From 739b36cab367f66aeb6ff2d95974e7d1776bd4da Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 25 Sep 2018 11:19:01 +0200 Subject: typos --- taler-fc19/paper.tex | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index 7b66903..2a1cc6e 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -947,22 +947,22 @@ Using these primitives, we now instantiate the syntax: The customer's wallet looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs, transfer secrets and new coin key pairs. The customer sends the reveal message \begin{equation*} - \pi_3 = T_\gamma, \overline{m}_\gamma, + \pi_3 := T_\gamma, \overline{m}_\gamma, (s_1, \dots, s_{\gamma-1}, s_{\gamma+1}, \dots, s_\kappa) \end{equation*} and signature \begin{equation*} - \V{sig}_{3'} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0, - \V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, T_\gamma, \overline{m}_\gamma)) + \V{sig}_{3} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0, + \V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, \pi_3)) \end{equation*} to the exchange. - The exchange checks the signature $\V{sig}_{3'}$ and then computes for $i \ne \gamma$: + The exchange checks the signature $\V{sig}_{3}$ and then computes for $i \ne \gamma$: \begin{align*} (t_i', T_i') &\leftarrow \algo{KeyGen}^*_{CSK}(s_i, 1^\lambda)\\ x_i' &\leftarrow \algo{Kx}(t_i, \V{pkCoin}_0)\\ (\V{skCoin}_i', \V{pkCoin}_i') &\leftarrow \algo{KeyGen}^*_{CSK}(x_i', 1^\lambda) \\ - h_T' &:= H_{pck}(T'_1, \dots, T_{\gamma-1}, T_\gamma, T_{\gamma+1}', \dots, T_\kappa') + h_T' &:= H_{pck}(T'_1, \dots, T'_{\gamma-1}, T_\gamma, T_{\gamma+1}', \dots, T_\kappa') \end{align*} and simulates the blinding protocol with recorded transcripts (without signing each message, as indicated by the dot ($\cdot$) instead of a signing secret key), obtaining @@ -1002,7 +1002,7 @@ Using these primitives, we now instantiate the syntax: For each completed refresh on $\V{pkCoin}_0$ recorded in the exchange's database, the exchange sends the following data back to the customer: the signed commit message $(\V{sig}_1, \pi_1)$, the transfer public key - $T_\gamma$, the signature $\V{sig}_{3'}$, the blinded signature $\overline{\sigma}_\gamma$, and the + $T_\gamma$, the signature $\V{sig}_{3}$, the blinded signature $\overline{\sigma}_\gamma$, and the transcript $\mathcal{T}_{(B*,\gamma)}$ of the customer's and exchange's messages during the \algo{Blind} protocol execution. @@ -1019,7 +1019,7 @@ Using these primitives, we now instantiate the syntax: \item Simulate the blinding protocol with the message transcript received from the exchange to obtain $(\overline{m}_\gamma, r_\gamma)$. \item Check that $\algo{Verify}_{CSK}(\V{pkCoin}_0, - \V{pkD}_u, \V{skCoin}_0,(\mathcal{T}_{(B*,\gamma)}, \overline{m}_\gamma), \V{sig}_{3'})$ + \V{pkD}_u, \V{skCoin}_0,(\mathcal{T}_{(B*,\gamma)}, \overline{m}_\gamma), \V{sig}_{3})$ indicates a valid signature, abort otherwise. \item Unblind the signature to obtain $\sigma_\gamma \leftarrow \algo{UnblindSig}(r_\gamma, \V{pkCoin}_\gamma, \overline{\sigma}_\gamma)$ \item (Re-)add the coin $(\V{skCoin}_\gamma, \V{pkCoin}_\gamma, \V{pkD}_u, \sigma_\gamma)$ to the customer's wallet. @@ -1088,7 +1088,7 @@ with the generic instantiation. verification. In that case, the game is aborted instead. Observe that in case this failure event happens, the adversary must have forged a - signature on $\V{sig}_{3'}$ on values not signed by the customer, yielding + signature on $\V{sig}_{3}$ on values not signed by the customer, yielding an existential forgery. Thus $\left| \Prb{\mathbb{G}_0 = 1} - \Prb{\mathbb{G}_1 = 1} \right|$ is negligible. -- cgit v1.2.3