diff options
author | Sree Harsha Totakura <sreeharsha@totakura.in> | 2015-10-26 11:49:08 +0100 |
---|---|---|
committer | Sree Harsha Totakura <sreeharsha@totakura.in> | 2015-10-26 11:49:08 +0100 |
commit | 5ff88d055e5b2ca1dfa166887f8aeb94574d3ef7 (patch) | |
tree | 742537298141fd61370b565cda2b20cd1741b956 /doc/paper | |
parent | b5577716af281fd51544bb9b27d1cea528d97a0a (diff) |
fix notation is refreshing protocol
Diffstat (limited to 'doc/paper')
-rw-r--r-- | doc/paper/taler.tex | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 7d3c4e33e..69c2ad40c 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -826,14 +826,14 @@ generator of the elliptic curve. where $K_i := H(c'_s T_p^{(i)})$, and commits $\langle C', \vec{T}, \vec{C}, \vec{b} \rangle$ to disk. - Our computation of $K_i$ is a effectively a Diffie-Hellman operation + Our computation of $K_i$ is effectively a Diffie-Hellman operation between the private key $c'_s$ of the original coin with - the public transfer key $T_p^{(i)}_p$. + the public transfer key $T_p^{(i)}$. \item The customer computes $B^{(i)} := B_{b^{(i)}}(C^{(i)}_p)$ for $i \in \{1,\ldots,\kappa\}$ and sends a commitment - $S_{C'}(\vec{E}, \vec{B}, \vec{T_p}))$ to the mint. + $S_{C'}(\vec{E}, \vec{B}, \vec{T_p})$ to the mint. \item The mint generates a random $\gamma$ with $1 \le \gamma \le \kappa$ and marks $C'_p$ as spent by committing - $\langle C', \gamma, S_{C'}(\vec{E}, \vec{B}, \vec{T}) \rangle$ to disk. + $\langle C', \gamma, S_{C'}(\vec{E}, \vec{B}, \vec{T_p}) \rangle$ to disk. Auditing processes should assure that $\gamma$ is unpredictable until this time to prevent the mint from assisting tax evasion. \item The mint sends $S_{K'}(C'_p, \gamma)$ to the customer where @@ -881,7 +881,7 @@ request $S_{C'}(\mathtt{link})$ with $(T^{(\gamma)}_p$, $E^{(\gamma)}, % This allows the owner of the melted coin to also obtain the private key of the new coin, even if the refreshing protocol was illicitly -executed with the help of another party who generated $C_s$ and only +executed with the help of another party who generated $\vec{c_s}$ and only provided $\vec{C_p}$ and other required information to the old owner. As a result, linking ensures that access to the new coins minted by the refresh protocol is always {\em shared} with the owner of the |