wip-abramson
commented
9 months ago Getting there...
I am not fully certain how the blinding factor is generated in RSA, so we should check this.
Closed wip-abramson closed 9 months ago
wip-abramson
commented
9 months ago Getting there...
I am not fully certain how the blinding factor is generated in RSA, so we should check this.
wip-abramson
commented
9 months ago Okay, I think the last piece is around 8.4 Receiving a Credential.
I need to look into the protocol, but I am pretty certain there should be a step here that transforms the credential signature from the issuer (A,e,v) into (A',e',v') using the blinding factor. Where the credential signature stored by the holder is (A',e',v').
wip-abramson
commented
9 months ago So I checked the CL signature code.
This is the line where the prover does the operation to remove the blinding from the credential signature L635. Called from L237 in process_credential_signature.
This line is
p_cred.v = v_prime.add(&p_cred.v)?;
Which mutates the V value of the credential signature. Note that v_prime, is the credential blinding factor.
wip-abramson
commented
9 months ago Cool! Apologies I counldn't make the call
swcurran
commented
9 months ago Thanks for the PR and issues, @wip-abramson. Working on the spec today — continuing the cleanup.
This is a start to address the issue I raised in #181.
Not made it all the way through the spec yet - at about Section 7. I seem to be making a fair few changes here, so comments and feedback welcome as I go.
Also, I recommend we update the following diagrams: