From d5acf537323bc8c2e04844b4d0c2521406011db8 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 24 Mar 2015 17:25:00 +0100 Subject: make kappa global fixed constant, not something to be negotiated, KISS --- src/include/taler_signatures.h | 11 ++++++ src/mint/plugin_mintdb_postgres.c | 4 +- src/mint/taler-mint-httpd.h | 6 --- src/mint/taler-mint-httpd_db.c | 26 ++++++------- src/mint/taler-mint-httpd_db.h | 8 +--- src/mint/taler-mint-httpd_refresh.c | 78 ++++++++++++++++++------------------- src/mint/taler_mintdb_plugin.h | 15 ++----- 7 files changed, 69 insertions(+), 79 deletions(-) diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index b8fe8a7b7..3ad97a577 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -30,6 +30,17 @@ #include "taler_util.h" +/** + * Cut-and-choose size for refreshing. Client looses the gamble (of + * unaccountable transfers) with probability 1/KAPPA. Refresh cost + * increases linearly with KAPPA, and 3 is sufficient up to a + * income/sales tax of 66% of total transaction value. As there is + * no good reason to change this security parameter, we declare it + * fixed and part of the protocol. + */ +#define KAPPA 3 + + /** * Purpose for signing public keys signed * by the mint master key. diff --git a/src/mint/plugin_mintdb_postgres.c b/src/mint/plugin_mintdb_postgres.c index 1c6851d86..5a1ff8c0c 100644 --- a/src/mint/plugin_mintdb_postgres.c +++ b/src/mint/plugin_mintdb_postgres.c @@ -247,7 +247,7 @@ postgres_create_tables (void *cls, // index of the old coin in the customer's request ",oldcoin_index INT2 NOT NULL" // index for cut and choose, - // ranges from 0 to kappa-1 + // ranges from 0 to #KAPPA-1 ",cnc_index INT2 NOT NULL" ")"); SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_coin" @@ -1486,7 +1486,6 @@ postgres_get_refresh_session (void *cls, struct TALER_DB_ResultSpec rs[] = { TALER_DB_RESULT_SPEC("num_oldcoins", &refresh_session->num_oldcoins), TALER_DB_RESULT_SPEC("num_newcoins", &refresh_session->num_newcoins), - TALER_DB_RESULT_SPEC("kappa", &refresh_session->kappa), TALER_DB_RESULT_SPEC("noreveal_index", &refresh_session->noreveal_index), TALER_DB_RESULT_SPEC_END }; @@ -1502,7 +1501,6 @@ postgres_get_refresh_session (void *cls, refresh_session->num_oldcoins = ntohs (refresh_session->num_oldcoins); refresh_session->num_newcoins = ntohs (refresh_session->num_newcoins); - refresh_session->kappa = ntohs (refresh_session->kappa); refresh_session->noreveal_index = ntohs (refresh_session->noreveal_index); PQclear (result); diff --git a/src/mint/taler-mint-httpd.h b/src/mint/taler-mint-httpd.h index 36d150bbc..50b745703 100644 --- a/src/mint/taler-mint-httpd.h +++ b/src/mint/taler-mint-httpd.h @@ -25,12 +25,6 @@ #include -/** - * Cut-and-choose size for refreshing. - * FIXME: maybe make it a config option? - */ -#define KAPPA 3 - /** * For now, we just do EUR. Should become configurable * in the future! diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index c18936e1f..17f44c9c9 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -591,12 +591,13 @@ refresh_accept_melts (struct MHD_Connection *connection, * @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array * @param coin_public_infos information about the coins to melt * @param coin_melt_details signatures and (residual) value of the respective coin should be melted - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param commit_coin 2d array of coin commitments (what the mint is to sign - * once the "/refres/reveal" of cut and choose is done) + * once the "/refres/reveal" of cut and choose is done), + * x-dimension must be #KAPPA * @param commit_link 2d array of coin link commitments (what the mint is * to return via "/refresh/link" to enable linkage in the * future) + * x-dimension must be #KAPPA * @return MHD result code */ int @@ -607,7 +608,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, unsigned int coin_count, const struct TALER_CoinPublicInfo *coin_public_infos, const struct MeltDetails *coin_melt_details, - unsigned int kappa, struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitLink *const* commit_link) { @@ -684,7 +684,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, return TALER_MINT_reply_internal_db_error (connection); } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { if (GNUNET_OK != plugin->insert_refresh_commit_coins (plugin->cls, @@ -699,7 +699,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, return TALER_MINT_reply_internal_db_error (connection); } } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { if (GNUNET_OK != plugin->insert_refresh_commit_links (plugin->cls, @@ -719,10 +719,9 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, /* store 'global' session data */ refresh_session.num_oldcoins = coin_count; refresh_session.num_newcoins = num_new_denoms; - refresh_session.kappa = KAPPA; // FIXME... (#3711) refresh_session.noreveal_index = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG, - refresh_session.kappa); + KAPPA); if (GNUNET_OK != (res = plugin->create_refresh_session (plugin->cls, session, @@ -753,7 +752,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, * Check if the given @a transfer_privs correspond to an honest * commitment for the given session. * Checks that the transfer private keys match their commitments. - * Then derives the shared secret for each kappa, and check that they match. + * Then derives the shared secret for each #KAPPA, and check that they match. * * @param connection the MHD connection to handle * @param session database connection to use @@ -946,7 +945,7 @@ check_commitment (struct MHD_Connection *connection, buf_len)) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "blind envelope does not match for kappa=%u, old=%d\n", + "blind envelope does not match for k=%u, old=%d\n", off, (int) j); /* FIXME: return more specific error with original signature (#3712) */ @@ -1025,22 +1024,21 @@ refresh_mint_coin (struct MHD_Connection *connection, /** * Execute a "/refresh/reveal". The client is revealing to us the - * transfer keys for @a kappa-1 sets of coins. Verify that the + * transfer keys for @a #KAPPA-1 sets of coins. Verify that the * revealed transfer keys would allow linkage to the blinded coins, * and if so, return the signed coins for corresponding to the set of * coins that was not chosen. * * @param connection the MHD connection to handle * @param session_hash hash identifying the refresh session - * @param kappa size of x-dimension of @transfer_privs array plus one (!) * @param num_oldcoins size of y-dimension of @transfer_privs array - * @param transfer_pubs array with the revealed transfer keys + * @param transfer_pubs array with the revealed transfer keys, + * x-dimension must be #KAPPA - 1 * @return MHD result code */ int TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, unsigned int num_oldcoins, struct TALER_TransferPrivateKey **transfer_privs) { @@ -1112,7 +1110,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, off = 0; - for (i=0;irefresh_link @@ -543,7 +542,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection, } } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { commit_link[i] = GNUNET_malloc (num_oldcoins * sizeof (struct RefreshCommitLink)); @@ -563,8 +562,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection, { GNUNET_break (GNUNET_SYSERR != res); GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } res = GNUNET_MINT_parse_navigate_json (connection, @@ -579,8 +582,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection, { GNUNET_break (GNUNET_SYSERR != res); GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } @@ -615,12 +622,15 @@ handle_refresh_melt_json (struct MHD_Connection *connection, coin_public_infos, coin_melt_details, &session_hash, - kappa, commit_coin, commit_link); cleanup: - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); for (j=0;j kappa) || (kappa > 32) ) + if (KAPPA != json_array_size (coin_evs)) { GNUNET_break_op (0); TALER_MINT_release_parsed_data (spec); return TALER_MINT_reply_arg_invalid (connection, "coin_evs"); } - if (json_array_size (transfer_pubs) != kappa) + if (KAPPA != json_array_size (transfer_pubs)) { GNUNET_break_op (0); TALER_MINT_release_parsed_data (spec); @@ -741,7 +749,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, melt_coins, melt_sig_json, commit_sig_json, - kappa, num_oldcoins, transfer_pubs, secret_encs, @@ -763,7 +770,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, * * @param connection the MHD connection to handle * @param session_hash hash identifying the melting session - * @param kappa length of the 1st dimension of @a transfer_privs array PLUS ONE * @param num_oldcoins length of the 2nd dimension of @a transfer_privs array * @param tp_json private transfer keys in JSON format * @return MHD result code @@ -771,20 +777,19 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, static int handle_refresh_reveal_json (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, unsigned int num_oldcoins, const json_t *tp_json) { - struct TALER_TransferPrivateKey *transfer_privs[kappa - 1]; + struct TALER_TransferPrivateKey *transfer_privs[KAPPA - 1]; unsigned int i; unsigned int j; int res; - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) transfer_privs[i] = GNUNET_malloc (num_oldcoins * sizeof (struct TALER_TransferPrivateKey)); res = GNUNET_OK; - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) { if (GNUNET_OK != res) break; @@ -806,10 +811,9 @@ handle_refresh_reveal_json (struct MHD_Connection *connection, else res = TALER_MINT_db_execute_refresh_reveal (connection, session_hash, - kappa, num_oldcoins, transfer_privs); - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) GNUNET_free (transfer_privs[i]); return res; } @@ -840,7 +844,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, { struct GNUNET_HashCode session_hash; int res; - unsigned int kappa; unsigned int num_oldcoins; json_t *reveal_detail; json_t *root; @@ -869,15 +872,13 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; /* Determine dimensionality of the request (kappa and #old coins) */ - kappa = json_array_size (transfer_privs) + 1; - if ( (2 > kappa) || (kappa > 31) ) + if (KAPPA != json_array_size (transfer_privs) + 1) { TALER_MINT_release_parsed_data (spec); return TALER_MINT_reply_arg_invalid (connection, "transfer_privs"); } /* Note we do +1 as 1 row (cut-and-choose!) is missing! */ - kappa++; res = GNUNET_MINT_parse_navigate_json (connection, transfer_privs, JNAV_INDEX, 0, @@ -892,7 +893,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, num_oldcoins = json_array_size (reveal_detail); res = handle_refresh_reveal_json (connection, &session_hash, - kappa, num_oldcoins, transfer_privs); TALER_MINT_release_parsed_data (spec); diff --git a/src/mint/taler_mintdb_plugin.h b/src/mint/taler_mintdb_plugin.h index d461413f1..08a73479d 100644 --- a/src/mint/taler_mintdb_plugin.h +++ b/src/mint/taler_mintdb_plugin.h @@ -247,14 +247,7 @@ struct RefreshSession uint16_t num_newcoins; /** - * Number of parallel operations we perform for the cut and choose. - * (must be greater or equal to three for security). 0 if not yet - * known. - */ - uint16_t kappa; - - /** - * Index (smaller @e kappa) which the mint has chosen to not + * Index (smaller #KAPPA) which the mint has chosen to not * have revealed during cut and choose. */ uint16_t noreveal_index; @@ -297,7 +290,7 @@ struct RefreshMelt /** * We have as many `struct RefreshCommitCoin` as there are new - * coins being created by the refresh (for each of the kappa + * coins being created by the refresh (for each of the #KAPPA * sets). These are the coins we ask the mint to sign if the * respective set is selected. */ @@ -816,7 +809,7 @@ struct TALER_MINTDB_Plugin * @param cls the @e cls of this struct with the plugin-specific state * @param sesssion database connection to use * @param session_hash hash to identify refresh session - * @param i set index (1st dimension), relating to kappa + * @param i set index (1st dimension), relating to #KAPPA * @param num_newcoins coin index size of the @a commit_coins array * @param commit_coin array of coin commitments to store * @return #GNUNET_OK on success @@ -861,7 +854,7 @@ struct TALER_MINTDB_Plugin * @param cls the @e cls of this struct with the plugin-specific state * @param sesssion database connection to use * @param session_hash hash to identify refresh session - * @param i set index (1st dimension), relating to kappa + * @param i set index (1st dimension), relating to #KAPPA * @param num_links size of the @a commit_link array * @param commit_links array of link information to store * @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success -- cgit v1.2.3