commit 57fef70492e9d6c0a88d025e8a716ab1db9ad202
parent 998858bc8f95eb1966e3edacb6583c5af4dd46d2
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 18 May 2017 15:05:28 +0200
inline FC reviews/responses in main paper
Diffstat:
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
@@ -58,7 +58,8 @@
\usetikzlibrary{calc}
\usepackage{eurosym}
\usepackage[T1]{fontenc}
-
+\usepackage{verbatim}
+\usepackage[utf8]{inputenc}
% Copyright
%\setcopyright{none}
@@ -1868,6 +1869,16 @@ data being persisted are represented in between $\langle\rangle$.
\item[$\overline{C^{(i)}_p}$]{Public coin keys computed from $\overline{c_s^{(i)}}$ by the verifier}
\end{description}
+\newpage
+\onecolumn
+\section{Supplemental: Reviews and Responses from Financial Cryptography}
+
+\subsection{FC 2016}
+\verbatiminput{taler_FC2016.txt}
+
+\subsection{FC 2017}
+\verbatiminput{taler_FC2017.txt}
+
\end{document}
diff --git a/doc/paper/taler_FC2017.txt b/doc/paper/taler_FC2017.txt
@@ -21,7 +21,7 @@ be insecure.
> We added a section with proofs
I find two (possible) attacks against the refresh protocol. As the
-exchange does not check the validity of the public key Cp′ , the attacker can
+exchange does not check the validity of the public key Cp', the attacker can
send an arbitrary public key to the exchange that will accept, and obtain a
fresh coin. The attacker can spend partially a coin multiple times via
refreshing the coin and obtaining a fresh coin in turn, as the refresh protocol
