|
@@ -123,7 +123,7 @@ define_proof! {
|
|
|
wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
|
|
|
yg0, yg1, yg2, yg3, yg4, yg5, yg6, yg7, yg8),
|
|
|
(P, CBucket, CSince, V, Xbucket, Xsince,
|
|
|
- EncBucket0, EncBucket1, D,
|
|
|
+ D, EncBucket0, EncBucket1,
|
|
|
CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
|
|
|
CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
|
|
|
(A, B):
|
|
@@ -132,9 +132,9 @@ define_proof! {
|
|
|
CSince = (since*P + zsince*A),
|
|
|
V = (zbucket*Xbucket + zsince*Xsince + negzQ*A),
|
|
|
// User blinding of the Migration Key credential
|
|
|
+ D = (d*B),
|
|
|
EncBucket0 = (ebucket*B),
|
|
|
EncBucket1 = (bucket*B + ebucket*D),
|
|
|
- D = (d*B),
|
|
|
// Prove CSince encodes a value at least UNTRUSTED_INTERVAL
|
|
|
// days ago (and technically at most UNTRUSTED_INTERVAL+511 days
|
|
|
// ago): first prove each of g0, ..., g8 is a bit by proving that
|
|
@@ -303,9 +303,9 @@ pub fn request(
|
|
|
V: &V,
|
|
|
Xbucket: &lox_pub.X[2],
|
|
|
Xsince: &lox_pub.X[4],
|
|
|
+ D: &D,
|
|
|
EncBucket0: &EncBucket.0,
|
|
|
EncBucket1: &EncBucket.1,
|
|
|
- D: &D,
|
|
|
CG0: &CG0,
|
|
|
CG1: &CG1,
|
|
|
CG2: &CG2,
|
|
@@ -460,9 +460,9 @@ impl BridgeAuth {
|
|
|
V: &Vprime.compress(),
|
|
|
Xbucket: &self.lox_pub.X[2].compress(),
|
|
|
Xsince: &self.lox_pub.X[4].compress(),
|
|
|
+ D: &req.D.compress(),
|
|
|
EncBucket0: &req.EncBucket.0.compress(),
|
|
|
EncBucket1: &req.EncBucket.1.compress(),
|
|
|
- D: &req.D.compress(),
|
|
|
CG0: &CG0prime.compress(),
|
|
|
CG1: &req.CG1.compress(),
|
|
|
CG2: &req.CG2.compress(),
|