bbs

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

README

bbs

import "github.com/coinbase/kryptology/pkg/signatures/bbs"

Index

func NewKeys

func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)

type BlindSignature

BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.

1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed

type BlindSignature struct {
    // contains filtered or unexported fields
}
func (*BlindSignature) Init
func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary

func (BlindSignature) MarshalBinary
func (sig BlindSignature) MarshalBinary() ([]byte, error)
func (BlindSignature) ToUnblinded
func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature
func (*BlindSignature) UnmarshalBinary
func (sig *BlindSignature) UnmarshalBinary(data []byte) error

type BlindSignatureContext

BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.

type BlindSignatureContext struct {
    // contains filtered or unexported fields
}
func NewBlindSignatureContext
func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)

NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature

func (*BlindSignatureContext) Init
func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
func (BlindSignatureContext) MarshalBinary
func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)

MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize

func (BlindSignatureContext) ToBlindSignature
func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)

ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`

func (*BlindSignatureContext) UnmarshalBinary
func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
func (BlindSignatureContext) Verify
func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error

Verify validates a proof of hidden messages

type MessageGenerators

MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open

These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index

type MessageGenerators struct {
    // contains filtered or unexported fields
}
func (MessageGenerators) Get
func (msgg MessageGenerators) Get(i int) curves.PairingPoint
func (*MessageGenerators) Init
func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators

Init set the message generators to the default state

type PokSignature

PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages

type PokSignature struct {
    // contains filtered or unexported fields
}
func NewPokSignature
func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader) (*PokSignature, error)

NewPokSignature creates the initial proof data before a Fiat-Shamir calculation

func (*PokSignature) GenerateProof
func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)

GenerateProof converts the blinding factors and secrets into Schnorr proofs

func (*PokSignature) GetChallengeContribution
func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)

GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge

type PokSignatureProof

PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof

type PokSignatureProof struct {
    // contains filtered or unexported fields
}
func (PokSignatureProof) GetChallengeContribution
func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript)

GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge

func (*PokSignatureProof) Init
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof

Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary

func (*PokSignatureProof) MarshalBinary
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
func (*PokSignatureProof) UnmarshalBinary
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
func (PokSignatureProof) Verify
func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript) bool

Verify checks a signature proof of knowledge and selective disclosure proof

func (PokSignatureProof) VerifySigPok
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool

VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge

type PublicKey

PublicKey is a BBS+ verification key

type PublicKey struct {
    // contains filtered or unexported fields
}
func (*PublicKey) Init
func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey
func (PublicKey) MarshalBinary
func (pk PublicKey) MarshalBinary() ([]byte, error)
func (*PublicKey) UnmarshalBinary
func (pk *PublicKey) UnmarshalBinary(in []byte) error
func (PublicKey) Verify
func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error

Verify checks a signature where all messages are known to the verifier

type SecretKey

SecretKey is a BBS+ signing key

type SecretKey struct {
    // contains filtered or unexported fields
}
func NewSecretKey
func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
func (*SecretKey) Init
func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
func (SecretKey) MarshalBinary
func (sk SecretKey) MarshalBinary() ([]byte, error)
func (*SecretKey) PublicKey
func (sk *SecretKey) PublicKey() *PublicKey

PublicKey returns the corresponding public key

func (*SecretKey) Sign
func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)

Sign generates a new signature where all messages are known to the signer

func (*SecretKey) UnmarshalBinary
func (sk *SecretKey) UnmarshalBinary(in []byte) error

type Signature

Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>

type Signature struct {
    // contains filtered or unexported fields
}
func (*Signature) Init
func (sig *Signature) Init(curve *curves.PairingCurve) *Signature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create

func (Signature) MarshalBinary
func (sig Signature) MarshalBinary() ([]byte, error)
func (*Signature) UnmarshalBinary
func (sig *Signature) UnmarshalBinary(data []byte) error

Generated by gomarkdoc

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewKeys

func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)

Types

type BlindSignature

type BlindSignature struct {
	// contains filtered or unexported fields
}

BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.

1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed

func (*BlindSignature) Init

func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary

func (BlindSignature) MarshalBinary

func (sig BlindSignature) MarshalBinary() ([]byte, error)

func (BlindSignature) ToUnblinded

func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature

func (*BlindSignature) UnmarshalBinary

func (sig *BlindSignature) UnmarshalBinary(data []byte) error

type BlindSignatureContext

type BlindSignatureContext struct {
	// contains filtered or unexported fields
}

BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.

func NewBlindSignatureContext

func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)

NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature

func (*BlindSignatureContext) Init

func (BlindSignatureContext) MarshalBinary

func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)

MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize

func (BlindSignatureContext) ToBlindSignature

func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)

ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`

func (*BlindSignatureContext) UnmarshalBinary

func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error

func (BlindSignatureContext) Verify

func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error

Verify validates a proof of hidden messages

type MessageGenerators

type MessageGenerators struct {
	// contains filtered or unexported fields
}

MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open

These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index

func (MessageGenerators) Get

func (*MessageGenerators) Init

func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators

Init set the message generators to the default state

type PokSignature

type PokSignature struct {
	// contains filtered or unexported fields
}

PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages

func NewPokSignature

func NewPokSignature(sig *Signature,
	generators *MessageGenerators,
	msgs []common.ProofMessage,
	reader io.Reader) (*PokSignature, error)

NewPokSignature creates the initial proof data before a Fiat-Shamir calculation

func (*PokSignature) GenerateProof

func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)

GenerateProof converts the blinding factors and secrets into Schnorr proofs

func (*PokSignature) GetChallengeContribution

func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)

GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge

type PokSignatureProof

type PokSignatureProof struct {
	// contains filtered or unexported fields
}

PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof

func (PokSignatureProof) GetChallengeContribution

func (pok PokSignatureProof) GetChallengeContribution(
	generators *MessageGenerators,
	revealedMessages map[int]curves.Scalar,
	challenge common.Challenge,
	transcript *merlin.Transcript,
)

GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge

func (*PokSignatureProof) Init

Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary

func (*PokSignatureProof) MarshalBinary

func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)

func (*PokSignatureProof) UnmarshalBinary

func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error

func (PokSignatureProof) Verify

func (pok PokSignatureProof) Verify(
	revealedMsgs map[int]curves.Scalar,
	pk *PublicKey,
	generators *MessageGenerators,
	nonce common.Nonce,
	challenge common.Challenge,
	transcript *merlin.Transcript,
) bool

Verify checks a signature proof of knowledge and selective disclosure proof

func (PokSignatureProof) VerifySigPok

func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool

VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a BBS+ verification key

func (*PublicKey) Init

func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey

func (PublicKey) MarshalBinary

func (pk PublicKey) MarshalBinary() ([]byte, error)

func (*PublicKey) UnmarshalBinary

func (pk *PublicKey) UnmarshalBinary(in []byte) error

func (PublicKey) Verify

func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error

Verify checks a signature where all messages are known to the verifier

type SecretKey

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey is a BBS+ signing key

func NewSecretKey

func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)

func (*SecretKey) Init

func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey

func (SecretKey) MarshalBinary

func (sk SecretKey) MarshalBinary() ([]byte, error)

func (*SecretKey) PublicKey

func (sk *SecretKey) PublicKey() *PublicKey

PublicKey returns the corresponding public key

func (*SecretKey) Sign

func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)

Sign generates a new signature where all messages are known to the signer

func (*SecretKey) UnmarshalBinary

func (sk *SecretKey) UnmarshalBinary(in []byte) error

type Signature

type Signature struct {
	// contains filtered or unexported fields
}

Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>

func (*Signature) Init

func (sig *Signature) Init(curve *curves.PairingCurve) *Signature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create

func (Signature) MarshalBinary

func (sig Signature) MarshalBinary() ([]byte, error)

func (*Signature) UnmarshalBinary

func (sig *Signature) UnmarshalBinary(data []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL