commit 8c66d819be60ff2c57edc7585a9d1ee36307daa0
parent 36b17647b6f335152fd43a33efaea271bc51a2cc
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
Date: Sun, 12 Nov 2023 09:11:51 +0100
[doc] review main.tex
Diffstat:
2 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/doc/flows/definitions.tex b/doc/flows/definitions.tex
@@ -34,8 +34,8 @@
\begin{itemize}
\item Signatures over \textbf{Blinded Unique Donor Identifier-key-pair} or \textbf{BUDI-key-pairs}:
\begin{align}
- \fbox{$\mu := \langle \overline{u}, H(K_x^{pub}) \rangle$} \\
- \vec{\mu}_s := sign(\vec{\mu},C^{priv})
+ \mu := \langle \overline{u}, H(K_x^{pub}) \rangle \\
+ \fbox{$\vec{\mu}_s := sign(\vec{\mu},C^{priv})$}
\end{align}
where $H(K_x^{pub})$ indicates which donation unit key should be used by the Donau to sign the resulting donation receipt. Thus, this hash carries the information about the exact value the final donation receipt should carry.
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
@@ -33,18 +33,18 @@
\subsection{Key generation and initial setup}
\subsubsection{Initial Donau setup}
\begin{enumerate}
- \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$.
+ \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$ for EdDSA signing.
- \item The Donau generates the \emph{donation units} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
+ \item The Donau generates the \emph{donation unit keys} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
\end{enumerate}
\subsubsection{Charity setup (Charity side and Donau side)}
\begin{enumerate}
- \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and downloads the \emph{donation units} from the donau.
+ \item The \textbf{charity} generates the key pair $(C^{pub}, C^{priv})$ and downloads the \emph{donation unit public keys} from the donau.
- \item The \textbf{charity} transmits $C^{pub}$ to the party responsible for Donau administration using a \textbf{secure channel}.
+ \item The \textbf{charity} transmits $C^{pub}$ and the desired yearly donation limit to the party responsible for Donau administration using a \textbf{secure channel}.
- \item The party in charge of \textbf{Donau administration} ensures that the applying party is authentic and if it is publicly recognized as charity organisation. Furthermore, it ensures that all eventual other checks required by law are done. If everything is clear, it registers the public key $C^{pub}$ and sets the yearly donation limit for the charitiy.
+ \item The party in charge of \textbf{Donau administration} ensures that the applying party is authentic and if it is publicly recognized as charity organisation. Furthermore, it ensures that all eventual other checks required by law are done. If everything is clear, it registers the public key $C^{pub}$ and sets the requested yearly donation limit for the charitiy.
\end{enumerate}
@@ -54,17 +54,15 @@
\subsubsection{Donor donates to charity and transmits unique donor ids (future donation receipts)}
\begin{enumerate}
- \item The donor downloads the \emph{donation unit} public keys $K_x^{pub}$ for the corresponding year from the Donau. (if not already done)
+ \item The donor downloads the \emph{donation unit public keys} $K_x^{pub}$ for the corresponding year from the Donau. (if not already done)
\item The donor splits the donation amount into a sum of \emph{donation units} offered by the Donau. \\
\emph{Example: With donation units \{1,2,4\} available, and a donation with a total value of 7, the donation amount is split into the sum 4+2+1.}
\item The donor generates as many \emph{unique donor identifiers} as there are terms in the calculated sum.
- \emph{Example: In our example, there will be 3 unique donor identifiers: one per donation unit, so one for the value 4, one for the value 2, one for the value 1.\\
-% TODO make footnote out of this
- (if one donation unit is present more than once in the sum, then there is more than one unique donor identifier required for said donation unit. This depnds upon the offered donation units.)}
+ \emph{Example: In our example, there will be 3 unique donor identifiers: one per donation unit, so one for the value 4, one for the value 2, one for the value 1}.\footnote{If one donation unit is present more than once in the sum, then there is more than one unique donor identifier required for said donation unit. This depends upon the offered donation units.}
\begin{align}
- i :&= H(\texttt{taxid, salt})\\
+ i :&= h(\texttt{taxid, salt})\\
u_1 :&= \langle i, \texttt{nonce}_1 \rangle \\
u_2 :&= \langle i, \texttt{nonce}_2 \rangle \\
u_3 :&= \langle i, \texttt{nonce}_3 \rangle
@@ -73,37 +71,40 @@
\item The donor blinds the \emph{unique donor identifiers} using a \textbf{different} blinding factor $b$ for every \emph{unique donor identifier}.\\
\emph{Example:}
\begin{align}
- \overline u_1 :&= blind (u_1, b_1) \\
- \overline u_2 :&= blind (u_2, b_2) \\
- \overline u_3 :&= blind (u_3, b_3)
+ \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\
+ \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\
+ \overline u_3 :&= blind (u_3, b_3, K_4^{pub})
\end{align}
- \item So far, the \emph{unique donor identifiers} do not carry information about their value. The \textbf{intended effective value is now indicated} by grouping each \emph{unique donor identifier} with the according (hash of the) \emph{donation unit} public key $P^{pub}_x$. \\
- We call these pairs \emph{blinded unique donor identifier-key-pair}, or \emph{budi-key-pair} for short\\
+ \item So far, the \emph{unique donor identifiers} do not carry information about their value. The \textbf{intended effective value is now indicated} by grouping each \emph{unique donor identifier} with the according (hash of the) \emph{donation unit public key} $K^{pub}_x$. \\
+ We call these pairs \emph{blinded unique donor identifier-key-pair}, \emph{budi-key-pair} or even shorter BKP.\\
\\
It is only the \textbf{intended effective} value because the value will only be attributed later on with the signature of the Donau.
\emph{Example: Note: The public key is not in relation with the sequential index of the budi-key-pair, it only relates to the value of the pair!}
\begin{align}
- \overline \mu_1 :&= \langle \overline u_1, H(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
- \overline \mu_2 :&= \langle \overline u_2, H(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
- \overline \mu_3 :&= \langle \overline u_3, H(\color{red}{K^{pub}_4}\color{black}{}) \rangle
+ \overline \mu_1 :&= \langle \overline u_1, h(\color{red}{K^{pub}_1}\color{black}{}) \rangle \\
+ \overline \mu_2 :&= \langle \overline u_2, h(\color{red}{K^{pub}_2}\color{black}{}) \rangle \\
+ \overline \mu_3 :&= \langle \overline u_3, h(\color{red}{K^{pub}_4}\color{black}{}) \rangle \\ \\
+ \vec{\mu} :&= \langle \overline \mu_1,
+ \overline \mu_2,\overline \mu_3
+ \rangle
\end{align}
- \item The donor sends the $\vec{\mu}$ as well as the corresponding payment to the charity.
+ \item The donor sends all \emph{BKP's} the $\vec{\mu}$ as well as the corresponding payment to the charity.
\end{enumerate}
\subsubsection{Charity sends signed $BKP$'s to Donau}
\begin{enumerate}
- \item The charity verifies that the amount requested (based on the $H(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation.
+ \item The charity verifies that the amount requested (based on the $h(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation.
\item The charity signs (using EdDSA) a structure containing all unsigned $BKP$'s coming from the donor.
\begin{align}
- \sigma_c = \Sigma(\langle BKP_1, BKP_2, ..., BKP_i \rangle, C^{priv})
+ \sigma_c = sign(\vec{\mu}, C^{priv})
\end{align}
- \item The charity sends this structure and the signature $\sigma$ to the Donau.
+ \item The charity sends this structure $\vec{\mu}$ and the signature $\sigma$ to the Donau.
\end{enumerate}
\subsubsection{Donau sends back the blind signed $UDI$'s to charity}
@@ -114,30 +115,32 @@
\item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the $BUDI$'s, if the increment does not exceed the annual limit.
- \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the $DU$ private keys $K_x^{priv}$ matching the public keys $H(K^{pub})$ used in the $BKP$'s.
+ \item blind signs all the $blinded$ $UDI$'s, the $BUDI$'s, using the \emph{donation unit private keys} $K_x^{priv}$ matching the public keys $h(K^{pub})$ used in the $BKP$'s.
\begin{align}
- \overline{\beta_1} = {B}(BUDI_1, K_x^{priv}) \\
- ... \\
- \overline{\beta_i} = {B}(BUDI_i, K_x^{priv})
+ \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\
+ \overline{\beta_2} = blind\_sign(\overline u_2, K_2^{priv}) \\
+ \overline{\beta_3} = blind\_sign(\overline u_3, K_4^{priv})
\end{align}
- \item sends back the blind signatures $\overline{\beta_1}, ..., \overline{\beta_i}$ to the charity.
+ \item sends back all created blind signatures
+ $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ to the charity.
\end{enumerate}
\item The charity forwards the blind signatures to the donor.
- \item The donor unblinds the signed $BUDI$'s $\overline{\beta_1}, ..., \overline{\beta_i}$ to get the signatures $\beta_1, ..., \beta_i$. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the Hash of the $DU$ public key $H(K_x^{pub})$.
+ \item The donor unblinds the signatures of the $BUDI$'s to get the signatures of the $UDI$'s. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\beta$ and the Hash of the \emph{donation unit public key} $h(K_x^{pub})$.
\begin{align}
\beta_1 &= Unblind(\overline{\beta_1}, b_1) \\
- ... \\
- \beta_i &= Unblind(\overline{\beta_i}, b_i)
+ \beta_2 &= Unblind(\overline{\beta_i}, b_i) \\
+ \beta_3 &= Unblind(\overline{\beta_i}, b_i)
\end{align}
\begin{align}
- DR_1 &= \langle UDI_1, \beta_1, H(K_x^{pub}) \rangle \\
- ... \\
- DR_i &= \langle UDI_i, \beta_i, H(K_x^{pub}) \rangle
+ r_1 &= \langle UDI_1, \beta_1, h(K_1^{pub}) \rangle \\
+ r_2 &= \langle UDI_2, \beta_2, h(K_2^{pub})
+ \rangle \\
+ r_3 &= \langle UDI_3, \beta_3, h(K_4^{pub}) \rangle
\end{align}
\end{enumerate}
@@ -145,7 +148,7 @@
\subsubsection{Donor sends the \emph{Donation receipts} to the Donau to get the \emph{Donation Statement}.}
\begin{enumerate}
- \item The donor sends the collection of all \emph{donation receipts r} to the Donau. This happens manually once per period.\\\
+ \item The donor sends the collection of all \emph{donation receipts} $r_1, r_2, r_3$ to the Donau. This happens manually once per period.\\\
It is not done continuously to obtain \emph{unlinkability} between the \textbf{issuance} of the donation receipts (which happens upon donation) and their \textbf{submission} for the \emph{donation statement}.
\item For each \emph{donation receipt} the Donau:
\begin{itemize}
@@ -153,9 +156,7 @@
\item verifies that the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$.
- \item verifies that the \emph{donor identifier} is the same as in other \emph{donation receipts}
-% TODO: put this as footnote
- (With multiple wallets each wallet must simply obtain a separate \emph{donation statement}!).
+ \item verifies that the \emph{donor identifier} is the same as in other \emph{donation receipts}.\footnote{With multiple wallets each wallet must simply obtain a separate \emph{donation statement}!}
\item verifies that the $\texttt{nonce}$ is unique and was not used before by the donor for the corresponding year.
\end{itemize}
