[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] presenting refreshment (was: G the generator)
From: |
Fabian Kirsch |
Subject: |
[Taler] presenting refreshment (was: G the generator) |
Date: |
Tue, 06 Oct 2015 00:13:10 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 |
Hi Christian
first: about the term 'identity', which was quite a bad choice.
what about 'unminted coins' vs. 'minted coins'?
a keypair whose public key wasn't signed yet by the mint is unminted.
so
1.) the customer provides unminted coins with corresponding links and
commits to them,
2.) the mint chooses one of the links to go unchecked,
3.) the customer prooves his fairplay by revealing the unchoosen links
4.) the satisfied mint makes the chosen coin a minted coin by signing it.
about the nature of the link:
> reveal [..] mint must be able to verify that the decryption works
without learning the private key of the old coin,
yes. "revealing" means the customer reveals the "plaintext" of the link.
anybody can check that the decryption works by just encrypting the
plaintext again (IF its a nonprobabilistic encryption).
SHOULD the encryption be probabilistic (which it is in the current
implementation) THEN the random element has to be revealed
as well in order to check the decryptability by encrypting again.
And sugar on top: revealing the random element often makes the plaintext
easily recoverable which saves some transfers.
> customer performing linking must be able to do it without knowing the
private transfer key.
yes. encrypting anything with the old coin's public key allows the
customer (who knows the old coin's private key) to decrypt it.
> DH satisfies this,
so DH is sufficient (which i never questioned), but it is not necessary,
and there is no written comparison to other options.
I don't question the DH+Enc_K to be a good choice. I really don't like
it presented as if there was no choice at all.
> So yes, there are arguments for this.
greetings Fabian
- [Taler] G the generator, Fabian Kirsch, 2015/10/08
- Re: [Taler] G the generator, Luis Ressel, 2015/10/08
- Re: [Taler] G the generator, Christian Grothoff, 2015/10/08
- Re: [Taler] G the generator, Fabian Kirsch, 2015/10/08
- Re: [Taler] G the generator, Luis Ressel, 2015/10/08
- Re: [Taler] G the generator, Fabian Kirsch, 2015/10/08
- Message not available
- Re: [Taler] G the generator, Fabian Kirsch, 2015/10/08
- Re: [Taler] G the generator, Christian Grothoff, 2015/10/08
- [Taler] presenting refreshment (was: G the generator),
Fabian Kirsch <=
- Re: [Taler] presenting refreshment, Christian Grothoff, 2015/10/08
- Re: [Taler] presenting refreshment, Jeff Burdges, 2015/10/08
- Re: [Taler] presenting refreshment, fabian . kirsch, 2015/10/08
- Re: [Taler] presenting refreshment, Christian Grothoff, 2015/10/08
- Re: [Taler] presenting refreshment, Christian Grothoff, 2015/10/08
- Re: [Taler] presenting refreshment, fabian . kirsch, 2015/10/08
- Re: [Taler] presenting refreshment, Christian Grothoff, 2015/10/08
- Re: [Taler] presenting refreshment, Jeff Burdges, 2015/10/08
Re: [Taler] G the generator, Jeff Burdges, 2015/10/08