diff options
author | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-25 21:13:13 +0100 |
---|---|---|
committer | Jeffrey Burdges <burdges@gnunet.org> | 2018-01-25 21:13:13 +0100 |
commit | a248f83aee83cbab2064ce5b612d03ab72545712 (patch) | |
tree | aa91f5883e26bcd21dcf5465bd357925d886dd03 /games | |
parent | d96cb02b9eb69a2ef426f76a43920db5c6978008 (diff) | |
download | papers-a248f83aee83cbab2064ce5b612d03ab72545712.tar.gz papers-a248f83aee83cbab2064ce5b612d03ab72545712.tar.bz2 papers-a248f83aee83cbab2064ce5b612d03ab72545712.zip |
Improve income transparency game after chatting with Florian
Diffstat (limited to 'games')
-rw-r--r-- | games/games.tex | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/games/games.tex b/games/games.tex index 4296ed9..dd9ffd6 100644 --- a/games/games.tex +++ b/games/games.tex @@ -389,12 +389,10 @@ Let \oraSet{Income} stand for access to the oracles \ora{AddClient}, \ora{Withdr \item Augment the wallets of all non-corrupted users with their transitive closure using the \algo{Link} protocol. Mark all coins in wallets of non-corrupted users as spent. - \item Let $w$ and $w'$ denote the number of coins withdrawn by - corrupted and non-corrupted users, respectively. + \item Let $w$ denote the number of coins withdrawn by corrupted users. Also let $b$ denote the number of coins lost in refresh operations - with false planchets. Our adversary wins if both $\ell > w$ and - $E[{b \over l-w}] \ge 1-{1\over\kappa}$ with $C_1, \dots, C_\ell$ - all being distinct valid unspent unrefreshed coins. + with false planchets. Our adversary wins if $w + b < \ell$ with + $C_1, \dots, C_\ell$ all being distinct valid unspent unrefreshed coins. \end{enumerate} Note that we want to show in the end that the probability of winning one Income Transparency game is at most $1/\kappa$. @@ -717,12 +715,16 @@ Assume Taler is polynomially-secure against to commit to planchets, and \item key exchange failures in the ECDH operation used in the refresh. \end{enumerate} -Then Taler is polynomially-secure against profitable attacks on -income transperency in the sense that +Then Taler is polynomially-secure against attacks on +income transparency in the sense that any probabilistic polynomially time adversary $\cal A$ has at best -${1\over2} + \epsilon(k)$ odds of winning the income transparency -game where $\epsilon(k)$ is negligable and $k$ is a security parameter -distinct from $\kappa$. +a $1\over\kappa$ chance to win the income transparency game. + +As our $\kappa$ is tiny, we also observe that + Taler is polynomially-secure against profitable attacks on +income transparency in the sense that +any probabilistic polynomially time adversary $\cal A$ has +$E[{b \over l-w}] \ge 1-{1\over\kappa}$. \end{theorem} \begin{proof} @@ -739,7 +741,7 @@ We consider the degree one directed graph on coins induced by the refresh protocol. It follows from unforgeability that any coin must originate from some user's withdraw in this graph. Let $X$ denote the coins from $\{C_1,\ldots,C_\ell\}$ that originate -from a non-corrupted user. So $\ell \leq w + |X|$. +from a non-corrupted user. So $\ell \leq w + |X|$. For any $C \in X$, there is a final refresh operation $R_C$ in which a non-corrupted user could obtain the coin $C'$ consumed in the refresh @@ -770,9 +772,11 @@ as otherwise the refresh always fails. As our $\gamma$ are chosen randomly, any given refresh with one false planchet has a $1-{1\over\kappa}$ chance of contributing to - $b$ instead of $|X|$. -So $E[{b \over l-w}] \ge E[{b \over f}] = 1-{1\over\kappa}$ where -$f \ge l-w$ denotes the number of refreshes attempted with false planchets. + $b$ instead of $|X|$, as desired. +It now follows that + $E[{b \over l-w}] \ge E[{b \over f}] = 1-{1\over\kappa}$ +where $f \ge l-w$ denotes + the number of refreshes attempted with false planchets. \end{proof} \begin{corollary} |