Remove noop migration credentials

src/cred.rs

@@ -25,12 +25,7 @@ pub struct Migration {
 /// Its id is jointly generated by the user and the BA (bridge
 /// authority), but known only to the user.  The level_since date is the
 /// Julian date of when this user was changed to the current trust
-/// level. (P_noopmigration, Q_noopmigration) are the MAC on the
-/// implicit no-op migration credential formed by the attributes (id,
-/// bucket, bucket), which authorizes the user to switch from its
-/// current bucket to the same bucket (i.e., a no-op).  This can be
-/// useful for hiding from the BA whether or not the user is performing
-/// a bucket migration.
+/// level.
 #[derive(Debug)]
 pub struct Lox {
     pub P: RistrettoPoint,
@@ -41,8 +36,6 @@ pub struct Lox {
     pub level_since: Scalar,
     pub invites_remaining: Scalar,
     pub invites_issued: Scalar,
-    pub P_noopmigration: RistrettoPoint,
-    pub Q_noopmigration: RistrettoPoint,
 }
 
 /// The migration key credential.

src/lib.rs

@@ -283,7 +283,7 @@ impl BridgeAuth {
     #[cfg(test)]
     /// Verify the two MACs on a Lox credential
     pub fn verify_lox(&self, cred: &cred::Lox) -> bool {
-        if cred.P.is_identity() || cred.P_noopmigration.is_identity() {
+        if cred.P.is_identity() {
             return false;
         }
 
@@ -296,13 +296,7 @@ impl BridgeAuth {
             + cred.invites_issued * self.lox_priv.x[6])
             * cred.P;
 
-        let Q_noopmigration = (self.migration_priv.x[0]
-            + cred.id * self.migration_priv.x[1]
-            + cred.bucket * self.migration_priv.x[2]
-            + cred.bucket * self.migration_priv.x[3])
-            * cred.P_noopmigration;
-
-        return Q == cred.Q && Q_noopmigration == cred.Q_noopmigration;
+        return Q == cred.Q;
     }
 
     #[cfg(test)]

src/proto/level_up.rs

@@ -143,12 +143,6 @@ pub struct Response {
     TBucket: RistrettoPoint,
     TInvIssued: RistrettoPoint,
 
-    // The fields for the implicit noop migration ("nm") credential
-    P_nm: RistrettoPoint,
-    EncQ_nm: (RistrettoPoint, RistrettoPoint),
-    TId_nm: RistrettoPoint,
-    TBucket_nm: RistrettoPoint,
-
     // The ZKP
     piBlindIssue: CompactProof,
 }
@@ -211,12 +205,9 @@ define_proof! {
     blindissue,
     "Level Upgrade Issuing",
     (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
-     s, b, tid, tbucket, tinvissued,
-     x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
+     s, b, tid, tbucket, tinvissued),
     (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
      Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
-     P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
-     TId_nm, TBucket_nm,
      D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
     (A, B):
     Xid = (xid*A),
@@ -237,18 +228,7 @@ define_proof! {
     EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
     EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
             + tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
-            + xinvremain*Pinvremain),
-    Xid_nm = (xid_nm*A),
-    Xfrom_nm = (xfrom_nm*A),
-    Xto_nm = (xto_nm*A),
-    X0_nm = (x0_nm*B + x0tilde_nm*A),
-    P_nm = (b_nm*B),
-    TId_nm = (b_nm*Xid_nm),
-    TId_nm = (tid_nm*A),
-    TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
-    TBucket_nm = (tbucket_nm*A),
-    EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
-    EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
+            + xinvremain*Pinvremain)
 }
 
 pub fn request(
@@ -782,30 +762,6 @@ impl BridgeAuth {
             EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
         );
 
-        // Now the no-op migration credential
-        // Compute the MAC on the visible attributes (none here)
-        let b_nm = Scalar::random(&mut rng);
-        let P_nm = &b_nm * Btable;
-        let QHc_nm = (self.migration_priv.x[0]) * P_nm;
-
-        // El Gamal encrypt it to the public key req.D
-        let s_nm = Scalar::random(&mut rng);
-        let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
-
-        // Homomorphically compute the part of the MAC corresponding to
-        // the blinded attributes
-        let tid_nm = self.migration_priv.x[1] * b_nm;
-        let TId_nm = &tid_nm * Atable;
-        let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
-        let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
-        let TBucket_nm = &tbucket_nm * Atable;
-        let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
-
-        let EncQ_nm = (
-            EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
-            EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
-        );
-
         let mut transcript = Transcript::new(b"level upgrade issuing");
         let piBlindIssue = blindissue::prove_compact(
             &mut transcript,
@@ -828,15 +784,6 @@ impl BridgeAuth {
                 TId: &TId,
                 TBucket: &TBucket,
                 TInvIssued: &TInvIssued,
-                P_nm: &P_nm,
-                EncQ0_nm: &EncQ_nm.0,
-                EncQ1_nm: &EncQ_nm.1,
-                X0_nm: &self.migration_pub.X[0],
-                Xid_nm: &self.migration_pub.X[1],
-                Xfrom_nm: &self.migration_pub.X[2],
-                Xto_nm: &self.migration_pub.X[3],
-                TId_nm: &TId_nm,
-                TBucket_nm: &TBucket_nm,
                 D: &req.D,
                 EncId0: &EncId.0,
                 EncId1: &EncId.1,
@@ -857,15 +804,6 @@ impl BridgeAuth {
                 tid: &tid,
                 tbucket: &tbucket,
                 tinvissued: &tinvissued,
-                x0_nm: &self.migration_priv.x[0],
-                x0tilde_nm: &self.migration_priv.x0tilde,
-                xid_nm: &self.migration_priv.x[1],
-                xfrom_nm: &self.migration_priv.x[2],
-                xto_nm: &self.migration_priv.x[3],
-                s_nm: &s_nm,
-                b_nm: &b_nm,
-                tid_nm: &tid_nm,
-                tbucket_nm: &tbucket_nm,
             },
         )
         .0;
@@ -878,10 +816,6 @@ impl BridgeAuth {
             TId,
             TBucket,
             TInvIssued,
-            P_nm,
-            EncQ_nm,
-            TId_nm,
-            TBucket_nm,
             piBlindIssue,
         })
     }
@@ -893,13 +827,12 @@ pub fn handle_response(
     state: State,
     resp: Response,
     lox_pub: &IssuerPubKey,
-    migration_pub: &IssuerPubKey,
 ) -> Result<cred::Lox, ProofError> {
     let A: &RistrettoPoint = &CMZ_A;
     let B: &RistrettoPoint = &CMZ_B;
     let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
 
-    if resp.P.is_identity() || resp.P_nm.is_identity() {
+    if resp.P.is_identity() {
         return Err(ProofError::VerificationFailure);
     }
 
@@ -935,15 +868,6 @@ pub fn handle_response(
             TId: &resp.TId.compress(),
             TBucket: &resp.TBucket.compress(),
             TInvIssued: &resp.TInvIssued.compress(),
-            P_nm: &resp.P_nm.compress(),
-            EncQ0_nm: &resp.EncQ_nm.0.compress(),
-            EncQ1_nm: &resp.EncQ_nm.1.compress(),
-            X0_nm: &migration_pub.X[0].compress(),
-            Xid_nm: &migration_pub.X[1].compress(),
-            Xfrom_nm: &migration_pub.X[2].compress(),
-            Xto_nm: &migration_pub.X[3].compress(),
-            TId_nm: &resp.TId_nm.compress(),
-            TBucket_nm: &resp.TBucket_nm.compress(),
             D: &state.D.compress(),
             EncId0: &EncId.0.compress(),
             EncId1: &EncId.1.compress(),
@@ -957,9 +881,6 @@ pub fn handle_response(
     // Decrypt EncQ
     let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
 
-    // Decrypt EncQ_nm
-    let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
-
     Ok(cred::Lox {
         P: resp.P,
         Q,
@@ -969,7 +890,5 @@ pub fn handle_response(
         level_since: resp.level_since,
         invites_remaining: state.invremain,
         invites_issued: state.invissued,
-        P_noopmigration: resp.P_nm,
-        Q_noopmigration: Q_nm,
     })
 }

src/proto/migration.rs

@@ -92,12 +92,6 @@ pub struct Response {
     TId: RistrettoPoint,
     TBucket: RistrettoPoint,
 
-    // The fields for the implicit noop migration ("nm") credential
-    P_nm: RistrettoPoint,
-    EncQ_nm: (RistrettoPoint, RistrettoPoint),
-    TId_nm: RistrettoPoint,
-    TBucket_nm: RistrettoPoint,
-
     // The ZKP
     piBlindIssue: CompactProof,
 }
@@ -133,11 +127,8 @@ define_proof! {
 define_proof! {
     blindissue,
     "Migration Blind Issuing",
-    (x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket,
-     x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
+    (x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket),
     (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Plevel, Psince, TId, TBucket,
-     P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
-     TId_nm, TBucket_nm,
      D, EncId0, EncId1, EncBucket0, EncBucket1),
     (A, B):
     Xid = (xid*A),
@@ -151,18 +142,7 @@ define_proof! {
     TBucket = (b*Xbucket),
     TBucket = (tbucket*A),
     EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0),
-    EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince),
-    Xid_nm = (xid_nm*A),
-    Xfrom_nm = (xfrom_nm*A),
-    Xto_nm = (xto_nm*A),
-    X0_nm = (x0_nm*B + x0tilde_nm*A),
-    P_nm = (b_nm*B),
-    TId_nm = (b_nm*Xid_nm),
-    TId_nm = (tid_nm*A),
-    TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
-    TBucket_nm = (tbucket_nm*A),
-    EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
-    EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
+    EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince)
 }
 
 pub fn request(
@@ -441,30 +421,6 @@ impl BridgeAuth {
             EncQHc.1 + EncQId.1 + EncQBucket.1,
         );
 
-        // Now the no-op migration credential
-        // Compute the MAC on the visible attributes (none here)
-        let b_nm = Scalar::random(&mut rng);
-        let P_nm = &b_nm * Btable;
-        let QHc_nm = (self.migration_priv.x[0]) * P_nm;
-
-        // El Gamal encrypt it to the public key req.D
-        let s_nm = Scalar::random(&mut rng);
-        let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
-
-        // Homomorphically compute the part of the MAC corresponding to
-        // the blinded attributes
-        let tid_nm = self.migration_priv.x[1] * b_nm;
-        let TId_nm = &tid_nm * Atable;
-        let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
-        let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
-        let TBucket_nm = &tbucket_nm * Atable;
-        let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
-
-        let EncQ_nm = (
-            EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
-            EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
-        );
-
         let mut transcript = Transcript::new(b"migration issuing");
         let piBlindIssue = blindissue::prove_compact(
             &mut transcript,
@@ -483,15 +439,6 @@ impl BridgeAuth {
                 Psince: &(level_since * P),
                 TId: &TId,
                 TBucket: &TBucket,
-                P_nm: &P_nm,
-                EncQ0_nm: &EncQ_nm.0,
-                EncQ1_nm: &EncQ_nm.1,
-                X0_nm: &self.migration_pub.X[0],
-                Xid_nm: &self.migration_pub.X[1],
-                Xfrom_nm: &self.migration_pub.X[2],
-                Xto_nm: &self.migration_pub.X[3],
-                TId_nm: &TId_nm,
-                TBucket_nm: &TBucket_nm,
                 D: &req.D,
                 EncId0: &EncId.0,
                 EncId1: &EncId.1,
@@ -507,15 +454,6 @@ impl BridgeAuth {
                 b: &b,
                 tid: &tid,
                 tbucket: &tbucket,
-                x0_nm: &self.migration_priv.x[0],
-                x0tilde_nm: &self.migration_priv.x0tilde,
-                xid_nm: &self.migration_priv.x[1],
-                xfrom_nm: &self.migration_priv.x[2],
-                xto_nm: &self.migration_priv.x[3],
-                s_nm: &s_nm,
-                b_nm: &b_nm,
-                tid_nm: &tid_nm,
-                tbucket_nm: &tbucket_nm,
             },
         )
         .0;
@@ -527,10 +465,6 @@ impl BridgeAuth {
             id_server,
             TId,
             TBucket,
-            P_nm,
-            EncQ_nm,
-            TId_nm,
-            TBucket_nm,
             piBlindIssue,
         })
     }
@@ -542,13 +476,12 @@ pub fn handle_response(
     state: State,
     resp: Response,
     lox_pub: &IssuerPubKey,
-    migration_pub: &IssuerPubKey,
 ) -> Result<cred::Lox, ProofError> {
     let A: &RistrettoPoint = &CMZ_A;
     let B: &RistrettoPoint = &CMZ_B;
     let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
 
-    if resp.P.is_identity() || resp.P_nm.is_identity() {
+    if resp.P.is_identity() {
         return Err(ProofError::VerificationFailure);
     }
 
@@ -581,15 +514,6 @@ pub fn handle_response(
             Psince: &(resp.level_since * resp.P).compress(),
             TId: &resp.TId.compress(),
             TBucket: &resp.TBucket.compress(),
-            P_nm: &resp.P_nm.compress(),
-            EncQ0_nm: &resp.EncQ_nm.0.compress(),
-            EncQ1_nm: &resp.EncQ_nm.1.compress(),
-            X0_nm: &migration_pub.X[0].compress(),
-            Xid_nm: &migration_pub.X[1].compress(),
-            Xfrom_nm: &migration_pub.X[2].compress(),
-            Xto_nm: &migration_pub.X[3].compress(),
-            TId_nm: &resp.TId_nm.compress(),
-            TBucket_nm: &resp.TBucket_nm.compress(),
             D: &state.D.compress(),
             EncId0: &EncId.0.compress(),
             EncId1: &EncId.1.compress(),
@@ -601,9 +525,6 @@ pub fn handle_response(
     // Decrypt EncQ
     let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
 
-    // Decrypt EncQ_nm
-    let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
-
     Ok(cred::Lox {
         P: resp.P,
         Q,
@@ -613,7 +534,5 @@ pub fn handle_response(
         level_since: resp.level_since,
         invites_remaining: Scalar::zero(),
         invites_issued: Scalar::zero(),
-        P_noopmigration: resp.P_nm,
-        Q_noopmigration: Q_nm,
     })
 }

src/proto/open_invite.rs

@@ -54,9 +54,6 @@ pub struct Response {
     TId: RistrettoPoint,
     bucket: Scalar,
     level_since: Scalar,
-    P_noopmigration: RistrettoPoint,
-    EncQ_noopmigration: (RistrettoPoint, RistrettoPoint),
-    TId_noopmigration: RistrettoPoint,
     piBlindIssue: CompactProof,
 }
 
@@ -76,11 +73,8 @@ define_proof! {
 define_proof! {
     blindissue,
     "Open Invitation Blind Issuing",
-    (x0, x0tilde, xid, xbucket, xsince, s, b, tid,
-     x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm),
+    (x0, x0tilde, xid, xbucket, xsince, s, b, tid),
     (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xsince, Pbucket, Psince, TId,
-     P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
-     Pbucket_nm, TId_nm,
      D, EncId0, EncId1),
     (A, B) :
     Xid = (xid*A),
@@ -91,16 +85,7 @@ define_proof! {
     TId = (b*Xid),
     TId = (tid*A),
     EncQ0 = (s*B + tid*EncId0),
-    EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince),
-    Xid_nm = (xid_nm*A),
-    Xfrom_nm = (xfrom_nm*A),
-    Xto_nm = (xto_nm*A),
-    X0_nm = (x0_nm*B + x0tilde_nm*A),
-    P_nm = (b_nm*B),
-    TId_nm = (b_nm*Xid_nm),
-    TId_nm = (tid_nm*A),
-    EncQ0_nm = (s_nm*B + tid_nm*EncId0),
-    EncQ1_nm = (s_nm*D + tid_nm*EncId1 + x0_nm*P_nm + xfrom_nm*Pbucket_nm + xto_nm*Pbucket_nm)
+    EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince)
 }
 
 /// Submit an open invitation issued by the BridgeDb to receive your
@@ -229,33 +214,6 @@ impl BridgeAuth {
 
         let EncQ = (EncQHc.0 + EncQId.0, EncQHc.1 + EncQId.1);
 
-        // Now the no-op migration credential
-        // Compute the MAC on the visible attributes
-        let b_noopmigration = Scalar::random(&mut rng);
-        let P_noopmigration = &b_noopmigration * Btable;
-        let QHc_noopmigration = (self.migration_priv.x[0]
-            + self.migration_priv.x[2] * bucket
-            + self.migration_priv.x[3] * bucket)
-            * P_noopmigration;
-
-        // El Gamal encrypt it to the public key req.D
-        let s_noopmigration = Scalar::random(&mut rng);
-        let EncQHc_noopmigration = (
-            &s_noopmigration * Btable,
-            QHc_noopmigration + s_noopmigration * req.D,
-        );
-
-        // Homomorphically compute the part of the MAC corresponding to
-        // the blinded id attribute
-        let tid_noopmigration = self.migration_priv.x[1] * b_noopmigration;
-        let TId_noopmigration = &tid_noopmigration * Atable;
-        let EncQId_noopmigration = (tid_noopmigration * EncId.0, tid_noopmigration * EncId.1);
-
-        let EncQ_noopmigration = (
-            EncQHc_noopmigration.0 + EncQId_noopmigration.0,
-            EncQHc_noopmigration.1 + EncQId_noopmigration.1,
-        );
-
         let mut transcript = Transcript::new(b"open invite issuing");
         let piBlindIssue = blindissue::prove_compact(
             &mut transcript,
@@ -272,15 +230,6 @@ impl BridgeAuth {
                 Pbucket: &(bucket * P),
                 Psince: &(level_since * P),
                 TId: &TId,
-                P_nm: &P_noopmigration,
-                EncQ0_nm: &EncQ_noopmigration.0,
-                EncQ1_nm: &EncQ_noopmigration.1,
-                X0_nm: &self.migration_pub.X[0],
-                Xid_nm: &self.migration_pub.X[1],
-                Xfrom_nm: &self.migration_pub.X[2],
-                Xto_nm: &self.migration_pub.X[3],
-                Pbucket_nm: &(bucket * P_noopmigration),
-                TId_nm: &TId_noopmigration,
                 D: &req.D,
                 EncId0: &EncId.0,
                 EncId1: &EncId.1,
@@ -292,14 +241,6 @@ impl BridgeAuth {
                 s: &s,
                 b: &b,
                 tid: &tid,
-                x0_nm: &self.migration_priv.x[0],
-                x0tilde_nm: &self.migration_priv.x0tilde,
-                xid_nm: &self.migration_priv.x[1],
-                xfrom_nm: &self.migration_priv.x[2],
-                xto_nm: &self.migration_priv.x[3],
-                s_nm: &s_noopmigration,
-                b_nm: &b_noopmigration,
-                tid_nm: &tid_noopmigration,
             },
         )
         .0;
@@ -311,9 +252,6 @@ impl BridgeAuth {
             TId,
             bucket,
             level_since,
-            P_noopmigration,
-            EncQ_noopmigration,
-            TId_noopmigration,
             piBlindIssue,
         })
     }
@@ -325,13 +263,12 @@ pub fn handle_response(
     state: State,
     resp: Response,
     lox_pub: &IssuerPubKey,
-    migration_pub: &IssuerPubKey,
 ) -> Result<cred::Lox, ProofError> {
     let A: &RistrettoPoint = &CMZ_A;
     let B: &RistrettoPoint = &CMZ_B;
     let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
 
-    if resp.P.is_identity() || resp.P_noopmigration.is_identity() {
+    if resp.P.is_identity() {
         return Err(ProofError::VerificationFailure);
     }
 
@@ -361,15 +298,6 @@ pub fn handle_response(
             Pbucket: &(resp.bucket * resp.P).compress(),
             Psince: &(resp.level_since * resp.P).compress(),
             TId: &resp.TId.compress(),
-            P_nm: &resp.P_noopmigration.compress(),
-            EncQ0_nm: &resp.EncQ_noopmigration.0.compress(),
-            EncQ1_nm: &resp.EncQ_noopmigration.1.compress(),
-            X0_nm: &migration_pub.X[0].compress(),
-            Xid_nm: &migration_pub.X[1].compress(),
-            Xfrom_nm: &migration_pub.X[2].compress(),
-            Xto_nm: &migration_pub.X[3].compress(),
-            Pbucket_nm: &(resp.bucket * resp.P_noopmigration).compress(),
-            TId_nm: &resp.TId_noopmigration.compress(),
             D: &state.D.compress(),
             EncId0: &EncId.0.compress(),
             EncId1: &EncId.1.compress(),
@@ -379,9 +307,6 @@ pub fn handle_response(
     // Decrypt EncQ
     let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
 
-    // Decrypt EncQ_noopmigration
-    let Q_noopmigration = resp.EncQ_noopmigration.1 - (state.d * resp.EncQ_noopmigration.0);
-
     Ok(cred::Lox {
         P: resp.P,
         Q,
@@ -391,7 +316,5 @@ pub fn handle_response(
         level_since: resp.level_since,
         invites_remaining: Scalar::zero(),
         invites_issued: Scalar::zero(),
-        P_noopmigration: resp.P_noopmigration,
-        Q_noopmigration,
     })
 }

src/tests.rs

@@ -36,7 +36,7 @@ fn test_open_invite() {
     // Use it to get a Lox credential
     let (req, state) = open_invite::request(&inv);
     let resp = ba.handle_open_invite(req).unwrap();
-    let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
+    let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
 
     // Check that we can use the credential to read a bucket
     let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
@@ -89,7 +89,7 @@ fn trust_promotion(bdb: &BridgeDb, ba: &mut BridgeAuth) -> (cred::Lox, cred::Mig
     // Use it to get a Lox credential
     let (req, state) = open_invite::request(&inv);
     let resp = ba.handle_open_invite(req).unwrap();
-    let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
+    let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
     assert!(ba.verify_lox(&cred));
 
     // Time passes
@@ -125,8 +125,7 @@ fn level0_migration(bdb: &BridgeDb, ba: &mut BridgeAuth) -> cred::Lox {
     let (migreq, migstate) =
         migration::request(&loxcred, &migcred, &ba.lox_pub, &ba.migration_pub).unwrap();
     let migresp = ba.handle_migration(migreq).unwrap();
-    let newloxcred =
-        migration::handle_response(migstate, migresp, &ba.lox_pub, &ba.migration_pub).unwrap();
+    let newloxcred = migration::handle_response(migstate, migresp, &ba.lox_pub).unwrap();
     newloxcred
 }
 
@@ -167,7 +166,7 @@ fn level_up(ba: &mut BridgeAuth, cred: &cred::Lox) -> cred::Lox {
     )
     .unwrap();
     let resp = ba.handle_level_up(req).unwrap();
-    let cred = level_up::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
+    let cred = level_up::handle_response(state, resp, &ba.lox_pub).unwrap();
     cred
 }