gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[donau] 05/10: changed to donau service and agreed on removing tax autho


From: gnunet
Subject: [donau] 05/10: changed to donau service and agreed on removing tax authority when not needed
Date: Thu, 23 Jan 2025 00:25:05 +0100

This is an automated email from the git hooks/post-receive script.

tanja-lange pushed a commit to branch master
in repository donau.

commit 786cf42cfd28a2f0d16fe02bcbb24c7208ff5227
Author: Tanja Lange <tanja@hyperelliptic.org>
AuthorDate: Wed Jan 22 22:31:08 2025 +0100

    changed to donau service and agreed on removing tax authority when not 
needed
---
 doc/usenix-security-2025/paper/technicaldesign.tex | 66 +++++++++++-----------
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/doc/usenix-security-2025/paper/technicaldesign.tex 
b/doc/usenix-security-2025/paper/technicaldesign.tex
index 4b9912c..a96a120 100644
--- a/doc/usenix-security-2025/paper/technicaldesign.tex
+++ b/doc/usenix-security-2025/paper/technicaldesign.tex
@@ -31,6 +31,7 @@ top of this core protocol design.
 
 This section provides a technical overview of our Donau protocol, starting with
 some cryptographic background followed by the setup and usage.
+The Donau service is typically run by the tax authority but can be an 
independent entity.
 
 % The first section introduces some notation and definitions used later on in 
the protocol description.
 % Concepts from cryptography are also explained when necessary.
@@ -118,29 +119,30 @@ by unblinding $s'$ by computing $s'/r \bmod n$.
 \subsection{Key generation and initial 
setup}\label{key_generation_and_initial_setup}
 
 Before incognito donations to charities can be executed, all participants in
-the donation system (i.e., the Donau, charities, and donors) must perform some
+the donation system (i.e., the Donau service, charities, and donors) must 
perform some
 initial setup steps.
 
-\subsubsection{Donau key generation}\label{donau_key_generation}
+\subsubsection{Donau service key generation}\label{donau_key_generation}
 \begin{enumerate}
-\item The Donau generates an Ed25519~\cite{DBLP:journals/jce/BernsteinDLSY12} 
keypair
+\item The Donau service generates an 
Ed25519~\cite{DBLP:journals/jce/BernsteinDLSY12} keypair
   $(D^{\pub}$, $D^{\priv})$, called the {\bf Donau Key}, for digital 
signatures.
-  \item The Donau also generates a set of \textbf{Donation Unit} keypairs
+  \item The Donau service also generates a set of \textbf{Donation Unit} 
keypairs
 $(K_x^{\pub}, K_x^{\priv})$ for blind signatures, corresponding to different
 currency denominations $x$ that a donation can be composed of.
 \end{enumerate}
-The Donau publishes all public keys over an authenticated channel.
+The Donau service publishes all public keys over an authenticated channel.
 It uses fresh Donation Unit keys for each tax period.
 
 \subsubsection{Charity key generation and 
registration}\label{charity_key_generation}
 \begin{enumerate}
   \item Each charity generates its own Ed25519 {\bf Charity Key} $( C^{\pub},
 C^{\priv} )$.
-  \item The charity also fetches the Donation Unit public keys from the Donau.
-  \item The charity transmits its public key $C^{\pub}$ to the party 
controlling the Donau (e.g the
-local tax authority) using an authenticated channel.
-  \item The party in charge of Donau administration (usually the relevant tax
-authority) ensures that the charity is authentic and a legally recognized
+  \item The charity also fetches the Donation Unit public keys from the
+Donau service.
+  \item The charity transmits its public key $C^{\pub}$ to the party 
controlling the Donau service
+using an authenticated channel.
+  \item The party in charge of Donau service administration
+validates that the charity is authentic and a legally recognized
 charitable organization. After successful verification, the charity public key
 $C^{\pub}$ is registered in the Donau database.
 \end{enumerate}
@@ -158,7 +160,7 @@ prevent guessing attacks, and {\tt TAXID} is their taxpayer 
ID.
 The donor stores the salt $S$ along with their $\DI$.
 
 A donor uses their Donor Identifier every time they
-make a donation and again when requesting a donation receipt from the Donau.
+make a donation and again when requesting a donation receipt from the Donau 
service.
 
 They need to use the salt to link the Donation Identifier to their tax
 ID and claim the tax benefits for their donation. The use of the salt
@@ -168,11 +170,11 @@ without $S$, even if they know {\tt TAXID}.
 
 \subsection{Donating to a charity}\label{donating_to_a_charity}
 % \subsection{Donor donates to charity and transmits \textbf{Unique Donor 
identifiers} (future donation receipts)}
-When a donor wishes to donate to a charity, they first retrieve the Donau's 
Donation Unit
+When a donor wishes to donate to a charity, they first retrieve the Donau 
service's Donation Unit
 public keys $K_x^{\pub}$ for the current tax period.
-The donor then represents their donation as a sum of the Donation Units 
offered by the Donau.
+The donor then represents their donation as a sum of the Donation Units 
offered by the Donaus ervice.
 
-\emph{Example: Assuming the Donau publishes the Donation units $\{1,2,4,8\}$, 
a donation of $7$ would be split into 1 unit each of the values $4$, $2$ and 
$1$.}
+\emph{Example: Assuming the Donau service publishes the Donation units 
$\{1,2,4,8\}$, a donation of $7$ would be split into 1 unit each of the values 
$4$, $2$ and $1$.}
 
 For each necessary Donation Unit the donor generates a \textbf{Unique Donor
 Identifier (UDI)} by appending a random nonce $N_i$ to the value $\DI$.
@@ -191,7 +193,7 @@ The donor must remember all UDIs.
 
 Next the donor blinds the Unique Donor Identifiers using a unique blinding 
factor for each one.
 This hides the information in the UDIs from third parties, including the Donau
-and charity, and protects against linkability. The result is a set of {\bf 
Blinded Unique Donor Identifiers (BUDIs)}.
+service and charity, and protects against linkability. The result is a set of 
{\bf Blinded Unique Donor Identifiers (BUDIs)}.
 
 {\em In our example, the Blinded Unique Donor Identifiers would be}
 \begin{align*}
@@ -205,7 +207,7 @@ So far, the \textbf{Blinded Unique Donor Identifiers} do 
not carry information a
 The \emph{intended effective value is indicated} by grouping each Unique Donor 
Identifier with
 the hash of its respective Donation Unit public key $K^{\pub}_x$.
 We call this pair a \textbf{Blinded Unique Donor Identifier Key Pair} 
(\textbf{BKP}).
-It is only the \emph{intended effective} value because their value is zero 
until they are signed by the Donau.
+It is only the \emph{intended effective} value because their value is zero 
until they are signed by the Donau service.
 Note that they must be signed with the matching Donation Unit key as the
 blinding and unblinding operations rely strongly on the public key.
 
@@ -240,37 +242,37 @@ That is, it computes
 \begin{align*}
     \sigma_c = \sign(\vec{\mu}, C^{\priv})
 \end{align*}
-The charity sends the array $\vec{\mu}$ of BKPs and their signature $\sigma_c$ 
to the Donau to generate a receipt.
+The charity sends the array $\vec{\mu}$ of BKPs and their signature $\sigma_c$ 
to the Donau service to generate a receipt.
 
-\subsection{Donau generates donation 
receipt}\label{donau_creates_donation_receipt}
-When the Donau receives a signed set of BKPs from a charity, it verifies the 
charity's signature.
+\subsection{Donau service generates donation 
receipt}\label{donau_creates_donation_receipt}
+When the Donau service receives a signed set of BKPs from a charity, it 
verifies the charity's signature.
 It then checks that no legal restrictions are being violated.
-If none are, the Donau increments its record of the charity's total receipts 
by the
+If none are, the Donau service increments its record of the charity's total 
receipts by the
 total amount of the donation, i.e., the sum of the denominations used in the
 BKPs.
-The Donau then blindly signs all BUDIs using the Donation Unit private keys
+The Donau service then blindly signs all BUDIs using the Donation Unit private 
keys
 $K_x^{\priv}$
 that correspond to the public keys hashed in the BKPs.
 
-{\em In our example, the Donau blindly signs the three BUDIs submitted by the 
charity}
+{\em In our example, the Donau service blindly signs the three BUDIs submitted 
by the charity}
 \begin{align*}
   \overline{\beta_1} = \blind\_\sign(\overline u_1, K_1^{\priv}) \\
   \overline{\beta_2} = \blind\_\sign(\overline u_2, K_2^{\priv}) \\
   \overline{\beta_3} = \blind\_\sign(\overline u_3, K_4^{\priv})
 \end{align*}
 
-These signatures constitute a blinded donation receipt from the Donau, and the 
Donau sends these back to the charity,
+These signatures constitute a blinded donation receipt from the Donau service, 
and the Donau s ervice sends these back to the charity,
 which in turn forwards them to the donor.
 
 \subsection{Donor receives donation 
receipt}\label{donor_receives_donation_receipt}
-Upon receiving the blinded donation receipt from the Donau via the charity,
+Upon receiving the blinded donation receipt from the Donau service via the 
charity,
 the donor verifies the blind signatures over the BUDIs.
 If they verify, the donor then unblinds them to obtain signatures over the 
original UDIs.
 These UDIs, their unblinded signatures, and their respective hashed Donation 
Unit public keys
 constitute a collection of donation receipts.
 These donation receipts are stored on the donor's device.
 
-{\em In our example: the donor unblinds the Donau signatures 
$\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$, obtaining:}
+{\em In our example: the donor unblinds the Donau service signatures 
$\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$, obtaining:}
 \begin{align*}
   \beta_1 &= \unblind(\overline{\beta_1}, b_1, K_1^{\pub}) \\
   \beta_2 &= \unblind(\overline{\beta_2}, b_2, K_2^{\pub}) \\
@@ -283,10 +285,10 @@ These donation receipts are stored on the donor's device.
   r_3 &= ( \UDI_3, \beta_3, h(K_4^{\pub}) )
 \end{align*}
 
-\subsection{Donor requests an annual donation statement from 
Donau}\label{donor_requests_a_donation_statement_from_the_donau}
+\subsection{Donor requests an annual donation statement from Donau 
service}\label{donor_requests_a_donation_statement_from_the_donau}
 In order for the donor to claim a tax deduction,
 the donor needs to obtain a final donation statement which can be sent to the 
tax authority.
-The donor sends their saved donation receipts $\{r_1, \ldots, r_k\}$, 
accumulated throughout the tax period, to the Donau.
+The donor sends their saved donation receipts $\{r_1, \ldots, r_k\}$, 
accumulated throughout the tax period, to the Donau service.
 This can in principle be done multiple times during the tax period;
 however, the receipts must not be submitted at a time strongly correlated with 
the donation to achieve
 \emph{unlinkability} between the \emph{issuance} of the receipts (which 
happens at the time of donation)
@@ -295,7 +297,7 @@ and their \emph{submission} for the Donation Statement.
 Remember that each $\UDI$ is the concatenation of the donor identifier $\DI$ 
and
 a random nonce, i.e., they all start with the same $\DI$.
 
-Once the Donau receives the donor's donation receipts, it checks that for each 
receipt:
+Once the Donau service receives the donor's donation receipts, it checks that 
for each receipt:
 \begin{itemize}
   \item the public key $K_x^{\pub}$ is known.
   \item the signature $\beta$ is correct using the corresponding public key
@@ -306,13 +308,13 @@ $K_x^{\pub}$.
 identified as $\DI$.
 \end{itemize}
 
-Importantly, the Donau does not see signatures of the charities the donor
+Importantly, the Donau service does not see signatures of the charities the 
donor
 donated to, so it does not know where the donor spent money.
 They also only see a collection of common denominations, so they are unable to 
correlate total donation amounts per charity.
-Finally, the receipts are unblinded, so they are unlinkable to any signature 
the Donau has seen before.
+Finally, the receipts are unblinded, so they are unlinkable to any signature 
the Donau service has seen before.
 
-The Donau then generates a signature over the total \texttt{amount} of all 
receipts, the current tax period (\texttt{year}) and the Donor Identifier.
-This results in a final signature called the \textbf{Donation Statement}, 
which the Donau returns to the donor:
+The Donau service then generates a signature over the total \texttt{amount} of 
all receipts, the current tax period (\texttt{year}) and the Donor Identifier.
+This results in a final signature called the \textbf{Donation Statement}, 
which the Donau service returns to the donor:
 \begin{align*}
   \sigma_s = \sign(( \DI, \textsf{amount}_{\sf Total}, \textsf{year}) ),
 D^{\priv})

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]