|
|
@@ -29,8 +29,9 @@ and a new Lox credential to be issued:
|
|
|
credential above
|
|
|
- trust_level: revealed to be one more than the trust level above
|
|
|
- level_since: today
|
|
|
-- invites_remaining: blinded, but proved in ZK that it's the same as in
|
|
|
- the Lox credential above, _plus_ a per-level constant
|
|
|
+- invites_remaining: revealed to be the number of invites for the new
|
|
|
+ level (note that the invites_remaining from the previous credential
|
|
|
+ are _not_ carried over)
|
|
|
- invites_issued: blinded, but proved in ZK that it's the same as in the
|
|
|
Lox credential above
|
|
|
|
|
|
@@ -51,20 +52,24 @@ use super::super::{pt_dbl, scalar_dbl, scalar_u32};
|
|
|
use super::super::{BridgeAuth, IssuerPubKey};
|
|
|
use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE};
|
|
|
|
|
|
+/// The maximum trust level in the system. A user can run this level
|
|
|
+/// upgrade protocol when they're already at the max level; they will
|
|
|
+/// get a fresh invites_remaining batch, and reset their level_since
|
|
|
+/// field to today's date, but will remain in the max level.
|
|
|
+pub const MAX_LEVEL: usize = 3;
|
|
|
+
|
|
|
/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user
|
|
|
-/// must be at trust level i before advancing to level i+1. The large
|
|
|
-/// last entry makes it impossible to advance past the top level. Note
|
|
|
-/// that the LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion
|
|
|
-/// protocol is used instead of this one to move from level 0 to level
|
|
|
-/// 1.
|
|
|
-pub const LEVEL_INTERVAL: [u32; 5] = [0, 14, 28, 56, u32::MAX];
|
|
|
-
|
|
|
-/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of additional
|
|
|
-/// invitations a user will be eligible to issue upon advancing from
|
|
|
-/// level i to level i+1. Again the LEVEL_INVITATIONS\[0\] entry is a
|
|
|
-/// dummy, as for LEVEL_INTERVAL. Also the last entry is 0 because
|
|
|
-/// users cannot advance above the highest level.
|
|
|
-pub const LEVEL_INVITATIONS: [u32; 5] = [0, 2, 4, 6, 0];
|
|
|
+/// must be at trust level i before advancing to level i+1 (or as above,
|
|
|
+/// remain at level i if i == MAX_LEVEL). Note that the
|
|
|
+/// LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion protocol
|
|
|
+/// is used instead of this one to move from level 0 to level 1.
|
|
|
+pub const LEVEL_INTERVAL: [u32; MAX_LEVEL + 1] = [0, 14, 28, 56];
|
|
|
+
|
|
|
+/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of invitations a
|
|
|
+/// user will be eligible to issue upon advancing from level i to level
|
|
|
+/// i+1. Again the LEVEL_INVITATIONS\[0\] entry is a dummy, as for
|
|
|
+/// LEVEL_INTERVAL.
|
|
|
+pub const LEVEL_INVITATIONS: [u32; MAX_LEVEL + 1] = [0, 2, 4, 6];
|
|
|
|
|
|
pub struct Request {
|
|
|
// Fields for blind showing the Lox credential
|
|
|
@@ -106,7 +111,6 @@ pub struct Request {
|
|
|
D: RistrettoPoint,
|
|
|
EncIdClient: (RistrettoPoint, RistrettoPoint),
|
|
|
EncBucket: (RistrettoPoint, RistrettoPoint),
|
|
|
- EncInvRemain: (RistrettoPoint, RistrettoPoint),
|
|
|
EncInvIssued: (RistrettoPoint, RistrettoPoint),
|
|
|
|
|
|
// The combined ZKP
|
|
|
@@ -119,7 +123,6 @@ pub struct State {
|
|
|
D: RistrettoPoint,
|
|
|
EncIdClient: (RistrettoPoint, RistrettoPoint),
|
|
|
EncBucket: (RistrettoPoint, RistrettoPoint),
|
|
|
- EncInvRemain: (RistrettoPoint, RistrettoPoint),
|
|
|
EncInvIssued: (RistrettoPoint, RistrettoPoint),
|
|
|
id_client: Scalar,
|
|
|
bucket: Scalar,
|
|
|
@@ -157,7 +160,7 @@ define_proof! {
|
|
|
(bucket, since, invremain, invissued, zbucket, zsince, zinvremain,
|
|
|
zinvissued, negzQ,
|
|
|
zbucket_reach, negzQ_reach,
|
|
|
- d, eid_client, ebucket, einvremain, einvissued, id_client,
|
|
|
+ d, eid_client, ebucket, einvissued, id_client,
|
|
|
g0, g1, g2, g3, g4, g5, g6, g7, g8,
|
|
|
zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8,
|
|
|
wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
|
|
|
@@ -166,7 +169,6 @@ define_proof! {
|
|
|
Xinvremain, Xinvissued,
|
|
|
P_reach, CBucket_reach, V_reach, Xbucket_reach,
|
|
|
D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1,
|
|
|
- EncInvRemain0, EncInvRemain1_minus_LEVELINV_B,
|
|
|
EncInvIssued0, EncInvIssued1,
|
|
|
CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
|
|
|
CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
|
|
|
@@ -185,8 +187,6 @@ define_proof! {
|
|
|
EncIdClient1 = (id_client*B + eid_client*D),
|
|
|
EncBucket0 = (ebucket*B),
|
|
|
EncBucket1 = (bucket*B + ebucket*D),
|
|
|
- EncInvRemain0 = (einvremain*B),
|
|
|
- EncInvRemain1_minus_LEVELINV_B = (invremain*B + einvremain*D),
|
|
|
EncInvIssued0 = (einvissued*B),
|
|
|
EncInvIssued1 = (invissued*B + einvissued*D),
|
|
|
// Prove CSince encodes a value at least LEVEL_INTERVAL
|
|
|
@@ -332,11 +332,6 @@ pub fn request(
|
|
|
let ebucket = Scalar::random(&mut rng);
|
|
|
let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D);
|
|
|
let newinvites: Scalar = LEVEL_INVITATIONS[trust_level as usize].into();
|
|
|
- let einvremain = Scalar::random(&mut rng);
|
|
|
- let EncInvRemain = (
|
|
|
- &einvremain * Btable,
|
|
|
- &(lox_cred.invites_remaining + newinvites) * Btable + einvremain * D,
|
|
|
- );
|
|
|
let einvissued = Scalar::random(&mut rng);
|
|
|
let EncInvIssued = (
|
|
|
&einvissued * Btable,
|
|
|
@@ -446,8 +441,6 @@ pub fn request(
|
|
|
EncIdClient1: &EncIdClient.1,
|
|
|
EncBucket0: &EncBucket.0,
|
|
|
EncBucket1: &EncBucket.1,
|
|
|
- EncInvRemain0: &EncInvRemain.0,
|
|
|
- EncInvRemain1_minus_LEVELINV_B: &(EncInvRemain.1 - &newinvites * Btable),
|
|
|
EncInvIssued0: &EncInvIssued.0,
|
|
|
EncInvIssued1: &EncInvIssued.1,
|
|
|
CG0: &CG0,
|
|
|
@@ -482,7 +475,6 @@ pub fn request(
|
|
|
d: &d,
|
|
|
eid_client: &eid_client,
|
|
|
ebucket: &ebucket,
|
|
|
- einvremain: &einvremain,
|
|
|
einvissued: &einvissued,
|
|
|
id_client: &id_client,
|
|
|
g0: &g0,
|
|
|
@@ -541,7 +533,6 @@ pub fn request(
|
|
|
D,
|
|
|
EncIdClient,
|
|
|
EncBucket,
|
|
|
- EncInvRemain,
|
|
|
EncInvIssued,
|
|
|
CG1,
|
|
|
CG2,
|
|
|
@@ -567,12 +558,11 @@ pub fn request(
|
|
|
D,
|
|
|
EncIdClient,
|
|
|
EncBucket,
|
|
|
- EncInvRemain,
|
|
|
EncInvIssued,
|
|
|
id_client,
|
|
|
bucket: lox_cred.bucket,
|
|
|
level: lox_cred.trust_level + Scalar::one(),
|
|
|
- invremain: lox_cred.invites_remaining + newinvites,
|
|
|
+ invremain: newinvites,
|
|
|
invissued: lox_cred.invites_issued,
|
|
|
},
|
|
|
))
|
