gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] 14/15: added description of how to derive cs-nonce from the

From: gnunet
Subject: [taler-docs] 14/15: added description of how to derive cs-nonce from the coin_priv for withdraw-age
Date: Wed, 11 Jan 2023 17:27:46 +0100 
This is an automated email from the git hooks/post-receive script.

oec pushed a commit to branch master
in repository docs.

commit d968732afb32da7b7ec1ea4c54e3fcced530e5f3
Author: Özgür Kesim <oec-taler@kesim.org>
AuthorDate: Wed Jan 11 17:27:06 2023 +0100

    added description of how to derive cs-nonce from the coin_priv for 
withdraw-age
---
 core/api-exchange.rst                    |  8 ++++++++
 design-documents/024-age-restriction.rst | 12 ++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index ab04635..db192e0 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -2190,6 +2190,10 @@ If so, the exchange will blindly sign ``n`` undisclosed 
coins from the request.
   .. ts:def:: AgeWithdrawRevealRequest
 
     interface AgeWithdrawRevealRequest {
+      // The public key of the reserve that was used for the initial commitment
+      // request.  Needed for optimized database lookup.
+      reserve_pub: EddsaPublicKey;
+
       // Array of ``n`` hash codes of denomination public keys to order.
       // These denominations MUST support age restriction as defined in the
       // output to /keys.
@@ -2217,6 +2221,10 @@ If so, the exchange will blindly sign ``n`` undisclosed 
coins from the request.
       // Calculate the blinding beta as
       //    beta := HKDF(coin_priv, "blinding")
       //
+      // If the denominations are for Clause-Schnorr-Signatures, calculate the
+      // nonce as
+      //    nonce := HKDF(coin_priv, "cs-nonce")
+      //
       // Let m ∈  {1,...,M} be the maximum age group as defined in the reserve
       // that the wallet can commit to.
       //
diff --git a/design-documents/024-age-restriction.rst 
b/design-documents/024-age-restriction.rst
index b955343..5b6e091 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -392,6 +392,13 @@ Then calculate the blinding :math:`\beta` for the coin as
 .. math::
      \beta &:= \text{HKDF}(c_s, \text{"blinding"})
 
+If the denomination is using Clause-Schnorr signatures, calculate the nonce
+:math:`n` for the coin as
+
+.. math::
+     n &:= \text{HKDF}(c_s, \text{"cs-nonce"})
+
+
 
 For the age commitment, calculate:
 
@@ -414,8 +421,9 @@ the wallet can use the vector 
:math:`(p_1,\ldots,p_m,\bot,\ldots,\bot)` of
 private keys for the attestation.
 
 Provided with the private key :math:`c_s`, the exchange can therefore calculate
-the blinding :math:`\beta` and the age commitment :math:`\vec{q}` itself, along
-with the coin's public key :math:`C_p` and use the value of
+the blinding :math:`\beta`, the nonce :math:`n` (if needed) and the age
+commitment :math:`\vec{q}` itself, along with the coin's public key :math:`C_p`
+and use the value of
 
 .. math::
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]