commit e9956a3c47d77205328b4bb3dd8f74eefc48f9b5
parent f708dd78c20eb54870650e63acfa519d7b819672
Author: Özgür Kesim <oec-taler@kesim.org>
Date: Fri, 15 Oct 2021 11:36:32 +0200
added changes to melting phase of refresh
Diffstat:
1 file changed, 37 insertions(+), 3 deletions(-)
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
@@ -193,11 +193,45 @@ can not be expressed reliably with SQL.
Protocol changes
----------------
-Refresh
-~~~~~~~
+Refresh - melting phase
+~~~~~~~~~~~~~~~~~~~~~~~
During the melting phase of the refresh, the wallet has to present the hash
-value of the age commitment (for denominations with support for age restriction).
+value of the age commitment (for denominations with support for age
+restriction). Therefore, in the ``/coins/$COIN_PUB/melt`` POST request, the
+``MeltRequest`` object is extended with an optional field
+``age_commitment_hash``:
+
+.. ts:def:: MeltRequest {
+ ...
+
+ // SHA512 hash of the age commitment of the coin, IFF the denomination
+ // has age restriction support. MUST be NULL otherwise.
+ age_commitment_hash?: HashCode;
+
+ ...
+ }
+
+The responses to the POST request remain the same.
+
+For denominations *without* support for age restriction, the calculation for
+the signature check is as before (borrowing notation from Florian's thesis):
+
+.. math::
+ \text{FDH}(N_0, C_p^{(0)})\; \stackrel{?}{=}\; \left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
+
+For denominations **with** support for age restriction, the exchange takes the
+hash value ``age_commitment_hash`` (abbreviated as h\ :sub:`a`) into account
+when verifying the coin's signature:
+
+.. math::
+ \text{FDH}(N_0, C_p^{(0)}, \color{blue}{\text{\textbf{h_a}}})\;\stackrel{?}{=}\; \left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
+
+
+
+
+Refresh - reveal phase
+~~~~~~~~~~~~~~~~~~~~~~
TODO: Extension of the cut'n-choose-protocol.
