[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] 10/15: clearity in age withdraw reveal optimization
From: |
gnunet |
Subject: |
[taler-docs] 10/15: clearity in age withdraw reveal optimization |
Date: |
Wed, 11 Jan 2023 17:27:42 +0100 |
This is an automated email from the git hooks/post-receive script.
oec pushed a commit to branch master
in repository docs.
commit 3270cce0d6a2c0ea0e8696519c967d56dd7b7fd0
Author: Özgür Kesim <oec-taler@kesim.org>
AuthorDate: Tue Jan 10 18:51:36 2023 +0100
clearity in age withdraw reveal optimization
---
design-documents/024-age-restriction.rst | 45 ++++++++++++++++----------------
1 file changed, 22 insertions(+), 23 deletions(-)
diff --git a/design-documents/024-age-restriction.rst
b/design-documents/024-age-restriction.rst
index ae3874c..3d743e4 100644
--- a/design-documents/024-age-restriction.rst
+++ b/design-documents/024-age-restriction.rst
@@ -376,45 +376,44 @@ The *actual* implementation of the protocol above will
have a major optimization
to keep the bandwidth usage to a minimum. Instead of generating and sending
the age commitment (array of public keys) and blindings for each coin, the
wallet *MUST* derive the corresponding blindings and the age commitments from
-the coin's private key :math:`c_s` itself as follows:
+the coin's private key itself as follows:
-Let :math:`m \in \{1,\ldots,M\}` be the maximum age (according to the reserve)
-that a wallet can commit to during the withdrawal.
+Let
-Calculate the blinding :math:`\beta` for the coin as
+- :math:`c_s` be the private key of the coin,
+- :math:`m \in \{1,\ldots,M\}` be the maximum age (according to the reserve)
+ that a wallet can commit to during the withdrawal.
+- :math:`P` be a published constant Edx25519-public-key to which the private
+ key is not known to any client.
-.. math::
- \beta &:= \text{HKDF}(c_s, \text{"blinding"})
-For age group :math:`a \in \{1,\ldots,m\}`, set
+Then calculate the blinding :math:`\beta` for the coin as
.. math::
- s_a &:= \text{HDKF}(c_s, \text{"age-commitment"}, a) \\
- p_a &:= \text{Edx25519\_generate\_private}(s_a)
-
-
-and calculate the corresponding Edx25519PublicKey as
+ \beta &:= \text{HKDF}(c_s, \text{"blinding"})
-.. math::
- q_a &:= \text{Edx25519\_public\_from\_private}(p_a)
+For the age commitment, calculate:
-For age group :math:`a \in \{m,\ldots,M\}`, set
+1. For age group :math:`a \in \{1,\ldots,m\}`, set
.. math::
- f_a &:= \text{HDKF}(c_s, \text{"age-factor"}, a)
+ s_a &:= \text{HDKF}(c_s, \text{"age-commitment"}, a) \\
+ p_a &:= \text{Edx25519\_generate\_private}(s_a) \\
+ q_a &:= \text{Edx25519\_public\_from\_private}(p_a)
-and calculate the corresponding Edx25519PublicKey as
+2. For age group :math:`a \in \{m,\ldots,M\}`, set
.. math::
- q_a &:= \text{Edx25519\_derive\_public}(P, f_a),
+ f_a &:= \text{HDKF}(c_s, \text{"age-factor"}, a) \\
+ q_a &:= \text{Edx25519\_derive\_public}(P, f_a).
-where :math:`P` is a published constant public key, for which the private key
-is not known to the client.
+Then the vector :math:`\vec{q} = \{q_1,\ldots,q_M\}` is then the age commitment
+associated to private key :math:`c_s`.
-Provided with the private key :math:`c_s`, ghe exchange can therefore
calculate the
-age commitment :math:`\vec{q}` itself, along with the coin's public key
-:math:`C_p` and use the value of
+Provided with the private key :math:`c_s`, the exchange can therefore calculate
+the blinding :math:`\beta` and the age commitment :math:`\vec{q}` itself, along
+with the coin's public key :math:`C_p` and use the value of
.. math::
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-docs] branch master updated (d101a65 -> 4e9f6c1), gnunet, 2023/01/11
- [taler-docs] 01/15: added withdraw with age restriction and reveal, gnunet, 2023/01/11
- [taler-docs] 09/15: added derivation of blinding from private key, gnunet, 2023/01/11
- [taler-docs] 03/15: fix some syntax issues, gnunet, 2023/01/11
- [taler-docs] 02/15: fix # of disclosed coins -> [n][kappa-1] array, gnunet, 2023/01/11
- [taler-docs] 14/15: added description of how to derive cs-nonce from the coin_priv for withdraw-age, gnunet, 2023/01/11
- [taler-docs] 10/15: clearity in age withdraw reveal optimization,
gnunet <=
- [taler-docs] 06/15: finalizing age-withdraw api, gnunet, 2023/01/11
- [taler-docs] 04/15: redo withdraw with age restriction, gnunet, 2023/01/11
- [taler-docs] 12/15: -rename id field in table, gnunet, 2023/01/11
- [taler-docs] 05/15: added ReserveAgeWithdrawTransaction to the history of a reserve, gnunet, 2023/01/11
- [taler-docs] 11/15: -mention the private keys of the derived age commitments, gnunet, 2023/01/11
- [taler-docs] 13/15: added max_age_group to the withdraw-age request, made it signed by the reserve_priv, and put into the database schema, gnunet, 2023/01/11
- [taler-docs] 07/15: -rename field in age-withdraw history, gnunet, 2023/01/11
- [taler-docs] 08/15: added description of optimization and DB-schema, gnunet, 2023/01/11
- [taler-docs] 15/15: Merge branch 'age-restriction', gnunet, 2023/01/11