aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/paper/taler.bib10
-rw-r--r--doc/paper/taler.tex7
2 files changed, 8 insertions, 9 deletions
diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib
index b22e9eb55..08b0da408 100644
--- a/doc/paper/taler.bib
+++ b/doc/paper/taler.bib
@@ -206,16 +206,8 @@
url="https://eprint.iacr.org/2001/002"
}
-@misc{cryptoeprint:2001:002,
- author = {M. Bellare and C. Namprempre and D. Pointcheval and M. Semanko},
- title = {The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme},
- howpublished = {Cryptology ePrint Archive, Report 2001/002},
- year = {2001},
- note = {\url{http://eprint.iacr.org/}},
-}
-
-@inbook{RSA-KTIvCTI,
+@inbook{RSA-HDF-KTIvCTI,
author="Bellare, Mihir and Namprempre, Chanathip and Pointcheval, David and Semanko, Michael",
editor="Syverson, Paul",
chapter="The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme",
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
index 5ad93ec32..649e12de6 100644
--- a/doc/paper/taler.tex
+++ b/doc/paper/taler.tex
@@ -418,11 +418,18 @@ and that he paid his obligations.
Neither the merchant nor the customer may have any ability to {\em
effectively} defraud the exchange or the state collecting taxes. Here,
``effectively'' means that the expected return for fraud is negative.
+In particular, Taler employs a full domain hash (FDH) with RSA signatures
+so that ``one-more forgery'' is hard assuming the RSA known-target
+inversion problem is hard.\cite[Theorem12]{RSA-HDF-KTIvCTI}
+% \cite[Theorem 6.2]{OneMoreInversion}
Note that customers do not need to be trusted in any way, and that in
particular it is never necessary for anyone to try to recover funds
from customers using legal means.
+
+
+
\subsection{Taxability and Entities}
As electronic coins are trivially copied between machines, we should