diff options
| author | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-26 12:28:17 +0100 |
|---|---|---|
| committer | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-26 12:28:17 +0100 |
| commit | 8734cafe62ef1743fb9bcd8e872c241354e3a3d3 (patch) | |
| tree | a5f904f18f308f6738666019e64854f8461f114b /games | |
| parent | 85544a6a51eee1acaee51ea16db1a947e026b1d9 (diff) | |
| download | papers-8734cafe62ef1743fb9bcd8e872c241354e3a3d3.tar.gz papers-8734cafe62ef1743fb9bcd8e872c241354e3a3d3.tar.bz2 papers-8734cafe62ef1743fb9bcd8e872c241354e3a3d3.zip | |
Test around Fairness
Diffstat (limited to 'games')
| -rw-r--r-- | games/games.tex | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/games/games.tex b/games/games.tex index dd731ec..d69a0b0 100644 --- a/games/games.tex +++ b/games/games.tex @@ -339,10 +339,16 @@ allowing them to talk to themselves does not make sense. %at receipts and the coin doesn't even need to be valid directly. \subsection{Fairness} -Intuition: An adversarial merchant wins if a non-corrupted user can't obtain a proof-of-spending or unlinkable change. -Let \oraSet{Fair} stand for access to the oracles \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend}, -\ora{RefreshAsExchange}, \ora{Share}, \ora{CorruptClient} +Inuitively, an adversarial merchant wins if a non-corrupted user +cannot obtain a proof-of-spending or unlinkable change, including +if the deposit receipt from the exchange is forged by the merchant. +We have auditors to address adversarial exchanges who attempt to defraud +users, but only with weaker legal security assurances. + +Let \oraSet{Fair} stand for access to the oracles + \ora{AddClient}, \ora{WithdrawAsExchange}, \ora{Spend}, + \ora{RefreshAsExchange}, \ora{Share}, \ora{CorruptClient}. \bigskip \noindent $\mathit{Exp}_{\cal A}^{fair}(1^\lambda, \kappa)$: @@ -351,10 +357,9 @@ Let \oraSet{Fair} stand for access to the oracles \ora{AddClient}, \ora{Withdraw \setlength\itemsep{0em} \item $(skE, pkE) \leftarrow \mathrm{EKeygen}()$ \item $C_0 \leftarrow {\cal A}^{\oraSet{Fair}}(pkExchange)$ - \item If $C_0$ is not a coin public key, return 0. Let $U$ be the user that has $C_0$ in their wallet. If no such $U$ exists, return 0. - \comment{Note however that $C_0$ is not required to be fresh or unspent.} + \item If $C_0$ is not a coin public key, return 0. Let $U$ be the user that has $C_0$ in their wallet. If no such $U$ exists, return 0. $C_0$ need not unspent or unrefreshed. \item Let $C_0, \dots, C_n$ be the coins reachable via \algo{Link} from $C_0$. - \comment{When $C_0$ was not refreshed, $n=0$ and $C_n = C_0$} + \footnote{In particular $n=0$ if $C_0$ is unrefreshed.} \item If $U$ was corrupted or \ora{Share} was called with any of $C_0, \dots, C_n$, return 0. \item $R \leftarrow \algo{Refresh}(\prt{B}(skE, pkE), \prt{U}(U, C_n))$ \item If $R$ indicates a successful refresh, return $0$. @@ -362,8 +367,6 @@ Let \oraSet{Fair} stand for access to the oracles \ora{AddClient}, \ora{Withdraw Otherwise return 1. \end{enumerate} -\paragraph{Note:} This also covers the case where the deposit receipt from the exchange is forged by the merchant. - \subsection{Unforgability} % Exculpability? |