I am trying to figure out verification of non-revocation proofs before and after credential revocations. The results I am getting differ from what I expect.
I use Libindy 1.8.1 for MacOS, NodeJS wrapper 1.8.1.
Here’s the situation:
Let there be only one prover, one issuer and one verifier.
Schema, credential definition, revocation definition and initial accumulator value are on the ledger.
Issuer issues a credential C1 to prover, and the accumulator Delta1 is stored on ledger with txnTime T1.
Based on a request from verifier, prover creates proof P1 of C1, in the proof’s corresponding identifiers there is timestamp T1.
Verification at any timepoint after T1 (included) passes
So far so good.
Now issuer issues a credential C2 of the same credDef with different values to the same prover, accumulator value Delta2 is stored on the ledger with txnTime T2.
Verification of proof P1 at any timepoint after T2 (included) does not pass, because the revocation registry fetches the newest accumulator value Delta2 from the ledger and it is not equal to the expected P1’s accumulator of Delta1.
Then if the proof P2 is created, based on the newest proof request from verifier, the identifier has timestamp T2
The proof is successfully verified at any timepoint after T2 (included).
If Issuer revokes C1, the accumulator value is stored on the ledger with value of DeltaR1 and txnTime T_R1
Now the proof P2 is successfully verified only until timestamp T_R1 (excluded), and there is no change in verification of P1.
This is not what I would expect. After issuance of C2, and before P2, I would expect P1 to be valid at all times in the future until revoked (T_R1).
In the case of P2, I expect its validity not to be affected by accumulator change by revocation of C1.
Then again, the revocation of C1 after issuance of C2 seems to have no impact on already issued P1.
Are my assumptions wrong? Or am I doing something wrong?
I would appreciate any help.
Thank you in advance.