adjustment of age-commitment and -proof generation

age-withdraw requires that the public keys in the age groups that
are too large for the commitment are derived from a published public
key.
This commit is contained in:
Özgür Kesim 2023-08-03 21:44:53 +02:00
parent cf49af2bb9
commit c12a366d49
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
2 changed files with 26 additions and 7 deletions

View File

@ -1280,6 +1280,9 @@ export namespace AgeRestriction {
};
}
const PublishedAgeRestrictionBaseKey: Edx25519PublicKey = decodeCrock(
"CH0VKFDZ2GWRWHQBBGEK9MWV5YDQVJ0RXEE0KYT3NMB69F0R96TG");
export async function restrictionCommitSeeded(
ageMask: number,
age: number,
@ -1292,19 +1295,32 @@ export namespace AgeRestriction {
const pubs: Edx25519PublicKey[] = [];
const privs: Edx25519PrivateKey[] = [];
for (let i = 0; i < numPubs; i++) {
for (let i = 0; i < numPrivs; i++) {
const privSeed = await kdfKw({
outputLength: 32,
ikm: seed,
info: stringToBytes("age-restriction-commit"),
info: stringToBytes("age-commitment"),
salt: bufferForUint32(i),
});
const priv = await Edx25519.keyCreateFromSeed(privSeed);
const pub = await Edx25519.getPublic(priv);
pubs.push(pub);
if (i < numPrivs) {
privs.push(priv);
}
privs.push(priv);
}
for (let i = numPrivs; i < numPubs; i++) {
const deriveSeed = await kdfKw({
outputLength: 32,
ikm: seed,
info: stringToBytes("age-factor"),
salt: bufferForUint32(i),
});
const pub = await Edx25519.publicKeyDerive(
PublishedAgeRestrictionBaseKey,
deriveSeed,
);
pubs.push(pub);
}
return {
@ -1604,7 +1620,9 @@ export function amountToBuffer(amount: AmountLike): Uint8Array {
return u8buf;
}
export function timestampRoundedToBuffer(ts: TalerProtocolTimestamp): Uint8Array {
export function timestampRoundedToBuffer(
ts: TalerProtocolTimestamp,
): Uint8Array {
const b = new ArrayBuffer(8);
const v = new DataView(b);
// The buffer we sign over represents the timestamp in microseconds.

View File

@ -720,9 +720,10 @@ export const nativeCryptoR: TalerCryptoInterfaceR = {
if (denomPub.age_mask) {
const age = req.restrictAge || AgeRestriction.AGE_UNRESTRICTED;
logger.info(`creating age-restricted planchet (age ${age})`);
maybeAcp = await AgeRestriction.restrictionCommit(
maybeAcp = await AgeRestriction.restrictionCommitSeeded(
denomPub.age_mask,
age,
stringToBytes(req.secretSeed)
);
maybeAgeCommitmentHash = AgeRestriction.hashCommitment(
maybeAcp.commitment,