Changes along the lines of my email. Also ownership set and linking

1 files changed, 26 insertions, 11 deletions

diff --git a/games/games.tex b/games/games.tex
index 3c1166e..1934593 100644
--- a/games/games.tex
+++ b/games/games.tex
@@ -160,27 +160,42 @@ Let \oraSet{Anon} stand for access to the oracles \ora{AddClient}, \ora{Withdraw
 \vspace{-0.5\topsep}
 \begin{enumerate}
   \setlength\itemsep{0em}
-  \item $(\V{skE}, \V{pkE}) \leftarrow \prt{A}()$
-    \comment{``Adversary controls the exchange.''  Note that this only means that \prt{A} has the exchange secret key, it
+  \item $(\V{skE}, \V{pkE}, \V{skM}, \V{pkM}) \leftarrow \prt{A}()$ \\
+    Our adversary controls the exchange and a merchant.
+    \comment{Note that this only means that \prt{A} has the exchange secret key, it
     does not automatically receive transcripts and it does not have access to any exchange data structures \textit{unless} indicated by the oracles}
-  \item $(\V{pkU}_0, \V{pkU}_1, \V{skM}, \V{pkM}, \V{contract}_0, \V{contract}_1) \leftarrow \prt{A}^{\oraSet{Anon}}()$
-    \comment{Adversary must create two users, a merchant and two contract identifiers}
-  \item if $\V{pkU}_1$ or $\V{pkU}_2$ are not registered as distinct users, return 0
+  \item $(\V{pkU}_0, \V{pkU}_1, \V{contract}_0, \V{contract}_1) \leftarrow \prt{A}^{\oraSet{Anon}}()$ \\
+    Our adversary creates two users and two contract,
+    along with some coins open which it calls oracles freely.
+  \item Return 0 either if $\V{pkU}_1$ or $\V{pkU}_2$ are not distinct
+    registered users, or if any coins are left in a unfinished spent
+    state without either completing the spend through a deposit or refreshing the coin.
+    \footnote{In general, there is lag during which coins remain in an
+    unfinished spent state, but our wallet will not use those cons in
+    another transaction until refreshing them.}
   \item $b \randsel{} \{0,1\}$
     \comment{Random bit selected by challenger}
-  \item select unspent coins $pkC_0, pkC_1$, from wallets of $\V{pkU}_0, \V{pkU}_1$ respectively.
-  \item $\V{dp_1} \leftarrow \algo{Spend}(\V{contract}_b, \V{pkU}_0, \V{pkC}_{0}, \V{pkM})$, \\
-        $\V{dp_2} \leftarrow \algo{Spend}(\V{contract}_{(1-b)}, \V{pkU}_1, \V{pkC}_1, \V{pkM})$
+  \item Select unshared unspent coins $\V{pkC}_0$ and $\V{pkC}_1$ from
+    the wallets of $\V{pkU}_0, \V{pkU}_1$, respectively.  Return 0 if
+    either $\V{pkU}_0$ or $\V{pkU}_1$ has no unspent unshared coin.
+  \item $\V{dp_1} \leftarrow \algo{Spend}(\V{contract}_b, \emptyset, \V{pkC}_b, \V{pkM})$, \\
+        $\V{dp_2} \leftarrow \algo{Spend}(\V{contract}_{(1-b)}, \emptyset, \V{pkC}_{(1-b)}, \V{pkM})$ \\
+    Spend these two coins without revealing the customer's identity.
   \item $\algo{Deposit}(\prt{E}(\V{skE}, \V{pkE}), \prt{A}(dp_1))$, \\
         $\algo{Deposit}(\prt{E}(\V{skE}, \V{pkE}), \prt{A}(dp_2))$
-    \comment{Role of merchant is played by adversary}
+    Deposit these two coins with the adversary controlled merchant.
   \item $b' \leftarrow \prt{A}^{\oraSet{Anon}}()$
     \comment{Ask adversary to find out mapping between users and contracts as determined by $b$}
-  \item if $\V{pkU}_1$ or $\V{pkU}_2$ were corrupted by \prt{A}, return 0
-  \item if \ora{Share} was used with $\V{pkU}_1$ or $\V{pkU}_2$ as source, return 0
+  \item Let $\cal U \supseteq \{ \V{pkU}_1, \V{pkU}_2 \}$ consist
+    of the users who could learn either $\V{skC}_0$ or $\V{skC}_1$,
+    aka these coin's {\em ownership set}.
+    Return 0 if $\cal U$ contains either any user corrupted by \prt{A}
+    or any user who ran the linking protocol.
+    \comment{TODO: Add linking protocol to \oraSet{Anon}, but simplify this text if the linking protocol can be restrited to corrupted users}
   \item if $b = b'$ return 1, otherwise return 0
 \end{enumerate}
 
+
 \paragraph{Intuition:}  Users are anonymous if there is no adversary that can win this game,
 since then two users can spend money, but the adversary is not able to say who purchased what.