From 38cf284d8279f897cc69f3ffc30690ca90b273e6 Mon Sep 17 00:00:00 2001
From: Diane Huxley <dhuxley@tbd.email>
Date: Sun, 31 Mar 2024 14:36:46 -0700
Subject: [PATCH] Require salt in Rfq privateData JSON schema (#306)

* Require salt in Rfq privateData JSON schema

* Update spec README

* Update examples
---
 hosted/json-schemas/rfq-private.schema.json | 3 ++-
 specs/protocol/README.md                    | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/hosted/json-schemas/rfq-private.schema.json b/hosted/json-schemas/rfq-private.schema.json
index 29b21ebc..d25a8fcb 100644
--- a/hosted/json-schemas/rfq-private.schema.json
+++ b/hosted/json-schemas/rfq-private.schema.json
@@ -35,5 +35,6 @@
         }
       }
     }
-  }
+  },
+  "required": ["salt"]
 }
diff --git a/specs/protocol/README.md b/specs/protocol/README.md
index 947850bf..f7590a4d 100644
--- a/specs/protocol/README.md
+++ b/specs/protocol/README.md
@@ -377,6 +377,7 @@ Message kinds other than RFQ may NOT have property `privateData`. The [RFQ `priv
     }
   },
   "privateData": {
+    "salt": "1234567890",
     "claims": [<VERIFIABLE_CREDENTIAL>], <---- actual
     "payinMethod": {
       "paymentDetails": <OBJ> <---- actual
@@ -444,10 +445,10 @@ The salted hash is produced by creating a [digest](#digests) of a JSON array con
 
 The `privateData` field is ephemeral and **MUST** only be present when the message is initially sent to the intended recipient.
 
-This table enumerates the structure of 
+This table enumerates the structure of `PrivateData` 
 | field    | data type                                         | required | description                                                                           |
 | -------- | ------------------------------------------------- | -------- | ------------------------------------------------------------------------------------- |
-| `salt`   | string                                            | N        |                                                                                       |
+| `salt`   | string                                            | Y        | Randomly generated salt used for hashing PrivateData fields                           |
 | `claims` | string[]                                          | N        | an array of claims that fulfill the requirements declared in an [Offering](#offering) |
 | `payin`  | [`PrivatePaymentDetails`](#privatepaymentdetails) | N        | A container for the unhashed `payin.paymentDetails`                                   |
 | `payout` | [`PrivatePaymentDetails`](#privatepaymentdetails) | N        | A container for the unhashed `payout.paymentDetails`                                  |
@@ -483,6 +484,7 @@ This table enumerates the structure of
     "claimsHash": "<HASH_PRIVATE_CLAIMS_0>"
   },
   "privateData": {
+    "salt": "1234567890",
     "payin": {
       "paymentDetails": {
         "cardNumber": "1234567890123456",