2021-04-29 14:58:51 -04:00
|
|
|
/*! The various credentials used by the system.
|
|
|
|
|
|
|
|
|
|
In each case, (P,Q) forms the MAC on the credential. This MAC is
|
|
|
|
|
verifiable only by the issuing party, or if the issuing party issues a
|
|
|
|
|
zero-knowledge proof of its correctness (as it does at issuing time). */
|
2021-04-28 13:35:19 -04:00
|
|
|
|
|
|
|
|
use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
|
|
use curve25519_dalek::scalar::Scalar;
|
|
|
|
|
|
2021-05-01 17:12:03 -04:00
|
|
|
/// A migration credential.
|
|
|
|
|
///
|
|
|
|
|
/// This credential authorizes the holder of the Lox credential with the
|
|
|
|
|
/// given id to switch from bucket from_bucket to bucket to_bucket.
|
2021-04-28 23:02:45 -04:00
|
|
|
#[derive(Debug)]
|
2021-04-28 13:35:19 -04:00
|
|
|
pub struct Migration {
|
|
|
|
|
pub P: RistrettoPoint,
|
|
|
|
|
pub Q: RistrettoPoint,
|
|
|
|
|
pub lox_id: Scalar,
|
|
|
|
|
pub from_bucket: Scalar,
|
|
|
|
|
pub to_bucket: Scalar,
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-01 17:12:03 -04:00
|
|
|
/// The main user credential in the Lox system.
|
|
|
|
|
///
|
|
|
|
|
/// Its id is jointly generated by the user and the BA (bridge
|
|
|
|
|
/// authority), but known only to the user. The level_since date is the
|
|
|
|
|
/// Julian date of when this user was changed to the current trust
|
2021-05-03 14:13:13 -04:00
|
|
|
/// level.
|
2021-04-28 23:02:45 -04:00
|
|
|
#[derive(Debug)]
|
2021-04-28 13:35:19 -04:00
|
|
|
pub struct Lox {
|
|
|
|
|
pub P: RistrettoPoint,
|
|
|
|
|
pub Q: RistrettoPoint,
|
|
|
|
|
pub id: Scalar,
|
|
|
|
|
pub bucket: Scalar,
|
|
|
|
|
pub trust_level: Scalar,
|
|
|
|
|
pub level_since: Scalar,
|
|
|
|
|
pub invites_remaining: Scalar,
|
2021-05-03 14:27:11 -04:00
|
|
|
pub blockages: Scalar,
|
2021-04-28 13:35:19 -04:00
|
|
|
}
|
2021-04-29 15:18:54 -04:00
|
|
|
|
2021-05-01 17:12:03 -04:00
|
|
|
/// The migration key credential.
|
|
|
|
|
///
|
|
|
|
|
/// This credential is never actually instantiated. It is an implicit
|
|
|
|
|
/// credential on attributes lox_id and from_bucket. This credential
|
|
|
|
|
/// type does have an associated private and public key, however. The
|
|
|
|
|
/// idea is that if a user proves (in zero knowledge) that their Lox
|
|
|
|
|
/// credential entitles them to migrate from one bucket to another, the
|
|
|
|
|
/// BA will issue a (blinded, so the BA will not know the values of the
|
|
|
|
|
/// attributes or of Q) MAC on this implicit credential. The Q value
|
|
|
|
|
/// will then be used (actually, a hash of lox_id, from_bucket, and Q)
|
|
|
|
|
/// to encrypt the to_bucket, P, and Q fields of a Migration credential.
|
|
|
|
|
/// That way, people entitled to migrate buckets can receive a Migration
|
|
|
|
|
/// credential with their new bucket, without the BA learning either
|
|
|
|
|
/// their old or new buckets.
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub struct MigrationKey {
|
|
|
|
|
pub P: RistrettoPoint,
|
|
|
|
|
pub Q: RistrettoPoint,
|
|
|
|
|
pub lox_id: Scalar,
|
|
|
|
|
pub from_bucket: Scalar,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The Bucket Reachability credential.
|
|
|
|
|
///
|
|
|
|
|
/// Each day, a credential of this type is put in each bucket that has
|
|
|
|
|
/// at least a (configurable) threshold number of bridges that have not
|
|
|
|
|
/// been blocked as of the given date. Users can present this
|
|
|
|
|
/// credential (in zero knowledge) with today's date to prove that the
|
|
|
|
|
/// bridges in their bucket have not been blocked, in order to gain a
|
|
|
|
|
/// trust level.
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub struct BucketReachability {
|
|
|
|
|
pub P: RistrettoPoint,
|
|
|
|
|
pub Q: RistrettoPoint,
|
|
|
|
|
pub date: Scalar,
|
|
|
|
|
pub bucket: Scalar,
|
|
|
|
|
}
|
