Add authentication credential implemented with zkc

Add a new version of the existing auth credential used for groups, but implemented with the zkcredential crate instead of hand-written proofs. Expose issuance point for the server, and extend existing client methods to support it and the existing formats transparently.
2026-05-05 06:32:35 +02:00 · 2024-03-08 15:38:23 -05:00
parent fe506b48b2
commit f4f478fd06
28 changed files with 1099 additions and 155 deletions
--- a/node/ts/zkgroup/auth/ServerZkAuthOperations.ts
+++ b/node/ts/zkgroup/auth/ServerZkAuthOperations.ts
@@ -109,6 +109,38 @@ export default class ServerZkAuthOperations {
    );
  }

+  issueAuthCredentialWithPniZkc(
+    aci: Aci,
+    pni: Pni,
+    redemptionTime: number
+  ): AuthCredentialWithPniResponse {
+    const random = randomBytes(RANDOM_LENGTH);
+
+    return this.issueAuthCredentialWithPniZkcWithRandom(
+      random,
+      aci,
+      pni,
+      redemptionTime
+    );
+  }
+
+  issueAuthCredentialWithPniZkcWithRandom(
+    random: Buffer,
+    aci: Aci,
+    pni: Pni,
+    redemptionTime: number
+  ): AuthCredentialWithPniResponse {
+    return new AuthCredentialWithPniResponse(
+      Native.ServerSecretParams_IssueAuthCredentialWithPniZkcDeterministic(
+        this.serverSecretParams.getContents(),
+        random,
+        aci.getServiceIdFixedWidthBinary(),
+        pni.getServiceIdFixedWidthBinary(),
+        redemptionTime
+      )
+    );
+  }
+
  verifyAuthCredentialPresentation(
    groupPublicParams: GroupPublicParams,
    authCredentialPresentation: AuthCredentialPresentation,