Update open_invite

src/cmz.rs

@@ -28,7 +28,7 @@ pub trait CMZ {
 
     // All fields will be cast as mapping from String -> Scalar
     // The annotated credential is ouput
-    fn annotate(&self, HashMap<String, Scalar>, IssuerKeys) -> Self;
+    fn annotate(&self, Credential, IssuerKeys) -> Self;
     // All fields will be cast as mapping from String -> ShowType 
     // Outputs AnnotatedShowCredential to be related to AnnotatedIssueCredential by Statement
     fn show_annotation(&self, HashMap<String, ShowType>) -> AnnotatedShowCredential;
@@ -36,11 +36,11 @@ pub trait CMZ {
     // All fields will be cast as mapping from String -> IssueType with an output statement
     // Outputs AnnotatedIssueCredential to be related to AnnotatedShowCredential by Statement
     fn issue_annotation(&self, HashMap<String, IssueType>) -> AnnotatedIssueCredential;
-   
+
     // Takes the annotated show and issue type credentials as well as a statement that relates them 
     // outputs the State, which contains the client generated attributes/scalars required to 
     // build the new credential
-    fn issue_request(&self, Vec<AnnotatedShowCredential>, Vec<AnnotatedIssueCredential>, Statement) -> (State, StatementProof);
+    fn issue_request(&self, Vec<AnnotatedShowCredential>, Vec<AnnotatedIssueCredential>, Statement) -> (Request, State);
     
     //Takes the annotated credential and statement received from the issuer and builds the updated
     //credential

src/lox_creds.rs

@@ -0,0 +1,106 @@
+/*! The various credentials used by the system.
+
+In each case, (P,Q) forms the MAC on the credential. This MAC is
+verifiable only by the issuing party, or if the issuing party issues a
+zero-knowledge proof of its correctness (as it does at issuing time).*/
+
+use curve25519_dalek::ristretto::RistrettoPoint;
+use curve25519_dalek::scalar::Scalar;
+use serde::{Deserialize, Serialize};
+
+/// A migration credential.
+///
+/// This credential authorizes the holder of the Lox credential with the
+/// given id to switch from bucket from_bucket to bucket to_bucket. The
+/// migration_type attribute is 0 for trust upgrade migrations (moving
+/// from a 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1
+/// for blockage migrations (moving buckets because the from_bucket has
+/// been blocked).
+#[derive(Debug, CMZ, Serialize, Deserialize)]
+// Annotated to "M"
+pub struct Migration {
+    pub P: RistrettoPoint,
+    pub Q: RistrettoPoint,
+    pub lox_id: Scalar,
+    pub from_bucket: Scalar,
+    pub to_bucket: Scalar,
+    pub migration_type: Scalar,
+}
+
+/// The main user credential in the Lox system.
+///
+/// Its id is jointly generated by the user and the BA (bridge
+/// authority), but known only to the user. The level_since date is the
+/// Julian date of when this user was changed to the current trust
+/// level.
+#[derive(Debug, CMZ, Serialize, Deserialize)]
+// Annotated to "L"
+pub struct Lox {
+    pub P: RistrettoPoint,
+    pub Q: RistrettoPoint,
+    pub id: Scalar,
+    pub bucket: Scalar,
+    pub trust_level: Scalar,
+    pub level_since: Scalar,
+    pub invites_remaining: Scalar,
+    pub blockages: Scalar,
+}
+
+/// The migration key credential.
+///
+/// This credential is never actually instantiated. It is an implicit
+/// credential on attributes lox_id and from_bucket. This credential
+/// type does have an associated private and public key, however. The
+/// idea is that if a user proves (in zero knowledge) that their Lox
+/// credential entitles them to migrate from one bucket to another, the
+/// BA will issue a (blinded, so the BA will not know the values of the
+/// attributes or of Q) MAC on this implicit credential. The Q value
+/// will then be used (actually, a hash of lox_id, from_bucket, and Q)
+/// to encrypt the to_bucket, P, and Q fields of a Migration credential.
+/// That way, people entitled to migrate buckets can receive a Migration
+/// credential with their new bucket, without the BA learning either
+/// their old or new buckets.
+#[derive(Debug, CMZ, Serialize, Deserialize)]
+// Annotated to "K"
+pub struct MigrationKey {
+    pub P: RistrettoPoint,
+    pub Q: RistrettoPoint,
+    pub lox_id: Scalar,
+    pub from_bucket: Scalar,
+}
+
+/// The Bucket Reachability credential.
+///
+/// Each day, a credential of this type is put in each bucket that has
+/// at least a (configurable) threshold number of bridges that have not
+/// been blocked as of the given date. Users can present this
+/// credential (in zero knowledge) with today's date to prove that the
+/// bridges in their bucket have not been blocked, in order to gain a
+/// trust level.
+// Annotated to "B"
+#[derive(Debug, CMZ, Serialize, Deserialize)]
+pub struct BucketReachability {
+    pub P: RistrettoPoint,
+    pub Q: RistrettoPoint,
+    pub date: Scalar,
+    pub bucket: Scalar,
+}
+
+/// The Invitation credential.
+///
+/// These credentials allow a Lox user (the inviter) of sufficient trust
+/// (level 2 or higher) to invite someone else (the invitee) to join the
+/// system. The invitee ends up at trust level 1, in the _same bucket_
+/// as the inviter, and inherits the inviter's blockages count (so that
+/// you can't clear your blockages count simply by inviting yourself).
+/// Invitations expire after some amount of time.
+#[derive(Debug, CMZ, Serialize, Deserialize)]
+// Annotated to "I"
+pub struct Invitation {
+    pub P: RistrettoPoint,
+    pub Q: RistrettoPoint,
+    pub inv_id: Scalar,
+    pub date: Scalar,
+    pub bucket: Scalar,
+    pub blockages: Scalar,
+}

src/proto/open_invite.md

@@ -50,15 +50,14 @@ Client Request:
 pub fn request(invite: &[u8; OPENINV_LENGTH], lox_pub: &IssuerPubKey) -> (Request, State) {
 
 // There is no call to "show" for open invitation but the open invite must be verified  
-
-let open_invite_cred_directive = HashMap::from([
-       ("id", Scalar::random()),
-       ("bucket", Scalar::ZERO), // Placeholder value
-       ("trust_level", Scalar::ZERO), // Placeholder value 
-       ("level_since", Scalar::ZERO), // Placeholder value 
-       ("invites_remaining", Scalar::ZERO), // Placeholder value
-       ("blockages", Scalar::ZERO), // Placeholder value
-    ]);
+let open_invite_cred_directive =  cred::Lox {
+       id: Scalar::random(),
+       bucket: Scalar::ZERO, // Placeholder value
+       trust_level: Scalar::ZERO, // Placeholder value 
+       level_since: Scalar::ZERO, // Placeholder value 
+       invites_remaining: Scalar::ZERO, // Placeholder value
+       blockages: Scalar::ZERO, // Placeholder value
+    }
 // Create new Lox credential with mapped fields(String) -> Scalar
 let open_invite_cred = cred.Lox.annotate(open_invite_cred_directive, lox_pub);
 
@@ -74,17 +73,17 @@ let open_invite_issue_directive = HashMap::from([
 
 // Annotate the credential with the IssueType for each attribute, returning the 
 // AnnotatedIssueCredential
-let issue_cred = open_invite_cred.issue_annotated_request(open_invite_issue_directive);
+let issue_cred: AnnotatedIssueCredential = open_invite_cred.issue_annotation(open_invite_issue_directive);
 
 // Open Invite doesn't have a statement comparing issue and show annotated
 // credentials, but needs to commit to the joint issue lox id
 let (state, open_invite_issue_statement) =
-open_invite_cred.issue_request(vec![issue_cred], Statement::Empty); 
+let (request, state) = open_invite_cred.issue_request(None, vec![issue_cred], Statement::Empty); 
 (
         Request {
             invite: *invite,
-            issue_cred: 
-            open_invite_issue_statement
+            request.issue_cred,
+            request.statement
         },
         state
     )