diff options
author | Özgür Kesim <oec-taler@kesim.org> | 2023-01-11 17:27:06 +0100 |
---|---|---|
committer | Özgür Kesim <oec-taler@kesim.org> | 2023-01-11 17:27:06 +0100 |
commit | d968732afb32da7b7ec1ea4c54e3fcced530e5f3 (patch) | |
tree | c3e502dcca023dd75c9cdb336485e51c7f1eec12 | |
parent | bccd5efc461707d7c53937a890adaf3f722085dc (diff) | |
download | docs-age-restriction.tar.gz docs-age-restriction.tar.bz2 docs-age-restriction.zip |
added description of how to derive cs-nonce from the coin_priv for withdraw-ageage-restriction
-rw-r--r-- | core/api-exchange.rst | 8 | ||||
-rw-r--r-- | design-documents/024-age-restriction.rst | 12 |
2 files changed, 18 insertions, 2 deletions
diff --git a/core/api-exchange.rst b/core/api-exchange.rst index ab046350..db192e07 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -2190,6 +2190,10 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. .. ts:def:: AgeWithdrawRevealRequest interface AgeWithdrawRevealRequest { + // The public key of the reserve that was used for the initial commitment + // request. Needed for optimized database lookup. + reserve_pub: EddsaPublicKey; + // Array of ``n`` hash codes of denomination public keys to order. // These denominations MUST support age restriction as defined in the // output to /keys. @@ -2217,6 +2221,10 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. // Calculate the blinding beta as // beta := HKDF(coin_priv, "blinding") // + // If the denominations are for Clause-Schnorr-Signatures, calculate the + // nonce as + // nonce := HKDF(coin_priv, "cs-nonce") + // // Let m ∈ {1,...,M} be the maximum age group as defined in the reserve // that the wallet can commit to. // diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst index b9553432..5b6e091d 100644 --- a/design-documents/024-age-restriction.rst +++ b/design-documents/024-age-restriction.rst @@ -392,6 +392,13 @@ Then calculate the blinding :math:`\beta` for the coin as .. math:: \beta &:= \text{HKDF}(c_s, \text{"blinding"}) +If the denomination is using Clause-Schnorr signatures, calculate the nonce +:math:`n` for the coin as + +.. math:: + n &:= \text{HKDF}(c_s, \text{"cs-nonce"}) + + For the age commitment, calculate: @@ -414,8 +421,9 @@ the wallet can use the vector :math:`(p_1,\ldots,p_m,\bot,\ldots,\bot)` of private keys for the attestation. Provided with the private key :math:`c_s`, the exchange can therefore calculate -the blinding :math:`\beta` and the age commitment :math:`\vec{q}` itself, along -with the coin's public key :math:`C_p` and use the value of +the blinding :math:`\beta`, the nonce :math:`n` (if needed) and the age +commitment :math:`\vec{q}` itself, along with the coin's public key :math:`C_p` +and use the value of .. math:: |