vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove noop migration credentials

This commit is contained in:
Ian Goldberg 2021-05-03 14:13:13 -04:00
parent ecef59392b
commit 15e9a1a72a
6 changed files with 16 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crates/lox-library/src/cred.rs
View File

@ -25,12 +25,7 @@ pub struct Migration {
/// Its id is jointly generated by the user and the BA (bridge /// Its id is jointly generated by the user and the BA (bridge
/// authority), but known only to the user. The level_since date is the /// authority), but known only to the user. The level_since date is the
/// Julian date of when this user was changed to the current trust /// Julian date of when this user was changed to the current trust
/// level. (P_noopmigration, Q_noopmigration) are the MAC on the /// level.
/// implicit no-op migration credential formed by the attributes (id,
/// bucket, bucket), which authorizes the user to switch from its
/// current bucket to the same bucket (i.e., a no-op). This can be
/// useful for hiding from the BA whether or not the user is performing
/// a bucket migration.
#[derive(Debug)] #[derive(Debug)]
pub struct Lox { pub struct Lox {
pub P: RistrettoPoint, pub P: RistrettoPoint,
@ -41,8 +36,6 @@ pub struct Lox {
pub level_since: Scalar, pub level_since: Scalar,
pub invites_remaining: Scalar, pub invites_remaining: Scalar,
pub invites_issued: Scalar, pub invites_issued: Scalar,
pub P_noopmigration: RistrettoPoint,
pub Q_noopmigration: RistrettoPoint,
} }
/// The migration key credential. /// The migration key credential.

10
crates/lox-library/src/lib.rs
View File

@ -283,7 +283,7 @@ impl BridgeAuth {
#[cfg(test)] #[cfg(test)]
/// Verify the two MACs on a Lox credential /// Verify the two MACs on a Lox credential
pub fn verify_lox(&self, cred: &cred::Lox) -> bool { pub fn verify_lox(&self, cred: &cred::Lox) -> bool {
if cred.P.is_identity() || cred.P_noopmigration.is_identity() { if cred.P.is_identity() {
return false; return false;
} }
@ -296,13 +296,7 @@ impl BridgeAuth {
+ cred.invites_issued * self.lox_priv.x[6]) + cred.invites_issued * self.lox_priv.x[6])
* cred.P; * cred.P;
let Q_noopmigration = (self.migration_priv.x[0] return Q == cred.Q;
+ cred.id * self.migration_priv.x[1]
+ cred.bucket * self.migration_priv.x[2]
+ cred.bucket * self.migration_priv.x[3])
* cred.P_noopmigration;
return Q == cred.Q && Q_noopmigration == cred.Q_noopmigration;
} }
#[cfg(test)] #[cfg(test)]

87
crates/lox-library/src/proto/level_up.rs
View File

@ -143,12 +143,6 @@ pub struct Response {
TBucket: RistrettoPoint, TBucket: RistrettoPoint,
TInvIssued: RistrettoPoint, TInvIssued: RistrettoPoint,
// The fields for the implicit noop migration ("nm") credential
P_nm: RistrettoPoint,
EncQ_nm: (RistrettoPoint, RistrettoPoint),
TId_nm: RistrettoPoint,
TBucket_nm: RistrettoPoint,
// The ZKP // The ZKP
piBlindIssue: CompactProof, piBlindIssue: CompactProof,
} }
@ -211,12 +205,9 @@ define_proof! {
blindissue, blindissue,
"Level Upgrade Issuing", "Level Upgrade Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued, (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
s, b, tid, tbucket, tinvissued, s, b, tid, tbucket, tinvissued),
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain, (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued, Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
TId_nm, TBucket_nm,
D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1), D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
(A, B): (A, B):
Xid = (xid*A), Xid = (xid*A),
@ -237,18 +228,7 @@ define_proof! {
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0), EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
+ tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince + tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
+ xinvremain*Pinvremain), + xinvremain*Pinvremain)
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
TBucket_nm = (tbucket_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
} }
pub fn request( pub fn request(
@ -782,30 +762,6 @@ impl BridgeAuth {
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1, EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
); );
// Now the no-op migration credential
// Compute the MAC on the visible attributes (none here)
let b_nm = Scalar::random(&mut rng);
let P_nm = &b_nm * Btable;
let QHc_nm = (self.migration_priv.x[0]) * P_nm;
// El Gamal encrypt it to the public key req.D
let s_nm = Scalar::random(&mut rng);
let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
// Homomorphically compute the part of the MAC corresponding to
// the blinded attributes
let tid_nm = self.migration_priv.x[1] * b_nm;
let TId_nm = &tid_nm * Atable;
let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
let TBucket_nm = &tbucket_nm * Atable;
let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
let EncQ_nm = (
EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
);
let mut transcript = Transcript::new(b"level upgrade issuing"); let mut transcript = Transcript::new(b"level upgrade issuing");
let piBlindIssue = blindissue::prove_compact( let piBlindIssue = blindissue::prove_compact(
&mut transcript, &mut transcript,
@ -828,15 +784,6 @@ impl BridgeAuth {
TId: &TId, TId: &TId,
TBucket: &TBucket, TBucket: &TBucket,
TInvIssued: &TInvIssued, TInvIssued: &TInvIssued,
P_nm: &P_nm,
EncQ0_nm: &EncQ_nm.0,
EncQ1_nm: &EncQ_nm.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
TId_nm: &TId_nm,
TBucket_nm: &TBucket_nm,
D: &req.D, D: &req.D,
EncId0: &EncId.0, EncId0: &EncId.0,
EncId1: &EncId.1, EncId1: &EncId.1,
@ -857,15 +804,6 @@ impl BridgeAuth {
tid: &tid, tid: &tid,
tbucket: &tbucket, tbucket: &tbucket,
tinvissued: &tinvissued, tinvissued: &tinvissued,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_nm,
b_nm: &b_nm,
tid_nm: &tid_nm,
tbucket_nm: &tbucket_nm,
}, },
) )
.0; .0;
@ -878,10 +816,6 @@ impl BridgeAuth {
TId, TId,
TBucket, TBucket,
TInvIssued, TInvIssued,
P_nm,
EncQ_nm,
TId_nm,
TBucket_nm,
piBlindIssue, piBlindIssue,
}) })
} }
@ -893,13 +827,12 @@ pub fn handle_response(
state: State, state: State,
resp: Response, resp: Response,
lox_pub: &IssuerPubKey, lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> { ) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A; let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B; let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE; let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_nm.is_identity() { if resp.P.is_identity() {
return Err(ProofError::VerificationFailure); return Err(ProofError::VerificationFailure);
} }
@ -935,15 +868,6 @@ pub fn handle_response(
TId: &resp.TId.compress(), TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(), TBucket: &resp.TBucket.compress(),
TInvIssued: &resp.TInvIssued.compress(), TInvIssued: &resp.TInvIssued.compress(),
P_nm: &resp.P_nm.compress(),
EncQ0_nm: &resp.EncQ_nm.0.compress(),
EncQ1_nm: &resp.EncQ_nm.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
TId_nm: &resp.TId_nm.compress(),
TBucket_nm: &resp.TBucket_nm.compress(),
D: &state.D.compress(), D: &state.D.compress(),
EncId0: &EncId.0.compress(), EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(), EncId1: &EncId.1.compress(),
@ -957,9 +881,6 @@ pub fn handle_response(
// Decrypt EncQ // Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0); let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_nm
let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
Ok(cred::Lox { Ok(cred::Lox {
P: resp.P, P: resp.P,
Q, Q,
@ -969,7 +890,5 @@ pub fn handle_response(
level_since: resp.level_since, level_since: resp.level_since,
invites_remaining: state.invremain, invites_remaining: state.invremain,
invites_issued: state.invissued, invites_issued: state.invissued,
P_noopmigration: resp.P_nm,
Q_noopmigration: Q_nm,
}) })
} }

87
crates/lox-library/src/proto/migration.rs
View File

@ -92,12 +92,6 @@ pub struct Response {
TId: RistrettoPoint, TId: RistrettoPoint,
TBucket: RistrettoPoint, TBucket: RistrettoPoint,
// The fields for the implicit noop migration ("nm") credential
P_nm: RistrettoPoint,
EncQ_nm: (RistrettoPoint, RistrettoPoint),
TId_nm: RistrettoPoint,
TBucket_nm: RistrettoPoint,
// The ZKP // The ZKP
piBlindIssue: CompactProof, piBlindIssue: CompactProof,
} }
@ -133,11 +127,8 @@ define_proof! {
define_proof! { define_proof! {
blindissue, blindissue,
"Migration Blind Issuing", "Migration Blind Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket, (x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket),
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Plevel, Psince, TId, TBucket, (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Plevel, Psince, TId, TBucket,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
TId_nm, TBucket_nm,
D, EncId0, EncId1, EncBucket0, EncBucket1), D, EncId0, EncId1, EncBucket0, EncBucket1),
(A, B): (A, B):
Xid = (xid*A), Xid = (xid*A),
@ -151,18 +142,7 @@ define_proof! {
TBucket = (b*Xbucket), TBucket = (b*Xbucket),
TBucket = (tbucket*A), TBucket = (tbucket*A),
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0), EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince), EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince)
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
TBucket_nm = (tbucket_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
} }
pub fn request( pub fn request(
@ -441,30 +421,6 @@ impl BridgeAuth {
EncQHc.1 + EncQId.1 + EncQBucket.1, EncQHc.1 + EncQId.1 + EncQBucket.1,
); );
// Now the no-op migration credential
// Compute the MAC on the visible attributes (none here)
let b_nm = Scalar::random(&mut rng);
let P_nm = &b_nm * Btable;
let QHc_nm = (self.migration_priv.x[0]) * P_nm;
// El Gamal encrypt it to the public key req.D
let s_nm = Scalar::random(&mut rng);
let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
// Homomorphically compute the part of the MAC corresponding to
// the blinded attributes
let tid_nm = self.migration_priv.x[1] * b_nm;
let TId_nm = &tid_nm * Atable;
let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
let TBucket_nm = &tbucket_nm * Atable;
let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
let EncQ_nm = (
EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
);
let mut transcript = Transcript::new(b"migration issuing"); let mut transcript = Transcript::new(b"migration issuing");
let piBlindIssue = blindissue::prove_compact( let piBlindIssue = blindissue::prove_compact(
&mut transcript, &mut transcript,
@ -483,15 +439,6 @@ impl BridgeAuth {
Psince: &(level_since * P), Psince: &(level_since * P),
TId: &TId, TId: &TId,
TBucket: &TBucket, TBucket: &TBucket,
P_nm: &P_nm,
EncQ0_nm: &EncQ_nm.0,
EncQ1_nm: &EncQ_nm.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
TId_nm: &TId_nm,
TBucket_nm: &TBucket_nm,
D: &req.D, D: &req.D,
EncId0: &EncId.0, EncId0: &EncId.0,
EncId1: &EncId.1, EncId1: &EncId.1,
@ -507,15 +454,6 @@ impl BridgeAuth {
b: &b, b: &b,
tid: &tid, tid: &tid,
tbucket: &tbucket, tbucket: &tbucket,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_nm,
b_nm: &b_nm,
tid_nm: &tid_nm,
tbucket_nm: &tbucket_nm,
}, },
) )
.0; .0;
@ -527,10 +465,6 @@ impl BridgeAuth {
id_server, id_server,
TId, TId,
TBucket, TBucket,
P_nm,
EncQ_nm,
TId_nm,
TBucket_nm,
piBlindIssue, piBlindIssue,
}) })
} }
@ -542,13 +476,12 @@ pub fn handle_response(
state: State, state: State,
resp: Response, resp: Response,
lox_pub: &IssuerPubKey, lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> { ) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A; let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B; let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE; let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_nm.is_identity() { if resp.P.is_identity() {
return Err(ProofError::VerificationFailure); return Err(ProofError::VerificationFailure);
} }
@ -581,15 +514,6 @@ pub fn handle_response(
Psince: &(resp.level_since * resp.P).compress(), Psince: &(resp.level_since * resp.P).compress(),
TId: &resp.TId.compress(), TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(), TBucket: &resp.TBucket.compress(),
P_nm: &resp.P_nm.compress(),
EncQ0_nm: &resp.EncQ_nm.0.compress(),
EncQ1_nm: &resp.EncQ_nm.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
TId_nm: &resp.TId_nm.compress(),
TBucket_nm: &resp.TBucket_nm.compress(),
D: &state.D.compress(), D: &state.D.compress(),
EncId0: &EncId.0.compress(), EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(), EncId1: &EncId.1.compress(),
@ -601,9 +525,6 @@ pub fn handle_response(
// Decrypt EncQ // Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0); let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_nm
let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
Ok(cred::Lox { Ok(cred::Lox {
P: resp.P, P: resp.P,
Q, Q,
@ -613,7 +534,5 @@ pub fn handle_response(
level_since: resp.level_since, level_since: resp.level_since,
invites_remaining: Scalar::zero(), invites_remaining: Scalar::zero(),
invites_issued: Scalar::zero(), invites_issued: Scalar::zero(),
P_noopmigration: resp.P_nm,
Q_noopmigration: Q_nm,
}) })
} }

83
crates/lox-library/src/proto/open_invite.rs
View File

@ -54,9 +54,6 @@ pub struct Response {
TId: RistrettoPoint, TId: RistrettoPoint,
bucket: Scalar, bucket: Scalar,
level_since: Scalar, level_since: Scalar,
P_noopmigration: RistrettoPoint,
EncQ_noopmigration: (RistrettoPoint, RistrettoPoint),
TId_noopmigration: RistrettoPoint,
piBlindIssue: CompactProof, piBlindIssue: CompactProof,
} }
@ -76,11 +73,8 @@ define_proof! {
define_proof! { define_proof! {
blindissue, blindissue,
"Open Invitation Blind Issuing", "Open Invitation Blind Issuing",
(x0, x0tilde, xid, xbucket, xsince, s, b, tid, (x0, x0tilde, xid, xbucket, xsince, s, b, tid),
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xsince, Pbucket, Psince, TId, (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xsince, Pbucket, Psince, TId,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
Pbucket_nm, TId_nm,
D, EncId0, EncId1), D, EncId0, EncId1),
(A, B) : (A, B) :
Xid = (xid*A), Xid = (xid*A),
@ -91,16 +85,7 @@ define_proof! {
TId = (b*Xid), TId = (b*Xid),
TId = (tid*A), TId = (tid*A),
EncQ0 = (s*B + tid*EncId0), EncQ0 = (s*B + tid*EncId0),
EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince), EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince)
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + x0_nm*P_nm + xfrom_nm*Pbucket_nm + xto_nm*Pbucket_nm)
} }
/// Submit an open invitation issued by the BridgeDb to receive your /// Submit an open invitation issued by the BridgeDb to receive your
@ -229,33 +214,6 @@ impl BridgeAuth {
let EncQ = (EncQHc.0 + EncQId.0, EncQHc.1 + EncQId.1); let EncQ = (EncQHc.0 + EncQId.0, EncQHc.1 + EncQId.1);
// Now the no-op migration credential
// Compute the MAC on the visible attributes
let b_noopmigration = Scalar::random(&mut rng);
let P_noopmigration = &b_noopmigration * Btable;
let QHc_noopmigration = (self.migration_priv.x[0]
+ self.migration_priv.x[2] * bucket
+ self.migration_priv.x[3] * bucket)
* P_noopmigration;
// El Gamal encrypt it to the public key req.D
let s_noopmigration = Scalar::random(&mut rng);
let EncQHc_noopmigration = (
&s_noopmigration * Btable,
QHc_noopmigration + s_noopmigration * req.D,
);
// Homomorphically compute the part of the MAC corresponding to
// the blinded id attribute
let tid_noopmigration = self.migration_priv.x[1] * b_noopmigration;
let TId_noopmigration = &tid_noopmigration * Atable;
let EncQId_noopmigration = (tid_noopmigration * EncId.0, tid_noopmigration * EncId.1);
let EncQ_noopmigration = (
EncQHc_noopmigration.0 + EncQId_noopmigration.0,
EncQHc_noopmigration.1 + EncQId_noopmigration.1,
);
let mut transcript = Transcript::new(b"open invite issuing"); let mut transcript = Transcript::new(b"open invite issuing");
let piBlindIssue = blindissue::prove_compact( let piBlindIssue = blindissue::prove_compact(
&mut transcript, &mut transcript,
@ -272,15 +230,6 @@ impl BridgeAuth {
Pbucket: &(bucket * P), Pbucket: &(bucket * P),
Psince: &(level_since * P), Psince: &(level_since * P),
TId: &TId, TId: &TId,
P_nm: &P_noopmigration,
EncQ0_nm: &EncQ_noopmigration.0,
EncQ1_nm: &EncQ_noopmigration.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
Pbucket_nm: &(bucket * P_noopmigration),
TId_nm: &TId_noopmigration,
D: &req.D, D: &req.D,
EncId0: &EncId.0, EncId0: &EncId.0,
EncId1: &EncId.1, EncId1: &EncId.1,
@ -292,14 +241,6 @@ impl BridgeAuth {
s: &s, s: &s,
b: &b, b: &b,
tid: &tid, tid: &tid,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_noopmigration,
b_nm: &b_noopmigration,
tid_nm: &tid_noopmigration,
}, },
) )
.0; .0;
@ -311,9 +252,6 @@ impl BridgeAuth {
TId, TId,
bucket, bucket,
level_since, level_since,
P_noopmigration,
EncQ_noopmigration,
TId_noopmigration,
piBlindIssue, piBlindIssue,
}) })
} }
@ -325,13 +263,12 @@ pub fn handle_response(
state: State, state: State,
resp: Response, resp: Response,
lox_pub: &IssuerPubKey, lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> { ) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A; let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B; let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE; let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_noopmigration.is_identity() { if resp.P.is_identity() {
return Err(ProofError::VerificationFailure); return Err(ProofError::VerificationFailure);
} }
@ -361,15 +298,6 @@ pub fn handle_response(
Pbucket: &(resp.bucket * resp.P).compress(), Pbucket: &(resp.bucket * resp.P).compress(),
Psince: &(resp.level_since * resp.P).compress(), Psince: &(resp.level_since * resp.P).compress(),
TId: &resp.TId.compress(), TId: &resp.TId.compress(),
P_nm: &resp.P_noopmigration.compress(),
EncQ0_nm: &resp.EncQ_noopmigration.0.compress(),
EncQ1_nm: &resp.EncQ_noopmigration.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
Pbucket_nm: &(resp.bucket * resp.P_noopmigration).compress(),
TId_nm: &resp.TId_noopmigration.compress(),
D: &state.D.compress(), D: &state.D.compress(),
EncId0: &EncId.0.compress(), EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(), EncId1: &EncId.1.compress(),
@ -379,9 +307,6 @@ pub fn handle_response(
// Decrypt EncQ // Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0); let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_noopmigration
let Q_noopmigration = resp.EncQ_noopmigration.1 - (state.d * resp.EncQ_noopmigration.0);
Ok(cred::Lox { Ok(cred::Lox {
P: resp.P, P: resp.P,
Q, Q,
@ -391,7 +316,5 @@ pub fn handle_response(
level_since: resp.level_since, level_since: resp.level_since,
invites_remaining: Scalar::zero(), invites_remaining: Scalar::zero(),
invites_issued: Scalar::zero(), invites_issued: Scalar::zero(),
P_noopmigration: resp.P_noopmigration,
Q_noopmigration,
}) })
} }

9
crates/lox-library/src/tests.rs
View File

@ -36,7 +36,7 @@ fn test_open_invite() {
// Use it to get a Lox credential // Use it to get a Lox credential
let (req, state) = open_invite::request(&inv); let (req, state) = open_invite::request(&inv);
let resp = ba.handle_open_invite(req).unwrap(); let resp = ba.handle_open_invite(req).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap(); let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
// Check that we can use the credential to read a bucket // Check that we can use the credential to read a bucket
let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap(); let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
@ -89,7 +89,7 @@ fn trust_promotion(bdb: &BridgeDb, ba: &mut BridgeAuth) -> (cred::Lox, cred::Mig
// Use it to get a Lox credential // Use it to get a Lox credential
let (req, state) = open_invite::request(&inv); let (req, state) = open_invite::request(&inv);
let resp = ba.handle_open_invite(req).unwrap(); let resp = ba.handle_open_invite(req).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap(); let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
assert!(ba.verify_lox(&cred)); assert!(ba.verify_lox(&cred));
// Time passes // Time passes
@ -125,8 +125,7 @@ fn level0_migration(bdb: &BridgeDb, ba: &mut BridgeAuth) -> cred::Lox {
let (migreq, migstate) = let (migreq, migstate) =
migration::request(&loxcred, &migcred, &ba.lox_pub, &ba.migration_pub).unwrap(); migration::request(&loxcred, &migcred, &ba.lox_pub, &ba.migration_pub).unwrap();
let migresp = ba.handle_migration(migreq).unwrap(); let migresp = ba.handle_migration(migreq).unwrap();
let newloxcred = let newloxcred = migration::handle_response(migstate, migresp, &ba.lox_pub).unwrap();
migration::handle_response(migstate, migresp, &ba.lox_pub, &ba.migration_pub).unwrap();
newloxcred newloxcred
} }
@ -167,7 +166,7 @@ fn level_up(ba: &mut BridgeAuth, cred: &cred::Lox) -> cred::Lox {
) )
.unwrap(); .unwrap();
let resp = ba.handle_level_up(req).unwrap(); let resp = ba.handle_level_up(req).unwrap();
let cred = level_up::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap(); let cred = level_up::handle_response(state, resp, &ba.lox_pub).unwrap();
cred cred
} }