diff options
author | Özgür Kesim <oec-taler@kesim.org> | 2022-12-20 14:34:31 +0100 |
---|---|---|
committer | Özgür Kesim <oec-taler@kesim.org> | 2022-12-20 14:34:31 +0100 |
commit | 145912990c8f2f89a1daa05a6a9071615c8904de (patch) | |
tree | 88e7e7ec450d3e5f94c38a122687e9f310be70ac /design-documents/024-age-restriction.rst | |
parent | 16f9650166b6f2163e86d6e7f9f4ce49d23bb093 (diff) | |
download | docs-145912990c8f2f89a1daa05a6a9071615c8904de.tar.gz docs-145912990c8f2f89a1daa05a6a9071615c8904de.tar.bz2 docs-145912990c8f2f89a1daa05a6a9071615c8904de.zip |
cleanup zk-protocol for age restriction during withdraw
Diffstat (limited to 'design-documents/024-age-restriction.rst')
-rw-r--r-- | design-documents/024-age-restriction.rst | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst index ce1e130e..f43dc18d 100644 --- a/design-documents/024-age-restriction.rst +++ b/design-documents/024-age-restriction.rst @@ -320,17 +320,17 @@ Then: #. *Wallet*: - #. creates planchets :math:`\{C_i \mid i = 1,\ldots,\kappa\}` as candidates for *one* coin. - #. creates age-commitments :math:`\{ \vec{Q}^i \mid i = 1,\ldots,\kappa\}` as follows: + #. creates planchets :math:`C_i` for :math:`i \in \{1,\ldots,\kappa\}` as candidates for *one* coin. + #. creates age-commitments :math:`\vec{Q}^i` for :math:`i \in \{1,\ldots,\kappa\}` as follows: - a) chooses randomly :math:`a`-many scalars :math:`\{p^i_j \mid j = 1,\ldots,a\}`, - #) creates keypairs :math:`\{(p^i_j, q^i_j = p^i_j*G) \mid j = 1,\ldots,a\}` for Edx25519, - #) chooses randomly :math:`(M - a)`-many scalars :math:`\{s^i_j \mid j = a+1,\ldots,M\}`, - #) calculates :math:`\{\omega^i_j = s^i_j*\Omega \mid j = a+1,\ldots,M \}`, + a) chooses randomly :math:`a`-many scalars :math:`p^i_j` for :math:`j \in \{1,\ldots,a\}`, + #) creates Edx25519-keypairs :math:`(p^i_j, q^i_j)` for :math:`j \in \{1,\ldots,a\}`, + #) chooses randomly :math:`(M - a)`-many scalars :math:`s^i_j` for :math:`j \in \{a+1,\ldots,M\}`, + #) calculates :math:`\omega^i_j = s^i_j*\Omega` for :math:`j \in \{a+1,\ldots,M \}`, #) sets :math:`\vec{Q}^i := (q^i_1,\ldots,q^i_a,\omega^i_{a+1},\ldots,\omega^i_M)` - #. calculates :math:`\{ f_i := \text{FDH}(C_i, H(\vec{Q}^i)) \mid i = 1,\ldots,\kappa \}` - #. chooses random blindings :math:`\beta_i(.), i = 1,\ldots,\kappa`, depending on the the cipher (RSA, CS). + #. calculates :math:`f_i := \text{FDH}(C_i, H(\vec{Q}^i))` for :math:`i \in \{ 1,\ldots,\kappa \}`. + #. chooses random blindings :math:`\beta_i(.)` for :math:`i \in \{1,\ldots,\kappa\}`. The blinding functions depend on the cipher (RSA, CS). #. calculates :math:`F := \text{H}(\beta_1(f_1)||\ldots||\beta_\kappa(f_\kappa))` #. sends :math:`F` to the Exchange @@ -358,10 +358,15 @@ Then: #. compares :math:`F \overset{?}{=} \text{H}(g_1||\ldots||g_{\gamma - 1}||r||g_{\gamma+1}||\ldots||g_\kappa)` and bails out on inequality #. for each :math:`\vec{B}^i, i \neq \gamma` - i. calculates :math:`\tilde{\omega}^i_j := b^i_j * \Omega` for :math:`j = a+1,\ldots,M` + i. calculates :math:`\tilde{\omega}^i_j := b^i_j * \Omega` for :math:`j \in \{a+1,\ldots,M\}` #. compares each :math:`\tilde{\omega}^i_j` to :math:`q^i_j` from :math:`\vec{Q}^i = (q^i_1, \ldots, q^i_M)` and bails out on inequality #. signs :math:`r` - #. sends signature :math:`\sigma_r` to Wallet + #. sends (blinded) signature :math:`\sigma_r` to Wallet + +#. *Wallet*: + + #. receives :math:`\sigma_r` + #. calculates (unblinded) signature :math:`\sigma_c := \beta^{-1}_\gamma(\sigma_r)` |