diff options
| author | Jeffrey Burdges <burdges@gnunet.org> | 2017-05-22 15:20:48 +0200 |
|---|---|---|
| committer | Jeffrey Burdges <burdges@gnunet.org> | 2017-05-22 15:20:48 +0200 |
| commit | 91e31719824ef0607dcb73d9a5c42d8687dca819 (patch) | |
| tree | 7fbfcc74c92e152893f8db438944c1b7311b2159 /doc/paper | |
| parent | a838af7dda84731e65e0da93d4568bd62b2d2e0c (diff) | |
minor TODO
Diffstat (limited to 'doc/paper')
| -rw-r--r-- | doc/paper/taler.tex | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 8448ba767..ba4d3fa23 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -1408,7 +1408,9 @@ Diffie-Hellman key exchange on curve25519. \begin{proof} We work with the usual instantiation of the random oracle model as returning a random string and placing it into a database for future -queries. +queries. +% TODO: this paragraph seems superfluous since its kinda sucked into +% the reference. We have a shared secret $k$ derived from an ECDH from which we derive the encryption key used in the old protocol to encrypt the new coin's @@ -1418,7 +1420,7 @@ keyed by $k$. We can do this because first the data is encrypted and second revealing the new coin's blinding factor or public or private keys later reveals nothing about $k$, thanks to \cite[Theorem 4.1]{Rudich88}. -After this modfication, our real KDF scheme with the KDF instantiated +After this modification, our real KDF scheme with the KDF instantiated by the random oracle $R$ gives the same result as our scheme that encrypts data produced by $R$. We now observe the encryption has becomes superfluous and may be omitted, as another party who learns |