taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make kappa global fixed constant, not something to be negotiated, KISS

Browse Source
This commit is contained in:
Christian Grothoff 2015-03-24 17:25:00 +01:00
parent f052af1e6b
commit d5acf53732
7 changed files with 69 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/include/taler_signatures.h
View File

@ -30,6 +30,17 @@
#include "taler_util.h"
/**
* Cut-and-choose size for refreshing. Client looses the gamble (of
* unaccountable transfers) with probability 1/KAPPA. Refresh cost
* increases linearly with KAPPA, and 3 is sufficient up to a
* income/sales tax of 66% of total transaction value. As there is
* no good reason to change this security parameter, we declare it
* fixed and part of the protocol.
*/
#define KAPPA 3
/**
* Purpose for signing public keys signed
* by the mint master key.

4
src/mint/plugin_mintdb_postgres.c
View File

@ -247,7 +247,7 @@ postgres_create_tables (void *cls,
// index of the old coin in the customer's request
",oldcoin_index INT2 NOT NULL"
// index for cut and choose,
// ranges from 0 to kappa-1
// ranges from 0 to #KAPPA-1
",cnc_index INT2 NOT NULL"
")");
SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_coin"
@ -1486,7 +1486,6 @@ postgres_get_refresh_session (void *cls,
struct TALER_DB_ResultSpec rs[] = {
TALER_DB_RESULT_SPEC("num_oldcoins", &refresh_session->num_oldcoins),
TALER_DB_RESULT_SPEC("num_newcoins", &refresh_session->num_newcoins),
TALER_DB_RESULT_SPEC("kappa", &refresh_session->kappa),
TALER_DB_RESULT_SPEC("noreveal_index", &refresh_session->noreveal_index),
TALER_DB_RESULT_SPEC_END
};
@ -1502,7 +1501,6 @@ postgres_get_refresh_session (void *cls,
refresh_session->num_oldcoins = ntohs (refresh_session->num_oldcoins);
refresh_session->num_newcoins = ntohs (refresh_session->num_newcoins);
refresh_session->kappa = ntohs (refresh_session->kappa);
refresh_session->noreveal_index = ntohs (refresh_session->noreveal_index);
PQclear (result);

6
src/mint/taler-mint-httpd.h
View File

@ -25,12 +25,6 @@
#include <microhttpd.h>
/**
* Cut-and-choose size for refreshing.
* FIXME: maybe make it a config option?
*/
#define KAPPA 3
/**
* For now, we just do EUR. Should become configurable
* in the future!

26
src/mint/taler-mint-httpd_db.c
View File

@ -591,12 +591,13 @@ refresh_accept_melts (struct MHD_Connection *connection,
* @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array
* @param coin_public_infos information about the coins to melt
* @param coin_melt_details signatures and (residual) value of the respective coin should be melted
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* once the "/refres/reveal" of cut and choose is done),
* x-dimension must be #KAPPA
* @param commit_link 2d array of coin link commitments (what the mint is
* to return via "/refresh/link" to enable linkage in the
* future)
* x-dimension must be #KAPPA
* @return MHD result code
*/
int
@ -607,7 +608,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
unsigned int coin_count,
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details,
unsigned int kappa,
struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link)
{
@ -684,7 +684,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
return TALER_MINT_reply_internal_db_error (connection);
}
for (i = 0; i < kappa; i++)
for (i = 0; i < KAPPA; i++)
{
if (GNUNET_OK !=
plugin->insert_refresh_commit_coins (plugin->cls,
@ -699,7 +699,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
return TALER_MINT_reply_internal_db_error (connection);
}
}
for (i = 0; i < kappa; i++)
for (i = 0; i < KAPPA; i++)
{
if (GNUNET_OK !=
plugin->insert_refresh_commit_links (plugin->cls,
@ -719,10 +719,9 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
/* store 'global' session data */
refresh_session.num_oldcoins = coin_count;
refresh_session.num_newcoins = num_new_denoms;
refresh_session.kappa = KAPPA; // FIXME... (#3711)
refresh_session.noreveal_index
= GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG,
refresh_session.kappa);
KAPPA);
if (GNUNET_OK !=
(res = plugin->create_refresh_session (plugin->cls,
session,
@ -753,7 +752,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
* Check if the given @a transfer_privs correspond to an honest
* commitment for the given session.
* Checks that the transfer private keys match their commitments.
* Then derives the shared secret for each kappa, and check that they match.
* Then derives the shared secret for each #KAPPA, and check that they match.
*
* @param connection the MHD connection to handle
* @param session database connection to use
@ -946,7 +945,7 @@ check_commitment (struct MHD_Connection *connection,
buf_len)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"blind envelope does not match for kappa=%u, old=%d\n",
"blind envelope does not match for k=%u, old=%d\n",
off,
(int) j);
/* FIXME: return more specific error with original signature (#3712) */
@ -1025,22 +1024,21 @@ refresh_mint_coin (struct MHD_Connection *connection,
/**
* Execute a "/refresh/reveal". The client is revealing to us the
* transfer keys for @a kappa-1 sets of coins. Verify that the
* transfer keys for @a #KAPPA-1 sets of coins. Verify that the
* revealed transfer keys would allow linkage to the blinded coins,
* and if so, return the signed coins for corresponding to the set of
* coins that was not chosen.
*
* @param connection the MHD connection to handle
* @param session_hash hash identifying the refresh session
* @param kappa size of x-dimension of @transfer_privs array plus one (!)
* @param num_oldcoins size of y-dimension of @transfer_privs array
* @param transfer_pubs array with the revealed transfer keys
* @param transfer_pubs array with the revealed transfer keys,
* x-dimension must be #KAPPA - 1
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash,
unsigned int kappa,
unsigned int num_oldcoins,
struct TALER_TransferPrivateKey **transfer_privs)
{
@ -1112,7 +1110,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
off = 0;
for (i=0;i<refresh_session.kappa - 1;i++)
for (i=0;i<KAPPA - 1;i++)
{
if (i == refresh_session.noreveal_index)
off = 1;

8
src/mint/taler-mint-httpd_db.h
View File

@ -113,7 +113,6 @@ struct MeltDetails
* @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array
* @param coin_public_infos information about the coins to melt
* @param coin_melt_details signatures and (residual) value of the respective coin should be melted
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
@ -129,29 +128,26 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
unsigned int coin_count,
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details,
unsigned int kappa,
struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link);
/**
* Execute a "/refresh/reveal". The client is revealing to us the
* transfer keys for @a kappa-1 sets of coins. Verify that the
* transfer keys for #KAPPA-1 sets of coins. Verify that the
* revealed transfer keys would allow linkage to the blinded coins,
* and if so, return the signed coins for corresponding to the set of
* coins that was not chosen.
*
* @param connection the MHD connection to handle
* @param session_hash hash over the refresh session
* @param kappa size of x-dimension of @transfer_privs array plus one (!)
* @param num_oldcoins size of y-dimension of @transfer_privs array
* @param transfer_pubs array with the revealed transfer keys
* @param transfer_pubs array with the revealed transfer keys, #KAPPA is 1st-dimension
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash,
unsigned int kappa,
unsigned int num_oldcoins,
struct TALER_TransferPrivateKey **transfer_privs);

78
src/mint/taler-mint-httpd_refresh.c
View File

@ -47,7 +47,6 @@
* @param coin_melt_details array with @a coin_count entries with melting details
* @param session_hash hash over the data that the client commits to
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
@ -63,7 +62,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details,
const struct GNUNET_HashCode *session_hash,
unsigned int kappa,
struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link)
@ -155,7 +153,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
coin_count,
coin_public_infos,
coin_melt_details,
kappa,
commit_coin,
commit_link);
}
@ -359,13 +356,12 @@ free_commit_links (struct RefreshCommitLink **commit_link,
* @param melt_coins array of coins to melt
* @param melt_sig_json signature affirming the melt operation
* @param commit_signature signature over the commit
* @param kappa security parameter for cut and choose
* @param num_oldcoins number of coins that are being melted
* @param transfer_pubs @a kappa-dimensional array of @a num_oldcoins transfer keys
* @param secret_encs @a kappa-dimensional array of @a num_oldcoins secrets
* @param transfer_pubs #KAPPA-dimensional array of @a num_oldcoins transfer keys
* @param secret_encs #KAPPA-dimensional array of @a num_oldcoins secrets
* @param num_newcoins number of coins that the refresh will generate
* @param coin_envs @a kappa-dimensional array of @a num_newcoins envelopes to sign
* @param link_encs @a kappa-dimensional array of @a num_newcoins encrypted links
* @param coin_envs #KAPPA-dimensional array of @a num_newcoins envelopes to sign
* @param link_encs #KAPPA-dimensional array of @a num_newcoins encrypted links
* @return MHD result code
*/
static int
@ -374,7 +370,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
const json_t *melt_coins,
const json_t *melt_sig_json,
const json_t *commit_signature,
unsigned int kappa,
unsigned int num_oldcoins,
const json_t *transfer_pubs,
const json_t *secret_encs,
@ -393,8 +388,8 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
unsigned int coin_count;
struct GNUNET_HashCode session_hash;
struct GNUNET_HashContext *hash_context;
struct RefreshCommitCoin *commit_coin[kappa];
struct RefreshCommitLink *commit_link[kappa];
struct RefreshCommitCoin *commit_coin[KAPPA];
struct RefreshCommitLink *commit_link[KAPPA];
/* For the signature check, we hash most of the inputs together
(except for the signatures on the coins). */
@ -494,7 +489,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
together for the signature check */
memset (commit_coin, 0, sizeof (commit_coin));
memset (commit_link, 0, sizeof (commit_link));
for (i = 0; i < kappa; i++)
for (i = 0; i < KAPPA; i++)
{
commit_coin[i] = GNUNET_malloc (num_newcoins *
sizeof (struct RefreshCommitCoin));
@ -515,7 +510,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
if (GNUNET_OK != res)
{
GNUNET_CRYPTO_hash_context_abort (hash_context);
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_coins (commit_coin,
KAPPA,
num_newcoins);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
GNUNET_CRYPTO_hash_context_read (hash_context,
@ -531,7 +528,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
if (GNUNET_OK != res)
{
GNUNET_CRYPTO_hash_context_abort (hash_context);
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_coins (commit_coin,
KAPPA,
num_newcoins);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
rcc->refresh_link
@ -543,7 +542,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
}
}
for (i = 0; i < kappa; i++)
for (i = 0; i < KAPPA; i++)
{
commit_link[i] = GNUNET_malloc (num_oldcoins *
sizeof (struct RefreshCommitLink));
@ -563,8 +562,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
{
GNUNET_break (GNUNET_SYSERR != res);
GNUNET_CRYPTO_hash_context_abort (hash_context);
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_links (commit_link, kappa, num_oldcoins);
free_commit_coins (commit_coin,
KAPPA,
num_newcoins);
free_commit_links (commit_link,
KAPPA,
num_oldcoins);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
res = GNUNET_MINT_parse_navigate_json (connection,
@ -579,8 +582,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
{
GNUNET_break (GNUNET_SYSERR != res);
GNUNET_CRYPTO_hash_context_abort (hash_context);
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_links (commit_link, kappa, num_oldcoins);
free_commit_coins (commit_coin,
KAPPA,
num_newcoins);
free_commit_links (commit_link,
KAPPA,
num_oldcoins);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
@ -615,12 +622,15 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
coin_public_infos,
coin_melt_details,
&session_hash,
kappa,
commit_coin,
commit_link);
cleanup:
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_links (commit_link, kappa, num_oldcoins);
free_commit_coins (commit_coin,
KAPPA,
num_newcoins);
free_commit_links (commit_link,
KAPPA,
num_oldcoins);
for (j=0;j<coin_count;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub.rsa_public_key);
@ -664,7 +674,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
json_t *transfer_pubs;
json_t *secret_encs;
json_t *commit_sig_json;
unsigned int kappa;
unsigned int num_oldcoins;
unsigned int num_newcoins;
json_t *coin_detail;
@ -699,15 +708,14 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
/* Determine dimensionality of the request (kappa, #old and #new coins) */
kappa = json_array_size (coin_evs);
if ( (3 > kappa) || (kappa > 32) )
if (KAPPA != json_array_size (coin_evs))
{
GNUNET_break_op (0);
TALER_MINT_release_parsed_data (spec);
return TALER_MINT_reply_arg_invalid (connection,
"coin_evs");
}
if (json_array_size (transfer_pubs) != kappa)
if (KAPPA != json_array_size (transfer_pubs))
{
GNUNET_break_op (0);
TALER_MINT_release_parsed_data (spec);
@ -741,7 +749,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
melt_coins,
melt_sig_json,
commit_sig_json,
kappa,
num_oldcoins,
transfer_pubs,
secret_encs,
@ -763,7 +770,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
*
* @param connection the MHD connection to handle
* @param session_hash hash identifying the melting session
* @param kappa length of the 1st dimension of @a transfer_privs array PLUS ONE
* @param num_oldcoins length of the 2nd dimension of @a transfer_privs array
* @param tp_json private transfer keys in JSON format
* @return MHD result code
@ -771,20 +777,19 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
static int
handle_refresh_reveal_json (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash,
unsigned int kappa,
unsigned int num_oldcoins,
const json_t *tp_json)
{
struct TALER_TransferPrivateKey *transfer_privs[kappa - 1];
struct TALER_TransferPrivateKey *transfer_privs[KAPPA - 1];
unsigned int i;
unsigned int j;
int res;
for (i = 0; i < kappa - 1; i++)
for (i = 0; i < KAPPA - 1; i++)
transfer_privs[i] = GNUNET_malloc (num_oldcoins *
sizeof (struct TALER_TransferPrivateKey));
res = GNUNET_OK;
for (i = 0; i < kappa - 1; i++)
for (i = 0; i < KAPPA - 1; i++)
{
if (GNUNET_OK != res)
break;
@ -806,10 +811,9 @@ handle_refresh_reveal_json (struct MHD_Connection *connection,
else
res = TALER_MINT_db_execute_refresh_reveal (connection,
session_hash,
kappa,
num_oldcoins,
transfer_privs);
for (i = 0; i < kappa - 1; i++)
for (i = 0; i < KAPPA - 1; i++)
GNUNET_free (transfer_privs[i]);
return res;
}
@ -840,7 +844,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,
{
struct GNUNET_HashCode session_hash;
int res;
unsigned int kappa;
unsigned int num_oldcoins;
json_t *reveal_detail;
json_t *root;
@ -869,15 +872,13 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
/* Determine dimensionality of the request (kappa and #old coins) */
kappa = json_array_size (transfer_privs) + 1;
if ( (2 > kappa) || (kappa > 31) )
if (KAPPA != json_array_size (transfer_privs) + 1)
{
TALER_MINT_release_parsed_data (spec);
return TALER_MINT_reply_arg_invalid (connection,
"transfer_privs");
}
/* Note we do +1 as 1 row (cut-and-choose!) is missing! */
kappa++;
res = GNUNET_MINT_parse_navigate_json (connection,
transfer_privs,
JNAV_INDEX, 0,
@ -892,7 +893,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,
num_oldcoins = json_array_size (reveal_detail);
res = handle_refresh_reveal_json (connection,
&session_hash,
kappa,
num_oldcoins,
transfer_privs);
TALER_MINT_release_parsed_data (spec);

15
src/mint/taler_mintdb_plugin.h
View File

@ -247,14 +247,7 @@ struct RefreshSession
uint16_t num_newcoins;
/**
* Number of parallel operations we perform for the cut and choose.
* (must be greater or equal to three for security). 0 if not yet
* known.
*/
uint16_t kappa;
/**
* Index (smaller @e kappa) which the mint has chosen to not
* Index (smaller #KAPPA) which the mint has chosen to not
* have revealed during cut and choose.
*/
uint16_t noreveal_index;
@ -297,7 +290,7 @@ struct RefreshMelt
/**
* We have as many `struct RefreshCommitCoin` as there are new
* coins being created by the refresh (for each of the kappa
* coins being created by the refresh (for each of the #KAPPA
* sets). These are the coins we ask the mint to sign if the
* respective set is selected.
*/
@ -816,7 +809,7 @@ struct TALER_MINTDB_Plugin
* @param cls the @e cls of this struct with the plugin-specific state
* @param sesssion database connection to use
* @param session_hash hash to identify refresh session
* @param i set index (1st dimension), relating to kappa
* @param i set index (1st dimension), relating to #KAPPA
* @param num_newcoins coin index size of the @a commit_coins array
* @param commit_coin array of coin commitments to store
* @return #GNUNET_OK on success
@ -861,7 +854,7 @@ struct TALER_MINTDB_Plugin
* @param cls the @e cls of this struct with the plugin-specific state
* @param sesssion database connection to use
* @param session_hash hash to identify refresh session
* @param i set index (1st dimension), relating to kappa
* @param i set index (1st dimension), relating to #KAPPA
* @param num_links size of the @a commit_link array
* @param commit_links array of link information to store
* @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success