donau

Donation authority for GNU Taler (experimental)
Log | Files | Refs | Submodules | README | LICENSE
commit 015fae704db7a681aae56d7422a362bc7f62d98d
parent 93ed1b081170dd844ecb405e9ff4850347662094
Author: Pius Loosli <loosp2@bfh.ch>
Date:   Mon, 23 Oct 2023 19:41:28 +0200

[doc] More details on signing, signing applications, BUDI-key-pair

Diffstat:

Mdoc/flows/main.tex | 66++++++++++++++++++++++++++++++++++++++++++++----------------------


1 file changed, 44 insertions(+), 22 deletions(-)

diff --git a/doc/flows/main.tex b/doc/flows/main.tex
@@ -23,11 +23,28 @@
 \begin{itemize}
   \item \textbf{Cryptographic Hash Function} $H(m) = h$ where $m$ is a message and $h$ the resulting hash.
 
-  \item \textbf{Signing Functions}
+  \item \textbf{Signing}
     \begin{itemize}
-      \item $\Sigma(m,k) = \sigma$ where $m$ is a message and $k$ is the private key used to sign the message (e.g. EdDSA).
-
-      \item $\overline{\Gamma}(\overline{n},j) = \overline{\gamma}$ where $\overline{n}$ is a blinded message and $j$ is the private key used to blind sign the message (e.g. RSA/CS).
+      \item \textbf{Classic/lightweight signing (e.g. EdDSA):} 
+      \begin{align}
+        \fbox{$\Sigma(m,k) = \sigma$}
+      \end{align}
+      where $m$ is a message and $k$ is the private key used to sign the message.\\
+      Applications:
+      \begin{itemize}
+        \item A charity signs a collection of $BKP$ before transfering them to the Donau to issue $Donation Receipt$s
+        \item The Donau computes the \emph{donation statement} signature for a donor for a specific year
+      \end{itemize}
+      
+      \item \textbf{Blind signing(e.g. RSA/CS):}
+      \begin{align}
+        \fbox{$\overline{B}(\overline{m},k) = \overline{\beta}$}
+      \end{align}
+      where $\overline{m}$ is a blinded message and $k$ is the private key used to blind sign the message.\\
+      Application:
+      \begin{itemize}
+        \item The Donau blind signs \emph{BUDI}s received from the charity with the private key matching the public key in the received \emph{BKP}
+      \end{itemize}
     \end{itemize}
 
   \item \textbf{Donation Unit} $DU = (K_x^{pub}, K_x^{priv})$ where $x$ is the associated value (e.g. 2EUR):
@@ -36,9 +53,14 @@
 
   \item \textbf{Unique Donor Identifier} $UDI = \langle H(\texttt{TAXID}, \texttt{SALT}), \texttt{NONCE} \rangle$
 
-  \item \textbf{Blinded Unique Donor Identifier} $BUDI = \langle blinded$ $UDI, H(K_x^{pub}) \rangle$, blinded to protect the privacy of the donor
+  \item \textbf{Blinded Unique Donor Identifier} $BUDI = blinded$  $UDI$, blinded to protect the privacy of the donor
+  
+  \begin{itemize}
+   \item \textbf{BUDI-key-pair} \emph{BKP}  = $Pair(BUDI, H(K_x^{pub}))$
+  \end{itemize}
+
 
-  \item \textbf{Donation Receipt} $DR = \langle UDI, \gamma, H(K_x^{pub}) \rangle$ where $\gamma$ is the unblinded signature: Sent to the Donau to get the donation Statement.
+  \item \textbf{Donation Receipt} $DR = \langle UDI, \beta, H(K_x^{pub}) \rangle$ where $\beta$ is the unblinded signature: Sent to the Donau to get the donation Statement.
 
   \item \textbf{Donation Statement} $DS = \Sigma(\langle \texttt{AMOUNT}_{Total}, \texttt{YEAR}, H(\texttt{TAXID}, \texttt{SALT}) \rangle, D^{priv})$ where $D^{priv}$ is the private key from the Donau: Signature to attest the amount donated in a particular year by a specific donor.
 
@@ -73,22 +95,22 @@
   \item The donor blinds the $UDI$'s using a \textbf{different} blinding factor $b$ for every $UDI_i$.
 
   \begin{align}
-    BUDI_1 &= \langle Blind(UDI_1, K_x^{pub}, b_i), H(K_x^{pub}) \rangle \\
+    BKP_1 &= \langle Blind(UDI_1, K_x^{pub}, b_1), H(K_x^{pub}) \rangle \\
     ... \\
-    BUDI_i &= \langle Blind(UDI_i, K_x^{pub}, b_i), H(K_x^{pub}) \rangle
+    BKP_i &= \langle Blind(UDI_i, K_x^{pub}, b_i), H(K_x^{pub}) \rangle
   \end{align}
 
-\item The donor sends the $BUDI$'s as well as the corresponding payment to the charity.
+\item The donor sends the $BKP$'s as well as the corresponding payment to the charity.
 \end{enumerate}
 
-\subsubsection{Charity sends signed $BUDI$'s to Donau}
+\subsubsection{Charity sends signed $BKP$'s to Donau}
 \begin{enumerate}
   \item The charity verifies that the amount requested (based on the $H(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation.
 
-  \item The charity signs (using EdDSA) a structure containing all unsigned $BUDI$'s coming from the donor.
+  \item The charity signs (using EdDSA) a structure containing all unsigned $BKP$'s coming from the donor.
 
   \begin{align}
-      \sigma = \Sigma(\langle BUDI_1, BUDI_2, ..., BUDI_i \rangle, C^{priv})
+      \sigma_c = \Sigma(\langle BKP_1, BKP_2, ..., BKP_i \rangle, C^{priv})
   \end{align}
 
   \item The charity sends this structure and the signature $\sigma$ to the Donau.
@@ -98,34 +120,34 @@
 \begin{enumerate}
   \item The Donau:
     \begin{enumerate}
-      \item verifies the signature $\sigma$ on the structure.
+      \item verifies the signature $\sigma_c$ on the structure.
 
       \item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the $BUDI$'s, if the increment does not exceed the annual limit.
 
       \item blind signs all the $blinded$ $UDI$'s using the $DU$ private keys $K_x^{priv}$ matching the public keys $H(K^{pub})$ used in the $BUDI$'s.
 
         \begin{align}
-          \overline{\gamma_1} = \overline{\Gamma}(blinded\ UDI_1, K_x^{priv}) \\
+          \overline{\beta_1} = \overline{B}(blinded\ UDI_1, K_x^{priv}) \\
           ... \\
-          \overline{\gamma_i} = \overline{\Gamma}(blinded\ UDI_i, K_x^{priv})
+          \overline{\beta_i} = \overline{B}(blinded\ UDI_i, K_x^{priv})
         \end{align}
 
-      \item sends back the blind signatures $\overline{\gamma_1}, ..., \overline{\gamma_i}$ to the charity.
+      \item sends back the blind signatures $\overline{\beta_1}, ..., \overline{\beta_i}$ to the charity.
     \end{enumerate}
 
   \item The charity forwards the blind signatures to the donor.
 
-  \item The donor unblinds the $BUDI$'s to get the signatures $\gamma_1, ..., \gamma_i$. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\gamma$ and the Hash of the $DU$ public key $H(K_x^{pub})$.
+  \item The donor unblinds the signed $BUDI$'s $\overline{\beta_1}, ..., \overline{\beta_i}$ to get the signatures $\beta_1, ..., \beta_i$. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the Hash of the $DU$ public key $H(K_x^{pub})$.
 
   \begin{align}
-    \gamma_1 &= Unblind(\overline{\gamma_1}, b_1) \\
+    \beta_1 &= Unblind(\overline{\beta_1}, b_1) \\
     ... \\
-    \gamma_i &= Unblind(\overline{\gamma_i}, b_i)
+    \beta_i &= Unblind(\overline{\beta_i}, b_i)
   \end{align}
   \begin{align}
-      DR_1 &= \langle UDI_1, \gamma_1, H(K_x^{pub}) \rangle \\
+      DR_1 &= \langle UDI_1, \beta_1, H(K_x^{pub}) \rangle \\
       ... \\
-      DR_i &= \langle UDI_i, \gamma_i, H(K_x^{pub}) \rangle
+      DR_i &= \langle UDI_i, \beta_i, H(K_x^{pub}) \rangle
   \end{align}
 \end{enumerate}
 
@@ -136,7 +158,7 @@
   \begin{itemize}
     \item checks that $K_x^{pub}$ is known.
 
-    \item verifies that the signature $\gamma$ is correct using the corresponding public key $K_x^{pub}$.
+    \item verifies that the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$.
 
     \item verifies that the hash of the $\texttt{TAXID}$ and the $\texttt{SALT}$ is the same as in other $DR$'s (With multiple wallets each wallet must simply obtain a separate $DS$!).