diff options
author | Christian Grothoff <christian@grothoff.org> | 2016-10-25 15:23:46 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2016-10-25 15:23:46 +0200 |
commit | 29fa45446b15d69dedd1fcf01cc65292a9ac120f (patch) | |
tree | 30d86caf2ed7e7918fb164cf69f71824ef9ce05c /doc | |
parent | 176078bb8c961603e897d58dfed6406148fe94d5 (diff) | |
download | exchange-29fa45446b15d69dedd1fcf01cc65292a9ac120f.tar.xz |
avoid introducing G twice
Diffstat (limited to 'doc')
-rw-r--r-- | doc/paper/taler.tex | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 0b5bcc60b..54e4c0e13 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -796,17 +796,16 @@ denomination $K$ is melted to obtain a fresh coin $\widetilde{C}$ with the same denomination. In practice, Taler uses a natural extension where multiple fresh coins are generated a the same time to enable giving precise change matching any amount. -In the protocol, $\kappa \ge 3$ is a security parameter for the -cut-and-choose part of the protocol and $G$ is the -generator of the elliptic curve. - -We note that $\kappa = 3$ is actually perfectly sufficient in most -cases in practice, as the cut-and-choose protocol does not need to -provide cryptographic security: If the maximum applicable tax is less -than $\frac{2}{3}$, then detecting $\kappa = 3$ ensures that cheating -results in a negative return on average as $\kappa - 1$ out of -$\kappa$ attempts to cheat are detected. This makes the use of -cut-and-choose practical and efficient in this context. + +In the protocol, $\kappa \ge 2$ is a security parameter for the +cut-and-choose part of the protocol. $\kappa = 3$ is actually +perfectly sufficient in most cases in practice, as the cut-and-choose +protocol does not need to provide cryptographic security: If the +maximum applicable tax is less than $\frac{2}{3}$, then detecting +$\kappa = 3$ ensures that cheating results in a negative return on +average as $\kappa - 1$ out of $\kappa$ attempts to cheat are +detected. This makes the use of cut-and-choose practical and +efficient in this context. % FIXME: I'm explicit about the rounds in postquantum.tex |