From 088071571a552edee820c01e3bb2b396d09ec479 Mon Sep 17 00:00:00 2001 From: Ian Goldberg Date: Mon, 3 May 2021 14:27:11 -0400 Subject: [PATCH] Change the invites_issued attribute of the Lox credential to just count blockages instead --- crates/lox-library/src/cred.rs | 2 +- crates/lox-library/src/lib.rs | 2 +- crates/lox-library/src/proto/level_up.rs | 135 +++++++++--------- crates/lox-library/src/proto/migration.rs | 16 +-- crates/lox-library/src/proto/open_invite.rs | 6 +- .../lox-library/src/proto/trust_promotion.rs | 4 +- 6 files changed, 83 insertions(+), 82 deletions(-) diff --git a/crates/lox-library/src/cred.rs b/crates/lox-library/src/cred.rs index 5839f13..205a3f6 100644 --- a/crates/lox-library/src/cred.rs +++ b/crates/lox-library/src/cred.rs @@ -35,7 +35,7 @@ pub struct Lox { pub trust_level: Scalar, pub level_since: Scalar, pub invites_remaining: Scalar, - pub invites_issued: Scalar, + pub blockages: Scalar, } /// The migration key credential. diff --git a/crates/lox-library/src/lib.rs b/crates/lox-library/src/lib.rs index 27506f0..5e5d52b 100644 --- a/crates/lox-library/src/lib.rs +++ b/crates/lox-library/src/lib.rs @@ -293,7 +293,7 @@ impl BridgeAuth { + cred.trust_level * self.lox_priv.x[3] + cred.level_since * self.lox_priv.x[4] + cred.invites_remaining * self.lox_priv.x[5] - + cred.invites_issued * self.lox_priv.x[6]) + + cred.blockages * self.lox_priv.x[6]) * cred.P; Q == cred.Q diff --git a/crates/lox-library/src/proto/level_up.rs b/crates/lox-library/src/proto/level_up.rs index f260c0a..1b6d924 100644 --- a/crates/lox-library/src/proto/level_up.rs +++ b/crates/lox-library/src/proto/level_up.rs @@ -15,7 +15,8 @@ The user presents their current Lox credential: - level_since: blinded, but proved in ZK that it's at least the appropriate number of days ago - invites_remaining: blinded -- invites_issued: blinded +- blockages: blinded, but proved in ZK that it's at most the appropriate + blockage limit for the target trust level and a Bucket Reachability credential: - date: revealed to be today @@ -32,7 +33,7 @@ and a new Lox credential to be issued: - invites_remaining: revealed to be the number of invites for the new level (note that the invites_remaining from the previous credential are _not_ carried over) -- invites_issued: blinded, but proved in ZK that it's the same as in the +- blockages: blinded, but proved in ZK that it's the same as in the Lox credential above */ @@ -79,7 +80,7 @@ pub struct Request { level: Scalar, CSince: RistrettoPoint, CInvRemain: RistrettoPoint, - CInvIssued: RistrettoPoint, + CBlockages: RistrettoPoint, CQ: RistrettoPoint, // Fields for blind showing the Bucket Reachability credential @@ -111,7 +112,7 @@ pub struct Request { D: RistrettoPoint, EncIdClient: (RistrettoPoint, RistrettoPoint), EncBucket: (RistrettoPoint, RistrettoPoint), - EncInvIssued: (RistrettoPoint, RistrettoPoint), + EncBlockages: (RistrettoPoint, RistrettoPoint), // The combined ZKP piUser: CompactProof, @@ -123,12 +124,12 @@ pub struct State { D: RistrettoPoint, EncIdClient: (RistrettoPoint, RistrettoPoint), EncBucket: (RistrettoPoint, RistrettoPoint), - EncInvIssued: (RistrettoPoint, RistrettoPoint), + EncBlockages: (RistrettoPoint, RistrettoPoint), id_client: Scalar, bucket: Scalar, level: Scalar, invremain: Scalar, - invissued: Scalar, + blockages: Scalar, } pub struct Response { @@ -141,7 +142,7 @@ pub struct Response { level_since: Scalar, TId: RistrettoPoint, TBucket: RistrettoPoint, - TInvIssued: RistrettoPoint, + TBlockages: RistrettoPoint, // The ZKP piBlindIssue: CompactProof, @@ -150,19 +151,19 @@ pub struct Response { define_proof! { requestproof, "Level Upgrade Request", - (bucket, since, invremain, invissued, zbucket, zsince, zinvremain, - zinvissued, negzQ, + (bucket, since, invremain, blockages, zbucket, zsince, zinvremain, + zblockages, negzQ, zbucket_reach, negzQ_reach, - d, eid_client, ebucket, einvissued, id_client, + d, eid_client, ebucket, eblockages, id_client, g0, g1, g2, g3, g4, g5, g6, g7, g8, zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8, wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8, yg0, yg1, yg2, yg3, yg4, yg5, yg6, yg7, yg8), - (P, CBucket, CSince, CInvRemain, CInvIssued, V, Xbucket, Xsince, - Xinvremain, Xinvissued, + (P, CBucket, CSince, CInvRemain, CBlockages, V, Xbucket, Xsince, + Xinvremain, Xblockages, P_reach, CBucket_reach, V_reach, Xbucket_reach, D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1, - EncInvIssued0, EncInvIssued1, + EncBlockages0, EncBlockages1, CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8, CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq), (A, B) : @@ -170,7 +171,7 @@ define_proof! { CBucket = (bucket*P + zbucket*A), CSince = (since*P + zsince*A), CInvRemain = (invremain*P + zinvremain*A), - CInvIssued = (invissued*P + zinvissued*A), + CBlockages = (blockages*P + zblockages*A), // Blind showing of the Bucket Reachability credential; note the // same bucket is used in the proof CBucket_reach = (bucket*P_reach + zbucket_reach*A), @@ -180,8 +181,8 @@ define_proof! { EncIdClient1 = (id_client*B + eid_client*D), EncBucket0 = (ebucket*B), EncBucket1 = (bucket*B + ebucket*D), - EncInvIssued0 = (einvissued*B), - EncInvIssued1 = (invissued*B + einvissued*D), + EncBlockages0 = (eblockages*B), + EncBlockages1 = (blockages*B + eblockages*D), // Prove CSince encodes a value at least LEVEL_INTERVAL // days ago (at technically at most LEVEL_INTERVAL+511 days // ago): first prove each of g0, ..., g8 is a bit by proving that @@ -204,11 +205,11 @@ define_proof! { define_proof! { blindissue, "Level Upgrade Issuing", - (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued, - s, b, tid, tbucket, tinvissued), + (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages, + s, b, tid, tbucket, tblockages), (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain, - Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued, - D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1), + Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages, + D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1), (A, B): Xid = (xid*A), Xid = (xid*A), @@ -216,18 +217,18 @@ define_proof! { Xbucket = (xbucket*A), Xsince = (xsince*A), Xinvremain = (xinvremain*A), - Xinvissued = (xinvissued*A), + Xblockages = (xblockages*A), X0 = (x0*B + x0tilde*A), P = (b*B), TId = (b*Xid), TId = (tid*A), TBucket = (b*Xbucket), TBucket = (tbucket*A), - TInvIssued = (b*Xinvissued), - TInvIssued = (tinvissued*A), - EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0), + TBlockages = (b*Xblockages), + TBlockages = (tblockages*A), + EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tblockages*EncBlockages0), EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 - + tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince + + tblockages*EncBlockages1 + x0*P + xlevel*Plevel + xsince*Psince + xinvremain*Pinvremain) } @@ -302,11 +303,11 @@ pub fn request( let zbucket = Scalar::random(&mut rng); let zsince = Scalar::random(&mut rng); let zinvremain = Scalar::random(&mut rng); - let zinvissued = Scalar::random(&mut rng); + let zblockages = Scalar::random(&mut rng); let CBucket = lox_cred.bucket * P + &zbucket * Atable; let CSince = lox_cred.level_since * P + &zsince * Atable; let CInvRemain = lox_cred.invites_remaining * P + &zinvremain * Atable; - let CInvIssued = lox_cred.invites_issued * P + &zinvissued * Atable; + let CBlockages = lox_cred.blockages * P + &zblockages * Atable; // Form a Pedersen commitment to the MAC Q // We flip the sign of zQ from that of the Hyphae paper so that @@ -319,7 +320,7 @@ pub fn request( let V = zbucket * lox_pub.X[2] + zsince * lox_pub.X[4] + zinvremain * lox_pub.X[5] - + zinvissued * lox_pub.X[6] + + zblockages * lox_pub.X[6] + &negzQ * Atable; // Blind showing the Bucket Reachability credential @@ -361,10 +362,10 @@ pub fn request( let ebucket = Scalar::random(&mut rng); let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D); let newinvites: Scalar = LEVEL_INVITATIONS[new_level as usize].into(); - let einvissued = Scalar::random(&mut rng); - let EncInvIssued = ( - &einvissued * Btable, - &lox_cred.invites_issued * Btable + einvissued * D, + let eblockages = Scalar::random(&mut rng); + let EncBlockages = ( + &eblockages * Btable, + &lox_cred.blockages * Btable + eblockages * D, ); // The range proof that 0 <= diffdays <= 511 @@ -455,12 +456,12 @@ pub fn request( CBucket: &CBucket, CSince: &CSince, CInvRemain: &CInvRemain, - CInvIssued: &CInvIssued, + CBlockages: &CBlockages, V: &V, Xbucket: &lox_pub.X[2], Xsince: &lox_pub.X[4], Xinvremain: &lox_pub.X[5], - Xinvissued: &lox_pub.X[6], + Xblockages: &lox_pub.X[6], P_reach: &P_reach, CBucket_reach: &CBucket_reach, V_reach: &V_reach, @@ -470,8 +471,8 @@ pub fn request( EncIdClient1: &EncIdClient.1, EncBucket0: &EncBucket.0, EncBucket1: &EncBucket.1, - EncInvIssued0: &EncInvIssued.0, - EncInvIssued1: &EncInvIssued.1, + EncBlockages0: &EncBlockages.0, + EncBlockages1: &EncBlockages.1, CG0: &CG0, CG1: &CG1, CG2: &CG2, @@ -493,18 +494,18 @@ pub fn request( bucket: &lox_cred.bucket, since: &lox_cred.level_since, invremain: &lox_cred.invites_remaining, - invissued: &lox_cred.invites_issued, + blockages: &lox_cred.blockages, zbucket: &zbucket, zsince: &zsince, zinvremain: &zinvremain, - zinvissued: &zinvissued, + zblockages: &zblockages, negzQ: &negzQ, zbucket_reach: &zbucket_reach, negzQ_reach: &negzQ_reach, d: &d, eid_client: &eid_client, ebucket: &ebucket, - einvissued: &einvissued, + eblockages: &eblockages, id_client: &id_client, g0: &g0, g1: &g1, @@ -554,7 +555,7 @@ pub fn request( level: lox_cred.trust_level, CSince, CInvRemain, - CInvIssued, + CBlockages, CQ, P_reach, CBucket_reach, @@ -562,7 +563,7 @@ pub fn request( D, EncIdClient, EncBucket, - EncInvIssued, + EncBlockages, CG1, CG2, CG3, @@ -587,12 +588,12 @@ pub fn request( D, EncIdClient, EncBucket, - EncInvIssued, + EncBlockages, id_client, bucket: lox_cred.bucket, level: new_level.into(), invremain: newinvites, - invissued: lox_cred.invites_issued, + blockages: lox_cred.blockages, }, )) } @@ -626,7 +627,7 @@ impl BridgeAuth { + self.lox_priv.x[2] * req.CBucket + self.lox_priv.x[4] * req.CSince + self.lox_priv.x[5] * req.CInvRemain - + self.lox_priv.x[6] * req.CInvIssued + + self.lox_priv.x[6] * req.CBlockages - req.CQ; let Vprime_reach = (self.reachability_priv.x[0] + self.reachability_priv.x[1] * today) @@ -663,12 +664,12 @@ impl BridgeAuth { CBucket: &req.CBucket.compress(), CSince: &req.CSince.compress(), CInvRemain: &req.CInvRemain.compress(), - CInvIssued: &req.CInvIssued.compress(), + CBlockages: &req.CBlockages.compress(), V: &Vprime.compress(), Xbucket: &self.lox_pub.X[2].compress(), Xsince: &self.lox_pub.X[4].compress(), Xinvremain: &self.lox_pub.X[5].compress(), - Xinvissued: &self.lox_pub.X[6].compress(), + Xblockages: &self.lox_pub.X[6].compress(), P_reach: &req.P_reach.compress(), CBucket_reach: &req.CBucket_reach.compress(), V_reach: &Vprime_reach.compress(), @@ -678,8 +679,8 @@ impl BridgeAuth { EncIdClient1: &req.EncIdClient.1.compress(), EncBucket0: &req.EncBucket.0.compress(), EncBucket1: &req.EncBucket.1.compress(), - EncInvIssued0: &req.EncInvIssued.0.compress(), - EncInvIssued1: &req.EncInvIssued.1.compress(), + EncBlockages0: &req.EncBlockages.0.compress(), + EncBlockages1: &req.EncBlockages.1.compress(), CG0: &CG0prime.compress(), CG1: &req.CG1.compress(), CG2: &req.CG2.compress(), @@ -750,16 +751,16 @@ impl BridgeAuth { let tbucket = self.lox_priv.x[2] * b; let TBucket = &tbucket * Atable; let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1); - let tinvissued = self.lox_priv.x[6] * b; - let TInvIssued = &tinvissued * Atable; - let EncQInvIssued = ( - tinvissued * req.EncInvIssued.0, - tinvissued * req.EncInvIssued.1, + let tblockages = self.lox_priv.x[6] * b; + let TBlockages = &tblockages * Atable; + let EncQBlockages = ( + tblockages * req.EncBlockages.0, + tblockages * req.EncBlockages.1, ); let EncQ = ( - EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvIssued.0, - EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1, + EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0, + EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1, ); let mut transcript = Transcript::new(b"level upgrade issuing"); @@ -777,20 +778,20 @@ impl BridgeAuth { Xlevel: &self.lox_pub.X[3], Xsince: &self.lox_pub.X[4], Xinvremain: &self.lox_pub.X[5], - Xinvissued: &self.lox_pub.X[6], + Xblockages: &self.lox_pub.X[6], Plevel: &(trust_level * P), Psince: &(level_since * P), Pinvremain: &(invitations_remaining * P), TId: &TId, TBucket: &TBucket, - TInvIssued: &TInvIssued, + TBlockages: &TBlockages, D: &req.D, EncId0: &EncId.0, EncId1: &EncId.1, EncBucket0: &req.EncBucket.0, EncBucket1: &req.EncBucket.1, - EncInvIssued0: &req.EncInvIssued.0, - EncInvIssued1: &req.EncInvIssued.1, + EncBlockages0: &req.EncBlockages.0, + EncBlockages1: &req.EncBlockages.1, x0: &self.lox_priv.x[0], x0tilde: &self.lox_priv.x0tilde, xid: &self.lox_priv.x[1], @@ -798,12 +799,12 @@ impl BridgeAuth { xlevel: &self.lox_priv.x[3], xsince: &self.lox_priv.x[4], xinvremain: &self.lox_priv.x[5], - xinvissued: &self.lox_priv.x[6], + xblockages: &self.lox_priv.x[6], s: &s, b: &b, tid: &tid, tbucket: &tbucket, - tinvissued: &tinvissued, + tblockages: &tblockages, }, ) .0; @@ -815,7 +816,7 @@ impl BridgeAuth { level_since, TId, TBucket, - TInvIssued, + TBlockages, piBlindIssue, }) } @@ -861,20 +862,20 @@ pub fn handle_response( Xlevel: &lox_pub.X[3].compress(), Xsince: &lox_pub.X[4].compress(), Xinvremain: &lox_pub.X[5].compress(), - Xinvissued: &lox_pub.X[6].compress(), + Xblockages: &lox_pub.X[6].compress(), Plevel: &(state.level * resp.P).compress(), Psince: &(resp.level_since * resp.P).compress(), Pinvremain: &(state.invremain * resp.P).compress(), TId: &resp.TId.compress(), TBucket: &resp.TBucket.compress(), - TInvIssued: &resp.TInvIssued.compress(), + TBlockages: &resp.TBlockages.compress(), D: &state.D.compress(), EncId0: &EncId.0.compress(), EncId1: &EncId.1.compress(), EncBucket0: &state.EncBucket.0.compress(), EncBucket1: &state.EncBucket.1.compress(), - EncInvIssued0: &state.EncInvIssued.0.compress(), - EncInvIssued1: &state.EncInvIssued.1.compress(), + EncBlockages0: &state.EncBlockages.0.compress(), + EncBlockages1: &state.EncBlockages.1.compress(), }, )?; @@ -889,6 +890,6 @@ pub fn handle_response( trust_level: state.level, level_since: resp.level_since, invites_remaining: state.invremain, - invites_issued: state.invissued, + blockages: state.blockages, }) } diff --git a/crates/lox-library/src/proto/migration.rs b/crates/lox-library/src/proto/migration.rs index b20badb..0402f8a 100644 --- a/crates/lox-library/src/proto/migration.rs +++ b/crates/lox-library/src/proto/migration.rs @@ -10,7 +10,7 @@ Lox credential: - trust_level: revealed to be 0 - level_since: blinded - invites_remaining: revealed to be 0 -- invites_issued: revealed to be 0 +- blockages: revealed to be 0 and a Migration credential: @@ -27,7 +27,7 @@ and a new Lox credential to be issued: - trust_level: 1 - level_since: today - invites_remaining: 0 -- invites_issued: 0 +- blockages: 0 */ @@ -47,7 +47,7 @@ use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE}; pub struct Request { // Fields for blind showing the Lox credential - // We don't need to include invites_remaining or invites_issued, + // We don't need to include invites_remaining or blockages, // since they must be 0 P_lox: RistrettoPoint, id: Scalar, @@ -390,14 +390,14 @@ impl BridgeAuth { // Julian date let level_since: Scalar = self.today().into(); - // The invitations_remaining and invitations_issued attributes - // are 0 for level 0 and level 1 Lox credentials, so we don't - // need to explicitly create them. + // The invitations_remaining and blockages attributes are 0 for + // level 0 and level 1 Lox credentials, so we don't need to + // explicitly create them. // Compute the MAC on the visible attributes let b = Scalar::random(&mut rng); let P = &b * Btable; - // invites_remaining = invites_issued = 0 + // invites_remaining = blockages = 0 let QHc = (self.lox_priv.x[0] + self.lox_priv.x[3] * trust_level + self.lox_priv.x[4] * level_since) @@ -533,6 +533,6 @@ pub fn handle_response( trust_level: Scalar::one(), level_since: resp.level_since, invites_remaining: Scalar::zero(), - invites_issued: Scalar::zero(), + blockages: Scalar::zero(), }) } diff --git a/crates/lox-library/src/proto/open_invite.rs b/crates/lox-library/src/proto/open_invite.rs index 7754541..d2ee731 100644 --- a/crates/lox-library/src/proto/open_invite.rs +++ b/crates/lox-library/src/proto/open_invite.rs @@ -9,7 +9,7 @@ The credential will have attributes: - trust_level: 0 - level_since: today - invites_remaining: 0 -- invites_issued: 0 +- blockages: 0 */ @@ -197,7 +197,7 @@ impl BridgeAuth { // Compute the MAC on the visible attributes let b = Scalar::random(&mut rng); let P = &b * Btable; - // trust_level = invites_remaining = invites_issued = 0 + // trust_level = invites_remaining = blockages = 0 let QHc = (self.lox_priv.x[0] + self.lox_priv.x[2] * bucket + self.lox_priv.x[4] * level_since) * P; @@ -315,6 +315,6 @@ pub fn handle_response( trust_level: Scalar::zero(), level_since: resp.level_since, invites_remaining: Scalar::zero(), - invites_issued: Scalar::zero(), + blockages: Scalar::zero(), }) } diff --git a/crates/lox-library/src/proto/trust_promotion.rs b/crates/lox-library/src/proto/trust_promotion.rs index 578e584..92a68c9 100644 --- a/crates/lox-library/src/proto/trust_promotion.rs +++ b/crates/lox-library/src/proto/trust_promotion.rs @@ -14,7 +14,7 @@ The user presents their current Lox credential: - level_since: blinded, but proved in ZK that it's at least UNTRUSTED_INTERVAL days ago - invites_remaining: revealed to be 0 -- invites_issued: revealed to be 0 +- blockages: revealed to be 0 They will receive in return the encrypted MAC (Pk, EncQk) for their implicit Migration Key credential with attributes id and bucket, @@ -57,7 +57,7 @@ pub const UNTRUSTED_INTERVAL: u32 = 30; pub struct Request { // Fields for blind showing the Lox credential // We don't need to include trust_level, invites_remaining, or - // invites_issued, since they must be 0 + // blockages, since they must be 0 P: RistrettoPoint, id: Scalar, CBucket: RistrettoPoint,