idemix

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 8, 2018 License: Apache-2.0 Imports: 8 Imported by: 791

Documentation

Overview

Package idemix is a generated protocol buffer package.

It is generated from these files:

idemix/idemix.proto

It has these top-level messages:

ECP
ECP2
IssuerPublicKey
IssuerKey
Credential
CredRequest
Signature
NymSignature

Index

Constants

This section is empty.

Variables

View Source
var FieldBytes = int(FP256BN.MODBYTES)

FieldBytes is the bytelength of the group order

GenG1 is a generator of Group G1

GenG2 is a generator of Group G2

GroupOrder is the order of the groups

Functions

func BigToBytes

func BigToBytes(big *FP256BN.BIG) []byte

BigToBytes takes an *amcl.BIG and returns a []byte representation

func Ecp2FromProto

func Ecp2FromProto(p *ECP2) *FP256BN.ECP2

Ecp2FromProto converts a proto struct *ECP2 into an *amcl.ECP2

func EcpFromProto

func EcpFromProto(p *ECP) *FP256BN.ECP

EcpFromProto converts a proto struct *ECP into an *amcl.ECP

func GetRand

func GetRand() (*amcl.RAND, error)

GetRand returns a new *amcl.RAND with a fresh seed

func HashModOrder

func HashModOrder(data []byte) *FP256BN.BIG

HashModOrder hashes data into 0, ..., GroupOrder-1

func MakeNym

func MakeNym(sk *FP256BN.BIG, IPk *IssuerPublicKey, rng *amcl.RAND) (*FP256BN.ECP, *FP256BN.BIG)

MakeNym creates a new unlinkable pseudonym

func Modadd

func Modadd(a, b, m *FP256BN.BIG) *FP256BN.BIG

Modadd takes input BIGs a, b, m, and returns a+b modulo m

func Modsub

func Modsub(a, b, m *FP256BN.BIG) *FP256BN.BIG

Modsub takes input BIGs a, b, m and returns a-b modulo m

func RandModOrder

func RandModOrder(rng *amcl.RAND) *FP256BN.BIG

RandModOrder returns a random element in 0, ..., GroupOrder-1

Types

type CredRequest

type CredRequest struct {
	Nym         *ECP   `protobuf:"bytes,1,opt,name=Nym" json:"Nym,omitempty"`
	IssuerNonce []byte `protobuf:"bytes,2,opt,name=IssuerNonce,proto3" json:"IssuerNonce,omitempty"`
	ProofC      []byte `protobuf:"bytes,3,opt,name=ProofC,proto3" json:"ProofC,omitempty"`
	ProofS1     []byte `protobuf:"bytes,4,opt,name=ProofS1,proto3" json:"ProofS1,omitempty"`
	ProofS2     []byte `protobuf:"bytes,5,opt,name=ProofS2,proto3" json:"ProofS2,omitempty"`
}

CredRequest specifies a credential request object that consists of Nym - a pseudonym, which is a commitment to the user secret IssuerNonce - a random nonce provided by the issuer ProofC, ProofS1, ProofS2 - a zero-knowledge proof of knowledge of the user secret inside Nym

func NewCredRequest

func NewCredRequest(sk *FP256BN.BIG, credS1 *FP256BN.BIG, IssuerNonce *FP256BN.BIG, ipk *IssuerPublicKey, rng *amcl.RAND) *CredRequest

NewCredRequest creates a new Credential Request, the first message of the interactive credential issuance protocol (from user to issuer)

func (*CredRequest) Check

func (m *CredRequest) Check(ipk *IssuerPublicKey) error

Check cryptographically verifies the credential request

func (*CredRequest) Descriptor

func (*CredRequest) Descriptor() ([]byte, []int)

func (*CredRequest) GetIssuerNonce

func (m *CredRequest) GetIssuerNonce() []byte

func (*CredRequest) GetNym

func (m *CredRequest) GetNym() *ECP

func (*CredRequest) GetProofC

func (m *CredRequest) GetProofC() []byte

func (*CredRequest) GetProofS1

func (m *CredRequest) GetProofS1() []byte

func (*CredRequest) GetProofS2

func (m *CredRequest) GetProofS2() []byte

func (*CredRequest) ProtoMessage

func (*CredRequest) ProtoMessage()

func (*CredRequest) Reset

func (m *CredRequest) Reset()

func (*CredRequest) String

func (m *CredRequest) String() string

type Credential

type Credential struct {
	A     *ECP     `protobuf:"bytes,1,opt,name=A" json:"A,omitempty"`
	B     *ECP     `protobuf:"bytes,2,opt,name=B" json:"B,omitempty"`
	E     []byte   `protobuf:"bytes,3,opt,name=E,proto3" json:"E,omitempty"`
	S     []byte   `protobuf:"bytes,4,opt,name=S,proto3" json:"S,omitempty"`
	Attrs [][]byte `protobuf:"bytes,5,rep,name=Attrs,proto3" json:"Attrs,omitempty"`
}

Credential specifies a credential object that consists of A, B, E, S - signature value Attrs - attribute values

func NewCredential

func NewCredential(key *IssuerKey, m *CredRequest, attrs []*FP256BN.BIG, rng *amcl.RAND) (*Credential, error)

NewCredential issues a new credential, which is the last step of the interactive issuance protocol All attribute values are added by the issuer at this step and then signed together with a commitment to the user's secret key from a credential request

func (*Credential) Complete

func (cred *Credential) Complete(credS1 *FP256BN.BIG)

Complete completes the credential by updating it with the randomness used to generate CredRequest

func (*Credential) Descriptor

func (*Credential) Descriptor() ([]byte, []int)

func (*Credential) GetA

func (m *Credential) GetA() *ECP

func (*Credential) GetAttrs

func (m *Credential) GetAttrs() [][]byte

func (*Credential) GetB

func (m *Credential) GetB() *ECP

func (*Credential) GetE

func (m *Credential) GetE() []byte

func (*Credential) GetS

func (m *Credential) GetS() []byte

func (*Credential) ProtoMessage

func (*Credential) ProtoMessage()

func (*Credential) Reset

func (m *Credential) Reset()

func (*Credential) String

func (m *Credential) String() string

func (*Credential) Ver

func (cred *Credential) Ver(sk *FP256BN.BIG, ipk *IssuerPublicKey) error

Ver cryptographically verifies the credential by verifying the signature on the attribute values and user's secret key

type ECP

type ECP struct {
	X []byte `protobuf:"bytes,1,opt,name=X,proto3" json:"X,omitempty"`
	Y []byte `protobuf:"bytes,2,opt,name=Y,proto3" json:"Y,omitempty"`
}

ECP is an elliptic curve point specified by its coordinates ECP corresponds to an element of the first group (G1)

func EcpToProto

func EcpToProto(p *FP256BN.ECP) *ECP

EcpToProto converts a *amcl.ECP into the proto struct *ECP

func (*ECP) Descriptor

func (*ECP) Descriptor() ([]byte, []int)

func (*ECP) GetX

func (m *ECP) GetX() []byte

func (*ECP) GetY

func (m *ECP) GetY() []byte

func (*ECP) ProtoMessage

func (*ECP) ProtoMessage()

func (*ECP) Reset

func (m *ECP) Reset()

func (*ECP) String

func (m *ECP) String() string

type ECP2

type ECP2 struct {
	XA []byte `protobuf:"bytes,1,opt,name=XA,proto3" json:"XA,omitempty"`
	XB []byte `protobuf:"bytes,2,opt,name=XB,proto3" json:"XB,omitempty"`
	YA []byte `protobuf:"bytes,3,opt,name=YA,proto3" json:"YA,omitempty"`
	YB []byte `protobuf:"bytes,4,opt,name=YB,proto3" json:"YB,omitempty"`
}

ECP2 is an elliptic curve point specified by its coordinates ECP2 corresponds to an element of the second group (G2)

func Ecp2ToProto

func Ecp2ToProto(p *FP256BN.ECP2) *ECP2

Ecp2ToProto converts a *amcl.ECP2 into the proto struct *ECP2

func (*ECP2) Descriptor

func (*ECP2) Descriptor() ([]byte, []int)

func (*ECP2) GetXA

func (m *ECP2) GetXA() []byte

func (*ECP2) GetXB

func (m *ECP2) GetXB() []byte

func (*ECP2) GetYA

func (m *ECP2) GetYA() []byte

func (*ECP2) GetYB

func (m *ECP2) GetYB() []byte

func (*ECP2) ProtoMessage

func (*ECP2) ProtoMessage()

func (*ECP2) Reset

func (m *ECP2) Reset()

func (*ECP2) String

func (m *ECP2) String() string

type IssuerKey

type IssuerKey struct {
	ISk []byte           `protobuf:"bytes,1,opt,name=ISk,proto3" json:"ISk,omitempty"`
	IPk *IssuerPublicKey `protobuf:"bytes,2,opt,name=IPk" json:"IPk,omitempty"`
}

IssuerKey specifies an issuer key pair that consists of ISk - the issuer secret key and IssuerPublicKey - the issuer public key

func NewIssuerKey

func NewIssuerKey(AttributeNames []string, rng *amcl.RAND) (*IssuerKey, error)

NewIssuerKey creates a new issuer key pair taking an array of attribute names that will be contained in credentials certified by this issuer (a credential specification)

func (*IssuerKey) Descriptor

func (*IssuerKey) Descriptor() ([]byte, []int)

func (*IssuerKey) GetIPk

func (m *IssuerKey) GetIPk() *IssuerPublicKey

func (*IssuerKey) GetISk

func (m *IssuerKey) GetISk() []byte

func (*IssuerKey) ProtoMessage

func (*IssuerKey) ProtoMessage()

func (*IssuerKey) Reset

func (m *IssuerKey) Reset()

func (*IssuerKey) String

func (m *IssuerKey) String() string

type IssuerPublicKey

type IssuerPublicKey struct {
	AttributeNames []string `protobuf:"bytes,1,rep,name=AttributeNames" json:"AttributeNames,omitempty"`
	HSk            *ECP     `protobuf:"bytes,2,opt,name=HSk" json:"HSk,omitempty"`
	HRand          *ECP     `protobuf:"bytes,3,opt,name=HRand" json:"HRand,omitempty"`
	HAttrs         []*ECP   `protobuf:"bytes,4,rep,name=HAttrs" json:"HAttrs,omitempty"`
	W              *ECP2    `protobuf:"bytes,5,opt,name=W" json:"W,omitempty"`
	BarG1          *ECP     `protobuf:"bytes,6,opt,name=BarG1" json:"BarG1,omitempty"`
	BarG2          *ECP     `protobuf:"bytes,7,opt,name=BarG2" json:"BarG2,omitempty"`
	ProofC         []byte   `protobuf:"bytes,8,opt,name=ProofC,proto3" json:"ProofC,omitempty"`
	ProofS         []byte   `protobuf:"bytes,9,opt,name=ProofS,proto3" json:"ProofS,omitempty"`
	Hash           []byte   `protobuf:"bytes,10,opt,name=Hash,proto3" json:"Hash,omitempty"`
}

IssuerPublicKey specifies an issuer public key that consists of AttributeNames - a list of the attribute names of a credential issued by the issuer HSk, HRand, HAttrs, W, BarG1, BarG2 - group elements corresponding to the signing key, randomness, and attributes ProofC, ProofS compose a zero-knowledge proof of knowledge of the secret key Hash is a hash of the public key appended to it

func (*IssuerPublicKey) Check

func (IPk *IssuerPublicKey) Check() error

Check checks that this issuer public key is valid, i.e. that all components are present and a ZK proofs verifies

func (*IssuerPublicKey) Descriptor

func (*IssuerPublicKey) Descriptor() ([]byte, []int)

func (*IssuerPublicKey) GetAttributeNames

func (m *IssuerPublicKey) GetAttributeNames() []string

func (*IssuerPublicKey) GetBarG1

func (m *IssuerPublicKey) GetBarG1() *ECP

func (*IssuerPublicKey) GetBarG2

func (m *IssuerPublicKey) GetBarG2() *ECP

func (*IssuerPublicKey) GetHAttrs

func (m *IssuerPublicKey) GetHAttrs() []*ECP

func (*IssuerPublicKey) GetHRand

func (m *IssuerPublicKey) GetHRand() *ECP

func (*IssuerPublicKey) GetHSk

func (m *IssuerPublicKey) GetHSk() *ECP

func (*IssuerPublicKey) GetHash

func (m *IssuerPublicKey) GetHash() []byte

func (*IssuerPublicKey) GetProofC

func (m *IssuerPublicKey) GetProofC() []byte

func (*IssuerPublicKey) GetProofS

func (m *IssuerPublicKey) GetProofS() []byte

func (*IssuerPublicKey) GetW

func (m *IssuerPublicKey) GetW() *ECP2

func (*IssuerPublicKey) ProtoMessage

func (*IssuerPublicKey) ProtoMessage()

func (*IssuerPublicKey) Reset

func (m *IssuerPublicKey) Reset()

func (*IssuerPublicKey) SetHash

func (IPk *IssuerPublicKey) SetHash() error

SetHash appends a hash of a serialized public key

func (*IssuerPublicKey) String

func (m *IssuerPublicKey) String() string

type NymSignature

type NymSignature struct {
	// ProofC is the Fiat-Shamir challenge of the ZKP
	ProofC []byte `protobuf:"bytes,1,opt,name=ProofC,proto3" json:"ProofC,omitempty"`
	// ProofSSK is the s-value proving knowledge of the user secret key
	ProofSSk []byte `protobuf:"bytes,2,opt,name=ProofSSk,proto3" json:"ProofSSk,omitempty"`
	// ProofSRNym is the s-value proving knowledge of the pseudonym secret
	ProofSRNym []byte `protobuf:"bytes,3,opt,name=ProofSRNym,proto3" json:"ProofSRNym,omitempty"`
	// Nonce is a fresh nonce used for the signature
	Nonce []byte `protobuf:"bytes,4,opt,name=Nonce,proto3" json:"Nonce,omitempty"`
}

NymSignature specifies a signature object that signs a message with respect to a pseudonym. It differs from the standard idemix.signature in the fact that the standard signature object also proves that the pseudonym is based on a secret certified by a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym signed the message

func NewNymSignature

func NewNymSignature(sk *FP256BN.BIG, Nym *FP256BN.ECP, RNym *FP256BN.BIG, ipk *IssuerPublicKey, msg []byte, rng *amcl.RAND) (*NymSignature, error)

NewSignature creates a new idemix pseudonym signature

func (*NymSignature) Descriptor

func (*NymSignature) Descriptor() ([]byte, []int)

func (*NymSignature) GetNonce

func (m *NymSignature) GetNonce() []byte

func (*NymSignature) GetProofC

func (m *NymSignature) GetProofC() []byte

func (*NymSignature) GetProofSRNym

func (m *NymSignature) GetProofSRNym() []byte

func (*NymSignature) GetProofSSk

func (m *NymSignature) GetProofSSk() []byte

func (*NymSignature) ProtoMessage

func (*NymSignature) ProtoMessage()

func (*NymSignature) Reset

func (m *NymSignature) Reset()

func (*NymSignature) String

func (m *NymSignature) String() string

func (*NymSignature) Ver

func (sig *NymSignature) Ver(nym *FP256BN.ECP, ipk *IssuerPublicKey, msg []byte) error

Ver verifies an idemix NymSignature

type Signature

type Signature struct {
	APrime       *ECP     `protobuf:"bytes,1,opt,name=APrime" json:"APrime,omitempty"`
	ABar         *ECP     `protobuf:"bytes,2,opt,name=ABar" json:"ABar,omitempty"`
	BPrime       *ECP     `protobuf:"bytes,3,opt,name=BPrime" json:"BPrime,omitempty"`
	ProofC       []byte   `protobuf:"bytes,4,opt,name=ProofC,proto3" json:"ProofC,omitempty"`
	ProofSSk     []byte   `protobuf:"bytes,5,opt,name=ProofSSk,proto3" json:"ProofSSk,omitempty"`
	ProofSE      []byte   `protobuf:"bytes,6,opt,name=ProofSE,proto3" json:"ProofSE,omitempty"`
	ProofSR2     []byte   `protobuf:"bytes,7,opt,name=ProofSR2,proto3" json:"ProofSR2,omitempty"`
	ProofSR3     []byte   `protobuf:"bytes,8,opt,name=ProofSR3,proto3" json:"ProofSR3,omitempty"`
	ProofSSPrime []byte   `protobuf:"bytes,9,opt,name=ProofSSPrime,proto3" json:"ProofSSPrime,omitempty"`
	ProofSAttrs  [][]byte `protobuf:"bytes,10,rep,name=ProofSAttrs,proto3" json:"ProofSAttrs,omitempty"`
	Nonce        []byte   `protobuf:"bytes,11,opt,name=Nonce,proto3" json:"Nonce,omitempty"`
	Nym          *ECP     `protobuf:"bytes,12,opt,name=Nym" json:"Nym,omitempty"`
	ProofSRNym   []byte   `protobuf:"bytes,13,opt,name=ProofSRNym,proto3" json:"ProofSRNym,omitempty"`
}

Signature specifies a signature object that consists of APrime, ABar, BPrime, Proof* - randomized credential signature values and a zero-knowledge proof of knowledge of a credential and the corresponding user secret together with the attribute values Nonce - a fresh nonce used for the signature Nym - a fresh pseudonym (a commitment to to the user secert) ProofSRNym - a zero-knowledge proof of knowledge of the user secret inside Nym

func NewSignature

func NewSignature(cred *Credential, sk *FP256BN.BIG, Nym *FP256BN.ECP, RNym *FP256BN.BIG, ipk *IssuerPublicKey, Disclosure []byte, msg []byte, rng *amcl.RAND) (*Signature, error)

NewSignature creates a new idemix signature (Schnorr-type signature) The []byte Disclosure steers which attributes are disclosed: if Disclosure[i] == 0 then attribute i remains hidden and otherwise it is disclosed. We use the zero-knowledge proof by http://eprint.iacr.org/2016/663.pdf to prove knowledge of a BBS+ signature

func (*Signature) Descriptor

func (*Signature) Descriptor() ([]byte, []int)

func (*Signature) GetABar

func (m *Signature) GetABar() *ECP

func (*Signature) GetAPrime

func (m *Signature) GetAPrime() *ECP

func (*Signature) GetBPrime

func (m *Signature) GetBPrime() *ECP

func (*Signature) GetNonce

func (m *Signature) GetNonce() []byte

func (*Signature) GetNym

func (m *Signature) GetNym() *ECP

func (*Signature) GetProofC

func (m *Signature) GetProofC() []byte

func (*Signature) GetProofSAttrs

func (m *Signature) GetProofSAttrs() [][]byte

func (*Signature) GetProofSE

func (m *Signature) GetProofSE() []byte

func (*Signature) GetProofSR2

func (m *Signature) GetProofSR2() []byte

func (*Signature) GetProofSR3

func (m *Signature) GetProofSR3() []byte

func (*Signature) GetProofSRNym

func (m *Signature) GetProofSRNym() []byte

func (*Signature) GetProofSSPrime

func (m *Signature) GetProofSSPrime() []byte

func (*Signature) GetProofSSk

func (m *Signature) GetProofSSk() []byte

func (*Signature) ProtoMessage

func (*Signature) ProtoMessage()

func (*Signature) Reset

func (m *Signature) Reset()

func (*Signature) String

func (m *Signature) String() string

func (*Signature) Ver

func (sig *Signature) Ver(Disclosure []byte, ipk *IssuerPublicKey, msg []byte, attributeValues []*FP256BN.BIG) error

Ver verifies an idemix signature Disclosure steers which attributes it expects to be disclosed attributeValues[i] contains the desired attribute value for the i-th undisclosed attribute in Disclosure

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL