bbs

package
v0.0.3-gama Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

README

bbs

import "github.com/coinbase/kryptology/pkg/signatures/bbs"

Index

func NewKeys

func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)

type BlindSignature

BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.

1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed

type BlindSignature struct {
    // contains filtered or unexported fields
}
func (*BlindSignature) Init
func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary

func (BlindSignature) MarshalBinary
func (sig BlindSignature) MarshalBinary() ([]byte, error)
func (BlindSignature) ToUnblinded
func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature
func (*BlindSignature) UnmarshalBinary
func (sig *BlindSignature) UnmarshalBinary(data []byte) error

type BlindSignatureContext

BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.

type BlindSignatureContext struct {
    // contains filtered or unexported fields
}
func NewBlindSignatureContext
func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)

NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature

func (*BlindSignatureContext) Init
func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
func (BlindSignatureContext) MarshalBinary
func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)

MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize

func (BlindSignatureContext) ToBlindSignature
func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)

ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`

func (*BlindSignatureContext) UnmarshalBinary
func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
func (BlindSignatureContext) Verify
func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error

Verify validates a proof of hidden messages

type MessageGenerators

MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open

These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index

type MessageGenerators struct {
    // contains filtered or unexported fields
}
func (MessageGenerators) Get
func (msgg MessageGenerators) Get(i int) curves.PairingPoint
func (*MessageGenerators) Init
func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators

Init set the message generators to the default state

type PokSignature

PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages

type PokSignature struct {
    // contains filtered or unexported fields
}
func NewPokSignature
func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader) (*PokSignature, error)

NewPokSignature creates the initial proof data before a Fiat-Shamir calculation

func (*PokSignature) GenerateProof
func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)

GenerateProof converts the blinding factors and secrets into Schnorr proofs

func (*PokSignature) GetChallengeContribution
func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)

GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge

type PokSignatureProof

PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof

type PokSignatureProof struct {
    // contains filtered or unexported fields
}
func (PokSignatureProof) GetChallengeContribution
func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript)

GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge

func (*PokSignatureProof) Init
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof

Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary

func (*PokSignatureProof) MarshalBinary
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
func (*PokSignatureProof) UnmarshalBinary
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
func (PokSignatureProof) Verify
func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript) bool

Verify checks a signature proof of knowledge and selective disclosure proof

func (PokSignatureProof) VerifySigPok
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool

VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge

type PublicKey

PublicKey is a BBS+ verification key

type PublicKey struct {
    // contains filtered or unexported fields
}
func (*PublicKey) Init
func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey
func (PublicKey) MarshalBinary
func (pk PublicKey) MarshalBinary() ([]byte, error)
func (*PublicKey) UnmarshalBinary
func (pk *PublicKey) UnmarshalBinary(in []byte) error
func (PublicKey) Verify
func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error

Verify checks a signature where all messages are known to the verifier

type SecretKey

SecretKey is a BBS+ signing key

type SecretKey struct {
    // contains filtered or unexported fields
}
func NewSecretKey
func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
func (*SecretKey) Init
func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
func (SecretKey) MarshalBinary
func (sk SecretKey) MarshalBinary() ([]byte, error)
func (*SecretKey) PublicKey
func (sk *SecretKey) PublicKey() *PublicKey

PublicKey returns the corresponding public key

func (*SecretKey) Sign
func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)

Sign generates a new signature where all messages are known to the signer

func (*SecretKey) UnmarshalBinary
func (sk *SecretKey) UnmarshalBinary(in []byte) error

type Signature

Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>

type Signature struct {
    // contains filtered or unexported fields
}
func (*Signature) Init
func (sig *Signature) Init(curve *curves.PairingCurve) *Signature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create

func (Signature) MarshalBinary
func (sig Signature) MarshalBinary() ([]byte, error)
func (*Signature) UnmarshalBinary
func (sig *Signature) UnmarshalBinary(data []byte) error

Generated by gomarkdoc

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewKeys 

func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)

Types

type BlindSignature 

type BlindSignature struct {
	// contains filtered or unexported fields
}

BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.

1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed

func (*BlindSignature) Init 

func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary

func (BlindSignature) MarshalBinary 

func (sig BlindSignature) MarshalBinary() ([]byte, error)

func (BlindSignature) ToUnblinded 

func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature

func (*BlindSignature) UnmarshalBinary 

func (sig *BlindSignature) UnmarshalBinary(data []byte) error

type BlindSignatureContext 

type BlindSignatureContext struct {
	// contains filtered or unexported fields
}

BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.

func NewBlindSignatureContext 

func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)

NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature

func (*BlindSignatureContext) Init 

func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext

func (BlindSignatureContext) MarshalBinary 

func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)

MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize

func (BlindSignatureContext) ToBlindSignature 

func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)

ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`

func (*BlindSignatureContext) UnmarshalBinary 

func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error

func (BlindSignatureContext) Verify 

func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error

Verify validates a proof of hidden messages

type MessageGenerators 

type MessageGenerators struct {
	// contains filtered or unexported fields
}

MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open

These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index

func (MessageGenerators) Get 

func (msgg MessageGenerators) Get(i int) curves.PairingPoint

func (*MessageGenerators) Init 

func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators

Init set the message generators to the default state

type PokSignature 

type PokSignature struct {
	// contains filtered or unexported fields
}

PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages

func NewPokSignature 

func NewPokSignature(sig *Signature,
	generators *MessageGenerators,
	msgs []common.ProofMessage,
	reader io.Reader) (*PokSignature, error)

NewPokSignature creates the initial proof data before a Fiat-Shamir calculation

func (*PokSignature) GenerateProof 

func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)

GenerateProof converts the blinding factors and secrets into Schnorr proofs

func (*PokSignature) GetChallengeContribution 

func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)

GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge

type PokSignatureProof 

type PokSignatureProof struct {
	// contains filtered or unexported fields
}

PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof

func (PokSignatureProof) GetChallengeContribution 

func (pok PokSignatureProof) GetChallengeContribution(
	generators *MessageGenerators,
	revealedMessages map[int]curves.Scalar,
	challenge common.Challenge,
	transcript *merlin.Transcript,
)

GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge

func (*PokSignatureProof) Init 

func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof

Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary

func (*PokSignatureProof) MarshalBinary 

func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)

func (*PokSignatureProof) UnmarshalBinary 

func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error

func (PokSignatureProof) Verify 

func (pok PokSignatureProof) Verify(
	revealedMsgs map[int]curves.Scalar,
	pk *PublicKey,
	generators *MessageGenerators,
	nonce common.Nonce,
	challenge common.Challenge,
	transcript *merlin.Transcript,
) bool

Verify checks a signature proof of knowledge and selective disclosure proof

func (PokSignatureProof) VerifySigPok 

func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool

VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a BBS+ verification key

func (*PublicKey) Init 

func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey

func (PublicKey) MarshalBinary 

func (pk PublicKey) MarshalBinary() ([]byte, error)

func (*PublicKey) UnmarshalBinary 

func (pk *PublicKey) UnmarshalBinary(in []byte) error

func (PublicKey) Verify 

func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error

Verify checks a signature where all messages are known to the verifier

type SecretKey 

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey is a BBS+ signing key

func NewSecretKey 

func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)

func (*SecretKey) Init 

func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey

func (SecretKey) MarshalBinary 

func (sk SecretKey) MarshalBinary() ([]byte, error)

func (*SecretKey) PublicKey 

func (sk *SecretKey) PublicKey() *PublicKey

PublicKey returns the corresponding public key

func (*SecretKey) Sign 

func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)

Sign generates a new signature where all messages are known to the signer

func (*SecretKey) UnmarshalBinary 

func (sk *SecretKey) UnmarshalBinary(in []byte) error

type Signature 

type Signature struct {
	// contains filtered or unexported fields
}

Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>

func (*Signature) Init 

func (sig *Signature) Init(curve *curves.PairingCurve) *Signature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create

func (Signature) MarshalBinary 

func (sig Signature) MarshalBinary() ([]byte, error)

func (*Signature) UnmarshalBinary 

func (sig *Signature) UnmarshalBinary(data []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.