commit 5ea3021e827f2186731e04b9805ae3a31482e47f
parent 82cec70298c56188ae7ff3caabc1d39d5916ddc9
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 16 May 2017 11:24:50 +0200
add ownership transfer corollary
Diffstat:
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
@@ -1422,10 +1422,10 @@ exchange.
\begin{theorem}
Let $C$ denote a coin controlled by users Alice and Bob.
-Suppose Bob creates a coin $C'$ from $C$ using the refresh protocol.
+Suppose Bob creates a coin $C'$ from $C$ following the refresh protocol.
Assuming the exchange and Bob operated the refresh protocol correctly,
-and that they continue to operate the linking protocol
- \S\ref{subsec:linking} correctly,
+and that the exchange continues to operate the linking protocol
+(\S\ref{subsec:linking}) correctly,
then Alice can gain control of $C'$ using the linking protocol.
\end{theorem}
@@ -1442,7 +1442,10 @@ for the residual value on $C'$ and runs the linking protocol to
determine if it was refreshed too.
\end{proof}
-At a result, there is no way for a user to loose control over a coin,
+\begin{corollary}
+ Abusing the refresh protocol to transfer ownership has an
+ expected loss of $1 - \frac{1}{\kappa}$ of the transaction value.
+\end{corollary}
\section{Privacy arguments}
