work on doc - donau - Donation authority for GNU Taler (experimental)

commit 701092b0f9208e7656b15da07dcc7f58f2cb5456
parent fa7447bafeeb490b7029545f0d9bebbcc29c865f
Author: Casaburi Johannes <johannes.casaburi@students.bfh.ch>
Date:   Mon, 15 Apr 2024 17:35:41 +0200

work on doc

Diffstat:
M doc/flows/protocol/definitions.tex  | 7 +++----
M doc/flows/protocol/main.pdf  | 0 
M doc/flows/protocol/main.tex  | 106 ++++++++++++++++++++++++++++++++++++++++++++-----------------------------------

3 files changed, 62 insertions(+), 51 deletions(-)
diff --git a/doc/flows/protocol/definitions.tex b/doc/flows/protocol/definitions.tex
@@ -119,8 +119,7 @@
       verify(m,s, P^{pub})
     \end{displaymath}
     where $P^{pub}$ can be the Donau public key $D^{pub}$ or Charity public key $C^{pub}$.
-  \end{itemize}
-  \begin{itemize}
+
     \item \textbf{blind verify}
       \begin{displaymath}
         verify\_blind(m,s,K_x^{pub})
@@ -136,9 +135,9 @@
 
   \item \textbf{Donation Statement}
     \begin{displaymath}
-      \omega := sign(\langle i, \texttt{Amount}_total, \texttt{Year}\rangle, D^{priv})
+      \sigma := sign(\langle i, \Sigma{\vec{r}}, \texttt{Year}\rangle, D^{priv})
     \end{displaymath}
-    The Donation Statement is the signature over the total amount a donor has donated throughout the year where $\beta$ is the unblinded signature sent to the Donau to get the \textbf{Donation Statement}.
+    The \textbf{Donation Statement} is the signature over the sum (amount donated) of all the Donation Receitps $\Sigma{\vec{r}}$, that a donor has received from donating throughout the year where $i$ is \textbf{Donor Identifier}.
 
     These signatures attest the amount donated in a particular year by a specific donor.
 
diff --git a/doc/flows/protocol/main.pdf b/doc/flows/protocol/main.pdf
Binary files differ.
diff --git a/doc/flows/protocol/main.tex b/doc/flows/protocol/main.tex
@@ -45,67 +45,74 @@
 \begin{enumerate}
   \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$ for EdDSA signing.
 
-  \item The Donau generates the \emph{donation unit keys} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
+  \item The Donau generates the \textbf{Donation Units} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
 \end{enumerate}
 
 \subsubsection{Charity setup (Charity side and Donau side)}
 \begin{enumerate}
-  \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and downloads the \emph{donation unit public keys} from the donau.\text
+  \item The \textbf{Charity} generates a public key $(C^{pub}$ and private key $C^{priv})$ and fetches the \textbf{Donation Unit} public keys from the Donau.
 
-  \item The \textbf{charity} transmits $C^{pub}$ and the desired yearly donation limit to the party responsible for Donau administration using a \textbf{secure channel}.
+  \item The \textbf{Charity} transmits $C^{pub}$ and the desired yearly donation limit to the party which maintains the Donau (e.g tax office) using a \textbf{secure channel}.
 
-  \item The party in charge of \textbf{Donau administration} ensures that the applying party is authentic and if it is publicly recognized as charity organisation. Furthermore, it ensures that all eventual other checks required by law are done. If everything is clear, it registers the public key $C^{pub}$ and sets the requested yearly donation limit for the charitiy.
+  \item The party in charge of Donau administration ensures that the applying charity is authentic and publicly recognized as charity organisation. Furthermore, it ensures that all eventual checks required by law are done. After the verification was successful the Charity public key $C^{pub}$ and requested yearly donation limit are registered.
 \end{enumerate}
 
 
-\subsection{Continuously during tax period: get donation receipts}
+\subsection{During tax period}
 
-\subsubsection{Donor donates to charity and transmits unique donor ids (future donation receipts)}
+\subsubsection{Donor donates to charity and transmits \textbf{Unique Donor identifiers} (future donation receipts)}
 \begin{enumerate}
-  \item The donor downloads the \emph{donation unit public keys} $K_x^{pub}$ for the corresponding year from the Donau. (if not already done)
+  \item The donor downloads the \textbf{Donation Unit} public keys $K_x^{pub}$ from the Donau for the current year.
 
-  \item The donor splits the donation amount into a sum of \emph{donation units} offered by the Donau. \\
-  \emph{Example: With donation units \{1,2,4\} available, and a donation with a total value of 7, the donation amount is split into the sum 4+2+1.}
+  \item The donor splits the donation amount into a sum of \textbf{Donation Units} offered by the Donau.
+
+    \emph{Example: With \textbf{Donation units} $\{1,2,4\}$ beeing available, and a donation of $7$, the donation amount is split into the valus $4$, $2$ and $1$.}
+
+  \item The donor generates as many \textbf{Unique Donor Identifiers} as there are terms in the calculated sum.
+
+    \emph{In our example, there are $3$ \textbf{Unique Donor Identifiers}: one per \textbf{Donation Unit}}. \footnote{If one Donation Unit is present more than once, then there is more than one Unique Donor Identifier required for said Donation Unit. This depends upon the offered Donation Units.}
 
-  \item The donor generates as many \emph{unique donor identifiers} as there are terms in the calculated sum.
-  \emph{Example: In our example, there will be 3 unique donor identifiers: one per donation unit, so one for the value 4, one for the value 2, one for the value 1}.\footnote{If one donation unit is present more than once in the sum, then there is more than one unique donor identifier required for said donation unit. This depends upon the offered donation units.}
     \begin{align}
-        i :&= h(\texttt{taxid, salt})\\
-      u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\
-      u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\
-      u_3 :&= \langle i, \texttt{nonce}_3 \rangle
+      i :&= H(\texttt{TAXID, S})\\\\
+      u_1 :&= \langle i, \texttt{N}_1 \rangle \\
+      u_2 :&= \langle i, \texttt{N}_2 \rangle \\
+      u_3 :&= \langle i, \texttt{N}_3 \rangle
     \end{align}
+    where $S$ is the salt and $N$ a Nonce.
 
-  \item The donor blinds the \emph{unique donor identifiers} using a \textbf{different} blinding factor $b$ for every \emph{unique donor identifier}.\\
-  \emph{Example:}
-  \begin{align}
-    \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\
-    \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\
-    \overline u_3 :&= blind (u_3, b_3, K_4^{pub})
-  \end{align}
+  \item The donor blinds the \textbf{Unique Donor Identifiers} using a \emph{different} blinding factor $b$ for every \textbf{Unique Donor Identifier}.
+
+    \begin{align}
+      \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\
+      \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\
+      \overline u_3 :&= blind (u_3, b_3, K_4^{pub})
+    \end{align}
+
+  \item So far, the \textbf{Unique Donor Identifiers} do not carry information about their value. The \emph{intended effective value is now indicated} by grouping each \textbf{Unique Donor Identifier} with the according hash of the \textbf{Donation Unit} public key $K^{pub}_x$.
 
-  \item So far, the \emph{unique donor identifiers} do not carry information about their value. The \textbf{intended effective value is now indicated} by grouping each \emph{unique donor identifier} with the according (hash of the) \emph{donation unit public key} $K^{pub}_x$. \\
-  We call these pairs \emph{blinded unique donor identifier-key-pair}, \emph{budi-key-pair} or even shorter BKP.\\
-  \\
-  It is only the \textbf{intended effective} value because the value will only be attributed later on with the signature of the Donau.
+  Resulting in a \textbf{Blinded Unique Donor Identifier Key Pair} or \textbf{BKP} for short.
+
+  It is only the \emph{intended effective} value because the value will only be attributed later on with the signature of the Donau.
+
+    \emph{Note: The public key is not in relation with the sequential index of the \textbf{BKP}, it only relates to the value of the pair!}
 
-  \emph{Example: Note: The public key is not in relation with the sequential index of the budi-key-pair, it only relates to the value of the pair!}
   \begin{align}
-       \overline \mu_1 :&= \langle \overline u_1, h(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
-       \overline \mu_2 :&= \langle \overline u_2, h(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
-       \overline \mu_3 :&= \langle \overline u_3, h(\color{red}{K^{pub}_4}\color{black}{}) \rangle
+       \overline \mu_1 :&= \langle \overline u_1, h({K^{pub}_1}) \rangle \\
+       \overline \mu_2 :&= \langle \overline u_2, h({K^{pub}_2}) \rangle \\
+       \overline \mu_3 :&= \langle \overline u_3, h({K^{pub}_4}) \rangle
   \end{align}
   \begin{align}
        \vec{\mu} :&= \langle \overline \mu_1,
        \overline \mu_2,\overline \mu_3
        \rangle
   \end{align}
-  \item The donor sends all \emph{BKP's} the $\vec{\mu}$ as well as the corresponding payment to the charity.
+  \item The donor sends all \textbf{BKP}'s $\vec{\mu}$ as well as the corresponding \textbf{payment} to the charity.
+
 \end{enumerate}
 
-\subsubsection{Charity sends signed $BKP$'s to Donau}
+\subsubsection{Charity sends signed \textbf{BKP}'s to Donau}
 \begin{enumerate}
-  \item The charity verifies that the amount requested (based on the $h(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation.
+  \item The charity verifies that the amount requested (based on the \textbf{Donation Unit} public key hash $h(K_x^{pub})$) for signing is \textbf{lower or equal} to the effective amount of the donation.
 
   \item The charity signs (using EdDSA) a structure containing all unsigned $BKP$'s coming from the donor.
 
@@ -116,19 +123,19 @@
   \item The charity sends this structure $\vec{\mu}$ and the signature $\sigma_c$ to the Donau.
 \end{enumerate}
 
-\subsubsection{Donau sends back the blind signed $UDI$'s to charity}
+\subsubsection{Donau sends back the blind signed \textbf{UDI}'s to charity}
 \begin{enumerate}
   \item The Donau:
     \begin{enumerate}
       \item verifies the signature $\sigma_c$ on the structure.
 
       \begin{align}
-      verify(\vec{\mu},\sigma_c, C^{pub})
+        verify(\vec{\mu},\sigma_c, C^{pub})
       \end{align}
 
-      \item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the $BUDI$'s, if the increment does not exceed the annual limit.
+      \item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the \textbf{Blinded Unique Donor Identifier (BUDI)}'s, if the increment does not exceed the annual limit.
 
-      \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the \emph{donation unit private keys} $K_x^{priv}$ matching the public keys $h(K^{pub})$ used in the $BKP$'s.
+      \item blind signs all the \textbf{BUDI}'s using the \textbf{Donation Unit} private keys $K_x^{priv}$ matching the public keys used in the hash $h(K^{pub})$ which was inturn used in the \textbf{BKP}'s.
 
         \begin{align}
           \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\
@@ -150,7 +157,7 @@
   verify\_blind(u_3,\overline{\beta_3}, K_4^{pub})
   \end{align}
 
-  \item The donor unblinds the signatures of the $BUDI$'s to get the signatures of the $UDI$'s. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the Hash of the \emph{donation unit public key} $h(K_x^{pub})$.
+\item The donor unblinds the signatures of the \textbf{BUDI}'s to get the signatures of the \textbf{Unique Donor Identifier (UDI)}'s. This results in a collection of \textbf{Donation Receipt (DR)}'s each consisting of the \textbf{UDI}, the signature $\beta$ and the hash of the \textbf{Donation Unit} public key $h(K_x^{pub})$.
 
   \begin{align}
     \beta_1 &= unblind(\overline{\beta_1}, b_1, K_1^{pub}) \\
@@ -167,41 +174,46 @@
 
 \subsection{After effective tax period: get tax statement for period from Donau}
 
-\subsubsection{Donor sends the \emph{Donation receipts} to the Donau to get the \emph{Donation Statement}.}
+\subsubsection{Donor sends the \textbf{Donation Receipts} to the Donau to get the final \textbf{Donation Statement}.}
 \begin{enumerate}
-  \item The donor sends the collection of all \emph{donation receipts} $r_1, r_2, r_3$ to the Donau. This happens manually once per period.\\\
-  It is not done continuously to obtain \emph{unlinkability} between the \textbf{issuance} of the donation receipts (which happens upon donation) and their \textbf{submission} for the \emph{donation statement}.
-  \item For each \emph{donation receipt} the Donau:
+  \item The donor sends the collection of all \textbf{Donation Receipts} $\{r_1, r_2, r_3\}$ to the Donau. This happens textbf{manually} once per period.
+
+    It is not done continuously to obtain \emph{unlinkability} between the \emph{issuance} of the \textbf{Donation Receipts} (which happens upon donation) and their \emph{submission} for the \textbf{Donation Statement}.
+
+  \item For each \textbf{Donation Receipt} the Donau:
   \begin{itemize}
     \item checks that $K_x^{pub}$ is known.
 
     \item verifies that the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$.
 
-    \item verifies that the \emph{donor identifier} is the same as in other \emph{donation receipts}.\footnote{With multiple wallets each wallet must simply obtain a separate \emph{donation statement}!}
+    \item verifies that the \textbf{Donor Identifier} is the same as in other \textbf{Donation Receipts}.\footnote{With multiple wallets each wallet must simply obtain a separate \textbf{Donation Statement}!}
 
     \item verifies that the $\texttt{nonce}$ is unique and was not used before by the donor for the corresponding year.
   \end{itemize}
 
-  \item The Donau signs over the total \texttt{amount},
-      \texttt{year} and \emph{donor identifier} and sends the signature and the total amount so far back to the donor. This results in a final signature called the \textbf{\emph{Donation Statement signature}}.
+  \item The Donau signs over the total \texttt{amount} donated by the donor, \texttt{year} and \textbf{Donor Identifier} and sends the signature and the total amount back to the donor.
+
+    This results in a final signature called the \textbf{Donation Statement}.
 
     \begin{align}
       \sigma_s = sign(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle, D^{priv})
     \end{align}
+
 \end{enumerate}
 
-\subsubsection{Donor sends the QR Code to a validator (tax office)}
+\subsubsection{Donor sends the QR Code to a validator (e.g. tax office)}
 \begin{enumerate}
   \item The donor generates a QR code which contains the following:
     \begin{align}
       \texttt{QR} = \langle \texttt{taxid}, \texttt{salt}, \texttt{year}, \texttt{amount}, \text{$\sigma_s$} \rangle
     \end{align}
 
-  \item The validator scans the QR code and verifies the signature $\sigma_s$.
+  \item The validator scans the QR code and verifies the \textbf{Donation Statement} $\sigma_s$.
 
   \begin{align}
     verify(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle,\sigma_s, D^{pub})
   \end{align}
+
 \end{enumerate}
 
 \end{document}

	donau Donation authority for GNU Taler (experimental)
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	doc/flows/protocol/definitions.tex	\|	7	+++----
M	doc/flows/protocol/main.pdf	\|	0
M	doc/flows/protocol/main.tex	\|	106	++++++++++++++++++++++++++++++++++++++++++++-----------------------------------