From fe7962ce09c696e22b35201bc8cd881772127384 Mon Sep 17 00:00:00 2001
From: callebtc <93376500+callebtc@users.noreply.github.com>
Date: Sat, 24 Sep 2022 09:07:12 +0300
Subject: [PATCH] notation

---
 docs/README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 docs/README.md

diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000..6e3f5b3
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,25 @@
+# Notation
+
+Sending user: `Alice`
+Receivung user: `Carol`
+Mint: `Bob`
+
+## Bob (mint)
+- `k` private key of mint (one for each supported amount)
+- `K` public key of mint
+- `Q` promise (blinded signature)
+
+## Alice (user)
+- `x` random string (secret message), corresponds to point `Y` on curve
+- `r` private key (blinding factor)
+- `T` blinded message
+- `Z` proof (unblinded signature)
+
+# Blind Diffie-Hellmann key exchange (BDH)
+-   Mint `Bob` publishes `K = kG` 
+-   `Alice` picks secret `x` and computes `Y = hash_to_point(x)` 
+-   `Alice` sends to `Bob`: `T = Y + rG` with `r` being a random nonce
+-   `Bob` sends back to `Alice` blinded key: `Q = kT` (these two steps are the DH key exchange)
+-   `Alice` can calculate the unblinded key as `Q - rK = kY + krG - krG = kY = Z`
+-   Alice can take the pair `(x, Z)` as a token and can send it to `Carol`.
+-   `Carol` can send `(x, Z)` to `Bob` who then checks that `k*hash_to_point(x) == Z`, and if so treats it as a valid spend of a token, adding `x`  to the list of spent secrets.
\ No newline at end of file