taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE

post-reveal-withdraw.rst (4252B)

      1 .. http:post:: /reveal-withdraw
      2 
      3   Reveal previously committed values to the exchange, except for the values
      4   corresponding to the ``noreveal_index`` returned by the ``/withdraw`` step.
      5 
      6   The base URL for ``/reveal-withdraw``-request may differ from the main base URL of
      7   the exchange. Clients SHOULD respect the ``reveal_base_url`` returned for the
      8   coin during melt operations. The exchange MUST return a
      9   307 or 308 redirection to the correct base URL if the client failed to
     10   respect the ``reveal_base_url`` or if the allocation has changed.
     11 
     12   The request body is a `RevealWithdrawRequest`.
     13 
     14   This endpoint was introduced in this form in protocol **v32**.
     15 
     16   :http:statuscode:`200 OK`:
     17     The coin's' secret material matched the commitment and the original request was well-formed.
     18     The response body is a `RevealResponse`.
     19   :http:statuscode:`404 Not found`:
     20     The provided commitment $RCH is unknown.
     21   :http:statuscode:`409 Conflict`:
     22     There is a problem between the original commitment and the revealed secret data.
     23     The returned information is proof of the mismatch,
     24     and therefore rather verbose, as it includes most of the original /withdraw request,
     25     but of course expected to be primarily used for diagnostics.
     26 
     27     The response body is a `RevealConflictResponse`.
     28 
     29     The following specific error codes can be returned:
     30 
     31     - An age commitment for at least one of the coins did not fulfill the
     32       required maximum age requirement of the corresponding reserve.
     33       Error code:
     34       ``TALER_EC_EXCHANGE_GENERIC_COIN_AGE_REQUIREMENT_FAILURE``.
     35     - The computation of the hash of the commitment with provided input does
     36       result in the value of field ``h_commitment``.
     37       Error code:
     38       ``TALER_EC_EXCHANGE_AGE_WITHDRAW_REVEAL_INVALID_HASH``
     39 
     40   **Details:**
     41 
     42   Request body for a ``reveal-withdraw`` request
     43   contains a JSON object with the following fields:
     44 
     45   .. ts:def:: RevealWithdrawRequest
     46 
     47     interface RevealWithdrawRequest {
     48       // The reserve's public key from the previous call to /withdraw.
     49       reserve_pub: string;
     50 
     51       // This is the h_planchets running hash of all blinded planchets
     52       // from the previous call to /withdraw.
     53       h_planchets: string;
     54 
     55       // Array of ``(kappa - 1)`` disclosed batch secrets,
     56       // from which for each of the n coins in a batch
     57       // their coin master secret is derived,
     58       // from which in turn their private key,
     59       // blinding, nonce (for Clause-Schnorr) and
     60       // age-restriction is calculated.
     61       disclosed_batch_seeds: AgeRestrictedPlanchetSeed[];
     62 
     63     }
     64 
     65   .. ts:def:: AgeRestrictedPlanchetSeed
     66 
     67     // The master seed material from which for n coins in a batch,
     68     // each the coins' private key ``coin_priv``,  blinding ``beta``
     69     // and nonce ``nonce`` (for Clause-Schnorr) itself are
     70     // derived as usually in wallet-core.  Given a coin's master key material,
     71     // the age commitment for the coin MUST be derived from this private key as
     72     // follows:
     73     //
     74     // Let m ∈  {1,...,M} be the maximum age group as defined in the reserve
     75     // that the wallet can commit to.
     76     //
     77     // For age group $AG ∈  {1,...m}, set
     78     //     seed = HDKF(coin_secret, "age-commitment", $AG)
     79     //   p[$AG] = Edx25519_generate_private(seed)
     80     // and calculate the corresponding Edx25519PublicKey as
     81     //   q[$AG] = Edx25519_public_from_private(p[$AG])
     82     //
     83     // For age groups $AG ∈  {m+1,...,M}, set
     84     //   f[$AG] = HDKF(coin_secret, "age-factor", $AG)
     85     // and calculate the corresponding Edx25519PublicKey as
     86     //   q[$AG] = Edx25519_derive_public(`PublishedAgeRestrictionBaseKey`, f[$AG])
     87     //
     88     type AgeRestrictedPlanchetSeed = string;
     89 
     90   .. ts:def:: PublishedAgeRestrictionBaseKey
     91 
     92     // The value for ``PublishedAgeRestrictionBaseKey`` is a randomly chosen
     93     // `Edx25519PublicKey` for which the private key is not known to the clients.  It is
     94     // used during the age-withdraw protocol so that clients can prove that they
     95     // derived all public keys to age groups higher than their allowed maximum
     96     // from this particular value.
     97     const PublishedAgeRestrictionBaseKey =
     98         new Edx25519PublicKey("CH0VKFDZ2GWRWHQBBGEK9MWV5YDQVJ0RXEE0KYT3NMB69F0R96TG");