aboutsummaryrefslogtreecommitdiff
path: root/doc/paper
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-04-29 04:19:52 +0200
committerJeff Burdges <burdges@gnunet.org>2016-04-29 04:19:52 +0200
commite7d4ccec9886e11f35bc31301e2ba1cb47028203 (patch)
tree641a664a1857d2caa6cf96971ed88989fd2d9aa1 /doc/paper
parente7e14f30091282723ea03274d83c43018d0633a1 (diff)
Add line on RSA-FDH to Taler paper.
I could obviously say more, and I really should clean up the text around it, but not now.
Diffstat (limited to 'doc/paper')
-rw-r--r--doc/paper/taler.bib10
-rw-r--r--doc/paper/taler.tex7
2 files changed, 8 insertions, 9 deletions
diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib
index b22e9eb55..08b0da408 100644
--- a/doc/paper/taler.bib
+++ b/doc/paper/taler.bib
@@ -206,16 +206,8 @@
url="https://eprint.iacr.org/2001/002"
}
-@misc{cryptoeprint:2001:002,
- author = {M. Bellare and C. Namprempre and D. Pointcheval and M. Semanko},
- title = {The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme},
- howpublished = {Cryptology ePrint Archive, Report 2001/002},
- year = {2001},
- note = {\url{http://eprint.iacr.org/}},
-}
-
-@inbook{RSA-KTIvCTI,
+@inbook{RSA-HDF-KTIvCTI,
author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and Semanko, Michael",
editor="Syverson, Paul",
chapter="The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme",
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
index 5ad93ec32..649e12de6 100644
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@ -418,11 +418,18 @@ and that he paid his obligations.
Neither the merchant nor the customer may have any ability to {\em
effectively} defraud the exchange or the state collecting taxes. Here,
``effectively'' means that the expected return for fraud is negative.
+In particular, Taler employs a full domain hash (FDH) with RSA signatures
+so that ``one-more forgery'' is hard assuming the RSA known-target
+inversion problem is hard.\cite[Theorem12]{RSA-HDF-KTIvCTI}
+% \cite[Theorem 6.2]{OneMoreInversion}
Note that customers do not need to be trusted in any way, and that in
particular it is never necessary for anyone to try to recover funds
from customers using legal means.
+
+
+
\subsection{Taxability and Entities}
As electronic coins are trivially copied between machines, we should