taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit c325787f79390a20c36638a7659cc8ef26666175
parent dde52d29ba199601a6e8be6ee7f753004cb87307
Author: Özgür Kesim <oec-taler@kesim.org>
Date:   Sat, 12 Apr 2025 12:50:47 +0200

[dd:pq-refresh] simplify request object

Diffstat:

Mdesign-documents/062-pq-refresh.rst | 29+++++++++++++++--------------


1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/design-documents/062-pq-refresh.rst b/design-documents/062-pq-refresh.rst
@@ -165,25 +165,22 @@ Modified melt request structure:
        // for the new coins to order.
        denoms_h: HashCode[];
 
+       // Hash of all the commitments k*n X_i as defined in the 
+       // RefreshDerivePQ function.
+       h_Xs: HashCode;
+
        // Array of ``n`` entries with ``kappa`` many blinded coin candidates,
        // matching the respective entries in ``denoms_h``.
-       coin_evs: PQEnvelope[][kappa];
+       //
+       // Note: These are essentially the m_i values in the RefreshDerivePQ
+       // function.
+       coin_evs: CoinEnvelope[][kappa];
 
        // Signature by the `coin <coin-priv>` over `TALER_PQMeltCommitmentPS`.
        confirm_sig: EddsaSignature;
 
     }
 
-The new `PQEnvelope` is defined as follows:
-
-.. ts:def:: PQEnvelope
-
-   // Cointains the commitment X and fresh blinded coin m
-   interface PQEnvelope {
-     X: string;
-     m: CoinEnvelope;
-   }
-
 The new ``TALER_PQMeltCommitmentPS`` is defined as follows:
 
 .. _TALER_PQMeltCommitmentPS:
@@ -206,13 +203,14 @@ The new ``TALER_PQMeltCommitmentPS`` is defined as follows:
      */
     struct GNUNET_HashCode h_denoms;
     /**
-     * hash over all entries in m, depths first
+     * hash over all entries in coin_evs (aka m in RefreshDerivePQ),
+     * depths first
      */
-    struct GNUNET_HashCode h_m;
+    struct GNUNET_HashCode h_coin_evs;
     /**
      * hash over of the required n*kappa transfer public keys, depths first.
      */
-    struct GNUNET_HashCode h_X;
+    struct GNUNET_HashCode h_Xs;
   };
 
 
@@ -220,14 +218,17 @@ The new ``TALER_PQMeltCommitmentPS`` is defined as follows:
 Security Analysis
 =================
 1. **Quantum Resistance**:
+
    - No reliance on factoring/DLP
    - Hash functions sized for 256-bit quantum security
 
 2. **Unlinkability**:
+
    - Multiple hash layers prevent chain tracing
    - γ-selection maintains cut-and-choose security
 
 3. **Forward Secrecy**:
+
    - Per-session hash chains prevent mass compromise
 
 Drawbacks