Will using random numbers in Claim's RevNonce cause problems?

The following code show that, the revocation nonce of the issuer's authClaim and claims/credentials issued to holders uses random numbers.

issuer-node/internal/core/services/identity.go

Line 1127 in 7e0c661

revNonce, err := common.RandInt64()

issuer-node/internal/core/services/claims.go

Line 132 in 7e0c661

nonce, err = rand.Int64()

The random algorithm used by both is the same.

issuer-node/pkg/rand/rand.go

Lines 8 to 14 in 7e0c661

    
           // Int64 returns a new random uint64 
        
           func Int64() (uint64, error) { 
        
           	var buf [8]byte 
        
           	_, err := rand.Read(buf[:4]) // was rand.Read(buf[:]) 
        
           	return binary.LittleEndian.Uint64(buf[:]), err 
        
           }

issuer-node/internal/common/util.go

Lines 84 to 91 in 7e0c661

    
           // RandInt64 generate random uint64 
        
           func RandInt64() (uint64, error) { 
        
           	var buf [8]byte 
        
           	_, err := rand.Read(buf[:4]) 
        
           	return binary.LittleEndian.Uint64(buf[:]), err 
        
           }

Is it possible that the same revocationNonce may appear between different claims issued by the issuer to holders, as well as between these claims and the issuer's own authClaim?

Will this cause problems with the revocation of these claims?
For example, when revoking one of them, will it mistakenly cause the other claim(with same revNonce) to be considered as revoked?

hi, the random number is assigned if the nonce is not specified when a claim is created. There is a parameter to do it:
link. Same rev nonce could be a problem in some contexts because all the claims with that nonce will be revoked.

regarding your question: "Is it possible that the same revocationNonce may appear between different claims issued by the issuer to holders, as well as between these claims and the issuer's own authClaim?" yes it's possible but unlikely. btw authClaim rev nonce is 0.

Thank you for your response.

btw authClaim rev nonce is 0.

From the code below, it seems that the issuer may create an identity with a random number as revNonce when creating an identity?

issuer-node/internal/core/services/identity.go

Lines 1125 to 1135 in 7e0c661

    
           // newAuthClaim generate BabyJubKeyTypeAuthorizeKSign claimL 
        
           func newAuthClaim(key *babyjub.PublicKey) (*core.Claim, error) { 
        
           	revNonce, err := common.RandInt64() 
        
           	if err != nil { 
        
           		return nil, fmt.Errorf("can't create revocation nonce: %w", err) 
        
           	} 
        
           	return core.NewClaim(core.AuthSchemaHash, 
        
           		core.WithIndexDataInts(key.X, key.Y), 
        
           		core.WithRevocationNonce(revNonce)) 
        
           }

Hi @yushihang after calling that method rev nonce is set to 0:

issuer-node/internal/core/services/identity.go

Line 709 in 7e0c661

var revNonce uint64 = 0

.
Thanks

A very clear answer, thank you for your patience in answering.

	// Int64 returns a new random uint64
	func Int64() (uint64, error) {
	var buf [8]byte
	_, err := rand.Read(buf[:4]) // was rand.Read(buf[:])

	return binary.LittleEndian.Uint64(buf[:]), err
	}

	// RandInt64 generate random uint64
	func RandInt64() (uint64, error) {
	var buf [8]byte
	_, err := rand.Read(buf[:4])

	return binary.LittleEndian.Uint64(buf[:]), err
	}

	// newAuthClaim generate BabyJubKeyTypeAuthorizeKSign claimL
	func newAuthClaim(key babyjub.PublicKey) (core.Claim, error) {
	revNonce, err := common.RandInt64()
	if err != nil {
	return nil, fmt.Errorf("can't create revocation nonce: %w", err)
	}
	return core.NewClaim(core.AuthSchemaHash,
	core.WithIndexDataInts(key.X, key.Y),
	core.WithRevocationNonce(revNonce))
	}