summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--design-documents/024-age-restriction.rst40
1 files changed, 37 insertions, 3 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
index 06b34c7e..cc7c7254 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -193,11 +193,45 @@ can not be expressed reliably with SQL.
Protocol changes
----------------
-Refresh
-~~~~~~~
+Refresh - melting phase
+~~~~~~~~~~~~~~~~~~~~~~~
During the melting phase of the refresh, the wallet has to present the hash
-value of the age commitment (for denominations with support for age restriction).
+value of the age commitment (for denominations with support for age
+restriction). Therefore, in the ``/coins/$COIN_PUB/melt`` POST request, the
+``MeltRequest`` object is extended with an optional field
+``age_commitment_hash``:
+
+.. ts:def:: MeltRequest {
+ ...
+
+ // SHA512 hash of the age commitment of the coin, IFF the denomination
+ // has age restriction support. MUST be NULL otherwise.
+ age_commitment_hash?: HashCode;
+
+ ...
+ }
+
+The responses to the POST request remain the same.
+
+For denominations *without* support for age restriction, the calculation for
+the signature check is as before (borrowing notation from Florian's thesis):
+
+.. math::
+ \text{FDH}(N_0, C_p^{(0)})\; \stackrel{?}{=}\; \left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
+
+For denominations **with** support for age restriction, the exchange takes the
+hash value ``age_commitment_hash`` (abbreviated as h\ :sub:`a`) into account
+when verifying the coin's signature:
+
+.. math::
+ \text{FDH}(N_0, C_p^{(0)}, \color{blue}{\text{\textbf{h_a}}})\;\stackrel{?}{=}\; \left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
+
+
+
+
+Refresh - reveal phase
+~~~~~~~~~~~~~~~~~~~~~~
TODO: Extension of the cut'n-choose-protocol.