diff options
| author | Jeff Burdges <burdges@gnunet.org> | 2018-09-18 13:41:06 +0200 |
|---|---|---|
| committer | Jeff Burdges <burdges@gnunet.org> | 2018-09-18 13:41:06 +0200 |
| commit | b8147f1d29d49f60ac9742c832144f332cf2665b (patch) | |
| tree | d52914a2b940127eff906eb177fc1e11cb8d8b34 /taler-fc19 | |
| parent | f1940143bae9eb600876c162947a2e1f3a76bb6c (diff) | |
| download | papers-b8147f1d29d49f60ac9742c832144f332cf2665b.tar.gz papers-b8147f1d29d49f60ac9742c832144f332cf2665b.tar.bz2 papers-b8147f1d29d49f60ac9742c832144f332cf2665b.zip | |
Move commitment from refresh pickup into request to handle aborts properly.
Diffstat (limited to 'taler-fc19')
| -rw-r--r-- | taler-fc19/paper.tex | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index a69d099..e98a8ed 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -930,13 +930,8 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti \begin{equation}
\V{rid} := (\V{coin}_0, \V{pkD}_u, \V{nonce}, \{ s_i \}, \{ \overline{m}_i \}, \{r_i\}, \{\mathcal{T}_{(B*,i)}\} ).
\end{equation}
- % TODO: Move commitment into request refresh to handle aborts properly.
- \item $\algo{RefreshPickup}(\prt{E}(\V{sksE}, \V{pkCustomer}), \prt{C}(\V{skCustomer}, \V{pksE}, \V{rid}) \rightarrow \mathcal{T}$:
- The customer looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs,
- transfer secrets and new coin key pairs.
-
- Then customer sends the commitment $\pi_1 = (\V{pkCoin}_0, \V{pkD}_u, h_C)$ together with signature $\V{sig}_1
+ Now, the customer's wallet sends the commitment $\pi_1 = (\V{pkCoin}_0, \V{pkD}_u, h_C)$ together with signature $\V{sig}_1
\leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, \pi_1)$ to the exchange, where
\begin{align*}
h_T &:= H(T_1, \dots, T_\kappa)\\
@@ -955,7 +950,9 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti equivalent $\pi_1$.
\end{enumerate}
- In response, the customer sends the reveal message
+ \item $\algo{RefreshPickup}(\prt{E}(\V{sksE}, \V{pkCustomer}), \prt{C}(\V{skCustomer}, \V{pksE}, \V{rid}) \rightarrow \mathcal{T}$:
+ The customer's wallet looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs,
+ transfer secrets and new coin key pairs. The customer sends the reveal message
\begin{equation*}
\pi_3 = T_\gamma, \overline{m}_\gamma,
(s_1, \dots, s_{\gamma-1}, s_{\gamma+1}, \dots, s_\kappa)
@@ -965,7 +962,6 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti \V{sig}_{3'} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0,
\V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, T_\gamma, \overline{m}_\gamma))
\end{equation*} to the exchange.
-
The exchange checks the signature $\V{sig}_{3'}$ and then computes for $i \ne \gamma$:
\begin{align*}
|