commit 0ea28624412c946171307a2fa0d2cb0e5132eacf
parent 2433c7e9446bd1be2339e01bb0b8360cbf18e6e1
Author: Özgür Kesim <oec-taler@kesim.org>
Date: Tue, 22 Apr 2025 11:58:25 +0200
[dd:pq-refresh] add meta parameter to RefreshDeriveBatch
Diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/design-documents/062-pq-refresh.rst b/design-documents/062-pq-refresh.rst
@@ -72,9 +72,10 @@ from an dirty coin is as follows:
# Notation:
# r = random dees, cs = dirty coin's secret, Cp = dirty coin's public key
- # pkD[] = array of denomination public keys
- def RefreshDeriveBatch(r, cs, Cp, pkDs: list[denomPublicKey]):
- t = Hash1a("Refresh", Cp, r, pkDs)
+ # pkD[] = array of denomination public keys,
+ # meta = additional information, f.e. the index in a cut-and-choose
+ def RefreshDeriveBatch(r, cs, Cp, pkDs: list[denomPublicKey], meta):
+ t = Hash1a("Refresh", Cp, r, pkDs, meta)
s = SignDeterministic(cs, t)
for i, pkD in enumerate(pkDs):
x[i] = Hash1b(s, i)
@@ -95,7 +96,7 @@ published.
- Client chooses a master seed r and derives κ nonces r_1, ... r_κ.
- Client generates, using RefreshDeriveBatch, κ*n blinded coin planchets
- m[1][1],...,m[1][n],...,m[κ][1],..,m[κ][n] from the nonces.
+ m[1][1],...,m[1][n],...,m[κ][1],..,m[κ][n] from the nonces
- Sends dirty coin, r, all m[i][j] and new denom-info pkD[] to the exchange,
with signature σ_c of the dirty coins' private key over the request.
- Exchange verifies the request.
