diff options
Diffstat (limited to 'design-documents/024-age-restriction.rst')
-rw-r--r-- | design-documents/024-age-restriction.rst | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst index 996e5638..ae3874c0 100644 --- a/design-documents/024-age-restriction.rst +++ b/design-documents/024-age-restriction.rst @@ -374,13 +374,18 @@ of data by the amount of coins in question--, but all with the same value of The *actual* implementation of the protocol above will have a major optimization to keep the bandwidth usage to a minimum. Instead of generating and sending -the age commitment (array of public keys) for each coin, the wallet *MUST* -derive the corresponding age commitments from the coin's private key -:math:`c_s` itself as follows: +the age commitment (array of public keys) and blindings for each coin, the +wallet *MUST* derive the corresponding blindings and the age commitments from +the coin's private key :math:`c_s` itself as follows: Let :math:`m \in \{1,\ldots,M\}` be the maximum age (according to the reserve) that a wallet can commit to during the withdrawal. +Calculate the blinding :math:`\beta` for the coin as + +.. math:: + \beta &:= \text{HKDF}(c_s, \text{"blinding"}) + For age group :math:`a \in \{1,\ldots,m\}`, set .. math:: |