taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit 89cf63785ee4cd8c7838cebc2046374e7f1b2f51
parent 40face1f4d29441d697676702e0ef23a6fdcea7e
Author: Christian Grothoff <christian@grothoff.org>
Date:   Tue, 25 Nov 2025 16:43:27 +0100

unique, not deterministic

Diffstat:

Mdesign-documents/062-pq-refresh.rst | 10+++++-----


1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/design-documents/062-pq-refresh.rst b/design-documents/062-pq-refresh.rst
@@ -4,7 +4,7 @@ DD 62: PQ Refresh Protocol
 Summary
 =======
 This document specifies a change to GNU Taler's refresh protocol that provides
-post-quantum resistance through hash-based cryptography and deterministic
+post-quantum resistance through hash-based cryptography and unique
 signatures, eliminating reliance on Diffie-Hellman operations, for the key
 derivation for the fresh coin from a dirty coin.
 
@@ -20,7 +20,7 @@ the original coin), passing coin outside the Taler protocols is discouraged.
 This redesign:
 
 1. Removes DH operations from refresh derivation
-2. Uses deterministic signatures for ownership proofs
+2. Uses unique signatures for ownership proofs
 3. Derives key material from (unforgeable) signatures
 4. Maintains backward compatibility with other parts of the protocol stack
 
@@ -38,7 +38,7 @@ Proposed Solution
 RefreshDerive Algorithm
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The core mechanism uses two hash functions and deterministic signatures to
+The core mechanism uses two hash functions and unique signatures to
 derive the key material of a fresh coin from the old coin:
 
 .. sourcecode:: python
@@ -49,7 +49,7 @@ derive the key material of a fresh coin from the old coin:
 
     def RefreshDerive(r, cs, Cp, pkD):
         t = Hash1a("Refresh", Cp, r)
-        s = SignDeterministic(cs, t)
+        s = SignUnique(cs, t)
         x = Hash1b(s)
         b = Hash2(s)
         c2_s, C2_p = KeyGen(x)
@@ -81,7 +81,7 @@ fresh coins from a dirty coin is as follows:
     # meta = additional information, f.e. the index in a cut-and-choose
     def RefreshDeriveBatch(r, cs, Cp, pkDs: list[denomPublicKey], meta):
         t = Hash1a("Refresh", Cp, r, pkDs, meta)
-        s = SignDeterministic(cs, t)
+        s = SignUnique(cs, t)
         for i, pkD in enumerate(pkDs):
             x[i] = Hash1b(s, i) # Note: use one HKDF for all i
             b[i] = Hash2(s, i)  # Note: use one HKDF for all i