Change the invites_issued attribute of the Lox credential to just count blockages instead

src/cred.rs

@@ -35,7 +35,7 @@ pub struct Lox {
     pub trust_level: Scalar,
     pub level_since: Scalar,
     pub invites_remaining: Scalar,
-    pub invites_issued: Scalar,
+    pub blockages: Scalar,
 }
 
 /// The migration key credential.

src/lib.rs

@@ -293,7 +293,7 @@ impl BridgeAuth {
             + cred.trust_level * self.lox_priv.x[3]
             + cred.level_since * self.lox_priv.x[4]
             + cred.invites_remaining * self.lox_priv.x[5]
-            + cred.invites_issued * self.lox_priv.x[6])
+            + cred.blockages * self.lox_priv.x[6])
             * cred.P;
 
         Q == cred.Q

src/proto/level_up.rs

@@ -15,7 +15,8 @@ The user presents their current Lox credential:
 - level_since: blinded, but proved in ZK that it's at least the
   appropriate number of days ago
 - invites_remaining: blinded
-- invites_issued: blinded
+- blockages: blinded, but proved in ZK that it's at most the appropriate
+  blockage limit for the target trust level
 
 and a Bucket Reachability credential:
 - date: revealed to be today
@@ -32,7 +33,7 @@ and a new Lox credential to be issued:
 - invites_remaining: revealed to be the number of invites for the new
   level (note that the invites_remaining from the previous credential
   are _not_ carried over)
-- invites_issued: blinded, but proved in ZK that it's the same as in the
+- blockages: blinded, but proved in ZK that it's the same as in the
   Lox credential above
 
 */
@@ -79,7 +80,7 @@ pub struct Request {
     level: Scalar,
     CSince: RistrettoPoint,
     CInvRemain: RistrettoPoint,
-    CInvIssued: RistrettoPoint,
+    CBlockages: RistrettoPoint,
     CQ: RistrettoPoint,
 
     // Fields for blind showing the Bucket Reachability credential
@@ -111,7 +112,7 @@ pub struct Request {
     D: RistrettoPoint,
     EncIdClient: (RistrettoPoint, RistrettoPoint),
     EncBucket: (RistrettoPoint, RistrettoPoint),
-    EncInvIssued: (RistrettoPoint, RistrettoPoint),
+    EncBlockages: (RistrettoPoint, RistrettoPoint),
 
     // The combined ZKP
     piUser: CompactProof,
@@ -123,12 +124,12 @@ pub struct State {
     D: RistrettoPoint,
     EncIdClient: (RistrettoPoint, RistrettoPoint),
     EncBucket: (RistrettoPoint, RistrettoPoint),
-    EncInvIssued: (RistrettoPoint, RistrettoPoint),
+    EncBlockages: (RistrettoPoint, RistrettoPoint),
     id_client: Scalar,
     bucket: Scalar,
     level: Scalar,
     invremain: Scalar,
-    invissued: Scalar,
+    blockages: Scalar,
 }
 
 pub struct Response {
@@ -141,7 +142,7 @@ pub struct Response {
     level_since: Scalar,
     TId: RistrettoPoint,
     TBucket: RistrettoPoint,
-    TInvIssued: RistrettoPoint,
+    TBlockages: RistrettoPoint,
 
     // The ZKP
     piBlindIssue: CompactProof,
@@ -150,19 +151,19 @@ pub struct Response {
 define_proof! {
     requestproof,
     "Level Upgrade Request",
-    (bucket, since, invremain, invissued, zbucket, zsince, zinvremain,
-     zinvissued, negzQ,
+    (bucket, since, invremain, blockages, zbucket, zsince, zinvremain,
+     zblockages, negzQ,
      zbucket_reach, negzQ_reach,
-     d, eid_client, ebucket, einvissued, id_client,
+     d, eid_client, ebucket, eblockages, id_client,
      g0, g1, g2, g3, g4, g5, g6, g7, g8,
      zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8,
      wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
      yg0, yg1, yg2, yg3, yg4, yg5, yg6, yg7, yg8),
-    (P, CBucket, CSince, CInvRemain, CInvIssued, V, Xbucket, Xsince,
-     Xinvremain, Xinvissued,
+    (P, CBucket, CSince, CInvRemain, CBlockages, V, Xbucket, Xsince,
+     Xinvremain, Xblockages,
      P_reach, CBucket_reach, V_reach, Xbucket_reach,
      D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1,
-     EncInvIssued0, EncInvIssued1,
+     EncBlockages0, EncBlockages1,
      CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
      CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
     (A, B) :
@@ -170,7 +171,7 @@ define_proof! {
     CBucket = (bucket*P + zbucket*A),
     CSince = (since*P + zsince*A),
     CInvRemain = (invremain*P + zinvremain*A),
-    CInvIssued = (invissued*P + zinvissued*A),
+    CBlockages = (blockages*P + zblockages*A),
     // Blind showing of the Bucket Reachability credential; note the
     // same bucket is used in the proof
     CBucket_reach = (bucket*P_reach + zbucket_reach*A),
@@ -180,8 +181,8 @@ define_proof! {
     EncIdClient1 = (id_client*B + eid_client*D),
     EncBucket0 = (ebucket*B),
     EncBucket1 = (bucket*B + ebucket*D),
-    EncInvIssued0 = (einvissued*B),
-    EncInvIssued1 = (invissued*B + einvissued*D),
+    EncBlockages0 = (eblockages*B),
+    EncBlockages1 = (blockages*B + eblockages*D),
     // Prove CSince encodes a value at least LEVEL_INTERVAL
     // days ago (at technically at most LEVEL_INTERVAL+511 days
     // ago): first prove each of g0, ..., g8 is a bit by proving that
@@ -204,11 +205,11 @@ define_proof! {
 define_proof! {
     blindissue,
     "Level Upgrade Issuing",
-    (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
-     s, b, tid, tbucket, tinvissued),
+    (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages,
+     s, b, tid, tbucket, tblockages),
     (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
-     Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
-     D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
+     Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages,
+     D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1),
     (A, B):
     Xid = (xid*A),
     Xid = (xid*A),
@@ -216,18 +217,18 @@ define_proof! {
     Xbucket = (xbucket*A),
     Xsince = (xsince*A),
     Xinvremain = (xinvremain*A),
-    Xinvissued = (xinvissued*A),
+    Xblockages = (xblockages*A),
     X0 = (x0*B + x0tilde*A),
     P = (b*B),
     TId = (b*Xid),
     TId = (tid*A),
     TBucket = (b*Xbucket),
     TBucket = (tbucket*A),
-    TInvIssued = (b*Xinvissued),
-    TInvIssued = (tinvissued*A),
-    EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
+    TBlockages = (b*Xblockages),
+    TBlockages = (tblockages*A),
+    EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tblockages*EncBlockages0),
     EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
-            + tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
+            + tblockages*EncBlockages1 + x0*P + xlevel*Plevel + xsince*Psince
             + xinvremain*Pinvremain)
 }
 
@@ -302,11 +303,11 @@ pub fn request(
     let zbucket = Scalar::random(&mut rng);
     let zsince = Scalar::random(&mut rng);
     let zinvremain = Scalar::random(&mut rng);
-    let zinvissued = Scalar::random(&mut rng);
+    let zblockages = Scalar::random(&mut rng);
     let CBucket = lox_cred.bucket * P + &zbucket * Atable;
     let CSince = lox_cred.level_since * P + &zsince * Atable;
     let CInvRemain = lox_cred.invites_remaining * P + &zinvremain * Atable;
-    let CInvIssued = lox_cred.invites_issued * P + &zinvissued * Atable;
+    let CBlockages = lox_cred.blockages * P + &zblockages * Atable;
 
     // Form a Pedersen commitment to the MAC Q
     // We flip the sign of zQ from that of the Hyphae paper so that
@@ -319,7 +320,7 @@ pub fn request(
     let V = zbucket * lox_pub.X[2]
         + zsince * lox_pub.X[4]
         + zinvremain * lox_pub.X[5]
-        + zinvissued * lox_pub.X[6]
+        + zblockages * lox_pub.X[6]
         + &negzQ * Atable;
 
     // Blind showing the Bucket Reachability credential
@@ -361,10 +362,10 @@ pub fn request(
     let ebucket = Scalar::random(&mut rng);
     let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D);
     let newinvites: Scalar = LEVEL_INVITATIONS[new_level as usize].into();
-    let einvissued = Scalar::random(&mut rng);
-    let EncInvIssued = (
-        &einvissued * Btable,
-        &lox_cred.invites_issued * Btable + einvissued * D,
+    let eblockages = Scalar::random(&mut rng);
+    let EncBlockages = (
+        &eblockages * Btable,
+        &lox_cred.blockages * Btable + eblockages * D,
     );
 
     // The range proof that 0 <= diffdays <= 511
@@ -455,12 +456,12 @@ pub fn request(
             CBucket: &CBucket,
             CSince: &CSince,
             CInvRemain: &CInvRemain,
-            CInvIssued: &CInvIssued,
+            CBlockages: &CBlockages,
             V: &V,
             Xbucket: &lox_pub.X[2],
             Xsince: &lox_pub.X[4],
             Xinvremain: &lox_pub.X[5],
-            Xinvissued: &lox_pub.X[6],
+            Xblockages: &lox_pub.X[6],
             P_reach: &P_reach,
             CBucket_reach: &CBucket_reach,
             V_reach: &V_reach,
@@ -470,8 +471,8 @@ pub fn request(
             EncIdClient1: &EncIdClient.1,
             EncBucket0: &EncBucket.0,
             EncBucket1: &EncBucket.1,
-            EncInvIssued0: &EncInvIssued.0,
-            EncInvIssued1: &EncInvIssued.1,
+            EncBlockages0: &EncBlockages.0,
+            EncBlockages1: &EncBlockages.1,
             CG0: &CG0,
             CG1: &CG1,
             CG2: &CG2,
@@ -493,18 +494,18 @@ pub fn request(
             bucket: &lox_cred.bucket,
             since: &lox_cred.level_since,
             invremain: &lox_cred.invites_remaining,
-            invissued: &lox_cred.invites_issued,
+            blockages: &lox_cred.blockages,
             zbucket: &zbucket,
             zsince: &zsince,
             zinvremain: &zinvremain,
-            zinvissued: &zinvissued,
+            zblockages: &zblockages,
             negzQ: &negzQ,
             zbucket_reach: &zbucket_reach,
             negzQ_reach: &negzQ_reach,
             d: &d,
             eid_client: &eid_client,
             ebucket: &ebucket,
-            einvissued: &einvissued,
+            eblockages: &eblockages,
             id_client: &id_client,
             g0: &g0,
             g1: &g1,
@@ -554,7 +555,7 @@ pub fn request(
             level: lox_cred.trust_level,
             CSince,
             CInvRemain,
-            CInvIssued,
+            CBlockages,
             CQ,
             P_reach,
             CBucket_reach,
@@ -562,7 +563,7 @@ pub fn request(
             D,
             EncIdClient,
             EncBucket,
-            EncInvIssued,
+            EncBlockages,
             CG1,
             CG2,
             CG3,
@@ -587,12 +588,12 @@ pub fn request(
             D,
             EncIdClient,
             EncBucket,
-            EncInvIssued,
+            EncBlockages,
             id_client,
             bucket: lox_cred.bucket,
             level: new_level.into(),
             invremain: newinvites,
-            invissued: lox_cred.invites_issued,
+            blockages: lox_cred.blockages,
         },
     ))
 }
@@ -626,7 +627,7 @@ impl BridgeAuth {
                 + self.lox_priv.x[2] * req.CBucket
                 + self.lox_priv.x[4] * req.CSince
                 + self.lox_priv.x[5] * req.CInvRemain
-                + self.lox_priv.x[6] * req.CInvIssued
+                + self.lox_priv.x[6] * req.CBlockages
                 - req.CQ;
 
         let Vprime_reach = (self.reachability_priv.x[0] + self.reachability_priv.x[1] * today)
@@ -663,12 +664,12 @@ impl BridgeAuth {
                 CBucket: &req.CBucket.compress(),
                 CSince: &req.CSince.compress(),
                 CInvRemain: &req.CInvRemain.compress(),
-                CInvIssued: &req.CInvIssued.compress(),
+                CBlockages: &req.CBlockages.compress(),
                 V: &Vprime.compress(),
                 Xbucket: &self.lox_pub.X[2].compress(),
                 Xsince: &self.lox_pub.X[4].compress(),
                 Xinvremain: &self.lox_pub.X[5].compress(),
-                Xinvissued: &self.lox_pub.X[6].compress(),
+                Xblockages: &self.lox_pub.X[6].compress(),
                 P_reach: &req.P_reach.compress(),
                 CBucket_reach: &req.CBucket_reach.compress(),
                 V_reach: &Vprime_reach.compress(),
@@ -678,8 +679,8 @@ impl BridgeAuth {
                 EncIdClient1: &req.EncIdClient.1.compress(),
                 EncBucket0: &req.EncBucket.0.compress(),
                 EncBucket1: &req.EncBucket.1.compress(),
-                EncInvIssued0: &req.EncInvIssued.0.compress(),
-                EncInvIssued1: &req.EncInvIssued.1.compress(),
+                EncBlockages0: &req.EncBlockages.0.compress(),
+                EncBlockages1: &req.EncBlockages.1.compress(),
                 CG0: &CG0prime.compress(),
                 CG1: &req.CG1.compress(),
                 CG2: &req.CG2.compress(),
@@ -750,16 +751,16 @@ impl BridgeAuth {
         let tbucket = self.lox_priv.x[2] * b;
         let TBucket = &tbucket * Atable;
         let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1);
-        let tinvissued = self.lox_priv.x[6] * b;
-        let TInvIssued = &tinvissued * Atable;
-        let EncQInvIssued = (
-            tinvissued * req.EncInvIssued.0,
-            tinvissued * req.EncInvIssued.1,
+        let tblockages = self.lox_priv.x[6] * b;
+        let TBlockages = &tblockages * Atable;
+        let EncQBlockages = (
+            tblockages * req.EncBlockages.0,
+            tblockages * req.EncBlockages.1,
         );
 
         let EncQ = (
-            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvIssued.0,
-            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
+            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0,
+            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1,
         );
 
         let mut transcript = Transcript::new(b"level upgrade issuing");
@@ -777,20 +778,20 @@ impl BridgeAuth {
                 Xlevel: &self.lox_pub.X[3],
                 Xsince: &self.lox_pub.X[4],
                 Xinvremain: &self.lox_pub.X[5],
-                Xinvissued: &self.lox_pub.X[6],
+                Xblockages: &self.lox_pub.X[6],
                 Plevel: &(trust_level * P),
                 Psince: &(level_since * P),
                 Pinvremain: &(invitations_remaining * P),
                 TId: &TId,
                 TBucket: &TBucket,
-                TInvIssued: &TInvIssued,
+                TBlockages: &TBlockages,
                 D: &req.D,
                 EncId0: &EncId.0,
                 EncId1: &EncId.1,
                 EncBucket0: &req.EncBucket.0,
                 EncBucket1: &req.EncBucket.1,
-                EncInvIssued0: &req.EncInvIssued.0,
-                EncInvIssued1: &req.EncInvIssued.1,
+                EncBlockages0: &req.EncBlockages.0,
+                EncBlockages1: &req.EncBlockages.1,
                 x0: &self.lox_priv.x[0],
                 x0tilde: &self.lox_priv.x0tilde,
                 xid: &self.lox_priv.x[1],
@@ -798,12 +799,12 @@ impl BridgeAuth {
                 xlevel: &self.lox_priv.x[3],
                 xsince: &self.lox_priv.x[4],
                 xinvremain: &self.lox_priv.x[5],
-                xinvissued: &self.lox_priv.x[6],
+                xblockages: &self.lox_priv.x[6],
                 s: &s,
                 b: &b,
                 tid: &tid,
                 tbucket: &tbucket,
-                tinvissued: &tinvissued,
+                tblockages: &tblockages,
             },
         )
         .0;
@@ -815,7 +816,7 @@ impl BridgeAuth {
             level_since,
             TId,
             TBucket,
-            TInvIssued,
+            TBlockages,
             piBlindIssue,
         })
     }
@@ -861,20 +862,20 @@ pub fn handle_response(
             Xlevel: &lox_pub.X[3].compress(),
             Xsince: &lox_pub.X[4].compress(),
             Xinvremain: &lox_pub.X[5].compress(),
-            Xinvissued: &lox_pub.X[6].compress(),
+            Xblockages: &lox_pub.X[6].compress(),
             Plevel: &(state.level * resp.P).compress(),
             Psince: &(resp.level_since * resp.P).compress(),
             Pinvremain: &(state.invremain * resp.P).compress(),
             TId: &resp.TId.compress(),
             TBucket: &resp.TBucket.compress(),
-            TInvIssued: &resp.TInvIssued.compress(),
+            TBlockages: &resp.TBlockages.compress(),
             D: &state.D.compress(),
             EncId0: &EncId.0.compress(),
             EncId1: &EncId.1.compress(),
             EncBucket0: &state.EncBucket.0.compress(),
             EncBucket1: &state.EncBucket.1.compress(),
-            EncInvIssued0: &state.EncInvIssued.0.compress(),
-            EncInvIssued1: &state.EncInvIssued.1.compress(),
+            EncBlockages0: &state.EncBlockages.0.compress(),
+            EncBlockages1: &state.EncBlockages.1.compress(),
         },
     )?;
 
@@ -889,6 +890,6 @@ pub fn handle_response(
         trust_level: state.level,
         level_since: resp.level_since,
         invites_remaining: state.invremain,
-        invites_issued: state.invissued,
+        blockages: state.blockages,
     })
 }

src/proto/migration.rs

@@ -10,7 +10,7 @@ Lox credential:
 - trust_level: revealed to be 0
 - level_since: blinded
 - invites_remaining: revealed to be 0
-- invites_issued: revealed to be 0
+- blockages: revealed to be 0
 
 and a Migration credential:
 
@@ -27,7 +27,7 @@ and a new Lox credential to be issued:
 - trust_level: 1
 - level_since: today
 - invites_remaining: 0
-- invites_issued: 0
+- blockages: 0
 
 */
 
@@ -47,7 +47,7 @@ use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE};
 
 pub struct Request {
     // Fields for blind showing the Lox credential
-    // We don't need to include invites_remaining or invites_issued,
+    // We don't need to include invites_remaining or blockages,
     // since they must be 0
     P_lox: RistrettoPoint,
     id: Scalar,
@@ -390,14 +390,14 @@ impl BridgeAuth {
         // Julian date
         let level_since: Scalar = self.today().into();
 
-        // The invitations_remaining and invitations_issued attributes
-        // are 0 for level 0 and level 1 Lox credentials, so we don't
-        // need to explicitly create them.
+        // The invitations_remaining and blockages attributes are 0 for
+        // level 0 and level 1 Lox credentials, so we don't need to
+        // explicitly create them.
 
         // Compute the MAC on the visible attributes
         let b = Scalar::random(&mut rng);
         let P = &b * Btable;
-        // invites_remaining = invites_issued = 0
+        // invites_remaining = blockages = 0
         let QHc = (self.lox_priv.x[0]
             + self.lox_priv.x[3] * trust_level
             + self.lox_priv.x[4] * level_since)
@@ -533,6 +533,6 @@ pub fn handle_response(
         trust_level: Scalar::one(),
         level_since: resp.level_since,
         invites_remaining: Scalar::zero(),
-        invites_issued: Scalar::zero(),
+        blockages: Scalar::zero(),
     })
 }

src/proto/open_invite.rs

@@ -9,7 +9,7 @@ The credential will have attributes:
 - trust_level: 0
 - level_since: today
 - invites_remaining: 0
-- invites_issued: 0
+- blockages: 0
 
 */
 
@@ -197,7 +197,7 @@ impl BridgeAuth {
         // Compute the MAC on the visible attributes
         let b = Scalar::random(&mut rng);
         let P = &b * Btable;
-        // trust_level = invites_remaining = invites_issued = 0
+        // trust_level = invites_remaining = blockages = 0
         let QHc =
             (self.lox_priv.x[0] + self.lox_priv.x[2] * bucket + self.lox_priv.x[4] * level_since)
                 * P;
@@ -315,6 +315,6 @@ pub fn handle_response(
         trust_level: Scalar::zero(),
         level_since: resp.level_since,
         invites_remaining: Scalar::zero(),
-        invites_issued: Scalar::zero(),
+        blockages: Scalar::zero(),
     })
 }

src/proto/trust_promotion.rs

@@ -14,7 +14,7 @@ The user presents their current Lox credential:
 - level_since: blinded, but proved in ZK that it's at least
   UNTRUSTED_INTERVAL days ago
 - invites_remaining: revealed to be 0
-- invites_issued: revealed to be 0
+- blockages: revealed to be 0
 
 They will receive in return the encrypted MAC (Pk, EncQk) for their
 implicit Migration Key credential with attributes id and bucket,
@@ -57,7 +57,7 @@ pub const UNTRUSTED_INTERVAL: u32 = 30;
 pub struct Request {
     // Fields for blind showing the Lox credential
     // We don't need to include trust_level, invites_remaining, or
-    // invites_issued, since they must be 0
+    // blockages, since they must be 0
     P: RistrettoPoint,
     id: Scalar,
     CBucket: RistrettoPoint,