[doc] some corrections - donau - Donation authority for GNU Taler (experimental)

commit a2ce3c4abe9f3a1a677cabc72e8ed4e8261a778f
parent 699b37391afa34dd7d16185fdfcd2d3ca74639c6
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
Date:   Tue,  3 Oct 2023 14:03:46 +0200

[doc] some corrections

Diffstat:
M doc/flows/main.tex  | 52 +++++++++++++++++++++-------------------------------

1 file changed, 21 insertions(+), 31 deletions(-)
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
@@ -41,20 +41,18 @@ The NONCE is used to uniquely distinguish DU of the same value ("create a fresh 
   DU := \langle H(TAXID, SALT), NONCE \rangle
 \end{align}
 
-% TODO example
-
 \section{Overview}
 \includegraphics[width=\textwidth]{overview}
 
-% FIXME: step 0 lacks DONAU key generation (keys for blind signatures, signing keys) and distribution
 \subsection{Step 0: Initial setup}
 \begin{enumerate}
+  \item key generation for blind signatures and statement signing. Distribute the keys.
   \item The charity generates their own key pair.
   \item The DONAU administrator registers the public key of the charity and sets the yearly donation limit for the charities.
 \end{enumerate}
 
-% Group steps 1-3, they are really one sub-protocol altogether!
-\subsection{Step 1: Donor donates to charity}
+\subsection{Attest donation}
+\subsubsection{Step 1: Donor donates to charity}
 \begin{enumerate}
   \item The donor downloads the DU public keys for the corresponding year from the DONAU.
 
@@ -67,86 +65,78 @@ The NONCE is used to uniquely distinguish DU of the same value ("create a fresh 
 
   \item The donor blinds the DUs using two different blinding factors $b_1, b_2$.
   \begin{align}
-    BDU1 = BDU1 \cdot b_1^{e_{1EUR}} \mod n_{1EUR} \\ % BDR!
-    BDU2 = BDU2 \cdot b_2^{e_{4EUR}} \mod n_{4EUR} % This is RSA-style blinding, in the abstract just use "blind(b_1,UDID)"
+    BDU1 = blind(b_1,DU1) \\ % BDR!
+    BDU2 = blind(b_2,DU2) % This is RSA-style blinding, in the abstract just use "blind(b_1,UDID)"
   \end{align}
 
-\item The Donor signs the DUs using the correct DONAU public keys. This gives the DUs their respective value.
-  % Eh, the DONOR never signs anything. Why should they. The DONAU does the signing! This is very wrong!
-  \begin{align}
-    BS1_{pk/k1} = sign_{pk/k1}(BDU1) \\ 
-    BS2_{pk/k4} = sign_{pk/k4}(BDU2) 
-  \end{align}
+\item The donor sends the blinded DUs (BDR) $BDU1$ and $BDU2$ as well as the payment of 5 Euros.
 
-\item The donor sends the blinded DUs (BDR) $BDU1$ and $BDU2$ as well as the signatures $BS1_{pk/k1}$ and $BS2_{pk/k4}$ to the charity in addition to the payment of 5 Euros.
-  % No BS1/BS2: those are *returned* from DONAU!
 \end{enumerate}
 
-\subsection{Step 2: Charity sends signed DUs to DONAU}
+\subsubsection{Charity sends signed DUs to DONAU}
 \begin{enumerate}
   \item The charity verifies that the amount requested for signing is lower or equal to the effective amount of the donation.
   \item The charity signs (using EdDSA) a structure containing all unsigned DUs coming from the donor. % Exactly: unsigned!
   \item The charity sends this structure and the signature to the DONAU.
 \end{enumerate}
 
-\subsection{Step 3: DONAU sends back blind signed DUs to charity}
+\subsubsection{DONAU sends back blind signed DUs to charity}
 \begin{enumerate}
   \item The DONAU:
     \begin{enumerate}
       \item verifies the charity Signature on the structure.
-      \item verifies the signature of every DU with it's private keys. % Back to crypto course for you. Which key does one verify signatures with?
       \item increments the current year amount of the charity by the total amount of the BDR, if the increment does not exceed the annual limit.
       \item blind signs (using RSA/Schnorr) all the DUs
         \begin{align}
-          BS1_{sk/k1} = BDU1^{(d_{E1})} \emph{mod ?}  \\ % Yes, but do more abstract signing (blind-sign) here, not necessarily RSA
-          BS2_{sk/k4} = BDU2^{(d_{E4})} \emph{mod ?}
+          BS1_{k1} = sign(BDU1, k1)
+          BS2_{k4} = sign(BDU2, k4)
         \end{align}
       \item sends back the blind signed DUs to the charity
     \end{enumerate}
   \item The charity transmits the blind signed DUs to the donor.
   \item The donor unblinds the signatures.
   \begin{align}
-    S1_{sk/k1} = BS1_{sk/k1} \cdot b^{-1} \mod n_1 \\ % again, ideally more abstract
-    S2_{sk/k4} = BS2_{sk/k4} \cdot b^{-1} \mod n_2
+    S1_{k1} = unblind(BS1_{k1}, b_1) \\
+    S2_{k4} = unblind(BS2_{k4}, b_2)
   \end{align}
 \end{enumerate}
 
 
-\subsection{Step 4: Donor sends DR to DONAU, DONAU sends back donation statement (DS)}
+\subsection{Step 2: Donor sends DR to DONAU, DONAU sends back donation statement (DS)}
 \begin{enumerate}
-  \item The donor sends the collection of all $(DUi, Si, kj)$ to the DONAU. The DR is always sent to the DONAU right after the donor has unblinded the DUs. The corresponding year is sent with. % Not sure we need the year!
+  \item The donor sends the collection of all $(DUi, Si, kj)$ to the DONAU. The DR is always sent to the DONAU right after the donor has unblinded the DUs.
   \item For each $(DUi, Si, kj)$ The DONAU...
 
   \begin{itemize}
-    \item verifies that $kj$ is one of the valid public keys corresponding to the year indicated. % Why not simply lookup year from key?
+    \item check if $kj$ is stored and get the corresponding year.
     \item verifies if $Si$ is a correct signature with the corresponding secret key.
     \item verifies that the hash of the TAXID and the salt is the same as in other DUs (how to solve the problem with multiple wallets?) % => Each wallet must simply obtain a separate DS!
     \item verifies that the nonce is different from each ever used nonce of this donor for the corresponding year.
     \item if all of this is the case, it adds the amount corresponding to the public key to the total donation amount for the year.
   \end{itemize}
-  \item The DONAU then signs over the amount, % => total
+  \item The DONAU then signs over the total amount,
   year and hashed TAXID+salt and sends signature and the total amount so far back to the donor.
 
   \begin{align}
-    sign(total amount, year, hash(TAXID, salt)) % Call the result *something*. (DS)?
+    DS = sign(total amount, year, hash(TAXID, salt))
   \end{align}
 
 \end{enumerate}
 
-\subsection{Step 5: Donor sends QR Code to validator (tax office)}
+\subsection{Step 3: Donor sends QR Code to validator (tax office)}
 \begin{enumerate}
   \item The donor generates a QR code containing the following and sends it to the validator/tax office:
   \begin{itemize}
+    \item version of the protocol (one byte)
     \item TAXID
     \item salt
-    \item signature received from the DONAU % DS?
+    \item DS received from the DONAU
     \item year
     \item amount for the year
-    \item version of the protocol (one byte) % probably should be first ;-)
+
   \end{itemize}
 
 \item The validator scans the QR code and validates that the signature corresponds to the current DONAU DS signing key.
-   % => step 0 lacked DONAU DS signing key setup & distribution ...
 \end{enumerate}
 
 \end{document}

	donau Donation authority for GNU Taler (experimental)
	Log \| Files \| Refs \| Submodules \| README \| LICENSE