[taler-docs] branch master updated: need coin's master secret for age-wi

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated: need coin's master secret for age-wi

From:	gnunet
Subject:	[taler-docs] branch master updated: need coin's master secret for age-withdraw
Date:	Sun, 12 Mar 2023 22:41:18 +0100

This is an automated email from the git hooks/post-receive script.

oec pushed a commit to branch master
in repository docs.

The following commit(s) were added to refs/heads/master by this push:
     new fbba983  need coin's master secret for age-withdraw
fbba983 is described below

commit fbba9835f225bb03ac6a6d4910adcc078588eeed
Author: Özgür Kesim <oec-taler@kesim.org>
AuthorDate: Sun Mar 12 22:41:13 2023 +0100

    need coin's master secret for age-withdraw
---
 core/api-exchange.rst                    | 46 +++++++++++++++-----------------
 design-documents/024-age-restriction.rst | 29 +++++---------------
 2 files changed, 29 insertions(+), 46 deletions(-)

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
index fad19e8..1909006 100644
--- a/core/api-exchange.rst
+++ b/core/api-exchange.rst
@@ -2468,47 +2468,45 @@ If so, the exchange will blindly sign ``n`` undisclosed 
coins from the request.
       // in ``denoms_h``.
       coin_evs:  CoinEnvelope[];
 
-      // Array of ``n`` arrays of ``kappa - 1`` disclosed coin private keys,
-      // from which the associated age commitments are also derived.
-      disclosed_coins: DisclosedAgeRestrictedCoin[][];
-
-    }
-
-  .. ts:def:: DisclosedAgeRestrictedCoin
-
-    interface DisclosedAgeRestrictedCoin {
-      // A coin's private key.  The associated blinding and age commitment for
-      // this coin MUST be derived from this private key as follows:
+      // Array of ``n`` of ``(kappa - 1)`` disclosed coin secrets, from
+      // which the coins' private key ``coin_priv``, blinding ``beta`` and 
nonce
+      // ``nonce`` (for Clause-Schnorr) itself are derived as usually in wallet
+      // core.
+      // (TODO: description of the derivation process of the coin's private
+      // key, blinding and nonce).
       //
-      // Calculate the blinding beta as
-      //    beta := HKDF(coin_priv, "blinding")
-      //
-      // If the denominations are for Clause-Schnorr-Signatures, calculate the
-      // nonce as
-      //    nonce := HKDF(coin_priv, "cs-nonce")
+      // Given a coin's secret, the age commitment for the coin MUST be
+      // derived from this private key as follows:
       //
       // Let m ∈  {1,...,M} be the maximum age group as defined in the reserve
       // that the wallet can commit to.
       //
       // For age group $AG ∈  {1,...m}, set
-      //     seed = HDKF(coin_priv, "age-commitment", $AG)
+      //     seed = HDKF(coin_secret, "age-commitment", $AG)
       //   p[$AG] = Edx25519_generate_private(seed)
       // and calculate the corresponding Edx25519PublicKey as
       //   q[$AG] = Edx25519_public_from_private(p[$AG])
       //
       // For age groups $AG ∈  {m,...,M}, set
-      //   f[$AG] = HDKF(coin_priv, "age-factor", $AG)
+      //   f[$AG] = HDKF(coin_secret, "age-factor", $AG)
       // and calculate the corresponding Edx25519PublicKey as
       //   q[$AG] = Edx25519_derive_public(`PublishedAgeRestrictionBaseKey`, 
f[$AG])
       //
-      // Finally, with coin_priv and age commitment (q[]), the exchange
-      // will calculate the coin's public key coin_pub and use the
-      //    TALER_CoinPubHashP(coin_pub, age_commitment_hash(q))
-      // during the verification of the original age-withdraw-commitment.
-      coin_priv: EddsaPrivateKey;
+      // Given each coin's private key and age commitment (``q[]``), the
+      // exchange will calculate each coin's blinded hash value und use all
+      // those (disclosed) blinded hashes together with the non-disclosed
+      // envelopes ``coin_evs`` during the verification of the original
+      // age-withdraw-commitment.
+      disclosed_coin_secrets: AgeRestrictedCoinSecret[][];
 
     }
 
+  .. ts:def:: AgeRestrictedCoinSecret
+
+    // The Master key material for the derivation of age restricted private
+    // coins, blinding factors and age restrictions
+    type AgeRestrictedCoinSecret = string;
+
   .. ts:def:: PublishedAgeRestrictionBaseKey
 
     // The value for ``PublishedAgeRestrictionBaseKey`` is a randomly chosen
diff --git a/design-documents/024-age-restriction.rst 
b/design-documents/024-age-restriction.rst
index 6ad7c3d..db39234 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -380,39 +380,25 @@ the coin's private key itself as follows:
 
 Let
 
-- :math:`c_s` be the private key of the coin,
+- :math:`s` be the master secret of the coin, from which the private key 
:math:`c_s`, blinding :math:`\beta` and nonce :math:`n` are derived as usual in 
the wallet core
 - :math:`m \in \{1,\ldots,M\}` be the maximum age (according to the reserve)
   that a wallet can commit to during the withdrawal.
 - :math:`P` be a published constant Edx25519-public-key to which the private
   key is not known to any client.
 
-
-Then calculate the blinding :math:`\beta` for the coin as
-
-.. math::
-     \beta &:= \text{HKDF}(c_s, \text{"blinding"})
-
-If the denomination is using Clause-Schnorr signatures, calculate the nonce
-:math:`n` for the coin as
-
-.. math::
-     n &:= \text{HKDF}(c_s, \text{"cs-nonce"})
-
-
-
 For the age commitment, calculate:
 
 1. For age group :math:`a \in \{1,\ldots,m\}`, set
 
 .. math::
-           s_a &:= \text{HDKF}(c_s, \text{"age-commitment"}, a) \\
+           s_a &:= \text{HDKF}(s, \text{"age-commitment"}, a) \\
            p_a &:= \text{Edx25519\_generate\_private}(s_a) \\
            q_a &:= \text{Edx25519\_public\_from\_private}(p_a)
 
 2. For age group :math:`a \in \{m,\ldots,M\}`, set
 
 .. math::
-           f_a &:= \text{HDKF}(c_s, \text{"age-factor"}, a) \\
+           f_a &:= \text{HDKF}(s, \text{"age-factor"}, a) \\
            q_a &:= \text{Edx25519\_derive\_public}(P, f_a).
 
 Then the vector :math:`\vec{q} = \{q_1,\ldots,q_M\}` is then the age commitment
@@ -420,10 +406,10 @@ associated to the coin's private key :math:`c_s`.  For 
the non-disclosed coins,
 the wallet can use the vector :math:`(p_1,\ldots,p_m,\bot,\ldots,\bot)` of
 private keys for the attestation.
 
-Provided with the private key :math:`c_s`, the exchange can therefore calculate
-the blinding :math:`\beta`, the nonce :math:`n` (if needed) and the age
-commitment :math:`\vec{q}` itself, along with the coin's public key :math:`C_p`
-and use the value of
+Provided with the secret :math:`s`, the exchange can therefore calculate the
+private key :math:`c_s`, the blinding :math:`\beta`, the nonce :math:`n` (if
+needed) and the age commitment :math:`\vec{q}`, along with the coin's public
+key :math:`C_p` and use the value of
 
 .. math::
 
@@ -431,7 +417,6 @@ and use the value of
 
 during the verification of the original age-withdraw-commitment.
 
-
 For the withdrawal with age restriction, a sketch of the corresponding database
 schema in the exchange is given here:
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-docs] branch master updated: need coin's master secret for age-withdraw, gnunet <=

Prev by Date: [taler-docs] branch master updated: age-withdraw commitment: max_age instead of max_age_group
Next by Date: [taler-exchange] 03/11: -simplify zero-check for age-commitment hash
Previous by thread: [taler-docs] branch master updated: age-withdraw commitment: max_age instead of max_age_group
Next by thread: [taler-exchange] branch master updated (ce71db2c -> 187ae6f8)
Index(es):
- Date
- Thread