Authentication process for attestation tokens based on identifier attestation

[SmartLayer]

The output of this issue should be some sort of document I think.

1. Asserting owner address:

Let's say the user have 3 tickets, 𝑎, 𝑏 and 𝑐. The first 2 of them are associated with [email protected] and the last one is associated with [email protected] (as of now we don't disallow 2 tickets to have the same identifier email address).

If the user does Authenticator.assertOwnerAddress(𝑎), then, somehow the 2nd ticket is to be authenticated, and you do Authenticator.assertOwnerAddress(𝑏), then, the Authenticator should be smart enough to figure out that it needn't start the email-code verification process.

2. Authenticating the address owner

First, this part requires a bit server component. I did say that blockchain is serverless when its "backend" is the blockchain (e.g. signing a transaction using your Devcon ticket), but in this example, the user is accessing VIP information or signing up for an VIP-only event. Therefore, this is what happens inside authenticateAddress should be submitting a proof to the server.

[jot2re]

If we stick with the current approach and don't make changes according to this then what Bob will hold will be the values s=H(i)^p (from the identity attestation) and u_a=H(i)^(q_a) and u_b=H(i)^(q_b) where u_a is the part of Ticket a has already been authenticated. Then he can simply prove to the server that he knows q_b s.t. u_b=H(i)^(q_b) and that he knows p s.t. s=H(i)^p (which is what is authenticated in his identity attestation). This can be done easily using a ZK proof. Since the server already knows H(i) has been authenticated and the user proves that he knows the secret for this attestation, p this means that the server can be sure it is the same, authenticated user. The server however needs to remember a dictionary of user's IDs, H(i) and attested riddles, s. However, if you mean that Authenticator must be a smart contract, then Bob must simply do two proofs; first that he knows x_a=q_a/p s.t. u=s^(x_a) and that he knows x_b=q_b/p s.t. u=s^(x_b) where it is crucial that the same value u and s are used in both proofs.