/*! The various credentials used by the system. In each case, (P,Q) forms the MAC on the credential. This MAC is verifiable only by the issuing party, or if the issuing party issues a zero-knowledge proof of its correctness (as it does at issuing time). */ use curve25519_dalek::ristretto::RistrettoPoint; use curve25519_dalek::scalar::Scalar; /// A migration credential. This credential authorizes the holder of /// the Lox credential with the given id to switch from bucket /// from_bucket to bucket to_bucket. #[derive(Debug)] pub struct Migration { pub P: RistrettoPoint, pub Q: RistrettoPoint, pub lox_id: Scalar, pub from_bucket: Scalar, pub to_bucket: Scalar, } /// The main user credential in the Lox system. Its id is jointly /// generated by the user and the BA (bridge authority), but known only /// to the user. The level_since date is the Julian date of when this /// user was changed to the current trust level. (P_noopmigration, /// Q_noopmigration) are the MAC on the implicit no-op migration /// credential formed by the attributes (id, bucket, bucket), which /// authorizes the user to switch from its current bucket to the same /// bucket (i.e., a no-op). This can be useful for hiding from the BA /// whether or not the user is performing a bucket migration. #[derive(Debug)] pub struct Lox { pub P: RistrettoPoint, pub Q: RistrettoPoint, pub id: Scalar, pub bucket: Scalar, pub trust_level: Scalar, pub level_since: Scalar, pub invites_remaining: Scalar, pub invites_issued: Scalar, pub P_noopmigration: RistrettoPoint, pub Q_noopmigration: RistrettoPoint, } // The migration key credential is never actually instantiated. It is // an implicit credential with the following attributes: // - lox_id: Scalar, // - from_bucket: Scalar // Plus the usual (P,Q) MAC. This credential type does have an // associated private and public key, however. The idea is that if a // user proves (in zero knowledge) that their Lox credential entitles // them to migrate from one bucket to another, the BA will issue a // (blinded, so the BA will not know the values of the attributes or of // Q) MAC on this implicit credential. The Q value will then be used // (actually, a hash of lox_id, from_bucket, and Q) to encrypt the // to_bucket, P, and Q fields of a Migration credential. That way, // people entitled to migrate buckets can receive a Migration credential // with their new bucket, without the BA learning either their old or // new buckets.