taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit c25366f79d0362cf96f61c88170378baf16ce3fb
parent 44c8642e84d958b40b6cb54151e1491fad7a8ca6
Author: Özgür Kesim <oec-taler@kesim.org>
Date:   Fri,  3 Jan 2025 18:31:01 +0100

[melt/reveal] reshuffle parameters

- Introduce h_melt_commitment in the melt phase
- move transfer_pub (of noreveal_index) to reveal phase
- likewise link_sigs
- flatten MeltRequest interface

Diffstat:

Mcore/api-exchange.rst | 102+++++++++++++++++++++++++++++++++++++++++++------------------------------------


1 file changed, 55 insertions(+), 47 deletions(-)

diff --git a/core/api-exchange.rst b/core/api-exchange.rst
@@ -2174,6 +2174,16 @@ This endpoint is called by the client
       // TODO: add details about the derivation.
       disclosed_batch_seeds: DisclosedBatchSeed[];
 
+       // Array of ``n`` entries of transfer public keys
+       // (ephemeral ECDHE keys), each for the ``noreveal_index``.
+       transfer_pubs: EddsaPublicKey[];
+
+       // Array of ``n`` entries many signatures
+       // made by the wallet using the old coin's private key,
+       // used later to verify the /refresh/link response from the exchange.
+       // Signs over a `TALER_CoinLinkSignaturePS`.
+       link_sigs: EddsaSignature[];
+
     }
 
   .. ts:def:: DisclosedBatchSeed
@@ -3482,53 +3492,51 @@ the API during normal operation.
   .. ts:def:: MeltRequest
 
     interface MeltRequest {
-      old: {
-          // Hash of the denomination public key, to determine total coin value.
-          denom_pub_hash: HashCode;
-
-          // Signature over the `coin public key <eddsa-coin-pub>` by the denomination.
-          denom_sig: DenominationSignature;
-
-          // Signature by the `coin <coin-priv>` over the melt commitment.
-          confirm_sig: EddsaSignature;
-
-          // Amount of the value of the coin that should be melted as part of
-          // this refresh operation, including melting fee.
-          value_with_fee: Amount;
-
-          // Master seed for the Clause-schnorr R-value
-          // creation. Must match the /csr-melt request.
-          // Must not have been used in any prior melt request.
-          // Must be present if one of the fresh coin's
-          // denominations is of type Clause-Schnorr.
-          rms?: RefreshMasterSeed;
-
-          // IFF the corresponding denomination has support for age restriction,
-          // the client MUST provide the original age commitment, i. e. the
-          // vector of public keys, or omitted otherwise.
-          // The size of the vector MUST be the number of age groups as defined by the
-          // Exchange in the field ``.age_groups`` of the extension ``age_restriction``.
-          age_commitment?: Edx25519PublicKey[];
-      }
-
-      fresh: {
-          // Array of ``n`` new hash codes of denomination public keys to order.
-          denoms_h: HashCode[];
-
-          // Array of ``n`` entries with ``kappa`` many blinded coin candidates,
-          // matching the respective entries in ``denoms_h``.
-          coin_evs: CoinEnvelope[][kappa];
-
-          // Array of ``n`` entries with ``kappa`` many transfer public key
-          // candidates (ephemeral ECDHE keys).
-          transfer_pubs: EddsaPublicKey[][kappa];
-
-          // Array of ``n`` entries with ``kappa`` many signatures
-          // made by the wallet using the old coin's private key,
-          // used later to verify the /refresh/link response from the exchange.
-          // Signs over a `TALER_CoinLinkSignaturePS`.
-          link_sigs: EddsaSignature[][kappa];
-      }
+       // Hash of the denomination public key of the old coin, to determine total coin value.
+       old_denom_pub_hash: HashCode;
+
+       // Signature over the old `coin public key <eddsa-coin-pub>` by the denomination.
+       old_denom_sig: DenominationSignature;
+
+       // IFF the denomination of the old coin had support for age restriction,
+       // the client MUST provide the original age commitment, i. e. the
+       // vector of public keys, or omitted otherwise.
+       // The size of the vector MUST be the number of age groups as defined by the
+       // Exchange in the field ``.age_groups`` of the extension ``age_restriction``.
+       old_age_commitment?: Edx25519PublicKey[];
+
+       // Amount of the value of the old coin that should be melted as part of
+       // this refresh operation, including melting fee.
+       value_with_fee: Amount;
+
+       // Master seed for the Clause-schnorr R-value
+       // creation. Must match the /csr-melt request.
+       // Must not have been used in any prior melt request.
+       // Must be present if one of the fresh coin's
+       // denominations is of type Clause-Schnorr.
+       rms?: RefreshMasterSeed;
+
+       // Array of ``n`` new hash codes of denomination public keys
+       // for the new coins to order.
+       denoms_h: HashCode[];
+
+       // Array of ``n`` entries with ``kappa`` many blinded coin candidates,
+       // matching the respective entries in ``denoms_h``.
+       coin_evs: CoinEnvelope[][kappa];
+
+	// The melt commitment, i.e. the running hash over:
+	//  - the old coin's public key
+	//  - the hash of the old age commitment
+	//  - the value_with_fee
+	//  - rms value, or NULL, if not applicable
+	//  - each entry in denom_h
+	//  - each entry in coin_evs, depths first
+	//  - each of the required n*kappa transfer public keys (ephermeral ECDHE keys).
+	h_melt_commitment: HashCode;
+
+       // Signature by the `coin <coin-priv>` over the melt commitment.
+       confirm_sig: EddsaSignature;
+
     }
 
   For details about the HKDF used to derive the new coin private keys and