POST /reveal-melt

Reveal previously committed values to the exchange, except for the values corresponding to the noreveal_index returned by the /melt step.

The base URL for /reveal-melt-request may differ from the main base URL of the exchange. Clients SHOULD respect the reveal_base_url returned for the coin during melt operations. The exchange MUST return a 307 or 308 redirection to the correct base URL if the client failed to respect the reveal_base_url or if the allocation has changed.

The request body is a RevealMeltRequest.

This endpoint was introduced in this form in protocol v32.

200 OK:

The coin’s’ secret material matched the commitment and the original request was well-formed. The response body is a RevealResponse.

403 Forbidden:

One of the signatures is invalid. This response comes with a standard ErrorDetail response.

404 Not found:

The provided commitment is unknown.

409 Conflict:

There is a problem between the original commitment and the revealed secret data. The returned information is proof of the mismatch, and therefore rather verbose, as it includes most of the original /melt request, but of course expected to be primarily used for diagnostics.

The response body is a RevealConflictResponse.

Details:

Request body for a reveal-melt request contains a JSON object with the following fields:

interface RevealMeltRequest {
  // The refresh commitment from the /melt/ step,
  // see TALER_RefreshCommitmentP.
  rc: HashCode;

  // @since v27
  // @deprecated **v32**
  // The disclosed kappa-1 signatures by the old coin's private key,
  // over Hash1a("Refresh", Cp, r, i), where Cp is the melted coin's public key,
  // r is the public refresh nonce from the metling step and i runs over the
  // _disclosed_ kappa-1 indices.
  signatures: CoinSignature[kappa-1];

  // @since **v32**
  // The batch seeds for the transfer private keys to reveal,
  // as they were generated for the previous MeltRequest.
  // That is, assuming an honest client who had generated
  // kappa many batch seeds via HKDF like this:
  //
  //   bs[] = HKDF(kappa*sizeof(HashCode),
  //               "refresh-batch-seeds",
  //               old_coin_priv,
  //               refresh_seed),
  //
  // this field contains the entries in bs[] for all the indeces
  // *except* the noreveal_index.
  batch_seeds: HashCode[kappa-1];

  // IFF the denomination of the old coin had support for age restriction,
  // the client MUST provide the original age commitment, i. e. the
  // vector of public keys, or omitted otherwise.
  // The size of the vector MUST be the number of age groups as defined by the
  // Exchange in the field .age_groups of the extension age_restriction.
  age_commitment?: Edx25519PublicKey[];

}

type RevealResponse = WithdrawResponse;

interface RevealConflictResponse {
  // Text describing the error.
  hint: string;

  // Detailed error code.
  code: Integer;

  // Commitment as calculated by the exchange from the revealed data.
  rc_expected: HashCode;

}