Detailed draft of KVAC protocol cryptographic details #20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit includes some of the formulae from the github comments. Note that there are a few mistakes, and there is no coherent structure to the document, this just gathers the information that was spread out in the github issue into one file. Co-authored-by: Seres István András <[email protected]>
This is the first draft that we shared for initial review, the only part
that is somewhat authoritative is the last section detailing the use of
the key-verifiable anonymous credentials.
Some of the formulae were originally extracted from the original CPZ19
paper with the aid of mathpix, but have mostly been rewritten:
- the attributes are subscripted as _v and _s for
- since we require multiple credentials, numerical subscript now index
these
- scalar and revealed attributes were removed, since we only use group
attributes
- an apparent error in the verification, `G^w`, has been changed to
`{G_w}^w`, but correctness has not been rigorously verified
- the otherwise unused `G` generator has been omitted
Co-authored-by: Seres István András <[email protected]>
The cryptographic details section has been reordered so that credential validation is discussed before the over- and double-spending prevention. The introduction has been rewritten and rephramed as an abstract (but also includes in-line citations, so this should be split back up) Motivation section has been removed, and will be reintroduced later. The overview section has been modified for clarity and correctness, mainly with regards to the different user roles. Co-authored-by: nopara73 <[email protected]> Co-authored-by: Seres István András <[email protected]>
seresistvanandras
approved these changes
May 4, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The discussions on #17 were consolidated and expanded to flesh out the cryptographic details. No additional details are discussed yet, and this is still a work in progress.
As of version 0.2 of this document the proposed OR proof modification of the Show protocol is not included, pending further discussion.