[taler-docs] branch master updated (1b86a2e -> 6937cb3)

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated (1b86a2e -> 6937cb3)

From:	gnunet
Subject:	[taler-docs] branch master updated (1b86a2e -> 6937cb3)
Date:	Sat, 16 Oct 2021 11:40:01 +0200

This is an automated email from the git hooks/post-receive script.

oec pushed a change to branch master
in repository docs.

    from 1b86a2e  fix spinx compile issues
     new e170b87  clearify response when last_issue_date is given
     new 6937cb3  general ideas layed out, start reveal phase

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 design-documents/024-age-restriction.rst | 81 +++++++++++++++++++++++++++++---
 1 file changed, 75 insertions(+), 6 deletions(-)

diff --git a/design-documents/024-age-restriction.rst 
b/design-documents/024-age-restriction.rst
index e2eb44a..7509d3d 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -62,11 +62,44 @@ to stick to that decision until the support for age 
restriction is disabled.
 We might reconsider this design decision at some point.
 
 
-Building Blocks
-^^^^^^^^^^^^^^^
+Main ideas and building blocks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The main ideas are simple:
+
+#. The exchange defines and publishes M different *age groups* of increasing 
order:
+   :math:`0 < a_1 < \ldots < a_M` with :math:`a_i \in \mathbb{N}`.
+
+#. An **unrestricted** *age commitment* is defined as a vector of length M of
+   pairs of EdDSA public and private keys on Curve25519. In other words: one
+   key pair for each age group:
+   :math:`\bigl\langle (p_1, s_1), \ldots, (p_M, s_M) \bigr\rangle`
+
+#. A **restricted** *age commitment* **to age m** is derived from an 
unrestricted age
+   commitment by removing all private keys for indices larger than m:
+   :math:`\bigl\langle (p_1, s_1), \ldots, (p_m, s_m), \, (p_{m+1}, \perp), 
\ldots, (p_M, \perp )\bigr\rangle`
+
+#. An *age commitment* (without prefix) is just the vector of public keys:
+   :math:`\langle p_1, \ldots, p_M \rangle`.  Note that from just the age
+   commitment one can not deduce if it was originated from an unrestricted or
+   restricted age commitment (and what age).
+
+#. An *attestation of age group k* is essentially the act of signing a message
+   with the private key for slot k, if the corresponding private key is
+   available in a restricted age commitment.  (Unrestricted age commitments
+   can attest for any age group).
+
+#. An age commitment is *bound to a particular coin* by incorporating the
+   SHA512 hash value of the age commitment (i.e. the M public keys) into the
+   signature of the coin.  So instead of using :math:`\text{FDH}_N(C_p)` (with
+   :math:`C_p` being the public key of the coin), we calculate 
+   :math:`\text{FDH}_N(C_p, h_a)`, where :math:`h_a` is the
+   hash of the age commitment.
+
 
 TODO: Summarize the design based on the five functions ``Commit()``,
-``Attest()``, ``Verify()``, ``Derive()``, ``Compare()``.
+``Attest()``, ``Verify()``, ``Derive()``, ``Compare()``, once the paper from
+Özgür and Christian is published.
 
 
 Changes in the Exchange
@@ -119,6 +152,7 @@ additional field ``age_restricted_denoms``.  This is an 
*additional* list of
 denominations that must be used for during modified ``refresh`` and ``deposit``
 operations (see below).
 
+
 The data structure for those denominations is the same as for the regular ones
 in ``ExchangeKeysResponse.denoms``.  **However**, the following differences
 apply for each denomination in the list:
@@ -131,6 +165,11 @@ apply for each denomination in the list:
 2. The value of ``TALER_DenominationKeyValidityPS.purpose`` is set to
    ``TALER_SIGNATURE_MASTER_AGE_RESTRICTED_DENOMINATION_KEY_VALIDITY``.
 
+And similar to ``.denoms``, if the query parameter ``last_issue_date`` was
+provided by the client, the exchange will only return the keys that have
+changed since the given timestamp.
+
+
 .. ts:def:: ExchangeKeysResponse
 
    interface ExchangeKeysResponse {
@@ -152,6 +191,10 @@ apply for each denomination in the list:
    //
    //  2. The value of ``TALER_DenominationKeyValidityPS.purpose`` is set to
    //     ``TALER_SIGNATURE_MASTER_AGE_RESTRICTED_DENOMINATION_KEY_VALIDITY``
+   //
+   // Similar as for ``.denoms``, if the query parameter ``last_issue_date``
+   // was provided by the client, the exchange will only return the keys that
+   // have changed since the given timestamp.
    age_restricted_denoms: Denom[];
 
    //...
@@ -218,7 +261,8 @@ restriction).  Therefore, in the ``/coins/$COIN_PUB/melt`` 
POST request, the
 The responses to the POST request remain the same.
 
 For denominations *without* support for age restriction, the calculation for
-the signature check is as before (borrowing notation from Florian's thesis):
+the signature check is as before (borrowing notation from 
+`Florian's thesis <https://taler.net/papers/thesis-dold-phd-2019.pdf>`_):
 
 .. math::
    \text{FDH}(N_0, C_p^{(0)})\; \stackrel{?}{=}\; 
\left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
@@ -228,7 +272,7 @@ hash value ``age_commitment_hash`` (abbreviated as h\ 
:sub:`a`) into account
 when verifying the coin's signature:
 
 .. math::
-   \text{FDH}(N_0, C_p^{(0)}, h_a)\; \stackrel{?}{=}\; 
\left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
+   \text{FDH}(N_0, \langle C_p^{(0)}, h_a \rangle )\; \stackrel{?}{=}\; 
\left(\sigma_C^{(0)}\right)^{e_0} \;\;\text{mod}\,N_0
 
 
 
@@ -236,7 +280,32 @@ when verifying the coin's signature:
 Refresh - reveal phase
 ~~~~~~~~~~~~~~~~~~~~~~
 
-TODO: Extension of the cut'n-choose-protocol.
+During the reveal phase -- that is upon POST to ``/refreshes/$RCH/reveal`` --
+the client has to provide the original age commitment of the old coin (i.e. the
+vector of public keys), iff the corresponding denomination had support for age
+restriction.  The size of the vector ist defined by the Exchange implictely as
+the amount of age groups defined in the field ``.age_groups`` of the
+``ExtensionAgeRestriction``.
+
+.. ts:def:: RevealRequest
+   
+   interface RevealRequest {
+      ...
+
+      // Iff the corresponding denomination has support for age restriction,
+      // the client MUST provide the original age commitment, i.e. the vector
+      // of public keys.
+      // The size of the vector ist defined by the Exchange implictely as the
+      // amount of age groups defined in the field ``.age_groups`` of the
+      // ``ExtensionAgeRestriction``.
+      old_age_commitment?: EddsaPublicKey[];
+
+      
+      ...
+   }
+
+TODO: describe how the exchange derives the κ-1 other age-restriction vectors
+and compares them to the one in ``.old_age_commitment``.
 
 
 Deposit

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-docs] branch master updated (1b86a2e -> 6937cb3), gnunet <=
- [taler-docs] 01/02: clearify response when last_issue_date is given, gnunet, 2021/10/16
- [taler-docs] 02/02: general ideas layed out, start reveal phase, gnunet, 2021/10/16

Prev by Date: [taler-docs] 02/02: general ideas layed out, start reveal phase
Next by Date: [libmicrohttpd] branch master updated: MHD_del_response_header(): documented new behaviors
Previous by thread: [taler-exchange] branch master updated: add KYC logic for /deposit handling (DB part incomplete)
Next by thread: [taler-docs] 01/02: clearify response when last_issue_date is given
Index(es):
- Date
- Thread