From b8147f1d29d49f60ac9742c832144f332cf2665b Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Tue, 18 Sep 2018 13:41:06 +0200 Subject: Move commitment from refresh pickup into request to handle aborts properly. --- taler-fc19/paper.tex | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'taler-fc19') diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index a69d099..e98a8ed 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -930,13 +930,8 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti \begin{equation} \V{rid} := (\V{coin}_0, \V{pkD}_u, \V{nonce}, \{ s_i \}, \{ \overline{m}_i \}, \{r_i\}, \{\mathcal{T}_{(B*,i)}\} ). \end{equation} - % TODO: Move commitment into request refresh to handle aborts properly. - \item $\algo{RefreshPickup}(\prt{E}(\V{sksE}, \V{pkCustomer}), \prt{C}(\V{skCustomer}, \V{pksE}, \V{rid}) \rightarrow \mathcal{T}$: - The customer looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs, - transfer secrets and new coin key pairs. - - Then customer sends the commitment $\pi_1 = (\V{pkCoin}_0, \V{pkD}_u, h_C)$ together with signature $\V{sig}_1 + Now, the customer's wallet sends the commitment $\pi_1 = (\V{pkCoin}_0, \V{pkD}_u, h_C)$ together with signature $\V{sig}_1 \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, \pi_1)$ to the exchange, where \begin{align*} h_T &:= H(T_1, \dots, T_\kappa)\\ @@ -955,7 +950,9 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti equivalent $\pi_1$. \end{enumerate} - In response, the customer sends the reveal message + \item $\algo{RefreshPickup}(\prt{E}(\V{sksE}, \V{pkCustomer}), \prt{C}(\V{skCustomer}, \V{pksE}, \V{rid}) \rightarrow \mathcal{T}$: + The customer's wallet looks up the refresh identifier $\V{rid}$ and recomputes the transfer key pairs, + transfer secrets and new coin key pairs. The customer sends the reveal message \begin{equation*} \pi_3 = T_\gamma, \overline{m}_\gamma, (s_1, \dots, s_{\gamma-1}, s_{\gamma+1}, \dots, s_\kappa) @@ -965,7 +962,6 @@ Using \textsc{Blind}, \textsc{CoinSignKx}, \textsc{Sign} and $H$ we now instanti \V{sig}_{3'} \leftarrow \algo{Sign}_{CSK}(\V{skCoin}_0, (\V{pkCoin}_0, \V{pkD}_u, \mathcal{T}_{(B*,\gamma)}, T_\gamma, \overline{m}_\gamma)) \end{equation*} to the exchange. - The exchange checks the signature $\V{sig}_{3'}$ and then computes for $i \ne \gamma$: \begin{align*} -- cgit v1.2.3