|
@@ -143,12 +143,6 @@ pub struct Response {
|
|
|
TBucket: RistrettoPoint,
|
|
|
TInvIssued: RistrettoPoint,
|
|
|
|
|
|
- // The fields for the implicit noop migration ("nm") credential
|
|
|
- P_nm: RistrettoPoint,
|
|
|
- EncQ_nm: (RistrettoPoint, RistrettoPoint),
|
|
|
- TId_nm: RistrettoPoint,
|
|
|
- TBucket_nm: RistrettoPoint,
|
|
|
-
|
|
|
// The ZKP
|
|
|
piBlindIssue: CompactProof,
|
|
|
}
|
|
@@ -211,12 +205,9 @@ define_proof! {
|
|
|
blindissue,
|
|
|
"Level Upgrade Issuing",
|
|
|
(x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
|
|
|
- s, b, tid, tbucket, tinvissued,
|
|
|
- x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
|
|
|
+ s, b, tid, tbucket, tinvissued),
|
|
|
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
|
|
|
Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
|
|
|
- P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
|
|
|
- TId_nm, TBucket_nm,
|
|
|
D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
|
|
|
(A, B):
|
|
|
Xid = (xid*A),
|
|
@@ -237,18 +228,7 @@ define_proof! {
|
|
|
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
|
|
|
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
|
|
|
+ tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
|
|
|
- + xinvremain*Pinvremain),
|
|
|
- Xid_nm = (xid_nm*A),
|
|
|
- Xfrom_nm = (xfrom_nm*A),
|
|
|
- Xto_nm = (xto_nm*A),
|
|
|
- X0_nm = (x0_nm*B + x0tilde_nm*A),
|
|
|
- P_nm = (b_nm*B),
|
|
|
- TId_nm = (b_nm*Xid_nm),
|
|
|
- TId_nm = (tid_nm*A),
|
|
|
- TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
|
|
|
- TBucket_nm = (tbucket_nm*A),
|
|
|
- EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
|
|
|
- EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
|
|
|
+ + xinvremain*Pinvremain)
|
|
|
}
|
|
|
|
|
|
pub fn request(
|
|
@@ -782,30 +762,6 @@ impl BridgeAuth {
|
|
|
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
|
|
|
);
|
|
|
|
|
|
- // Now the no-op migration credential
|
|
|
- // Compute the MAC on the visible attributes (none here)
|
|
|
- let b_nm = Scalar::random(&mut rng);
|
|
|
- let P_nm = &b_nm * Btable;
|
|
|
- let QHc_nm = (self.migration_priv.x[0]) * P_nm;
|
|
|
-
|
|
|
- // El Gamal encrypt it to the public key req.D
|
|
|
- let s_nm = Scalar::random(&mut rng);
|
|
|
- let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
|
|
|
-
|
|
|
- // Homomorphically compute the part of the MAC corresponding to
|
|
|
- // the blinded attributes
|
|
|
- let tid_nm = self.migration_priv.x[1] * b_nm;
|
|
|
- let TId_nm = &tid_nm * Atable;
|
|
|
- let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
|
|
|
- let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
|
|
|
- let TBucket_nm = &tbucket_nm * Atable;
|
|
|
- let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
|
|
|
-
|
|
|
- let EncQ_nm = (
|
|
|
- EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
|
|
|
- EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
|
|
|
- );
|
|
|
-
|
|
|
let mut transcript = Transcript::new(b"level upgrade issuing");
|
|
|
let piBlindIssue = blindissue::prove_compact(
|
|
|
&mut transcript,
|
|
@@ -828,15 +784,6 @@ impl BridgeAuth {
|
|
|
TId: &TId,
|
|
|
TBucket: &TBucket,
|
|
|
TInvIssued: &TInvIssued,
|
|
|
- P_nm: &P_nm,
|
|
|
- EncQ0_nm: &EncQ_nm.0,
|
|
|
- EncQ1_nm: &EncQ_nm.1,
|
|
|
- X0_nm: &self.migration_pub.X[0],
|
|
|
- Xid_nm: &self.migration_pub.X[1],
|
|
|
- Xfrom_nm: &self.migration_pub.X[2],
|
|
|
- Xto_nm: &self.migration_pub.X[3],
|
|
|
- TId_nm: &TId_nm,
|
|
|
- TBucket_nm: &TBucket_nm,
|
|
|
D: &req.D,
|
|
|
EncId0: &EncId.0,
|
|
|
EncId1: &EncId.1,
|
|
@@ -857,15 +804,6 @@ impl BridgeAuth {
|
|
|
tid: &tid,
|
|
|
tbucket: &tbucket,
|
|
|
tinvissued: &tinvissued,
|
|
|
- x0_nm: &self.migration_priv.x[0],
|
|
|
- x0tilde_nm: &self.migration_priv.x0tilde,
|
|
|
- xid_nm: &self.migration_priv.x[1],
|
|
|
- xfrom_nm: &self.migration_priv.x[2],
|
|
|
- xto_nm: &self.migration_priv.x[3],
|
|
|
- s_nm: &s_nm,
|
|
|
- b_nm: &b_nm,
|
|
|
- tid_nm: &tid_nm,
|
|
|
- tbucket_nm: &tbucket_nm,
|
|
|
},
|
|
|
)
|
|
|
.0;
|
|
@@ -878,10 +816,6 @@ impl BridgeAuth {
|
|
|
TId,
|
|
|
TBucket,
|
|
|
TInvIssued,
|
|
|
- P_nm,
|
|
|
- EncQ_nm,
|
|
|
- TId_nm,
|
|
|
- TBucket_nm,
|
|
|
piBlindIssue,
|
|
|
})
|
|
|
}
|
|
@@ -893,13 +827,12 @@ pub fn handle_response(
|
|
|
state: State,
|
|
|
resp: Response,
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
- migration_pub: &IssuerPubKey,
|
|
|
) -> Result<cred::Lox, ProofError> {
|
|
|
let A: &RistrettoPoint = &CMZ_A;
|
|
|
let B: &RistrettoPoint = &CMZ_B;
|
|
|
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
|
|
|
|
|
|
- if resp.P.is_identity() || resp.P_nm.is_identity() {
|
|
|
+ if resp.P.is_identity() {
|
|
|
return Err(ProofError::VerificationFailure);
|
|
|
}
|
|
|
|
|
@@ -935,15 +868,6 @@ pub fn handle_response(
|
|
|
TId: &resp.TId.compress(),
|
|
|
TBucket: &resp.TBucket.compress(),
|
|
|
TInvIssued: &resp.TInvIssued.compress(),
|
|
|
- P_nm: &resp.P_nm.compress(),
|
|
|
- EncQ0_nm: &resp.EncQ_nm.0.compress(),
|
|
|
- EncQ1_nm: &resp.EncQ_nm.1.compress(),
|
|
|
- X0_nm: &migration_pub.X[0].compress(),
|
|
|
- Xid_nm: &migration_pub.X[1].compress(),
|
|
|
- Xfrom_nm: &migration_pub.X[2].compress(),
|
|
|
- Xto_nm: &migration_pub.X[3].compress(),
|
|
|
- TId_nm: &resp.TId_nm.compress(),
|
|
|
- TBucket_nm: &resp.TBucket_nm.compress(),
|
|
|
D: &state.D.compress(),
|
|
|
EncId0: &EncId.0.compress(),
|
|
|
EncId1: &EncId.1.compress(),
|
|
@@ -957,9 +881,6 @@ pub fn handle_response(
|
|
|
// Decrypt EncQ
|
|
|
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
|
|
|
|
|
|
- // Decrypt EncQ_nm
|
|
|
- let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
|
|
|
-
|
|
|
Ok(cred::Lox {
|
|
|
P: resp.P,
|
|
|
Q,
|
|
@@ -969,7 +890,5 @@ pub fn handle_response(
|
|
|
level_since: resp.level_since,
|
|
|
invites_remaining: state.invremain,
|
|
|
invites_issued: state.invissued,
|
|
|
- P_noopmigration: resp.P_nm,
|
|
|
- Q_noopmigration: Q_nm,
|
|
|
})
|
|
|
}
|