bbs

package
v0.8.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2023 License: GPL-3.0 Imports: 12 Imported by: 0

Documentation

Overview

Package bbs is an implementation of BBS+ signature of https://eprint.iacr.org/2016/663.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewKeys

func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)

Types

type BlindSignature

type BlindSignature struct {
	// contains filtered or unexported fields
}

BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.

1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed

func (*BlindSignature) Init

func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary

func (BlindSignature) MarshalBinary

func (sig BlindSignature) MarshalBinary() ([]byte, error)

func (BlindSignature) ToUnblinded

func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature

func (*BlindSignature) UnmarshalBinary

func (sig *BlindSignature) UnmarshalBinary(data []byte) error

type BlindSignatureContext

type BlindSignatureContext struct {
	// contains filtered or unexported fields
}

BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.

func NewBlindSignatureContext

func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)

NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature

func (*BlindSignatureContext) Init

func (BlindSignatureContext) MarshalBinary

func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)

MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize

func (BlindSignatureContext) ToBlindSignature

func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)

ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`

func (*BlindSignatureContext) UnmarshalBinary

func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error

func (BlindSignatureContext) Verify

func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error

Verify validates a proof of hidden messages

type MessageGenerators

type MessageGenerators struct {
	// contains filtered or unexported fields
}

MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open

These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index

func (MessageGenerators) Get

func (*MessageGenerators) Init

func (msgg *MessageGenerators) Init(w *PublicKey, length int) (*MessageGenerators, error)

Init set the message generators to the default state

type PokSignature

type PokSignature struct {
	// contains filtered or unexported fields
}

PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages

func NewPokSignature

func NewPokSignature(sig *Signature,
	generators *MessageGenerators,
	msgs []common.ProofMessage,
	reader io.Reader) (*PokSignature, error)

NewPokSignature creates the initial proof data before a Fiat-Shamir calculation

func (*PokSignature) GenerateProof

func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)

GenerateProof converts the blinding factors and secrets into Schnorr proofs

func (*PokSignature) GetChallengeContribution

func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)

GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge

type PokSignatureProof

type PokSignatureProof struct {
	// contains filtered or unexported fields
}

PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof

func (PokSignatureProof) GetChallengeContribution

func (pok PokSignatureProof) GetChallengeContribution(
	generators *MessageGenerators,
	revealedMessages map[int]curves.Scalar,
	challenge common.Challenge,
	transcript *merlin.Transcript,
)

GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge

func (*PokSignatureProof) Init

Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary

func (*PokSignatureProof) MarshalBinary

func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)

func (*PokSignatureProof) UnmarshalBinary

func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error

func (PokSignatureProof) Verify

func (pok PokSignatureProof) Verify(
	revealedMsgs map[int]curves.Scalar,
	pk *PublicKey,
	generators *MessageGenerators,
	nonce common.Nonce,
	challenge common.Challenge,
	transcript *merlin.Transcript,
) bool

Verify checks a signature proof of knowledge and selective disclosure proof

func (PokSignatureProof) VerifySigPok

func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool

VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a BBS+ verification key

func (*PublicKey) Init

func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey

func (PublicKey) MarshalBinary

func (pk PublicKey) MarshalBinary() ([]byte, error)

func (*PublicKey) UnmarshalBinary

func (pk *PublicKey) UnmarshalBinary(in []byte) error

func (PublicKey) Verify

func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error

Verify checks a signature where all messages are known to the verifier

type SecretKey

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey is a BBS+ signing key

func NewSecretKey

func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)

func (*SecretKey) Init

func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey

func (SecretKey) MarshalBinary

func (sk SecretKey) MarshalBinary() ([]byte, error)

func (*SecretKey) PublicKey

func (sk *SecretKey) PublicKey() *PublicKey

PublicKey returns the corresponding public key

func (*SecretKey) Sign

func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)

Sign generates a new signature where all messages are known to the signer

func (*SecretKey) UnmarshalBinary

func (sk *SecretKey) UnmarshalBinary(in []byte) error

type Signature

type Signature struct {
	// contains filtered or unexported fields
}

Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>

func (*Signature) Init

func (sig *Signature) Init(curve *curves.PairingCurve) *Signature

Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create

func (Signature) MarshalBinary

func (sig Signature) MarshalBinary() ([]byte, error)

func (*Signature) UnmarshalBinary

func (sig *Signature) UnmarshalBinary(data []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL