diff --git a/crates/lox-library/src/cred.rs b/crates/lox-library/src/cred.rs
index b070854..16b8b12 100644
--- a/crates/lox-library/src/cred.rs
+++ b/crates/lox-library/src/cred.rs
@@ -10,7 +10,11 @@ use curve25519_dalek::scalar::Scalar;
 /// A migration credential.
 ///
 /// This credential authorizes the holder of the Lox credential with the
-/// given id to switch from bucket from_bucket to bucket to_bucket.
+/// given id to switch from bucket from_bucket to bucket to_bucket.  The
+/// mig_type attribute is 0 for trust upgrade migrations (moving from a
+/// 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1 for
+/// blockage migrations (moving buckets because the from_bucket has been
+/// blocked).
 #[derive(Debug)]
 pub struct Migration {
     pub P: RistrettoPoint,
@@ -18,6 +22,7 @@ pub struct Migration {
     pub lox_id: Scalar,
     pub from_bucket: Scalar,
     pub to_bucket: Scalar,
+    pub mig_type: Scalar,
 }
 
 /// The main user credential in the Lox system.
diff --git a/crates/lox-library/src/lib.rs b/crates/lox-library/src/lib.rs
index f9a9f1c..747a85f 100644
--- a/crates/lox-library/src/lib.rs
+++ b/crates/lox-library/src/lib.rs
@@ -249,7 +249,7 @@ impl BridgeAuth {
         // credential, each with the appropriate number of attributes
         let lox_priv = IssuerPrivKey::new(6);
         let lox_pub = IssuerPubKey::new(&lox_priv);
-        let migration_priv = IssuerPrivKey::new(3);
+        let migration_priv = IssuerPrivKey::new(4);
         let migration_pub = IssuerPubKey::new(&migration_priv);
         let migrationkey_priv = IssuerPrivKey::new(2);
         let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
@@ -297,7 +297,6 @@ impl BridgeAuth {
             single[0] = *b;
             let snum = self.bridge_table.new_bucket(&single);
             bdb.insert_openinv(snum);
-            println!("Adding {} -> {}", snum, bnum);
             self.trustup_migration_table.table.insert(snum, bnum);
         }
     }
diff --git a/crates/lox-library/src/migration_table.rs b/crates/lox-library/src/migration_table.rs
index 8411568..356dbfd 100644
--- a/crates/lox-library/src/migration_table.rs
+++ b/crates/lox-library/src/migration_table.rs
@@ -79,6 +79,7 @@ pub fn encrypt_cred(
     id: &Scalar,
     from_bucket: &Scalar,
     to_bucket: &Scalar,
+    mig_type: &Scalar,
     Pktable: &RistrettoBasepointTable,
     migration_priv: &IssuerPrivKey,
     migrationkey_priv: &IssuerPrivKey,
@@ -100,7 +101,8 @@ pub fn encrypt_cred(
         * (migration_priv.x[0]
             + migration_priv.x[1] * id
             + migration_priv.x[2] * from_bucket
-            + migration_priv.x[3] * to_bucket))
+            + migration_priv.x[3] * to_bucket
+            + migration_priv.x[4] * mig_type))
         * Btable;
 
     // Serialize (to_bucket, P, Q)
@@ -139,7 +141,8 @@ pub fn encrypt_cred(
 
 /// Create an encrypted Migration credential for returning to the user
 /// in the trust promotion protocol, given the ids of the from and to
-/// buckets, and using a BridgeTable to get the bucket keys.
+/// buckets, and the migration type, and using a BridgeTable to get the
+/// bucket keys.
 ///
 /// Otherwise the same as encrypt_cred, above, except it returns an
 /// Option in case the passed ids were invalid.
@@ -147,6 +150,7 @@ pub fn encrypt_cred_ids(
     id: &Scalar,
     from_id: u32,
     to_id: u32,
+    mig_type: &Scalar,
     bridgetable: &bridge_table::BridgeTable,
     Pktable: &RistrettoBasepointTable,
     migration_priv: &IssuerPrivKey,
@@ -159,6 +163,7 @@ pub fn encrypt_cred_ids(
         id,
         &bridge_table::to_scalar(from_id, fromkey),
         &bridge_table::to_scalar(to_id, tokey),
+        mig_type,
         Pktable,
         migration_priv,
         migrationkey_priv,
@@ -192,6 +197,7 @@ impl MigrationTable {
                     id,
                     *from_id,
                     *to_id,
+                    &self.migration_type,
                     bridgetable,
                     Pktable,
                     migration_priv,
@@ -203,12 +209,14 @@ impl MigrationTable {
 }
 
 /// Decrypt an encrypted Migration credential given Qk, the known
-/// attributes id and from_bucket for the Migration credential, and a
-/// HashMap mapping labels to ciphertexts.
+/// attributes id and from_bucket for the Migration credential as well
+/// as the known migration type, and a HashMap mapping labels to
+/// ciphertexts.
 pub fn decrypt_cred(
     Qk: &RistrettoPoint,
     lox_id: &Scalar,
     from_bucket: &Scalar,
+    mig_type: MigrationType,
     enc_migration_table: &HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
 ) -> Option<Migration> {
     // Compute the hash of (id, from_bucket, Qk)
@@ -248,5 +256,6 @@ pub fn decrypt_cred(
         lox_id: *lox_id,
         from_bucket: *from_bucket,
         to_bucket,
+        mig_type: mig_type.into(),
     })
 }
diff --git a/crates/lox-library/src/proto/trust_promotion.rs b/crates/lox-library/src/proto/trust_promotion.rs
index f0e41c4..5adf294 100644
--- a/crates/lox-library/src/proto/trust_promotion.rs
+++ b/crates/lox-library/src/proto/trust_promotion.rs
@@ -542,7 +542,13 @@ pub fn handle_response(state: State, resp: Response) -> Result<cred::Migration,
     let Qk = resp.EncQk.1 - (state.d * resp.EncQk.0);
 
     // Use Qk to locate and decrypt the Migration credential
-    match migration_table::decrypt_cred(&Qk, &state.id, &state.bucket, &resp.enc_migration_table) {
+    match migration_table::decrypt_cred(
+        &Qk,
+        &state.id,
+        &state.bucket,
+        migration_table::MigrationType::TrustUpgrade,
+        &resp.enc_migration_table,
+    ) {
         Some(m) => Ok(m),
         None => Err(ProofError::VerificationFailure),
     }