| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- /*! The various credentials used by the system.
- In each case, (P,Q) forms the MAC on the credential. This MAC is
- verifiable only by the issuing party, or if the issuing party issues a
- zero-knowledge proof of its correctness (as it does at issuing time). */
- use curve25519_dalek::ristretto::RistrettoPoint;
- use curve25519_dalek::scalar::Scalar;
- /// A migration credential.
- ///
- /// This credential authorizes the holder of the Lox credential with the
- /// given id to switch from bucket from_bucket to bucket to_bucket. The
- /// migration_type attribute is 0 for trust upgrade migrations (moving
- /// from a 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1
- /// for blockage migrations (moving buckets because the from_bucket has
- /// been blocked).
- #[derive(Debug)]
- pub struct Migration {
- pub P: RistrettoPoint,
- pub Q: RistrettoPoint,
- pub lox_id: Scalar,
- pub from_bucket: Scalar,
- pub to_bucket: Scalar,
- pub migration_type: Scalar,
- }
- /// The main user credential in the Lox system.
- ///
- /// Its id is jointly generated by the user and the BA (bridge
- /// authority), but known only to the user. The level_since date is the
- /// Julian date of when this user was changed to the current trust
- /// level.
- #[derive(Debug)]
- pub struct Lox {
- pub P: RistrettoPoint,
- pub Q: RistrettoPoint,
- pub id: Scalar,
- pub bucket: Scalar,
- pub trust_level: Scalar,
- pub level_since: Scalar,
- pub invites_remaining: Scalar,
- pub blockages: Scalar,
- }
- /// The migration key credential.
- ///
- /// This credential is never actually instantiated. It is an implicit
- /// credential on attributes lox_id and from_bucket. This credential
- /// type does have an associated private and public key, however. The
- /// idea is that if a user proves (in zero knowledge) that their Lox
- /// credential entitles them to migrate from one bucket to another, the
- /// BA will issue a (blinded, so the BA will not know the values of the
- /// attributes or of Q) MAC on this implicit credential. The Q value
- /// will then be used (actually, a hash of lox_id, from_bucket, and Q)
- /// to encrypt the to_bucket, P, and Q fields of a Migration credential.
- /// That way, people entitled to migrate buckets can receive a Migration
- /// credential with their new bucket, without the BA learning either
- /// their old or new buckets.
- #[derive(Debug)]
- pub struct MigrationKey {
- pub P: RistrettoPoint,
- pub Q: RistrettoPoint,
- pub lox_id: Scalar,
- pub from_bucket: Scalar,
- }
- /// The Bucket Reachability credential.
- ///
- /// Each day, a credential of this type is put in each bucket that has
- /// at least a (configurable) threshold number of bridges that have not
- /// been blocked as of the given date. Users can present this
- /// credential (in zero knowledge) with today's date to prove that the
- /// bridges in their bucket have not been blocked, in order to gain a
- /// trust level.
- #[derive(Debug)]
- pub struct BucketReachability {
- pub P: RistrettoPoint,
- pub Q: RistrettoPoint,
- pub date: Scalar,
- pub bucket: Scalar,
- }
- /// The Invitation credential.
- ///
- /// These credentials allow a Lox user (the inviter) of sufficient trust
- /// (level 2 or higher) to invite someone else (the invitee) to join the
- /// system. The invitee ends up at trust level 1, in the _same bucket_
- /// as the inviter, and inherits the inviter's blockages count (so that
- /// you can't clear your blockages count simply by inviting yourself).
- /// Invitations expire after some amount of time.
- #[derive(Debug)]
- pub struct Invitation {
- pub P: RistrettoPoint,
- pub Q: RistrettoPoint,
- pub inv_id: Scalar,
- pub date: Scalar,
- pub bucket: Scalar,
- pub blockages: Scalar,
- }
|
