fix(spec): replace algorithm-class proxy with entropy-based checkout_hash requirement#278
Conversation
…hash requirement Resolves the contradiction between specification.md §Payment Mandate (lines 155–157) and security_and_privacy_considerations.md §Rainbow Table Attacks (lines 140–148). The old text forbade deterministic signatures (e.g. Ed25519) as a proxy for the underlying security property. The S&P doc already correctly states the property: the Checkout JWT payload must contain sufficient entropy to make checkout_hash unpredictable per session, regardless of signature algorithm. The new text: - States the entropy property directly (payload-level high-entropy claim) - Accepts jti (RFC 7519 §4.1.7) or equivalent session identifier - Applies regardless of signature algorithm - Preserves all existing ECDSA implementations unchanged - Removes the forced dual-keypair cost for AP2 + WBA (Ed25519) integrators Closes google-agentic-commerce#268.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the specification in docs/ap2/specification.md to require a high-entropy claim (such as a jti) in the Checkout JWT payload to prevent rainbow-table attacks on checkout_hash, replacing the previous requirement of using a non-deterministic signature scheme. The reviewer suggested a minor phrasing improvement to clarify that the high-entropy claim makes the entire serialized Checkout JWT unpredictable, rather than just its payload, which aligns better with how the hash is computed.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Collapse 3-space list markers to 1 (MD030) and convert the Agent Authorization reference link to inline (MD052). Pre-existing violations surfaced because editing the file puts the whole file in lint scope. No content changes.
1 participant
What
Fixes the contradiction between
specification.md§Payment Mandate andsecurity_and_privacy_considerations.md§Rainbow Table Attacks, identified in #268.Before: The spec forbade deterministic signature schemes (e.g. Ed25519) as a proxy for the underlying security property.
After: The spec states the entropy property directly — the Checkout JWT payload MUST contain a high-entropy claim that makes
checkout_hashunpredictable per session, regardless of signature algorithm.Why
The S&P document already correctly states the underlying property. The spec text was using algorithm class as a proxy, which:
The fix text is the (b)-only formulation agreed in #268 between @igrigorik and @GarethCOliver.
Change
specification.mdlines 154–157 only. Single paragraph replacement. No structural changes.Existing ECDSA implementations are unaffected — they satisfy the requirement as-is (non-deterministic signature bytes provide the entropy).
Test gate
Closes #268.