diff options
authorÖzgür Kesim <>2021-10-16 16:48:11 +0200
committerÖzgür Kesim <>2021-10-16 16:48:11 +0200
commite17e525244f81adbc8d1baa18b5249693758fcb9 (patch)
parentbeb9d6a804a6889f8a1f1de2932e237f5b2f7f8a (diff)
protocol for exchange complete
1 files changed, 35 insertions, 1 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
index 725d172..efa140c 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -320,7 +320,41 @@ and compares them to the one in ``.old_age_commitment``.
-TODO: Add opaque hash value of the commitments to the protocol
+As always, the merchant has to provide the public key of a coin during a POST
+to ``/coins/$COIN_PUB/deposit``. However, for coins with age restriction, the
+signature check requires the hash of the age commitment. Therefore the request
+object ``DepositRequest`` is extended by an optional field
+``age_commitment_hash`` which MUST be set (with the SHA512 hash of the age
+commitment), iff the corresponding denomination had support for age restriction
+enabled. The merchant has received this value prior from the customer during
+.. ts:def:: DepositRequest
+ interface DepositRequest {
+ ...
+ // Iff the corresponding denomination had support for age restriction
+ // enabled, this field MUST contain the SHA512 value of the age commitment that
+ // was provided during the purchase.
+ age_commitment_hash?: HashCode;
+ ...
+ }
+Again, the exchange can now check the validity of the coin by evaluating
+.. math::
+ \text{FDH}_N(C_p, h_a)\; \stackrel{?}{=}\; \left(\sigma_C\right)^{e} \;\;\text{mod}N
+Also again, :math:`C_p` is the EdDSA public key of a coin, :math:`\sigma_C` is
+its signature, :math:`\langle e, N \rangle` is the RSA public key of the
+denomination and :math:`h_a` is the value from ``age_commitment_hash``.
+TODO: maybe rename this field into something more opaque, like
+``opaque_signature_salt`` or so?
Changes in the Merchant