commit 3fe9d2ebaaa39a877d773e0cb02556c1c47ee5f5
parent 037996cee61d3968d7c8cd58b4ecce82e9b757a1
Author: Özgür Kesim <oec-taler@kesim.org>
Date: Mon, 5 Jun 2023 16:59:03 +0200
simplify schema of age-withdraw
Diffstat:
2 files changed, 33 insertions(+), 41 deletions(-)
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
@@ -2435,7 +2435,7 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request.
// Array of ``n`` hash codes of denomination public keys to order.
// These denominations MUST support age restriction as defined in the
// output to /keys.
- // The sum of all denomination's values plus fees MUST be at most the
+ // The sum of all denomination's values and fees MUST be at most the
// balance of the reserve. The balance of the reserve will be
// immediatley reduced by that amount.
denoms_h: HashCode[];
@@ -2517,38 +2517,38 @@ If so, the exchange will blindly sign ``n`` undisclosed coins from the request.
interface AgeWithdrawRevealRequest {
// Array of ``n`` of ``(kappa - 1)`` disclosed coin master secrets, from
- // which the coins' private key ``coin_priv``, blinding ``beta`` and nonce
- // ``nonce`` (for Clause-Schnorr) itself are derived as usually in wallet
- // core. Given a coin's secret, the age commitment for the coin MUST be
- // derived from this private key as follows:
+ // which the coins' private key, blinding, nonce (for Clause-Schnorr) and
+ // age-restriction is calculated.
//
- // Let m ∈ {1,...,M} be the maximum age group as defined in the reserve
- // that the wallet can commit to.
- //
- // For age group $AG ∈ {1,...m}, set
- // seed = HDKF(coin_secret, "age-commitment", $AG)
- // p[$AG] = Edx25519_generate_private(seed)
- // and calculate the corresponding Edx25519PublicKey as
- // q[$AG] = Edx25519_public_from_private(p[$AG])
- //
- // For age groups $AG ∈ {m,...,M}, set
- // f[$AG] = HDKF(coin_secret, "age-factor", $AG)
- // and calculate the corresponding Edx25519PublicKey as
- // q[$AG] = Edx25519_derive_public(`PublishedAgeRestrictionBaseKey`, f[$AG])
- //
- // Given each coin's private key and age commitment (``q[]``), the
- // exchange will calculate each coin's blinded hash value und use all
- // those (disclosed) blinded hashes together with the non-disclosed
- // envelopes ``coin_evs`` during the verification of the original
- // age-withdraw-commitment.
+ // Given each coin's private key and age commitment, the exchange will
+ // calculate each coin's blinded hash value und use all those (disclosed)
+ // blinded hashes together with the non-disclosed envelopes ``coin_evs``
+ // during the verification of the original age-withdraw-commitment.
disclosed_coin_secrets: AgeRestrictedCoinSecret[][];
-
}
.. ts:def:: AgeRestrictedCoinSecret
- // The Master key material for the derivation of age restricted private
- // coins, blinding factors and age restrictions
+ // The Master key material from which the coins' private key ``coin_priv``,
+ // blinding ``beta`` and nonce ``nonce`` (for Clause-Schnorr) itself are
+ // derived as usually in wallet-core. Given a coin's master key material,
+ // the age commitment for the coin MUST be derived from this private key as
+ // follows:
+ //
+ // Let m ∈ {1,...,M} be the maximum age group as defined in the reserve
+ // that the wallet can commit to.
+ //
+ // For age group $AG ∈ {1,...m}, set
+ // seed = HDKF(coin_secret, "age-commitment", $AG)
+ // p[$AG] = Edx25519_generate_private(seed)
+ // and calculate the corresponding Edx25519PublicKey as
+ // q[$AG] = Edx25519_public_from_private(p[$AG])
+ //
+ // For age groups $AG ∈ {m,...,M}, set
+ // f[$AG] = HDKF(coin_secret, "age-factor", $AG)
+ // and calculate the corresponding Edx25519PublicKey as
+ // q[$AG] = Edx25519_derive_public(`PublishedAgeRestrictionBaseKey`, f[$AG])
+ //
type AgeRestrictedCoinSecret = string;
.. ts:def:: PublishedAgeRestrictionBaseKey
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
@@ -1,5 +1,5 @@
-DD24: Anonymous Age Restriction Extension for GNU Taler
-#######################################################
+DD24: Anonymous Age Restriction Extension
+#########################################
Summary
=======
@@ -303,6 +303,8 @@ The withdraw protocol is affected in the following situations:
- A wire transfer to the exchange (to fill a reserve) was marked by the
originating bank as coming from a bank account of a minor, belonging to a of
a specific age group, or by other means.
+- A KYC-process has been performed with the owner of a reserve and the user has
+ been identified as being a minor.
- A Peer-to-Peer transaction was performed between customers. The receiving
customer's KYC result tells the exchange that the customer belongs to a
specific age group.
@@ -436,25 +438,15 @@ schema in the exchange is given here:
]
subgraph cluster_commitments {
- label=<<B>age_withdraw_commitments</B>>
+ label=<<B>age_withdraw</B>>
margin=20
commitments [
- label="age_withdraw_commitments_id\l|<hc>h_commitment\l|amount_with_fee_val\l|amount_with_fee_frac\l|noreveal_index\l|max_age\l|<res>reserve_pub\l|reserve_sig\l|<denom>n*denominations_serial\l|n*denom_sig\l"
- ]
- }
-
- subgraph cluster_reveals {
- label=<<B>age_withdraw_revealed_coins</B>>
- margin=20
- reveals [
- label="freshcoin_index\l|<comm>h_commitment\l|h_blind_ev\l"
+ label="age_withdraw_id\l|<hc>h_commitment\l|amount_with_fee_val\l|amount_with_fee_frac\l|noreveal_index\l|max_age\l|<res>reserve_pub\l|reserve_sig\l|<denom>[n] denominations_serials\l|[n] h_blind_evs\l|[n] denom_sigs\l"
]
}
commitments:res->reserves:id [ label="n:1"; fontname="monospace"];
commitments:denom -> denominations:id [ label="n:1"; fontname="monospace"] ;
- reveals:comm -> commitments:hc [ label="n:1"; fontname="monospace" ];
-
}
