commit d0e01568f6fe2bb475f45b4d5f8e8dbf617f44e0
parent d52803331bd35314ef0ba73d1294d016e67f5046
Author: Jonathan <ondesmartenot@riseup.net>
Date: Wed, 22 Jan 2025 01:40:10 +0800
Chapter 3: small edits
Diffstat:
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/doc/usenix-security-2025/paper/technicaldesign.tex b/doc/usenix-security-2025/paper/technicaldesign.tex
@@ -226,7 +226,7 @@ The charity sends the array $\vec{\mu}$ of BKPs and their signature $\sigma_c$ t
\subsection{Donau generates donation receipt}\label{donau_creates_donation_receipt}
When the Donau receives a signed set of BKPs from a charity, it verifies the charity's signature.
It then checks that no legal restrictions are being violated.
-If not, the Donau increments its record of the charity's total receipts by the
+If none are, the Donau increments its record of the charity's total receipts by the
total amount of the donation, i.e., the sum of the denominations used in the
BKPs.
The Donau then blindly signs all BUDIs using the Donation Unit private keys
@@ -266,7 +266,7 @@ These donation receipts are stored on the donor's device.
\subsection{Donor requests an annual donation statement from Donau}\label{donor_requests_a_donation_statement_from_the_donau}
In order for the donor to claim a tax deduction,
-the donor needs to obtain a final \textbf{Donation Statement} which can be sent to the tax authority.
+the donor needs to obtain a final donation statement which can be sent to the tax authority.
The donor sends their saved donation receipts $\{r_1, \ldots, r_k\}$, accumulated throughout the year, to the Donau.
This can be done multiple times during the year, but the receipts are not automatically in order to achieve
\emph{unlinkability} between the \emph{issuance} of the receipts (which happens at the time of donation) and their \emph{submission} for the Donation Statement.
@@ -288,8 +288,7 @@ identified as $\DI$.
Importantly, the Donau does not see signatures of the charities the donor
donated to, so it does not know where the donor spent money.
They also only see a collection of common denominations, so they are unable to correlate total donation amounts per charity.
-Finally, the receipts are unblinded, so the Donau has never seen these signatures before.
-This makes the receipts unlinkable from when they were originally signed by the Donau.
+Finally, the receipts are unblinded, so they are unlinkable to any signature the Donau has seen before.
The Donau then generates a signature over the total \texttt{amount} of all receipts, the current \texttt{year} and the Donor Identifier.
This results in a final signature called the \textbf{Donation Statement}, which the Donau returns to the donor:
