-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Challenge and nonce with DIF PEX #198
Comments
I think this is a mistake. According to the spec, the output needs to be 80 bits long. const hash = Hasher.hash(TypedArrayEncoder.fromString(challenge), 'sha-256')
const nonce = new BigNumber(hash).toString().slice(0, 20) |
Sounds good to me! |
I think I get the issue, but I’m not sure what is impacted by this. Is it a convention that the verifier and the holder must implement independently (and so is only defined in the spec.) or is it something we can/should put into anoncreds-rs?
Should we add an anoncreds-rs Am I getting it? |
Based on the presentation definition and submission, we must create an AnonCredsProofRequest.
I don't think |
The requirement is that the holder and verifier use the same nonce. What I was proposing were rules that we define (specify) so that the requirement is met. I agree that there are other ways we could do it, but that just means we define different rules that haven’t be specified. My comment above was to codify what (based on your guidance) is the best option:
I agree that the challenge is a good option, and should be the one we choose. Hence the rule.
If we don’t require that the challenge be converted every time, then the holder (and verifier) have to check to see if the challenge meets the nonce requirements (using the same definition of the requirements) and decide to convert it or not. Seems much easier and safer to just say “convert it every time”. So those are two rules that MUST be followed by the holders and verifiers to ensure alignment. Am I missing something? |
I think that's all. 👍🏻 |
When transforming a DIF Presentation Definition/Submission into an AnonCreds Proof Request we need to provide a
nonce
.When proving a W3C AnonCreds VP we can take the
challenge
field from the presentation request message: https://github.com/hyperledger/aries-rfcs/blob/main/features/0510-dif-pres-exch-attach/README.md#request-presentation-attachment-formatHowever a nonce for AnonCreds must be a 32-byte number I think. I think we may need to define that the
challenge
MUST be used as the nonceIn addition I think we may need to loosen up the restrictions for a nonce in AnonCreds, or maybe we can define that if the nonce is not a 32-byte number you can hash the nonce, and then take the first 32 bytes of that number (a bit like how anoncreds credential value encoding works)
An implementaiton in Credo by @2mau:
I think we could define this in the AnonCres spec, and also implement in this in AnonCreds RS. Otherwise if you want to allow a DIF PEX to result in an AnonCreds credential you ALWAYS must use 32 byte long numbers as nonce, just for maybe AnonCreds being involed in the presentation
The text was updated successfully, but these errors were encountered: