.
 
 Let \oraSet{Fair} stand for access to the oracles
  \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend},
@@ -388,7 +392,10 @@ Let \oraSet{Fair} stand for access to the oracles
 
 Intuitively, adversarial customers win if they can forge more
  valid coins than they withdraw.
-We again restrict to a single denomination here for simplicity.
+
+We again restrict to a single denomination for simplicity, but
+the reader could reformulate the game in terms of values instead of
+ the number of coins.
 
 Let \oraSet{Forge} stand for access to the oracles
  \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend},
@@ -413,7 +420,12 @@ of corrupted players, but the exchange has no record of withdrawal
 or spending for it.  In this, we exploit that our adversary cannot delete 
 from non-corrupted customer's wallets, even though they can direct 
 protocol interactions by non-corrupted customers.
-We again restrict to a single denomination here for simplicity.
+
+We again restrict to a single denomination for simplicity, but
+the reader could reformulate the game in terms of values instead of
+ the number of coins.
+We note that adapting the security proof below by requires replacing
+ the proof's special value $R_C$ by a suitably defined edge partial anti-chain.
 
 Let \oraSet{Income} stand for access to the oracles
  \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend},