diff options
| -rw-r--r-- | taler-fc19/paper.tex | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index 2a1cc6e..052ebd8 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -968,23 +968,15 @@ Using these primitives, we now instantiate the syntax: as indicated by the dot ($\cdot$) instead of a signing secret key), obtaining
\begin{align*}
(\overline{m}_i', r_i', \mathcal{T}_i) &\leftarrow
- \algo{Blind}^*_{BS}(\mathcal{S}(\V{skD}_u), \mathcal{R}(x_i', \cdot, \V{pkD}_u, \V{skCoin}_i))\\
+ \algo{Blind}^*_{BS}(\mathcal{S}(\V{skD}_u), \mathcal{R}(x_i', \cdot, \V{pkD}_u, \V{skCoin}'_i))\\
\end{align*}
and finally
\begin{align*}
- h_{\overline{m}}' &:= H_{pck}(\overline{m}_1', \dots, \overline{m}_\gamma, \dots, \overline{m}_\kappa')\\
- h_C &:= H_{pck}(h_T' \Vert h_{\overline{m}}').
+ h_{\overline{m}}' &:= H_{pck}(\overline{m}_1', \dots, \overline{m}_{\gamma-1}', \overline{m}_\gamma, \overline{m}_{\gamma+1}',\dots, \overline{m}_\kappa')\\
+ h_C' &:= H_{pck}(h_T' \Vert h_{\overline{m}}').
\end{align*}
- For each $i \ne \gamma$, the exchange computes
- \begin{align*}
- \overline{\sigma}_i' &\leftarrow \algo{Sign}(\mathcal{E}(\V{skD}_u), \mathcal{E}(\overline{m}_i'))\\
- \sigma_i' &\leftarrow \algo{UnblindSig}(r_i', \V{pkCoin}_i', \overline{\sigma}_i')\\
- b_i &\leftarrow \algo{Verify}_{BS}(\V{pkD}, \V{skCoin}_i', \sigma_i')
- \end{align*}
-
- Now the exchange checks if $h_C = h_C'$ and if all $b_i = 1$ for $i \ne \gamma$.
- If one of the checks fails, the exchange aborts the protocol.
+ Now the exchange checks if $h_C = h_C'$, and aborts the protocol if the check fails.
Otherwise, the exchange sends a message back to $\prt{C}$ that the commitment verification succeeded.
|