[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-exchange] 05/06: Spelling
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-exchange] 05/06: Spelling |
|
Date: |
Mon, 15 May 2017 17:46:59 +0200 |
This is an automated email from the git hooks/post-receive script.
burdges pushed a commit to branch master
in repository exchange.
commit 0cf241041eb50ffad962d5821ee0f836fb0261a0
Author: Jeffrey Burdges <address@hidden>
AuthorDate: Mon May 15 17:46:27 2017 +0200
Spelling
---
doc/paper/taler.tex | 29 ++++++++++++++---------------
1 file changed, 14 insertions(+), 15 deletions(-)
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
index c549a20..70378d4 100644
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@ -1377,8 +1377,8 @@ data being persisted are represented in between
$\langle\rangle$.
\section{Taxability arguments}
We assume the exchange operates honestly when discussing taxability.
-We feel this assumption is warratned mostly because a Taler exchange
-requires liscenses to operate as a financial institution, which it
+We feel this assumption is warranted mostly because a Taler exchange
+requires licenses to operate as a financial institution, which it
risks loosing if it knowingly facilitates tax evasion.
We also expect an auditor monitors the exchange similarly to how
government regulators monitor financial institutions.
@@ -1389,15 +1389,15 @@ which expands its power over conventional auditors.
\begin{proposition}
Assuming the exchange operates the refresh protocol honestly,
a customer operating the refresh protocol dishonestly expects to
-loose $1 - {1 \over \kappa}$ of the value of thei coins.
+loose $1 - {1 \over \kappa}$ of the value of their coins.
\end{proposition}
\begin{proof}
-An honest esxchange keeps any funds being refreshed if the reveal
+An honest exchange keeps any funds being refreshed if the reveal
phase is never carried out, does not match the commitment, or shows
an incorrect commitment. As a result, a customer dishonestly
refreshing a coin looses their money if they have more than one
-dishonet commitment. They have a $1 \over \kappa$ chance of their
+dishonest commitment. They have a $1 \over \kappa$ chance of their
dishonest commitment being selected for the refresh.
\end{proof}
@@ -1428,7 +1428,7 @@ then Alice can gain control of $C'$ using the linking
protocol.
\begin{proof}
Alice may run the linking protocol to obtain all transfer keys $T^i$,
-blindings $B^i$ associated to $C$, and those coins denominations,
+bindings $B^i$ associated to $C$, and those coins denominations,
including the $T'$ for $C'$.
We assumed both the exchange and Bob operated the refresh protocol
@@ -1445,26 +1445,26 @@ At a result, there is no way for a user to loose
control over a coin,
\section{Privacy arguments}
The {\em linking problem} for blind signature is,
-if given coin creation transcrips and possibly fewer
+if given coin creation transcripts and possibly fewer
coin deposit transcripts for coins from the creation transcripts,
then produce a corresponding creation and deposit transcript.
We say a probabilistic polynomial time (PPT) adversary $A$
-{\em links} coins if it has a non-negligable advantage in
+{\em links} coins if it has a non-negligible advantage in
solving the linking problem, when given the private keys
of the exchange.
-In Taler, there are two forms of coin creation transcrips,
+In Taler, there are two forms of coin creation transcripts,
withdrawal and refresh.
\begin{lemma}
If there are no refresh operations, any adversary with an
-advantage in linking coins is polynomially equivelent to an
+advantage in linking coins is polynomially equivalent to an
advantage with the same advantage in recognizing blinding factors.
\end{lemma}
\begin{proof}
-Let $n$ denote the RSA modulous of the denomination key.
+Let $n$ denote the RSA modulus of the denomination key.
Also let $d$ and $e$ denote the private and public exponents, respectively.
In effect, coin withdrawal transcripts consist of numbers
$b m^d \mod n$ where $m$ is the FDH of the coin's public key
@@ -1478,10 +1478,10 @@ first computing $b_{i,j} = b_i m_i^d / m_j^d \mod n$
for all $i,j$.
\end{proof}
We now know the following because Taler used SHA512 adopted to be
- a FDH to breat the blinding factor.
+ a FDH to be the blinding factor.
\begin{corollary}
-Assuming no refresh opeeration,
+Assuming no refresh operation,
any PPT adversary with an advantage for linking Taler coins gives
rise to an adversary with an advantage for recognizing SHA512 output.
\end{corollary}
@@ -1507,11 +1507,10 @@ Diffie-Hellman key exchange on curve25519.
\end{theorem}
We do not distinguish between information known by the exchange and
-information known by the merchant in the abose. As a result, this
+information known by the merchant in the above. As a result, this
proves that out linking protocol \S\ref{subsec:linking} does not
degrade privacy.
-\end{document}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [taler-exchange] branch master updated (d307ddb -> 1a2facb), gnunet, 2017/05/15
- [GNUnet-SVN] [taler-exchange] 01/06: Just some trash, gnunet, 2017/05/15
- [GNUnet-SVN] [taler-exchange] 06/06: Merge branch 'master' of ssh://taler.net/exchange, gnunet, 2017/05/15
- [GNUnet-SVN] [taler-exchange] 04/06: Add note on linking protocol, gnunet, 2017/05/15
- [GNUnet-SVN] [taler-exchange] 05/06: Spelling,
gnunet <=
- [GNUnet-SVN] [taler-exchange] 03/06: Some classical random oracle reference, gnunet, 2017/05/15
- [GNUnet-SVN] [taler-exchange] 02/06: Approach to the privacy argument, gnunet, 2017/05/15