From b80aeaf149146a1cb57caabf1205f2a42f015c80 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Sat, 15 Sep 2018 15:29:37 +0200 Subject: Consolodate oracle names --- taler-fc19/paper.tex | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index fa3baf8..db7fd45 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -473,6 +473,8 @@ adversary can send and receive messages. \end{itemize} We write \oraSet{All} for the set of all the oracles we just defined. +We also let $\oraSet{NoShare} := \oraSet{All} - \{ \ora{Share} \}$ +stand for access to all oracles except the share oracle. The exchange does not need to be corrupted with an oracle. A corrupted exchange is modeled by giving the adversary the appropriate oracles and the exchange @@ -523,8 +525,6 @@ anonymity game if they have a non-negligible advantage in correlating spending o with the withdrawal or refresh operations that created a coin used in the spending operation. -Let $\oraSet{Anon} := \oraSet{All} - \{ \ora{Share} \}$ stand for access to all oracles -except the share oracle. Let $b$ be the bit that will determine the mapping between customers and spend operations, which the adversary must guess. @@ -544,7 +544,7 @@ in $\mathfrak{R}$. \begin{enumerate} \setlength\itemsep{0em} \item $(\V{sksE}, \V{pksE}, \V{skM}, \V{pkM}) \leftarrow {\prt{A}}()$ - \item $(\V{pkCustomer}_0, \V{pkCustomer}_1, \V{transactionId}_0, \V{transactionId}_1, f) \leftarrow {\prt{A}}^{\oraSet{Anon}}()$ + \item $(\V{pkCustomer}_0, \V{pkCustomer}_1, \V{transactionId}_0, \V{transactionId}_1, f) \leftarrow {\prt{A}}^{\oraSet{NoShare}}()$ \item Select distinct fresh coins \begin{align*} \V{coin}_0 &\in \V{wallet}[\V{pkCustomer}_0]\\ @@ -558,7 +558,7 @@ in $\mathfrak{R}$. &\algo{Deposit}(\prt{A}(), \prt{M}(\V{skM}, \V{pksE}, \V{dp}_i)) \\ &\mathfrak{R}_i \leftarrow \algo{Refresh}(\prt{A}(), \prt{C}(\V{pkCustomer}_i, \V{pksE}, \V{coin}_{i-b})) \end{align*} - \item $b' \leftarrow {\cal A}^{\oraSet{Anon}}(\mathfrak{R}_0, \mathfrak{R}_1)$ \\ + \item $b' \leftarrow {\cal A}^{\oraSet{NoShare}}(\mathfrak{R}_0, \mathfrak{R}_1)$ \\ \item Return $0$ if $\ora{Spend}$ was used by the adversary on the coin handles for $\V{coin}_0$ or $\V{coin}_1$ or $\ora{CorruptCustomer}$ was used on $\V{pkCustomer}_0$ or $\V{pkCustomer}_1$. \item If $b = b'$ return $1$, otherwise return $0$. @@ -582,9 +582,6 @@ completed withdrawals, payments or refreshes, as well as other (transient) misbehavior from the exchange or merchant do not result in the customer losing money or privacy. -Let $\oraSet{Conserv} := \oraSet{All} - \{\ora{Share}\}$ stand for access to the -all oracles except the sharing oracle. - \begin{figure} \fbox{\begin{minipage}{\textwidth} \small @@ -593,7 +590,7 @@ all oracles except the sharing oracle. \begin{enumerate} \setlength\itemsep{0em} \item $(\V{sksE}, \V{pksE}) \leftarrow \mathrm{ExchangeKeygen}(1^\lambda, 1^\kappa, M)$ - \item $\V{pkCustomer} \leftarrow {\cal A}^{\oraSet{Conserv}}(\V{pksE})$ + \item $\V{pkCustomer} \leftarrow {\cal A}^{\oraSet{NoShare}}(\V{pksE})$ \item Return $0$ if $\V{pkCustomer}$ is not an uncorrupted, registered user. \item \label{game:conserv:run} Run $\algo{WithdrawPickup}$ for each withdraw identifier $\V{wid}$ and $\algo{RefreshPickup}$ for each refresh identifier $\V{rid}$ that the user @@ -631,9 +628,6 @@ coins with parties that they do not fully trust. Intuitively, adversarial customers win if they can obtain more valid coins than they legitimately withdraw. -Let $\oraSet{Forge} := \oraSet{All}$ stand for access to the all -oracles. - \begin{figure} \fbox{\begin{minipage}{\textwidth} \small @@ -642,7 +636,7 @@ oracles. \begin{enumerate} \setlength\itemsep{0em} \item $(skE, pkE) \leftarrow \mathrm{ExchangeKeygen}()$ - \item $(C_0, \dots, C_\ell) \leftarrow \mathcal{A}^{\oraSet{Forge}}(pkExchange)$ + \item $(C_0, \dots, C_\ell) \leftarrow \mathcal{A}^{\oraSet{All}}(pkExchange)$ \item Return $0$ if any $C_i$ is not of the form $(\V{skCoin}, \V{pkCoin}, \V{pkD}, \V{coinCert})$ or any $\V{coinCert}$ is not a valid signature by $\V{pkD}$ on the respective $\V{pkCoin}$. \item Return $1$ if the sum of the unspent value of valid coins in $C_0 @@ -669,9 +663,6 @@ an explicit goal. The Link protocol introduces the threat of losing exclusive control of coins (despite having the option to refresh them) that were received without being visible as income to the exchange. -Let $\oraSet{Income} := \oraSet{All}$ stand for access to the -all oracles. - \begin{figure} \fbox{\begin{minipage}{\textwidth} \small @@ -680,7 +671,7 @@ all oracles. \begin{enumerate} \setlength\itemsep{0em} \item $(skE, pkE) \leftarrow \mathrm{ExchangeKeygen}()$ - \item $(\V{coin}_1, \dots, \V{coin}_\ell) \leftarrow \mathcal{A}^{\oraSet{Income}}(pkExchange)$ + \item $(\V{coin}_1, \dots, \V{coin}_\ell) \leftarrow \mathcal{A}^{\oraSet{All}}(pkExchange)$ (The $\V{coin}_i$ must be coins, including secret key and signature by the denomination, for the adversary to win. However these coins need not be -- cgit v1.2.3