Skip to content

register_record function doesn't add proof to distribution_list #1

New issue
New issue
Open
Open
register_record function doesn't add proof to distribution_list#1
@Yoekkul

Description

@Yoekkul
Yoekkul
opened on Nov 7, 2023

Within smartphone.rsthe distribution_list is used to keep track of all entitlements which have been proved (and thus distributed).
It seems to me that the register_record method should insert all proofs given to it into the list. (And should thus look the following)

pub fn register_record(&mut self, p: &HouseholdDisclosureProof, ent: &Scalar, r: &Scalar) {
        self.distribution_list.push(p.tau); // <---------------------------------- THIS IS MISSING?
        self.audit_records.push((p.clone(), ent.clone(), r.clone()));
    }

If this were not the case double spends could only be detected during an audit (and not at the distribution station).

The following test should highlight the issue

    #[test]
    fn double_spend_failure() {
        let mut rng = ChaCha20Rng::seed_from_u64(42 as u64);
        let mut registration_station = RegistrationStation::new(&mut rng);
        let mut distribution_station = DistributionStation::new(&registration_station.pedersen_params);
        let pk = registration_station.register("foo", &Scalar::from(1234u64), &mut rng).unwrap();

        let builder = HouseholdPhoneBuilder::new(&pk, &mut rng);
        let (request, state) = builder.issue_request(&mut rng).unwrap();
        let signature = registration_station.sign_issue_request("foo", &request, &mut rng).unwrap();
        let mut phone = builder.unblind(&signature, &state, &registration_station.pedersen_params).unwrap();

        let epoch = 1668172689u64;

        let (proof, r) = phone.create_disclosure_proof(epoch, &registration_station.blocklist, &mut rng).unwrap();
        assert!(distribution_station.verify_entitlement(&phone.credential.attributes[ATTR_IDX_ENTITLEMENT], &proof.com_ent, &r));
        assert!(distribution_station.verify_disclosure_proof(&pk, epoch, &registration_station.blocklist, &proof).unwrap());

        distribution_station.register_record(&proof, &phone.credential.attributes[ATTR_IDX_ENTITLEMENT], &r);

        // Double spend is attempted
        let (proof, r) = phone.create_disclosure_proof(epoch, &registration_station.blocklist, &mut rng).unwrap();
        assert!(distribution_station.verify_entitlement(&phone.credential.attributes[ATTR_IDX_ENTITLEMENT], &proof.com_ent, &r));
        let is_double_spend_allowed = distribution_station.verify_disclosure_proof(&pk, epoch, &registration_station.blocklist, &proof).unwrap();
        assert!(is_double_spend_allowed == false);
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions