vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change the policy for invites_remaining in the level up protocol 

Before, the number of invitations at the new level were _added_ to a
user's credential.  Now, it _replaces_ the old value.
This commit is contained in:
Ian Goldberg 2021-05-02 18:10:59 -04:00
parent f7b3d242bb
commit aa097dc447
1 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
crates/lox-library/src/proto/level_up.rs
View File

@ -29,8 +29,9 @@ and a new Lox credential to be issued:
credential above
- trust_level: revealed to be one more than the trust level above
- level_since: today
- invites_remaining: blinded, but proved in ZK that it's the same as in
the Lox credential above, _plus_ a per-level constant
- invites_remaining: revealed to be the number of invites for the new
level (note that the invites_remaining from the previous credential
are _not_ carried over)
- invites_issued: blinded, but proved in ZK that it's the same as in the
Lox credential above
@ -51,20 +52,24 @@ use super::super::{pt_dbl, scalar_dbl, scalar_u32};
use super::super::{BridgeAuth, IssuerPubKey};
use super::super::{CMZ_A, CMZ_A_TABLE, CMZ_B, CMZ_B_TABLE};
/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user
/// must be at trust level i before advancing to level i+1. The large
/// last entry makes it impossible to advance past the top level. Note
/// that the LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion
/// protocol is used instead of this one to move from level 0 to level
/// 1.
pub const LEVEL_INTERVAL: [u32; 5] = [0, 14, 28, 56, u32::MAX];
/// The maximum trust level in the system. A user can run this level
/// upgrade protocol when they're already at the max level; they will
/// get a fresh invites_remaining batch, and reset their level_since
/// field to today's date, but will remain in the max level.
pub const MAX_LEVEL: usize = 3;
/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of additional
/// invitations a user will be eligible to issue upon advancing from
/// level i to level i+1. Again the LEVEL_INVITATIONS\[0\] entry is a
/// dummy, as for LEVEL_INTERVAL. Also the last entry is 0 because
/// users cannot advance above the highest level.
pub const LEVEL_INVITATIONS: [u32; 5] = [0, 2, 4, 6, 0];
/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user
/// must be at trust level i before advancing to level i+1 (or as above,
/// remain at level i if i == MAX_LEVEL). Note that the
/// LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion protocol
/// is used instead of this one to move from level 0 to level 1.
pub const LEVEL_INTERVAL: [u32; MAX_LEVEL + 1] = [0, 14, 28, 56];
/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of invitations a
/// user will be eligible to issue upon advancing from level i to level
/// i+1. Again the LEVEL_INVITATIONS\[0\] entry is a dummy, as for
/// LEVEL_INTERVAL.
pub const LEVEL_INVITATIONS: [u32; MAX_LEVEL + 1] = [0, 2, 4, 6];
pub struct Request {
// Fields for blind showing the Lox credential
@ -106,7 +111,6 @@ pub struct Request {
D: RistrettoPoint,
EncIdClient: (RistrettoPoint, RistrettoPoint),
EncBucket: (RistrettoPoint, RistrettoPoint),
EncInvRemain: (RistrettoPoint, RistrettoPoint),
EncInvIssued: (RistrettoPoint, RistrettoPoint),
// The combined ZKP
@ -119,7 +123,6 @@ pub struct State {
D: RistrettoPoint,
EncIdClient: (RistrettoPoint, RistrettoPoint),
EncBucket: (RistrettoPoint, RistrettoPoint),
EncInvRemain: (RistrettoPoint, RistrettoPoint),
EncInvIssued: (RistrettoPoint, RistrettoPoint),
id_client: Scalar,
bucket: Scalar,
@ -157,7 +160,7 @@ define_proof! {
(bucket, since, invremain, invissued, zbucket, zsince, zinvremain,
zinvissued, negzQ,
zbucket_reach, negzQ_reach,
d, eid_client, ebucket, einvremain, einvissued, id_client,
d, eid_client, ebucket, einvissued, id_client,
g0, g1, g2, g3, g4, g5, g6, g7, g8,
zg0, zg1, zg2, zg3, zg4, zg5, zg6, zg7, zg8,
wg0, wg1, wg2, wg3, wg4, wg5, wg6, wg7, wg8,
@ -166,7 +169,6 @@ define_proof! {
Xinvremain, Xinvissued,
P_reach, CBucket_reach, V_reach, Xbucket_reach,
D, EncIdClient0, EncIdClient1, EncBucket0, EncBucket1,
EncInvRemain0, EncInvRemain1_minus_LEVELINV_B,
EncInvIssued0, EncInvIssued1,
CG0, CG1, CG2, CG3, CG4, CG5, CG6, CG7, CG8,
CG0sq, CG1sq, CG2sq, CG3sq, CG4sq, CG5sq, CG6sq, CG7sq, CG8sq),
@ -185,8 +187,6 @@ define_proof! {
EncIdClient1 = (id_client*B + eid_client*D),
EncBucket0 = (ebucket*B),
EncBucket1 = (bucket*B + ebucket*D),
EncInvRemain0 = (einvremain*B),
EncInvRemain1_minus_LEVELINV_B = (invremain*B + einvremain*D),
EncInvIssued0 = (einvissued*B),
EncInvIssued1 = (invissued*B + einvissued*D),
// Prove CSince encodes a value at least LEVEL_INTERVAL
@ -332,11 +332,6 @@ pub fn request(
let ebucket = Scalar::random(&mut rng);
let EncBucket = (&ebucket * Btable, &lox_cred.bucket * Btable + ebucket * D);
let newinvites: Scalar = LEVEL_INVITATIONS[trust_level as usize].into();
let einvremain = Scalar::random(&mut rng);
let EncInvRemain = (
&einvremain * Btable,
&(lox_cred.invites_remaining + newinvites) * Btable + einvremain * D,
);
let einvissued = Scalar::random(&mut rng);
let EncInvIssued = (
&einvissued * Btable,
@ -446,8 +441,6 @@ pub fn request(
EncIdClient1: &EncIdClient.1,
EncBucket0: &EncBucket.0,
EncBucket1: &EncBucket.1,
EncInvRemain0: &EncInvRemain.0,
EncInvRemain1_minus_LEVELINV_B: &(EncInvRemain.1 - &newinvites * Btable),
EncInvIssued0: &EncInvIssued.0,
EncInvIssued1: &EncInvIssued.1,
CG0: &CG0,
@ -482,7 +475,6 @@ pub fn request(
d: &d,
eid_client: &eid_client,
ebucket: &ebucket,
einvremain: &einvremain,
einvissued: &einvissued,
id_client: &id_client,
g0: &g0,
@ -541,7 +533,6 @@ pub fn request(
D,
EncIdClient,
EncBucket,
EncInvRemain,
EncInvIssued,
CG1,
CG2,
@ -567,12 +558,11 @@ pub fn request(
D,
EncIdClient,
EncBucket,
EncInvRemain,
EncInvIssued,
id_client,
bucket: lox_cred.bucket,
level: lox_cred.trust_level + Scalar::one(),
invremain: lox_cred.invites_remaining + newinvites,
invremain: newinvites,
invissued: lox_cred.invites_issued,
},
))