[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-exchange] branch master updated: More on RSA-KTI
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-exchange] branch master updated: More on RSA-KTI |
|
Date: |
Fri, 02 Jun 2017 15:56:09 +0200 |
This is an automated email from the git hooks/post-receive script.
burdges pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 9f7e3bb More on RSA-KTI
9f7e3bb is described below
commit 9f7e3bb2bd494860c31aa534942de85636cb91a8
Author: Jeffrey Burdges <address@hidden>
AuthorDate: Fri Jun 2 15:55:49 2017 +0200
More on RSA-KTI
---
doc/paper/taler.bib | 2 +-
doc/paper/taler.tex | 12 ++++++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib
index bafce49..db98865 100644
--- a/doc/paper/taler.bib
+++ b/doc/paper/taler.bib
@@ -368,7 +368,7 @@
}
address@hidden,
address@hidden,
author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and
Semanko, Michael",
editor="Syverson, Paul",
chapter="The Power of RSA Inversion Oracles and the Security of Chaum's
RSA-Based Blind Signature Scheme",
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
index 96db7c6..bfe8987 100644
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@ -509,7 +509,7 @@ financial reserve. In addition, Taler includes an
\emph{auditor} who
assures customers and merchants that the exchange operates correctly.
%\vspace{-0.3cm}
-\subsection{Security considerations}
+\subsection{Security considerations}\label{subsec:security_rough}
%\vspace{-0.3cm}
As a payment system, Taler naturally needs to make sure that coins are
@@ -559,7 +559,7 @@ limiting the exchange's financial liability.
On the cryptographic side, a Taler exchange demands that coins use a
full domain hash (FDH) to make so-called ``one-more forgery'' attacks
provably hard, assuming the RSA known-target inversion problem is
-hard~\cite[Theorem 12]{RSA-HDF-KTIvCTI}. For a withdrawn coin,
+hard~\cite[Theorem 12]{RSA-FDH-KTIvCTI}. For a withdrawn coin,
violating the customers anonymity cryptographically requires recognizing
a random blinding factor from a random element of the group of
integers modulo the denomination key's RSA modulus, which appears
@@ -1466,6 +1466,14 @@ protocol is never used.
\subsection{Exculpability arguments}
+In \S\ref{subsec:security_rough},
+we quoted \cite[Theorem 12]{RSA-FDH-KTIvCTI} that RSA-FDH blind
+signatures are secure against ``one-more forgery'' attacks, assuming
+ the RSA known-target inversion problem is hard.
+We note as well that ``one-more forgery'' attacks cover both the
+refresh operation as well as the withdrawal operarion
+ \cite[Definition 12]{RSA-FDH-KTIvCTI,OneMoreInversion}.
+
\begin{lemma}\label{lemma:double-spending}
The exchange can detect, prevent, and prove double-spending.
\end{lemma}
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-exchange] branch master updated: More on RSA-KTI,
gnunet <=