Add mandatory DLEQs to nut-22 #222
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thesimplekid
approved these changes
Feb 7, 2025
| @@ -183,8 +183,16 @@ and make the request as we usually would. | |||
|
|
|||
| `AuthProofs` are single-use. The wallet MUST delete the `AuthProof` after a successful request, and SHOULD delete it even if request results in an error. If the wallet runs out of `AuthProofs`, it can [mint new ones](#minting-blind-authentication-tokens) using its clear authentication token (CAT). | |||
|
|
|||
| ### DLEQs | |||
|
|
|||
| To prevent a mint pinning blind authentication token wallets SHOULD check that the returned `AuthProofs` contain a valid DLEQ as defined in [NUT-12](./12.md). | |||
There was a problem hiding this comment.
Just to note in NUT-12 we say wallets MUST verify proofs on signatures, should we say the same here to be consistent?
https://github.com/cashubtc/nuts/blob/main/12.md#alice-minting-user-verifies-dleq-proof
There was a problem hiding this comment.
Not sure about the semantics TBH. My thought process was that while it would be better for wallets to check this, it would not break the functionality of the NUT or compatibility with mints / wallets if they don't.
lollerfirst
approved these changes
Feb 9, 2025
callebtc
reviewed
Feb 20, 2025
| ## Mint | ||
|
|
||
| ### DLEQs | ||
|
|
||
| The mint MUST return a DLEQ proof with all signatures it returns as defined in [NUT-12](./12.md) |
There was a problem hiding this comment.
Suggested change
| The mint MUST return a DLEQ proof with all signatures it returns as defined in [NUT-12](./12.md) | |
| The mint MUST return DLEQ proofs for every signature it returns as defined in [NUT-12](./12.md) |
callebtc
reviewed
Feb 20, 2025
| @@ -183,8 +183,16 @@ and make the request as we usually would. | |||
|
|
|||
| `AuthProofs` are single-use. The wallet MUST delete the `AuthProof` after a successful request, and SHOULD delete it even if request results in an error. If the wallet runs out of `AuthProofs`, it can [mint new ones](#minting-blind-authentication-tokens) using its clear authentication token (CAT). | |||
|
|
|||
| ### DLEQs | |||
|
|
|||
| To prevent a mint pinning blind authentication token wallets SHOULD check that the returned `AuthProofs` contain a valid DLEQ as defined in [NUT-12](./12.md). | |||
There was a problem hiding this comment.
Suggested change
| To prevent a mint pinning blind authentication token wallets SHOULD check that the returned `AuthProofs` contain a valid DLEQ as defined in [NUT-12](./12.md). | |
| To prevent pinning, wallets MUST validate the DLEQ proofs contained in each `AuthProof` as defined in [NUT-12](./12.md). |
callebtc
reviewed
Feb 20, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This addition makes sure that
AuthProofscan not be pinned by enforcing NUT-12 DLEQ proofs on signature reponses