Expand description
Privacy-preserving unlinkable tokens for anonymous credentials.
This module provides unlinkable token credentials using commitments:
- Issuer signs committed values without seeing actual token data
- Tokens can be redeemed anonymously without linking to issuance
- Useful for anonymous bandwidth credits, reputation tokens, etc.
Protocol:
- User creates token with random serial number
- User creates commitment to token (hash of serial + blinding factor)
- Issuer signs the commitment without seeing the serial
- User redeems by revealing token, blinding, and signature
- Verifier validates that commitment matches and signature is valid
Structs§
- Blind
Public Key - Public key for verifying redeemed tokens.
- Blind
Signature Protocol - Complete unlinkable token protocol.
- Blind
Signer - Token issuer that signs commitments.
- Blinding
Factor - Blinding factor used to create commitment.
- Redeemable
Token - Redeemable token with all information needed for verification.
- Signed
Commitment - Signed token commitment from issuer.
- Token
Commitment - Commitment to a token (sent to issuer for signing).
- Unlinkable
Token - An unlinkable token with a unique serial number.
Enums§
- Blind
Error - Errors for unlinkable token operations.