diff options
author | Jeffrey Burdges <burdges@gnunet.org> | 2017-05-16 01:02:48 +0200 |
---|---|---|
committer | Jeffrey Burdges <burdges@gnunet.org> | 2017-05-16 01:02:48 +0200 |
commit | 709e53be6edfc4ad6d9a44a93204e55abd00d712 (patch) | |
tree | 531b8319c3dd27e574129d0513b8685692d83011 | |
parent | 1a2facbd2b7536379277bb746c5853186cc673cb (diff) |
Add a suitable argument for KDF under the random oracle model.
-rw-r--r-- | doc/paper/taler.tex | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 70378d4f2..71657fc02 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -1498,7 +1498,33 @@ any PPT adversary with an advantage for linking Taler coins gives rise to an adversary with an advantage for recognizing SHA512 output. \end{proposition} -We now apply \cite[??]{??} to deduce : +% TODO: Is independence here too strong? + +We may now remove the encrpytion by appealing to the random oracle model +\cite{BR-RandomOracles}. + +\begin{lemma}[\cite[??]{??}] +Consider a protocol that commits to random data by encrypting it +using a secret derived from a Diffe-Hellman key exchange. +In the random oracle model, we may replace this encryption with +a hash function derives the random data by applying hash functions +to the same secret. +\end{lemma} + +\begin{proof} +We work with the usual instantiation of the random oracle model as +returning a random string and placing it into a database for future +queries. + +We take the random number generator that drives this random oracle +to be the random number generator used to produce the random data +that we encrypt in the old encryption based version of Taler. +Now our random oracle scheme gives the same result as our scheme +that encrypts random data, so the encryption becomes superfluous +and may be omitted. +\end{proof} + +We may now conclude that Taler remains unlinkable even with the refresh protocol. \begin{theorem} In the random oracle model, any PPT adversary with an advantage @@ -1512,7 +1538,7 @@ proves that out linking protocol \S\ref{subsec:linking} does not degrade privacy. - +\end{document} |