From 49ff2fd5fbd725ac29f62ff83a1f2bf4b63546b9 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Fri, 20 Apr 2018 22:07:22 +0200
Subject: sync

---
 games/games.tex | 36 ++++++++++++++----------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

(limited to 'games')

diff --git a/games/games.tex b/games/games.tex
index a026cfe..74ce648 100644
--- a/games/games.tex
+++ b/games/games.tex
@@ -209,36 +209,26 @@ We define the following oracles:
     Creates a new user, sets $valueWithdrawn$ for the user to $0$, sets $wallet[pkUser] := \{\}$.
     Returns the public key of the user,
 
-  \item $\ora{WithdrawAsUser}(pkUser, pkDenom)$:  Do a withdraw from the perspective of a user.  The adversary
-    controls the user, and the simulator the exchange.
-
-    Increments $\V{valueWithdrawn}[\V{pkU}]$ appropriately,
-    adds the resulting coin to the wallet $\V{wallet}[\V{pkU}]$.
-
-    The adversary obtains the protocol transcript.
-
-  \item $\ora{WithdrawAsExchange}(pkUser, pkDenom)$:  Do a withdraw from the perspective of a exchange.
+  \item $\ora{Withdraw}(pkUser, pkDenom)$:  Do a withdraw.
     Effectively the adversary is an active man-in-the middle between the user and the ``real'' exchange.
 
     The adversary obtains the protocol transcript, but does not gain access to the exchange's database directly.
 
-  \item $\ora{RefreshAsUser}()$:  Do a withdraw from the perspective of a user, i.e. the adversary sends messages that the user would send.
+    If the adversary determines the exchange's private key during the
+    setup, invoking this oracle can be seen as the adversary plaing the
+    exchange.  If the adversary calls \ora{Withdraw} with a corrupted
+    user, the adversary plays as the user.
 
-    The adversary obtains the protocol transcript from the \algo{Refresh} protocol.
-
-  \item $\ora{RefreshAsExchange}()$:  Do a withdraw from the perspective of the exchange, i.e. the adversary sends messages that the exchange would send.
+    % FIXME: talk about share
 
+  \item $\ora{Refresh}()$:  Do a withdraw.
     Effectively the adversary is an active man-in-the middle between the user and the ``real'' exchange.
 
     The adversary obtains the protocol transcript, but does not gain access to the exchange's database directly.
 
-  \item $\ora{LinkAsExchange}(pkUser)$:  Force a user to execute the
-    link protocol, with the adversary playing the role of the exchange.
+  \item $\ora{Link}(pkUser)$:  Force the execution ot the link protocol.  The adversary is an
     Effectively the adversary is an active man-in-the middle between the user and the ``real'' exchange.
 
-  \item $\ora{LinkAsUser}(pkUser, pkCoin)$:  Force a user to execute the ???
-    \comment{executes what?}
-
   \item $\ora{Spend}(contractHash, pkSpender, \mathcal{T}^C, pkReceiver)$:
     Make a customer sign a deposit permission over a coin identified by
     transcript $\mathcal{T}_C$, which is either a withdraw transcript, link
@@ -258,6 +248,8 @@ We define the following oracles:
     be restricted most other games.
     \comment{ENGLISH to / from ?}
 
+    % the share oracle is the reason why we don't need a second withdraw oracle
+
   \item $\ora{AddCorruptUser}(pkUser)$:
     Used by the adversary to add a corrupted user, giving
     it permanent access to the user's private key, wallet and accepted contracts.
@@ -346,7 +338,7 @@ with the withdrawal or refresh operations that created a coin used in the
 spending operation.
 
 Let \oraSet{Anon} stand for access to the oracles
- \ora{AddUser}, \ora{WithdrawAsExchange}, \ora{Spend},
+ \ora{AddUser}, \ora{Withdraw}, \ora{Spend},
  \ora{RefreshAsExchange}, \ora{LinkAsExchange}, \ora{AddCorruptUser}, \ora{Deposit}.  Let $b$ be the bit that will
  determine the mapping between users and spend operation, which the adversary must guess.
 
@@ -453,7 +445,7 @@ The game also covers the case where a malicious exchange pretends the customer
 did a dishonest refresh (in instantiations that allow dishonest refreshes).
 
 Let \oraSet{Fair} stand for access to the oracles
- \ora{AddUser}, \ora{WithdrawAsExchange}, \ora{Spend},
+ \ora{AddUser}, \ora{Withdraw}, \ora{Spend},
  \ora{RefreshAsExchange}, \ora{Share}, \ora{AddCorruptUser}, \ora{Deposit}.
 
 \bigskip
@@ -492,7 +484,7 @@ Intuitively, adversarial customers win if they can forge more valid coins than
 they withdraw.
 
 Let \oraSet{Forge} stand for access to the oracles
- \ora{AddUser}, \ora{WithdrawAsExchange}, \ora{Spend},
+ \ora{AddUser}, \ora{Withdraw}, \ora{Spend},
  \ora{RefreshAsExchange}, \ora{Share}, \ora{AddCorruptUser}.
 
 \bigskip
@@ -523,7 +515,7 @@ introduces the threat of losing exclusive control of coins (despite having the o
 were received without involvement of the exchange.
 
 Let \oraSet{Income} stand for access to the oracles
- \ora{AddUser}, \ora{WithdrawAsExchange}, \ora{Spend},
+ \ora{AddUser}, \ora{Withdraw}, \ora{Spend},
  \ora{RefreshAsExchange}, \ora{Share}, \ora{AddCorruptUser}.
 
 \bigskip
-- 
cgit v1.2.3