From aa097dc4476d1e683a95fcf0e022ee81eabbf4ca Mon Sep 17 00:00:00 2001 From: Ian Goldberg Date: Sun, 2 May 2021 18:10:59 -0400 Subject: [PATCH] Change the policy for invites_remaining in the level up protocol Before, the number of invitations at the new level were _added_ to a user's credential. Now, it _replaces_ the old value. --- crates/lox-library/src/proto/level_up.rs | 54 ++++++++++-------------- 1 file changed, 22 insertions(+), 32 deletions(-) diff --git a/crates/lox-library/src/proto/level_up.rs b/crates/lox-library/src/proto/level_up.rs index 4edd7d8..f97da18 100644 --- a/crates/lox-library/src/proto/level_up.rs +++ b/crates/lox-library/src/proto/level_up.rs @@ -29,8 +29,9 @@ and a new Lox credential to be issued: credential above - trust_level: revealed to be one more than the trust level above - level_since: today -- invites_remaining: blinded, but proved in ZK that it's the same as in - the Lox credential above, _plus_ a per-level constant +- invites_remaining: revealed to be the number of invites for the new + level (note that the invites_remaining from the previous credential + are _not_ carried over) - invites_issued: blinded, but proved in ZK that it's the same as in the Lox credential above @@ -51,20 +52,24 @@ use super::super::{pt_dbl, scalar_dbl, scalar_u32}; use super::super::{BridgeAuth, IssuerPubKey}; use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE}; -/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user -/// must be at trust level i before advancing to level i+1. The large -/// last entry makes it impossible to advance past the top level. Note -/// that the LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion -/// protocol is used instead of this one to move from level 0 to level -/// 1. -pub const LEVEL_INTERVAL: [u32; 5] = [0, 14, 28, 56, u32::MAX]; +/// The maximum trust level in the system. A user can run this level +/// upgrade protocol when they're already at the max level; they will +/// get a fresh invites_remaining batch, and reset their level_since +/// field to today's date, but will remain in the max level. +pub const MAX_LEVEL: usize = 3; -/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of additional -/// invitations a user will be eligible to issue upon advancing from -/// level i to level i+1. Again the LEVEL_INVITATIONS\[0\] entry is a -/// dummy, as for LEVEL_INTERVAL. Also the last entry is 0 because -/// users cannot advance above the highest level. -pub const LEVEL_INVITATIONS: [u32; 5] = [0, 2, 4, 6, 0]; +/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user +/// must be at trust level i before advancing to level i+1 (or as above, +/// remain at level i if i == MAX_LEVEL). Note that the +/// LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion protocol +/// is used instead of this one to move from level 0 to level 1. +pub const LEVEL_INTERVAL: [u32; MAX_LEVEL + 1] = [0, 14, 28, 56]; + +/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of invitations a +/// user will be eligible to issue upon advancing from level i to level +/// i+1. Again the LEVEL_INVITATIONS\[0\] entry is a dummy, as for +/// LEVEL_INTERVAL. +pub const LEVEL_INVITATIONS: [u32; MAX_LEVEL + 1] = [0, 2, 4, 6]; pub struct Request { // Fields for blind showing the Lox credential @@ -106,7 +111,6 @@ pub struct Request { D: RistrettoPoint, EncIdClient: (RistrettoPoint, RistrettoPoint), EncBucket: (RistrettoPoint, RistrettoPoint), - EncInvRemain: (RistrettoPoint, RistrettoPoint), EncInvIssued: (RistrettoPoint, RistrettoPoint), // The combined ZKP @@ -119,7 +123,6 @@ pub struct State { D: RistrettoPoint, EncIdClient: (RistrettoPoint, RistrettoPoint), EncBucket: (RistrettoPoint, RistrettoPoint), - EncInvRemain: (RistrettoPoint, RistrettoPoint), EncInvIssued: (RistrettoPoint, RistrettoPoint), id_client: Scalar, bucket: Scalar, @@ -157,7 +160,7 @@ define_proof! { (bucket, since, invremain, invissued, zbucket, zsince, zinvremain, zinvissued, negzQ, zbucket_reach, negzQ_reach, - d, eid_client, ebucket, einvremain, einvissued, id_client, + d, eid_client, ebucket, einvissued, id_client, g0, g1, g2, g3, g4, g5, g6, g7, g8, zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8, wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8, @@ -166,7 +169,6 @@ define_proof! { Xinvremain, Xinvissued, P_reach, CBucket_reach, V_reach, Xbucket_reach, D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1, - EncInvRemain0, EncInvRemain1_minus_LEVELINV_B, EncInvIssued0, EncInvIssued1, CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8, CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq), @@ -185,8 +187,6 @@ define_proof! { EncIdClient1 = (id_client*B + eid_client*D), EncBucket0 = (ebucket*B), EncBucket1 = (bucket*B + ebucket*D), - EncInvRemain0 = (einvremain*B), - EncInvRemain1_minus_LEVELINV_B = (invremain*B + einvremain*D), EncInvIssued0 = (einvissued*B), EncInvIssued1 = (invissued*B + einvissued*D), // Prove CSince encodes a value at least LEVEL_INTERVAL @@ -332,11 +332,6 @@ pub fn request( let ebucket = Scalar::random(&mut rng); let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D); let newinvites: Scalar = LEVEL_INVITATIONS[trust_level as usize].into(); - let einvremain = Scalar::random(&mut rng); - let EncInvRemain = ( - &einvremain * Btable, - &(lox_cred.invites_remaining + newinvites) * Btable + einvremain * D, - ); let einvissued = Scalar::random(&mut rng); let EncInvIssued = ( &einvissued * Btable, @@ -446,8 +441,6 @@ pub fn request( EncIdClient1: &EncIdClient.1, EncBucket0: &EncBucket.0, EncBucket1: &EncBucket.1, - EncInvRemain0: &EncInvRemain.0, - EncInvRemain1_minus_LEVELINV_B: &(EncInvRemain.1 - &newinvites * Btable), EncInvIssued0: &EncInvIssued.0, EncInvIssued1: &EncInvIssued.1, CG0: &CG0, @@ -482,7 +475,6 @@ pub fn request( d: &d, eid_client: &eid_client, ebucket: &ebucket, - einvremain: &einvremain, einvissued: &einvissued, id_client: &id_client, g0: &g0, @@ -541,7 +533,6 @@ pub fn request( D, EncIdClient, EncBucket, - EncInvRemain, EncInvIssued, CG1, CG2, @@ -567,12 +558,11 @@ pub fn request( D, EncIdClient, EncBucket, - EncInvRemain, EncInvIssued, id_client, bucket: lox_cred.bucket, level: lox_cred.trust_level + Scalar::one(), - invremain: lox_cred.invites_remaining + newinvites, + invremain: newinvites, invissued: lox_cred.invites_issued, }, ))