From aff2c12576fc8a7b76bdca2b194a518426e9e7f7 Mon Sep 17 00:00:00 2001
From: Özgür Kesim <oec-taler@kesim.org>
Date: Wed, 20 Oct 2021 12:29:27 +0200
Subject: clarifications in the description of age groups

---
 design-documents/024-age-restriction.rst | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
index abd6d0e7..74a88c5a 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -67,19 +67,24 @@ Main ideas and building blocks
 
 The main ideas are simple:
 
-#. The exchange defines and publishes M different *age groups* of increasing order:
-   :math:`0 < a_1 < \ldots < a_M` with :math:`a_i \in \mathbb{N}`.
+#. The exchange defines and publishes M+1 different *age groups* of increasing
+   order: :math:`0 < a_1 < \ldots < a_M` with :math:`a_i \in \mathbb{N}`.  The
+   zeroth age group is :math:`\{0,\ldots,a_1-1\}`.
 
 #. An **unrestricted** *age commitment* is defined as a vector of length M of
    pairs of EdDSA public and private keys on Curve25519. In other words: one
-   key pair for each age group:
+   key pair for each age group after the zeroth:
    :math:`\bigl\langle (p_1, s_1), \ldots, (p_M, s_M) \bigr\rangle`
 
-#. A **restricted** *age commitment* **to age group m** is derived from an unrestricted age
-   commitment by removing all private keys for indices larger than m:
-   :math:`\bigl\langle (p_1, s_1), \ldots, (p_m, s_m), \, (p_{m+1}, \perp),
-   \ldots, (p_M, \perp )\bigr\rangle`.  The act of restricting an unrestricted
-   age commitment is performed by the parent/ward.
+#. A **restricted** *age commitment* **to age group m** (or m-th age group) is
+   derived from an unrestricted age commitment by removing all private keys for
+   indices larger than m: :math:`\bigl\langle (p_1, s_1), \ldots, (p_m, s_m),
+   \, (p_{m+1}, \perp), \ldots, (p_M, \perp )\bigr\rangle`.
+   F.e. if *none* of the private keys is provided, the age commitment would be
+   restricted to the zeroth age group.
+
+#. The act of restricting an unrestricted age commitment is performed by the
+   parent/ward.
 
 #. An *age commitment* (without prefix) is just the vector of public keys:
    :math:`\vec{Q} := \langle p_1, \ldots, p_M \rangle`.  Note that from
@@ -393,10 +398,6 @@ Also again, :math:`C_p` is the EdDSA public key of a coin, :math:`\sigma_C` is
 its signature, :math:`\langle e, N \rangle` is the RSA public key of the
 denomination and :math:`h_a` is the value from ``age_commitment_hash``.
 
-TODO: maybe rename this field into something more opaque, like
-``opaque_signature_salt`` or so?
-
-
 
 
 Changes in the Merchant API
-- 
cgit v1.2.3