commit 1a7c92fd88d2beb014a652d471ec4ffc261468f3
parent 70cbe3ae5c477e015dc5e6a94b122e1b35620b23
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
Date: Tue, 17 Oct 2023 09:59:04 +0200
[doc] correction blinding process
Diffstat:
3 files changed, 156 insertions(+), 9 deletions(-)
diff --git a/doc/flows/Makefile b/doc/flows/Makefile
@@ -1,5 +1,4 @@
all:
pdflatex main.tex
-
clean:
- rm *.aux *.log *.pdf
+ rm *.aux *.log *.pdf
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
@@ -21,15 +21,13 @@
\section{Definitions}
\begin{itemize}
- \item \textbf{Cryptographic Hash Function} $H$
+ \item \textbf{Cryptographic Hash Function} = $H$
\item \textbf{Signing Function} $Sign$
- \item \textbf{Blind Signing Function} $BSign$
-
\item \textbf{Signature} $S$
- \item \textbf{Blind Signature} $B$
+ \item \textbf{Blind Signature} $BS$
\item \textbf{Blinding Factor} $b$
@@ -69,7 +67,7 @@
\item The donor blinds the $UDI$'s using a \textbf{different} blinding factor $b$ for every $UDI$.
\begin{align}
- B_{UDI} &= BSign(b,UDI, K_{pub}) \\
+ B_{UDI} &= blind(b,UDI, K_{pub}) \\
BUDI &= \langle B_{UDI}, H(K_{priv}) \rangle
\end{align}
@@ -100,7 +98,7 @@
\item blind signs all the $BUDI$'s using the $DU$ private keys $K_{priv}$ matching the public keys used in $H(K_{pub})$.
\begin{align}
- S_D = Sign(BUDI, K_{priv})
+ BS_D = Sign(BUDI, K_{priv})
\end{align}
\item sends back the blind signatures ($S_D$'s) to the charity.
@@ -111,7 +109,7 @@
\item The donor unblinds the $BUDI$'s to get the signed $UDI$'s. This results in the \textbf{Donation Receipt} $DR$ consisting of the $UDI$, the signature $S_{UDI}$ and the Hash of the $DU$ public key $H(K_{pub})$.
\begin{align}
- S_{UDI} &= B^{-1}(BUDI, S_D, b) \\
+ S_{UDI} &= unblind(BS_D, b) \\
DR &= \langle UDI, S_{UDI}, H(K_{pub}) \rangle
\end{align}
\end{enumerate}
diff --git a/doc/flows/mainOld.tex b/doc/flows/mainOld.tex
@@ -0,0 +1,150 @@
+\documentclass{article}
+
+\usepackage[english]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage{amsmath,amssymb}
+\usepackage{parskip}
+\usepackage{graphicx}
+\graphicspath{ {./images/} }
+
+% Margins
+\usepackage[top=3cm, left=3cm, right=3cm, bottom=3cm]{geometry}
+% Colour table cells
+\usepackage[table]{xcolor}
+
+\title{DONAU protocol overview}
+\author{Johannes Casaburi \and Pius Loosli \and Lukas Matyja}
+\date{\today}
+
+\begin{document}
+\maketitle
+
+\section{Definitions}
+\begin{itemize}
+\item $DU :=$ \textbf{donation unit} = Smallest structure representing a donation confirmation unit, i.e. accepted values that compose a donation (examples: CHF1, CHF2, EUR1, EUR2). Equivalent in Taler is "denomination".
+ \item $UDID := $ \textbf{unique donor identifier} of a donor by tax ID, made unique per donation to obtain unique $DR$s per donation
+ \item $BDID :=$ blinded $UDID$, blinded for privacy of the donor
+ \item $BS :=$ BDU blinded signature made with a donation unit secret key (from DONAU)
+ \item $S :=$ unblinded BS
+ \item $DR :=$ \textbf{donation receipt} = $UDID$ with $S$ signature of DONAU affirming donation over the respectiv amount as given by the DU associated with the signature
+ \item $DRs :=$ collection of $DR$s
+ \item $DS_{year} :=$ \textbf{donation statement} = confirmation over the total amount of DRs produced for a specific year and specific donor (DID)
+ \item $b :=$ blinding factor
+ \item $H :=$ cryptographic hash function
+ \item $DUi, Si, DRi, \ldots$ := number entities if there are more than one e.g. $DU1$, $DU2$ ...
+ \item $BS_{kj}$ or $S_{kj} \Rightarrow kj$ := specific DONAU public key used to attribute a specific value to a DU, e.g. k1 gives the DU a value of 1, k2 a value of 2...
+\end{itemize}
+
+\subsection{Unique Donor ID (UDID)}
+
+The NONCE is used to uniquely distinguish donor IDs of the same value
+("create a fresh donor ID"). Otherwise the DONAU would refuse DUs
+containing donations of equal amount to the same charity, since this
+would be seen as "double spending" (or rather, double claiming of
+tax deduction for the same donation).
+
+\begin{align}
+ UDID := \langle H(TAXID, SALT), NONCE \rangle
+\end{align}
+
+\section{Overview}
+\includegraphics[width=\textwidth]{overview}
+
+\subsection{Step 0: Initial setup}
+\begin{enumerate}
+ \item Key generation for blind signatures and statement signing by the DONAU. Distribution of the keys to charities, donors and tax authorities (possibly on-demand via REST API). Let $ki$ be the private key for $i$ DU and $Pi$ be the corresponding public key.
+ \item The charity generates their own key pair (charity pub/priv).
+ \item The DONAU administrator registers the public key of the charity and sets the yearly donation limit for the charities.
+\end{enumerate}
+
+\subsection{Step 1: Attest donation}
+\subsubsection{Donor donates to charity}
+\begin{enumerate}
+ \item The donor downloads the DU public keys $P1, P4$ for the corresponding year from the DONAU.
+
+ \item To donate 5 Euros the donor has to generate 2 UDIDs (for 1 Euro and 4 Euro DU).
+ The donor generates UDIDs $U1$ and $U2$ which include a salted hash of the tax number
+ (here TAXID) and a NONCE.
+
+ \begin{align}
+ U1 = \langle H(TAXID, SALT), NONCE_1 \rangle \\
+ U2 = \langle H(TAXID, SALT), NONCE_2 \rangle
+ \end{align}
+
+ \item The donor blinds the UDIDs using two different blinding factors $b_1, b_2$.
+ \begin{align}
+ BU1 = \langle blind(b_1,U1, P1), H(P1) \rangle \\
+ BU2 = \langle blind(b_2,U2, P4), H(P4) \rangle
+ \end{align}
+
+\item The donor sends the blinded UDIDs (BDIDs) $BU1$ and $BU2$ as well as the payment of 5 Euros.
+
+\end{enumerate}
+
+\subsubsection{Charity sends signed BDIDs to DONAU}
+\begin{enumerate}
+\item The charity verifies that the amount requested (based on the $H(Pi)$)
+ for signing is lower or equal to the effective amount of the donation.
+ \item The charity signs (using EdDSA) a structure containing all unsigned BDIDs coming from the donor.
+ \item The charity sends this structure and the signature to the DONAU.
+\end{enumerate}
+
+\subsubsection{DONAU sends back blind signed UDIDs to charity}
+\begin{enumerate}
+ \item The DONAU:
+ \begin{enumerate}
+ \item verifies the charity signature on the structure.
+ \item increments the current year amount of the charity by the total amount of the BDIDs, if the increment does not exceed the annual limit.
+ \item blind signs all the BDIDs using the private keys $k_i$ matching the public keys $H(Pi)$.
+ \begin{align}
+ BS1 &:= sign(BU1, k_1) \\
+ BS2 &:= sign(BU2, k_4)
+ \end{align}
+ \item sends back the blind signatures to the charity.
+ \end{enumerate}
+ \item The charity transmits the blind signatures to the donor.
+ \item The donor unblinds the signatures.
+ \begin{align}
+ S1_{k1} &= unblind(BS1, b_1) \\
+ S2_{k4} &= unblind(BS2, b_2)
+ \end{align}
+\end{enumerate}
+
+
+\subsection{Step 2: Donor sends DRs to DONAU, DONAU sends back donation statement (DS)}
+\begin{enumerate}
+ \item The donor sends the collection of all $\langle DUi, Si, H(Pj) \rangle$, also called DRs, to the DONAU. The DRs are sent manually once a year.
+ \item For each $\langle DUi, Si, H(Pj) \rangle$ The DONAU...
+
+ \begin{itemize}
+ \item check if $Pj$ is stored and get the corresponding year and donation unit (amount donated).
+ \item verifies if $Si$ is a correct signature with the corresponding public key $Pj$.
+ \item verifies that the hash of the TAXID and the salt is the same as in other DRs (With multiple wallets each wallet must simply obtain a separate DS!).
+ \item verifies that the nonce is different from each ever used nonce of this donor for the corresponding year.
+ \item if all of this is the case, it adds the amount corresponding to the public key to the total donation amount for the year.
+ \end{itemize}
+ \item The DONAU then signs over the total amount,
+ year and hashed TAXID+salt and sends signature and the total amount so far back to the donor.
+
+ \begin{align}
+ DS := sign(total amount, year, H(TAXID, salt))
+ \end{align}
+
+\end{enumerate}
+
+\subsection{Step 3: Donor sends QR Code to validator (tax office)}
+\begin{enumerate}
+ \item The donor generates a QR code containing the following and sends it to the validator/tax office:
+ \begin{itemize}
+ \item version of the protocol (one byte)
+ \item TAXID
+ \item salt
+ \item DS received from the DONAU
+ \item year
+ \item amount for the year
+ \end{itemize}
+
+\item The validator scans the QR code and validates that the signature corresponds to the current DONAU DS signing key.
+\end{enumerate}
+
+\end{document}
