commit e04653626ebded0bc650c4ca6d8f8fe0dc52ac36
parent e54e3b0d13509bb9e0ce86d5f6e34ab05e1f2d43
Author: Casaburi Johannes <johannes.casaburi@students.bfh.ch>
Date: Thu, 19 Oct 2023 17:18:48 +0200
[doc] edits
Diffstat:
| M | doc/flows/main.tex | | | 94 | +++++++++++++++++++++++++++++++++++++++++++++---------------------------------- |
1 file changed, 54 insertions(+), 40 deletions(-)
diff --git a/doc/flows/main.tex b/doc/flows/main.tex
@@ -21,27 +21,26 @@
\section{Definitions}
\begin{itemize}
- \item \textbf{Cryptographic Hash Function} $H(m)$ where $m$ is a message.
+ \item \textbf{Cryptographic Hash Function} $H(m) = h$ where $m$ is a message and $h$ the resulting hash.
- \item \textbf{Signing Function} $Sign(m,k)$ where $m$ is a message and $k$ is the key used to sign the message.
+ \item \textbf{Signing Functions}
+ \begin{itemize}
+ \item $\Sigma(m,k) = \sigma$ where $m$ is a message and $k$ is the private key used to sign the message (e.g. EdDSA).
- \item \textbf{Blinding Function} $Blind(m,b)$ where $m$ is a message and $b$ is the blinding factor used to blind the message.
+ \item $\overline{\Gamma}(\overline{n},j) = \overline{\gamma}$ where $\overline{n}$ is a blinded message and $j$ is the private key used to blind sign the message (e.g. RSA/CS).
+ \end{itemize}
- \item \textbf{Unblinding Function} $Unlind(s,b)$ where $s$ is a blind signature and $b$ is the blinding factor.
+ \item \textbf{Donation Unit} $DU = (K_x^{pub}, K_x^{priv})$ where $x$ is the associated value (e.g. 2EUR):
+ Smallest structure representing a donation confirmation unit.
+ Consists of a Public key $K_x^{pub}$ and Private key $K_x^{priv}$. Equivalent in Taler is "denomination".
- \item \textbf{Signature} $S$
+ \item \textbf{Unique Donor Identifier} $UDI = \langle H(\texttt{TAXID}, \texttt{SALT}), \texttt{NONCE} \rangle$
- \item \textbf{Blind Signature} $S^b$
+ \item \textbf{Blinded Unique Donor Identifier} $BUDI = \langle \overline{\gamma}, H(K_x^{pub}) \rangle$, blinded to protect the privacy of the donor
- \item \textbf{Donation Unit} $DU = (K_{pub}, K_{priv})$: Smallest structure representing a donation confirmation unit. Consists of a Public key $K_{pub}$ and Private key $K_{priv}$. Equivalent in Taler is "denomination".
+ \item \textbf{Donation Receipt} $DR = \langle UDI, \gamma, H(K_x^{pub}) \rangle$ where $\gamma$ is the unblinded signature: Sent to the Donau to get the donation Statement.
- \item \textbf{Unique Donor Identifier} $UDI = \langle H(TAXID, SALT), NONCE \rangle$
-
- \item \textbf{Blinded Unique Donor Identifier} $BUDI = \langle S^b_{UDI}, H(K_{pub}) \rangle$, blinded to protect the privacy of the donor
-
- \item \textbf{Donation Receipt} $DR = \langle UDI, S_{UDI}, H(K_{pub}) \rangle$
-
- \item \textbf{Donation Statement} $DS$: Signature to attest the amount donated in a particular year by a specific donor.
+ \item \textbf{Donation Statement} $DS = \Sigma(\langle \texttt{AMOUNT}_{Total}, \texttt{YEAR}, H(\texttt{TAXID}, \texttt{SALT}) \rangle, D^{priv})$ where $D^{priv}$ is the private key from the Donau: Signature to attest the amount donated in a particular year by a specific donor.
\end{itemize}
@@ -50,11 +49,11 @@
\subsection{Step 0: Key generation and Initial setup}
\begin{enumerate}
- \item The Donau generates a public key $D_{pub}$ and private key $D_{priv}$.
+ \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$.
- \item The Donau generates the donation units ($DU$'s) consisting of $K_{pub}^x$ and $K_{priv}^x$ where $x$ is the associated value.
+ \item The Donau generates the donation units ($DU$'s) consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value.
- \item The charity generates the key pair $(C_{pub}, C_{priv})$.
+ \item The charity generates the key pair $(C^{pub}, C^{priv})$.
\item The Donau administrator registers the public key $C_{pub}$ and sets the yearly donation limit for the charities.
\end{enumerate}
@@ -62,14 +61,21 @@
\subsection{Step 1: Attest donation}
\subsubsection{Donor donates to charity}
\begin{enumerate}
- \item The donor downloads the $DU$'s public keys $K_{pub}^x$ for the corresponding year from the Donau.
+ \item The donor downloads the $DU$'s public keys $K_x^{pub}$ for the corresponding year from the Donau.
- \item The donor generates a $UDI = \langle H(TAXID, SALT), NONCE \rangle$ for every $DU$.
+ \item The donor generates a unique donor identifier $UDI$ for every $DU$. For every $DU$ the donor generates:
+ \begin{align}
+ UDI_1 &= \langle H(\texttt{TAXID}, \texttt{SALT}), \texttt{NONCE}_1 \rangle \\
+ ... \\
+ UDI_i &= \langle H(\texttt{TAXID}, \texttt{SALT}), \texttt{NONCE}_i \rangle
+ \end{align}
- \item The donor blinds the $UDI$'s using a \textbf{different} blinding factor $b$ for every $UDI$.
+ \item The donor blinds the $UDI$'s using a \textbf{different} blinding factor $b$ for every $UDI_i$.
\begin{align}
- BUDI &= \langle Blind(\langle UDI, K_{pub} \rangle, b), H(K_{pub}) \rangle
+ BUDI_1 &= \langle Blind(UDI_1, K_x^{pub}, b_i), H(K_x^{pub}) \rangle \\
+ ... \\
+ BUDI_i &= \langle Blind(UDI_i, K_x^{pub}, b_i), H(K_x^{pub}) \rangle
\end{align}
\item The donor sends the $BUDI$'s as well as the corresponding payment to the charity.
@@ -77,41 +83,49 @@
\subsubsection{Charity sends signed $BUDI$'s to Donau}
\begin{enumerate}
- \item The charity verifies that the amount requested (based on the $H(K_{pub})$) for signing is lower or equal to the effective amount of the donation.
+ \item The charity verifies that the amount requested (based on the $H(K_x^{pub})$) for signing is lower or equal to the effective amount of the donation.
\item The charity signs (using EdDSA) a structure containing all unsigned $BUDI$'s coming from the donor.
\begin{align}
- S_{C} = Sign(\langle BUDI_1, BDUI_2, .. \rangle, C_{priv})
+ \sigma = \Sigma(\langle BUDI_1, BUDI_2, ..., BUDI_i \rangle, C^{priv})
\end{align}
- \item The charity sends this structure $\langle BUDI_1, BDUI_2, .. \rangle$ and the signature $S_{C}$ to the Donau.
+ \item The charity sends this structure and the signature $\sigma$ to the Donau.
\end{enumerate}
\subsubsection{Donau sends back the blind signed $UDI$'s to charity}
\begin{enumerate}
\item The Donau:
\begin{enumerate}
- \item verifies the signature $S_{C}$ on the structure.
+ \item verifies the signature $\sigma$ on the structure.
\item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the $BUDI$'s, if the increment does not exceed the annual limit.
- \item signs all the $BUDI$'s using the $DU$ private keys $K_{priv}$ matching the public keys $H(K_{pub})$ used in the $BUDI$.
+ \item blind signs all the $BUDI$'s using the $DU$ private keys $K_x^{priv}$ matching the public keys $H(K^{pub})$ used in the $BUDI$'s.
\begin{align}
- S^b_{K} = Sign(BUDI, K_{priv})
+ \overline{\gamma_1} = \overline{\Gamma}(BUDI_1, K_x^{priv}) \\
+ ... \\
+ \overline{\gamma_i} = \overline{\Gamma}(BUDI_i, K_x^{priv})
\end{align}
- \item sends back the blind signatures ($S^b_{K}$'s) to the charity.
+ \item sends back the blind signatures $\overline{\gamma_1}, ..., \overline{\gamma_i}$ to the charity.
\end{enumerate}
- \item The charity transmits the blind signatures to the donor.
+ \item The charity forwards the blind signatures to the donor.
- \item The donor unblinds the $BUDI$'s to get the signed $UDI$'s. This results in the \textbf{Donation Receipt} $DR$ consisting of the $UDI$, the signature $S_{UDI}$ and the Hash of the $DU$ public key $H(K_{pub})$.
+ \item The donor unblinds the $BUDI$'s to get the signatures $\gamma_1, ..., \gamma_i$. This results in a collection of \textbf{Donation Receipts} $DR$'s each consisting of the $UDI$, the signature $\gamma$ and the Hash of the $DU$ public key $H(K_x^{pub})$.
\begin{align}
- S_{UDI} &= Unblind(S^b_{K}, b) \\
- DR &= \langle UDI, S_{UDI}, H(K_{pub}) \rangle
+ \gamma_1 &= Unblind(\overline{\gamma_1}, b_1) \\
+ ... \\
+ \gamma_i &= Unblind(\overline{\gamma_i}, b_i)
+ \end{align}
+ \begin{align}
+ DR_1 &= \langle UDI_1, \gamma_1, H(K_x^{pub}) \rangle \\
+ ... \\
+ DR_i &= \langle UDI_i, \gamma_i, H(K_x^{pub}) \rangle
\end{align}
\end{enumerate}
@@ -120,20 +134,20 @@
\item The donor sends the collection of all $DR$'s, to the Donau. The $DR$'s are sent manually once a year.
\item For each $DR$ the Donau:
\begin{itemize}
- \item checks that $K_{pub}$ is valid.
+ \item checks that $K_x^{pub}$ is known.
- \item verifies that the signature $S_{UDI}$ is correct using the corresponding public key $K_{pub}$.
+ \item verifies that the signature $\gamma$ is correct using the corresponding public key $K_x^{pub}$.
- \item verifies that the hash of the $TAXID$ and the $SALT$ is the same as in other $DR$'s (With multiple wallets each wallet must simply obtain a separate $DS$!).
+ \item verifies that the hash of the $\texttt{TAXID}$ and the $\texttt{SALT}$ is the same as in other $DR$'s (With multiple wallets each wallet must simply obtain a separate $DS$!).
- \item verifies that the $NONCE$ is unique and was not used before by the donor for the corresponding year.
+ \item verifies that the $\texttt{NONCE}$ is unique and was not used before by the donor for the corresponding year.
\end{itemize}
\item The Donau signs over the total amount,
- year and $H(TAXID, SALT)$ and sends the signature and the total amount so far back to the donor. This results in a final signature called the \textbf{Donation Statement} $DS$.
+ year and $H(\texttt{TAXID}, \texttt{SALT})$ and sends the signature and the total amount so far back to the donor. This results in a final signature called the \textbf{Donation Statement} $DS$.
\begin{align}
- DS = Sign(\langle AMOUNT_{Total}, YEAR, H(TAXID, SALT) \rangle, D_{priv})
+ DS = \Sigma(\langle \texttt{AMOUNT}_{Total}, \texttt{YEAR}, H(\texttt{TAXID}, \texttt{SALT}) \rangle, D^{priv})
\end{align}
\end{enumerate}
@@ -141,10 +155,10 @@
\begin{enumerate}
\item The donor generates a QR code:
\begin{align}
- QR = \langle TAXID, SALT, DS, YEAR, AMOUNT \rangle %version?
+ \texttt{QR} = \langle \texttt{TAXID}, \texttt{SALT}, \texttt{DS}, \texttt{YEAR}, \texttt{AMOUNT} \rangle
\end{align}
- \item The validator scans the QR code and verifies the signature in the $DS$.
+ \item The validator scans the QR code and verifies the signature $DS$.
\end{enumerate}
\end{document}
