taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit e45f46dcf92ecfa0adb84a1a9cfa13f7f96ba99d
parent 836972e2b15f509b855197b7f299556ff6623342
Author: Özgür Kesim <oec-taler@kesim.org>
Date:   Tue, 22 Apr 2025 16:20:24 +0200

[dd:pq-refresh] added full pairs of r-values for CS to database

Diffstat:

Mcore/api-common.rst | 16++++++++++++++--


Mcore/api-exchange.rst | 8++++----


Mdesign-documents/062-pq-refresh.rst | 13+++++++------


3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/core/api-common.rst b/core/api-common.rst
@@ -367,6 +367,18 @@ hashed data. See `base32`_.
    // 32-byte nonce value, must only be used once.
    type RefreshMasterSeed = string;
 
+.. ts:def:: RefreshCommitmentHash
+
+    // A refresh commitment corresponding to a call to /melt
+    // This is the Hash over:
+    //   1. refresh_seed
+    //   2. blinding_seed, if provided, skip otherwise
+    //   3. denominations in order
+    //   4. amount_with_fee
+    //   5. κ*n blinded planchet hashes (which include denomination information),
+    //      depths first: [0..n)[0..n)[0..n)
+    type RefreshCommitmentHash = HashCode;
+
 .. ts:def:: BlindingMasterSeed
 
    // 32-byte nonce value, must only be used once.
@@ -1440,8 +1452,8 @@ within the
     struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
     /**
      * Hash over:
-     *   1. refresh_seed (v26)
-     *   2. blinding_seed, if present, skip otherwise
+     *   1. refresh_seed (v27)
+     *   2. the hash over all pairs of R-values if present, skipped otherwise
      *   3. list denomination hashes, in order
      *   4. amount with fee
      *   5. kappa list of n planchets, depths first: [0..n),[0..n),[0..n)
diff --git a/core/api-exchange.rst b/core/api-exchange.rst
@@ -2092,7 +2092,7 @@ Reveal
 ------
 
 .. note::
-   These endpoints are available starting with API version v26.
+   These endpoints are available starting with API version v27.
 
 These endpoints are called by the client
 
@@ -3517,7 +3517,7 @@ the API during normal operation.
 .. http:post:: /melt
 
   .. note::
-    This endpoint will become available starting with version v26 of the API.
+    This endpoint will become available starting with version v27 of the API.
 
   "Melts" a coin.  Invalidates the coins and prepares for exchanging of fresh
   coins.  Taler uses a global parameter ``kappa`` for the cut-and-choose
@@ -3655,7 +3655,7 @@ the API during normal operation.
 .. http:post:: /coins/$COIN_PUB/melt
 
   .. note::
-    This endpoint will become depreciated starting with version v26 of the API.
+    This endpoint will become depreciated starting with version v27 of the API.
     Use ``/melt`` instead, see `melt`_.
 
   "Melts" a coin.  Invalidates the coins and prepares for exchanging of fresh
@@ -3772,7 +3772,7 @@ the API during normal operation.
   .. note::
 
     This endpoint, along with ``/coins/$COIN_PUB/melt``, will become
-    depreciated starting with version v26 of the API.  Instead, use
+    depreciated starting with version v27 of the API.  Instead, use
     ``/melt`` and ``/reveal-melt``, see `melt`_ and `Reveal`_.
 
   Reveal previously committed values to the exchange, except for the values
diff --git a/design-documents/062-pq-refresh.rst b/design-documents/062-pq-refresh.rst
@@ -179,10 +179,11 @@ basically like this (names might change):
    old_coin_sig    BYTEA         old coin's signature over the refresh request
    old_age_com_h   BYTEA         old coin's hash of age commitment, if applicable
    noreveal_index  SMALLINT      the ``γ`` for cut-and-choose, chosen by the exchange
-   h_melted        BYTEA         the hash over *all* blinded coin envelopes ``m[][]``
-   h_revealed      BYTEA         the hash over all *revealed* blinded envelopes ``m[γ][]``
+   melted_h        BYTEA         the hash over *all* blinded coin envelopes ``m[][]``
+   non_revealed_h  BYTEA         the hash over all *non-revealed* blinded envelopes ``m[γ][]``
    refresh_seed    BYTEA         the master seed for the refresh, the ``r`` above
-   cs_r_pubs       BYTEA[]       the chosen public R-Values for CS signatures
+   cs_r_values     BYTEA[]       the pairs of R-Values for CS signatures
+   cs_r_choices    INT8          the bitvector representing the chosen public R-Values
    denom_serials   INT8[]        the row ID's of the denominations in the DB
    denom_sigs      BYTEA[]       the (blinded) denom signatures ``σ[γ][]``
    ==============  ============  ================================================
@@ -267,7 +268,7 @@ Modified melt request structure:
        // ``κ`` arrays of ``n`` entries for blinded coin candidates,
        // each matching the respective entries in ``denoms_h``.
        //
-       // Note: These are essentially the ``m_i`` values in the ``RefreshDerivePQ``
+       // Note: These are essentially the m_i values in the RefreshDeriveBatch
        // function.
        coin_evs: CoinEnvelope[κ][];
 
@@ -290,7 +291,7 @@ TODO: explain /reveal-melt endpoint.
 .. ts:def:: NewMeltRevealRequest
 
    interface NewMeltRevealRequest {
-      // The refresh commitement corresponding to the previous call to /melt
+      // The refresh commitment corresponding to the previous call to /melt
       // This is the Hash over:
       //   1. refresh_seed
       //   2. blinding_seed, if provided, skip otherwise
@@ -298,7 +299,7 @@ TODO: explain /reveal-melt endpoint.
       //   4. amount_with_fee
       //   5. κ*n blinded planchet hashes (which include denomination information),
       //      depths first: [0..n)[0..n)[0..n)
-      rc: HashCode;
+      rc: RefreshCommitmentHash;
 
       // The disclosed κ-1 signatures by the old coin's private key,
       // over Hash1a("Refresh", Cp, r, i), where Cp is the melted coin's public key,