Closed swcurran closed 8 months ago
@whalelephant -- would you be able to take a look at this issue? Trace through the implementation to see how the nonces are used? Thanks!
The current text implies that they are the same, but looking at running examples shows they are not the same.
Yes you are correct. Below is a simple flow with the nonce throughout the process
Credential Offer:
cred_offer_nonce
as part of the request Credential Request:
cred_offer_nonce
to blind their link_secret
with the cred_offer_nonce
cred_req_nonce
as part of the requestCredential Create:
link_secret_blind_correctness_proof
in the credential request with cred_offer_nonce
cred_req_nonce
to construct the signature_correctness_proof
Process (Unblind) Credential:
cred_req_nonce
to unblind credential signaturePresentation Request:
presentation_nonce
Presentation:
presentation_nonce
as input to the proofVerification:
presentation_nonce
Perfect writeup - thanks.
Resolved and covered in the spec.
In the issuance flow, there is a
nonce
in the Credential Offer (issuer to holder) and anonce
in the credential request (holder to issuer). Likewise, there is akey_correctness_proof
in the Credential Request and the Issue Credential. My guess is that:nonce
is used in the Credential Request key correctness proof.nonce
is used in the Issue Credential key correctness proof.This needs to be verified or corrected with the implementation and explained in the specification.