Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested Partial Disclosure breaks assumptions? #15

Closed
jasoncolburne opened this issue Jul 5, 2023 · 2 comments
Closed

Nested Partial Disclosure breaks assumptions? #15

jasoncolburne opened this issue Jul 5, 2023 · 2 comments
Labels
pending close

Comments

@jasoncolburne
Copy link

I believe the statement

Therefore, an Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC because the value of a top level section field is either the SAD or the SAID of the SAD of the associated section.

no longer holds when we introduce nested partial disclosure.

Consider the case where an issuer signs a fully disclosed, nested, ACDC. During disclosure by the issuee/discloser, unless the discloser discloses all nested SAD, the uncompact/fully disclosed a SAID cannot be computed for verification.

To solve this, I can, by convention, always sign the most compact variant ACDC SAID during issuance, even if issuing a partially disclosable ACDC with all fields exposed for the issuee/discloser's use. This way any participant can validate, and the part of the ACDC transformation that goes in one direction only (blinding the partially disclosable SAD) kind of leads one to that result. The thing is, during issuance it would be nice to transfer the fully disclosed ACDC to reduce message quantity. But, the signature on the message wouldn't match the ACDC. Is that okay? I mean, I know I can write the code, but it probably isn't specified that way. Originally, I was planning on signing the compact version, sending that over to the recipient and then letting them query the issuer for all the SAD they need via exn/bar messages. Is this the correct approach? Or (by spec) can I sign the SAID of the compact variant and attach that signature to a fully disclosed ACDC?
@m00sey
Copy link
Member

m00sey commented Aug 1, 2023

Potentially resolved by trustoverip/tswg-acdc-specification-archived#78 @jasoncolburne ?

@jasoncolburne
Copy link
Author

They are related, and it's not technically resolved because of acdc#78. I do think it belongs on an ACDC issue or discussion though, basically what I am saying here is that during exchanges and when referencing ACDCs externally, one should always use the most compact SAID since not all participants have access to levels of disclosure, which becomes particularly apparent when nesting partial disclosures.

I can close with this comment I believe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending close
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@m00sey @jasoncolburne