diff options
Diffstat (limited to 'design-documents/024-age-restriction.rst')
| -rw-r--r-- | design-documents/024-age-restriction.rst | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst index 0b3aa76f..6b1004fc 100644 --- a/design-documents/024-age-restriction.rst +++ b/design-documents/024-age-restriction.rst @@ -1,5 +1,5 @@ -DD 024: Anonymous Age Restriction Extension for GNU Taler -######################################################### +DD24: Anonymous Age Restriction Extension for GNU Taler +####################################################### Summary ======= @@ -18,7 +18,7 @@ sensitive private information is disclosed. We want to offer a better mechanism for age-restriction with GNU Taler that * ensures anonymity and unlinkability of purchases -* can be set to particular age groups by parents/wardens at withdrawal +* can be set to particular age groups by parents/wardens at withdrawal * is bound to particular coins/tokens * can be verified by the merchant at purchase time * persists even after refresh @@ -264,15 +264,15 @@ The schema for the exchange is changed as follows: BEGIN; -- Check patch versioning is in place. SELECT _v.register_patch('exchange-TBD', NULL, NULL); - + -- Support for age restriction is marked per denomination. ALTER TABLE denominations ADD COLUMN age_restricted BOOLEAN NOT NULL DEFAULT (false); COMMENT ON COLUMN denominations.age_restriced IS 'true if this denomination can be used for age restriction'; - -- During the melting phase of the refresh, the wallet has to present the - -- hash value of the age commitment (only for denominations with support + -- During the melting phase of the refresh, the wallet has to present the + -- hash value of the age commitment (only for denominations with support -- for age restriction). ALTER TABLE refresh_commitments ADD COLUMN age_commitment_h BYTEA CHECK (LENGTH(age_commitment_h)=64); @@ -306,7 +306,7 @@ restriction). Therefore, in the ``/coins/$COIN_PUB/melt`` POST request, the // SHA256 hash of the age commitment of the coin, IFF the denomination // has age restriction support. MUST be omitted otherwise. age_commitment_hash?: AgeCommitmentHash; - + ... } @@ -317,7 +317,7 @@ restriction). Therefore, in the ``/coins/$COIN_PUB/melt`` POST request, the The responses to the POST request remain the same. For normal denominations *without* support for age restriction, the calculation -for the signature check is as before (borrowing notation from +for the signature check is as before (borrowing notation from `Florian's thesis <https://taler.net/papers/thesis-dold-phd-2019.pdf>`_): .. math:: @@ -348,7 +348,7 @@ the amount of age groups defined in the field ``.age_groups`` of the ``ExtensionAgeRestriction``. .. ts:def:: RevealRequest - + interface RevealRequest { ... @@ -360,7 +360,7 @@ the amount of age groups defined in the field ``.age_groups`` of the // ``ExtensionAgeRestriction``. old_age_commitment?: Edx25519PublicKey[]; - + ... } @@ -379,7 +379,7 @@ exchange derives κ-1 age commitments from the ``old_age_commitment`` by calling as the seed, and then calculates the corresponding κ-1 hash values :math:`h_i` of those age commitments. -It then calculates the κ-1 blinded hashes +It then calculates the κ-1 blinded hashes :math:`m_i = r^{e_i}\text{FDH}_N(C^{(i)}_p, h_i)` (using the notation from Florian's thesis) of the disclosed coins and together with the :math:`m_\gamma` of the undisclosed coin, calculates the hash @@ -443,7 +443,7 @@ this value will not be smaller than, say, 8, and not larger than, say, 21. interface ContractTerms { ... - + // If the order requires a minimum age greater than 0, this field is set // to the integer value of that age. In reality this value will not be // smaller than, say, 8, and not larger than, say, 21. @@ -518,11 +518,11 @@ The merchant can now verify against the public key ``age_commitment[k]`` of the corresponding age group, say, ``k``. (The minimum age must fall into the age group at index ``k`` as defined by the exchange). - + **Note**: This applies only to coins for denominations that have support for age restriction. Denominations *without* support for age restriction *always* satisfy any minimum age requirement. - + Changes in the Wallet @@ -676,4 +676,3 @@ The scheme is as follows: (R, s) := signature return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P } - |