Documentation ¶
Overview ¶
Package bbs is an implementation of BBS+ signature of https://eprint.iacr.org/2016/663.pdf
Index ¶
- func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)
- type BlindSignature
- type BlindSignatureContext
- func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
- func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
- func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, ...) (*BlindSignature, error)
- func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
- func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
- type MessageGenerators
- type PokSignature
- type PokSignatureProof
- func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, ...)
- func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
- func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
- func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
- func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, ...) bool
- func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
- type PublicKey
- type SecretKey
- func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
- func (sk SecretKey) MarshalBinary() ([]byte, error)
- func (sk *SecretKey) PublicKey() *PublicKey
- func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)
- func (sk *SecretKey) UnmarshalBinary(in []byte) error
- type Signature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BlindSignature ¶
type BlindSignature struct {
// contains filtered or unexported fields
}
BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.
1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed
func (*BlindSignature) Init ¶
func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary
func (BlindSignature) MarshalBinary ¶
func (sig BlindSignature) MarshalBinary() ([]byte, error)
func (BlindSignature) ToUnblinded ¶
func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature
func (*BlindSignature) UnmarshalBinary ¶
func (sig *BlindSignature) UnmarshalBinary(data []byte) error
type BlindSignatureContext ¶
type BlindSignatureContext struct {
// contains filtered or unexported fields
}
BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.
func NewBlindSignatureContext ¶
func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)
NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature
func (*BlindSignatureContext) Init ¶
func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
func (BlindSignatureContext) MarshalBinary ¶
func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize
func (BlindSignatureContext) ToBlindSignature ¶
func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)
ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`
func (*BlindSignatureContext) UnmarshalBinary ¶
func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
func (BlindSignatureContext) Verify ¶
func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
Verify validates a proof of hidden messages
type MessageGenerators ¶
type MessageGenerators struct {
// contains filtered or unexported fields
}
MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open
These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index
func (MessageGenerators) Get ¶
func (msgg MessageGenerators) Get(i int) curves.PairingPoint
func (*MessageGenerators) Init ¶
func (msgg *MessageGenerators) Init(w *PublicKey, length int) (*MessageGenerators, error)
Init set the message generators to the default state
type PokSignature ¶
type PokSignature struct {
// contains filtered or unexported fields
}
PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages
func NewPokSignature ¶
func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader, ) (*PokSignature, error)
NewPokSignature creates the initial proof data before a Fiat-Shamir calculation
func (*PokSignature) GenerateProof ¶
func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)
GenerateProof converts the blinding factors and secrets into Schnorr proofs
func (*PokSignature) GetChallengeContribution ¶
func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)
GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge
type PokSignatureProof ¶
type PokSignatureProof struct {
// contains filtered or unexported fields
}
PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof
func (PokSignatureProof) GetChallengeContribution ¶
func (pok PokSignatureProof) GetChallengeContribution( generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript, )
GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge
func (*PokSignatureProof) Init ¶
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary
func (*PokSignatureProof) MarshalBinary ¶
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
func (*PokSignatureProof) UnmarshalBinary ¶
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
func (PokSignatureProof) Verify ¶
func (pok PokSignatureProof) Verify( revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript, ) bool
Verify checks a signature proof of knowledge and selective disclosure proof
func (PokSignatureProof) VerifySigPok ¶
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is a BBS+ verification key
func (PublicKey) MarshalBinary ¶
func (*PublicKey) UnmarshalBinary ¶
type SecretKey ¶
type SecretKey struct {
// contains filtered or unexported fields
}
SecretKey is a BBS+ signing key
func NewSecretKey ¶
func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
func (SecretKey) MarshalBinary ¶
func (*SecretKey) UnmarshalBinary ¶
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>
func (*Signature) Init ¶
func (sig *Signature) Init(curve *curves.PairingCurve) *Signature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create