Module identity_rotation

Identity rotation implementation.

Ref: https://wamu.tech/specification#identity-rotation.

Functions

challenge_response

Given a list of identity challenge fragments, the current identity provider and the new identity provider, returns the identity rotation challenge response payload that includes the new verifying key and challenge response signatures from both the current and the new identity providers.

initiate

Given an identity provider, returns the payload for initiating an identity rotation request.

rotate_signing_and_sub_share

Given the current “signing share”, “sub-share” and identity provider, and the new identity provider, returns an Ok result wrapping the new “signing share” and “sub-share” associated with the new identity provider, that can be used to reconstruct the current “secret share” given the new identity provider, or an appropriate Err result.

verify_challenge_response

Given an identity rotation challenge response, a list of identity challenge fragments and a verifying key for challenged party, returns an Ok result for valid identity rotation challenge response signature, or an appropriate Err result otherwise.

verify_request_and_initiate_challenge

Given an identity rotation request payload and a list of verifying keys for the other parties, returns an ok result with a challenge fragment for initiating an identity challenge for a valid request or an appropriate error result for an invalid request.