From d5c0aa338dec665b4879f9d24b168ec5512dde55 Mon Sep 17 00:00:00 2001 From: Özgür Kesim Date: Tue, 10 Jan 2023 18:32:37 +0100 Subject: added derivation of blinding from private key --- core/api-common.rst | 1 + core/api-exchange.rst | 27 +++++++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) (limited to 'core') diff --git a/core/api-common.rst b/core/api-common.rst index 8468cc3b..7ce43e92 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -633,6 +633,7 @@ uses 512-bit hash codes (64 bytes). struct GNUNET_ShortHashCode hash; }; +.. _BlindedCoinHash: .. sourcecode:: c struct TALER_BlindedCoinHash { diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 968511b9..6868653a 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -2108,7 +2108,7 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. interface AgeWithdrawRequest { // Commitment to the coins with age restriction. This is the SHA512 - // hash value $ACH over all n*kappa `TALER_CoinPubHashP` values of all + // hash value $ACH over all n*kappa `BlindedCoinHash` values of all // coins and their age commitments. It is alter used as part of the URL // in the subsequent call to /age-withdraw/$ACH/reveal. age_restricted_coins_commitment: HashCode; @@ -2135,7 +2135,7 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. // have to disclose noreveal_index: Integer; - // Signature of `TALER_WithdrawAgeRestrictedConfirmationPS` whereby + // Signature of `TALER_AgeWithdrawRequestPS` whereby // the exchange confirms the ``noreveal_index``. exchange_sig: EddsaSignature; @@ -2183,9 +2183,9 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. ``TALER_EC_EXCHANGE_GENERIC_MISMATCH_OF_AMOUNT_AND_DENOMINATIONS``. - .. ts:def:: WithdrawRevealRequest + .. ts:def:: AgeWithdrawRevealRequest - interface WithdrawRevealRequest { + interface AgeWithdrawRevealRequest { // Array of ``n`` hash codes of denomination public keys to order. // These denominations MUST support age restriction as defined in the // output to /keys. @@ -2207,19 +2207,22 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. .. ts:def:: DisclosedAgeRestrictedCoin interface DisclosedAgeRestrictedCoin { - // A coin's private key. The associated age commitment for this coin - // MUST be derived from this private key as follows: + // A coin's private key. The associated blinding and age commitment for + // this coin MUST be derived from this private key as follows: // - // For age group $AG from 1 up to - // - // (if they exist), set + // Calculate the blinding beta as + // beta := HKDF(coin_priv, "blinding") + // + // Let m ∈ {1,...,M} be the maximum age group as defined in the reserve + // that the wallet can commit to. + // + // For age group $AG ∈ {1,...m}, set // seed = HDKF(coin_priv, "age-commitment", $AG) // p[$AG] = Edx25519_generate_private(seed) // and calculate the corresponding Edx25519PublicKey as // q[$AG] = Edx25519_public_from_private(p[$AG]) // - // For age groups $AG _larger_ than the maximum age group allowed - // (if they exist), set + // For age groups $AG ∈ {m,...,M}, set // f[$AG] = HDKF(coin_priv, "age-factor", $AG) // and calculate the corresponding Edx25519PublicKey as // q[$AG] = Edx25519_derive_public(`PublishedAgeRestrictionBaseKey`, f[$AG]) @@ -2227,7 +2230,7 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request. // Finally, with coin_priv and age commitment (q[]), the exchange // will calculate the coin's public key coin_pub and use the // TALER_CoinPubHashP(coin_pub, age_commitment_hash(q)) - // during the verification of the original age-withdraw-commitment + // during the verification of the original age-withdraw-commitment. coin_priv: EddsaPrivateKey; } -- cgit v1.2.3