Be consistent about the ordering of the parameters in the ZKPs

Particularly D
2021-05-05 16:33:52 -04:00 · 2021-05-05 16:33:52 -04:00 · 4bb77d16e4
parent 74bae2cf8e
commit 4bb77d16e4
3 changed files with 10 additions and 10 deletions
--- a/crates/lox-library/src/proto/migration.rs
+++ b/crates/lox-library/src/proto/migration.rs
@ -117,11 +117,11 @@ define_proof! {
    V_mig = (zfrombucket*Xfrombucket + ztobucket*Xtobucket + negzQ_mig*A),
    // User blinding of the Lox credential to be issued; note the use of
    // the same "tobucket" secret variable
+    D = (d*B),
    EncIdClient0 = (eid_client*B),
    EncIdClient1 = (id_client*B + eid_client*D),
    EncBucket0 = (ebucket*B),
-    EncBucket1 = (tobucket*B + ebucket*D),
-    D = (d*B)
+    EncBucket1 = (tobucket*B + ebucket*D)
 }

 define_proof! {
--- a/crates/lox-library/src/proto/open_invite.rs
+++ b/crates/lox-library/src/proto/open_invite.rs
@ -62,11 +62,11 @@ define_proof! {
    userblinding,
    "Open Invitation User Blinding",
    (d, eid_client, id_client),
-    (EncIdClient0, EncIdClient1, D),
+    (D, EncIdClient0, EncIdClient1),
    (B) :
+    D = (d*B),
    EncIdClient0 = (eid_client*B),
-    EncIdClient1 = (id_client*B + eid_client*D),
-    D = (d*B)
+    EncIdClient1 = (id_client*B + eid_client*D)
 }

 // The issuing ZKP
@ -113,9 +113,9 @@ pub fn request(invite: &[u8; OPENINV_LENGTH]) -> (Request, State) {
        &mut transcript,
        userblinding::ProveAssignments {
            B: &B,
+            D: &D,
            EncIdClient0: &EncIdClient.0,
            EncIdClient1: &EncIdClient.1,
-            D: &D,
            d: &d,
            eid_client: &eid_client,
            id_client: &id_client,
--- a/crates/lox-library/src/proto/trust_promotion.rs
+++ b/crates/lox-library/src/proto/trust_promotion.rs
@ -123,7 +123,7 @@ define_proof! {
     wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
     yg0, yg1, yg2, yg3, yg4, yg5, yg6, yg7, yg8),
    (P, CBucket, CSince, V, Xbucket, Xsince,
-     EncBucket0, EncBucket1, D,
+     D, EncBucket0, EncBucket1,
     CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
     CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
    (A, B):
@ -132,9 +132,9 @@ define_proof! {
    CSince = (since*P + zsince*A),
    V = (zbucket*Xbucket + zsince*Xsince + negzQ*A),
    // User blinding of the Migration Key credential
+    D = (d*B),
    EncBucket0 = (ebucket*B),
    EncBucket1 = (bucket*B + ebucket*D),
-    D = (d*B),
    // Prove CSince encodes a value at least UNTRUSTED_INTERVAL
    // days ago (and technically at most UNTRUSTED_INTERVAL+511 days
    // ago): first prove each of g0, ..., g8 is a bit by proving that
@ -303,9 +303,9 @@ pub fn request(
            V: &V,
            Xbucket: &lox_pub.X[2],
            Xsince: &lox_pub.X[4],
+            D: &D,
            EncBucket0: &EncBucket.0,
            EncBucket1: &EncBucket.1,
-            D: &D,
            CG0: &CG0,
            CG1: &CG1,
            CG2: &CG2,
@ -460,9 +460,9 @@ impl BridgeAuth {
                V: &Vprime.compress(),
                Xbucket: &self.lox_pub.X[2].compress(),
                Xsince: &self.lox_pub.X[4].compress(),
+                D: &req.D.compress(),
                EncBucket0: &req.EncBucket.0.compress(),
                EncBucket1: &req.EncBucket.1.compress(),
-                D: &req.D.compress(),
                CG0: &CG0prime.compress(),
                CG1: &req.CG1.compress(),
                CG2: &req.CG2.compress(),