From df7743adf0897388f20484e2a029c2e67cff6e78 Mon Sep 17 00:00:00 2001 From: Alessandro Sorniotti Date: Tue, 28 May 2024 12:59:35 +0200 Subject: [PATCH] Switch to aries-bbs-go Signed-off-by: Alessandro Sorniotti --- Makefile | 2 +- bccsp/bccsp.go | 6 +- bccsp/schemes/aries/blind_sign.go | 50 ++-- bccsp/schemes/aries/blind_sign_test.go | 22 +- bccsp/schemes/aries/cred.go | 14 +- bccsp/schemes/aries/credrequest_test.go | 4 +- bccsp/schemes/aries/go.mod | 2 +- bccsp/schemes/aries/go.sum | 4 +- bccsp/schemes/aries/issuer.go | 14 +- bccsp/schemes/aries/nymsigner.go | 14 +- bccsp/schemes/aries/nymsigner_test.go | 4 +- bccsp/schemes/aries/signer.go | 213 +++++++++++--- bccsp/schemes/aries/signer_test.go | 96 +++---- bccsp/schemes/aries/smartcard_test.go | 316 +++++++++++++++++++-- bccsp/schemes/aries/user.go | 4 +- bccsp/schemes/aries/util.go | 18 +- bccsp/smartcard_test.go | 14 +- go.mod | 2 +- go.sum | 4 +- tools/idemixgen/idemixca/iedmixca_aries.go | 4 +- 20 files changed, 600 insertions(+), 207 deletions(-) diff --git a/Makefile b/Makefile index e216664..ef47d7d 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ checks: check-deps .PHONY: unit-tests unit-tests: - @go test -timeout 480s -cover $(shell go list ./...) + find . -name go.mod -execdir go test ./... \; .PHONY: unit-tests-race unit-tests-race: diff --git a/bccsp/bccsp.go b/bccsp/bccsp.go index 9142680..2e0617c 100644 --- a/bccsp/bccsp.go +++ b/bccsp/bccsp.go @@ -14,7 +14,7 @@ import ( idemix "github.com/IBM/idemix/bccsp/schemes/dlog/crypto" bccsp "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/pkg/errors" ) @@ -252,7 +252,7 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra &handlers.CredentialSigner{ Credential: &aries.Cred{ Curve: curve, - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), }, }) base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, true)), @@ -291,7 +291,7 @@ func NewAries(keyStore bccsp.KeyStore, curve *math.Curve, _translator idemix.Tra &handlers.CredentialVerifier{ Credential: &aries.Cred{ Curve: curve, - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), }, }) base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), diff --git a/bccsp/schemes/aries/blind_sign.go b/bccsp/schemes/aries/blind_sign.go index a9ab99d..95b09c6 100644 --- a/bccsp/schemes/aries/blind_sign.go +++ b/bccsp/schemes/aries/blind_sign.go @@ -13,13 +13,13 @@ import ( math "github.com/IBM/mathlib" ml "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" ) // BlindedMessages represents a set of messages prepared // (blinded) to be submitted to a signer for a blind signature. type BlindedMessages struct { - PK *bbs12381g2pub.PublicKeyWithGenerators + PK *bbs.PublicKeyWithGenerators S *ml.Zr C *ml.G1 PoK *POKOfBlindedMessages @@ -52,7 +52,7 @@ func ParseBlindedMessages(bytes []byte, curve *ml.Curve) (*BlindedMessages, erro offset += curve.CompressedG1ByteSize - proof, err := bbs12381g2pub.NewBBSLib(curve).ParseProofG1(bytes[offset:]) + proof, err := bbs.NewBBSLib(curve).ParseProofG1(bytes[offset:]) if err != nil { return nil, fmt.Errorf("parse G1 proof: %w", err) } @@ -71,12 +71,12 @@ func ParseBlindedMessages(bytes []byte, curve *ml.Curve) (*BlindedMessages, erro // signature in the form of a Pedersen commitment. type POKOfBlindedMessages struct { C *ml.G1 - ProofC *bbs12381g2pub.ProofG1 + ProofC *bbs.ProofG1 } // VerifyProof verifies the correctness of the zero knowledge // proof against the supplied commitment, challenge and public key. -func (b *POKOfBlindedMessages) VerifyProof(messages []bool, commitment *ml.G1, challenge *ml.Zr, PK *bbs12381g2pub.PublicKey) error { +func (b *POKOfBlindedMessages) VerifyProof(messages []bool, commitment *ml.G1, challenge *ml.Zr, PK *bbs.PublicKey) error { pubKeyWithGenerators, err := PK.ToPublicKeyWithGenerators(len(messages)) if err != nil { return fmt.Errorf("build generators from public key: %w", err) @@ -102,18 +102,18 @@ func (b *POKOfBlindedMessages) VerifyProof(messages []bool, commitment *ml.G1, c // VerifyBlinding verifies that `msgCommit` is a valid // commitment of a set of messages against the appropriate bases. -func VerifyBlinding(messageBitmap []bool, msgCommit *ml.G1, bmProof *POKOfBlindedMessages, PK *bbs12381g2pub.PublicKey, nonce []byte, curve *math.Curve) error { +func VerifyBlinding(messageBitmap []bool, msgCommit *ml.G1, bmProof *POKOfBlindedMessages, PK *bbs.PublicKey, nonce []byte, curve *math.Curve) error { challengeBytes := msgCommit.Bytes() challengeBytes = append(challengeBytes, bmProof.C.Bytes()...) challengeBytes = append(challengeBytes, nonce...) - return bmProof.VerifyProof(messageBitmap, msgCommit, bbs12381g2pub.FrFromOKM(challengeBytes, curve), PK) + return bmProof.VerifyProof(messageBitmap, msgCommit, bbs.FrFromOKM(challengeBytes, curve), PK) } // BlindMessages constructs a commitment to a set of messages // that need to be blinded before signing, and generates the // corresponding ZKP. -func BlindMessages(messages [][]byte, PK *bbs12381g2pub.PublicKey, blindedMsgCount int, nonce []byte, curve *ml.Curve) (*BlindedMessages, error) { +func BlindMessages(messages [][]byte, PK *bbs.PublicKey, blindedMsgCount int, nonce []byte, curve *ml.Curve) (*BlindedMessages, error) { zrs := make([]*ml.Zr, len(messages)) for i, msg := range messages { @@ -121,7 +121,7 @@ func BlindMessages(messages [][]byte, PK *bbs12381g2pub.PublicKey, blindedMsgCou continue } - zrs[i] = bbs12381g2pub.FrFromOKM(msg, curve) + zrs[i] = bbs.FrFromOKM(msg, curve) } return BlindMessagesZr(zrs, PK, blindedMsgCount, nonce, curve) @@ -130,14 +130,14 @@ func BlindMessages(messages [][]byte, PK *bbs12381g2pub.PublicKey, blindedMsgCou // BlindMessagesZr constructs a commitment to a set of messages // that need to be blinded before signing, and generates the // corresponding ZKP. -func BlindMessagesZr(zrs []*ml.Zr, PK *bbs12381g2pub.PublicKey, blindedMsgCount int, nonce []byte, curve *ml.Curve) (*BlindedMessages, error) { +func BlindMessagesZr(zrs []*ml.Zr, PK *bbs.PublicKey, blindedMsgCount int, nonce []byte, curve *ml.Curve) (*BlindedMessages, error) { pubKeyWithGenerators, err := PK.ToPublicKeyWithGenerators(len(zrs)) if err != nil { return nil, fmt.Errorf("build generators from public key: %w", err) } - commit := bbs12381g2pub.NewBBSLib(curve).NewProverCommittingG1() - cb := bbs12381g2pub.NewCommitmentBuilder(blindedMsgCount + 1) + commit := bbs.NewBBSLib(curve).NewProverCommittingG1() + cb := bbs.NewCommitmentBuilder(blindedMsgCount + 1) secrets := make([]*ml.Zr, 0, blindedMsgCount+1) s := curve.NewRandomZr(rand.Reader) @@ -169,30 +169,44 @@ func BlindMessagesZr(zrs []*ml.Zr, PK *bbs12381g2pub.PublicKey, blindedMsgCount C: C, PoK: &POKOfBlindedMessages{ C: U.Commitment, - ProofC: U.GenerateProof(bbs12381g2pub.FrFromOKM(challengeBytes, curve), secrets), + ProofC: U.GenerateProof(bbs.FrFromOKM(challengeBytes, curve), secrets), }, }, nil } // BlindSign signs disclosed and blinded messages using private key in compressed form. -func BlindSign(messages []*bbs12381g2pub.SignatureMessage, msgCount int, commitment *ml.G1, privKeyBytes []byte, curve *math.Curve) ([]byte, error) { - privKey, err := bbs12381g2pub.NewBBSLib(curve).UnmarshalPrivateKey(privKeyBytes) +func BlindSign(messages []*bbs.SignatureMessage, msgCount int, commitment *ml.G1, privKeyBytes []byte, curve *math.Curve) ([]byte, error) { + bl := bbs.NewBBSLib(curve) + + privKey, err := bl.UnmarshalPrivateKey(privKeyBytes) if err != nil { return nil, fmt.Errorf("unmarshal private key: %w", err) } + pkwg, err := privKey.PublicKey().ToPublicKeyWithGenerators(msgCount) + if err != nil { + return nil, fmt.Errorf("unmarshal PublicKey: %w", err) + } + if len(messages) == 0 { return nil, errors.New("messages are not defined") } - bbs := bbs12381g2pub.New(curve) + // signer adds its component + cb := bbs.NewCommitmentBuilder(len(messages) + 2) + for _, msg := range messages { + cb.Add(pkwg.H[msg.Idx], msg.FR) + } + cb.Add(commitment, curve.NewZrFromInt(1)) + cb.Add(curve.GenG1, curve.NewZrFromInt(1)) + comm := cb.Build() - return bbs.SignWithKeyFr(messages, msgCount, commitment, privKey) + return bbs.New(curve).SignWithKeyB(comm, msgCount, privKey) } // UnblindSign converts a signature over some blind messages into a standard signature. func UnblindSign(sigBytes []byte, S *ml.Zr, curve *ml.Curve) ([]byte, error) { - signature, err := bbs12381g2pub.NewBBSLib(curve).ParseSignature(sigBytes) + signature, err := bbs.NewBBSLib(curve).ParseSignature(sigBytes) if err != nil { return nil, fmt.Errorf("parse signature: %w", err) } diff --git a/bccsp/schemes/aries/blind_sign_test.go b/bccsp/schemes/aries/blind_sign_test.go index c18b726..9821367 100644 --- a/bccsp/schemes/aries/blind_sign_test.go +++ b/bccsp/schemes/aries/blind_sign_test.go @@ -14,12 +14,12 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" math "github.com/IBM/mathlib" ml "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -func generateKeyPairRandom(curve *math.Curve) (*bbs12381g2pub.PublicKey, *bbs12381g2pub.PrivateKey, error) { +func generateKeyPairRandom(curve *math.Curve) (*bbs.PublicKey, *bbs.PrivateKey, error) { seed := make([]byte, 32) _, err := rand.Read(seed) @@ -27,7 +27,7 @@ func generateKeyPairRandom(curve *math.Curve) (*bbs12381g2pub.PublicKey, *bbs123 panic(err) } - return bbs12381g2pub.NewBBSLib(curve).GenerateKeyPair(sha256.New, seed) + return bbs.NewBBSLib(curve).GenerateKeyPair(sha256.New, seed) } func TestBlindSignMessages(t *testing.T) { @@ -55,13 +55,13 @@ func TestBlindSignMessages(t *testing.T) { []byte("message4"), } - msgToSign := []*bbs12381g2pub.SignatureMessage{ + msgToSign := []*bbs.SignatureMessage{ { - FR: bbs12381g2pub.FrFromOKM([]byte("message2"), curve), + FR: bbs.FrFromOKM([]byte("message2"), curve), Idx: 1, }, { - FR: bbs12381g2pub.FrFromOKM([]byte("message3"), curve), + FR: bbs.FrFromOKM([]byte("message3"), curve), Idx: 2, }, } @@ -85,7 +85,7 @@ func TestBlindSignMessages(t *testing.T) { err = aries.VerifyBlinding(blindedMessagesBitmap, bm.C, bm.PoK, pubKey, []byte("nonce578"), curve) assert.NoError(t, err) - bls := bbs12381g2pub.New(curve) + bls := bbs.New(curve) privKeyBytes, err := privKey.Marshal() require.NoError(t, err) @@ -122,9 +122,9 @@ func TestBlindSignZr(t *testing.T) { nil, } - msgToSign := []*bbs12381g2pub.SignatureMessage{ + msgToSign := []*bbs.SignatureMessage{ { - FR: bbs12381g2pub.FrFromOKM([]byte("message2"), curve), + FR: bbs.FrFromOKM([]byte("message2"), curve), Idx: 1, }, } @@ -155,7 +155,7 @@ func TestBlindSignZr(t *testing.T) { require.NotEmpty(t, signatureBytes) require.Len(t, signatureBytes, 112) - signature, err := bbs12381g2pub.NewBBSLib(curve).ParseSignature(signatureBytes) + signature, err := bbs.NewBBSLib(curve).ParseSignature(signatureBytes) require.NoError(t, err) messagesCount := 2 @@ -163,7 +163,7 @@ func TestBlindSignZr(t *testing.T) { publicKeyWithGenerators, err := pubKey.ToPublicKeyWithGenerators(messagesCount) require.NoError(t, err) - messagesZr := []*bbs12381g2pub.SignatureMessage{ + messagesZr := []*bbs.SignatureMessage{ {FR: zr, Idx: 0}, msgToSign[0], } diff --git a/bccsp/schemes/aries/cred.go b/bccsp/schemes/aries/cred.go index 4960ec5..abc7c59 100644 --- a/bccsp/schemes/aries/cred.go +++ b/bccsp/schemes/aries/cred.go @@ -10,13 +10,13 @@ import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/pkg/errors" ) type Cred struct { - Bls *bbs12381g2pub.BBSG2Pub + BBS *bbs.BBSG2Pub Curve *math.Curve UserSecretKeyIndex int } @@ -74,16 +74,16 @@ func (c *Cred) Verify(sk *math.Zr, key types.IssuerPublicKey, credBytes []byte, return fmt.Errorf("proto.Unmarshal failed [%w]", err) } - sigma, err := bbs12381g2pub.NewBBSLib(c.Curve).ParseSignature(credential.Cred) + sigma, err := bbs.NewBBSLib(c.Curve).ParseSignature(credential.Cred) if err != nil { return fmt.Errorf("ParseSignature failed [%w]", err) } i := 0 - sm := make([]*bbs12381g2pub.SignatureMessage, len(ipk.PKwG.H)) + sm := make([]*bbs.SignatureMessage, len(ipk.PKwG.H)) for j := range ipk.PKwG.H { if j == int(credential.SkPos) { - sm[j] = &bbs12381g2pub.SignatureMessage{ + sm[j] = &bbs.SignatureMessage{ FR: sk, Idx: j, } @@ -91,7 +91,7 @@ func (c *Cred) Verify(sk *math.Zr, key types.IssuerPublicKey, credBytes []byte, continue } - sm[j] = &bbs12381g2pub.SignatureMessage{ + sm[j] = &bbs.SignatureMessage{ FR: c.Curve.NewZrFromBytes(credential.Attrs[i]), Idx: j, } @@ -100,7 +100,7 @@ func (c *Cred) Verify(sk *math.Zr, key types.IssuerPublicKey, credBytes []byte, case types.IdemixHiddenAttribute: continue case types.IdemixBytesAttribute: - fr := bbs12381g2pub.FrFromOKM(attributes[i].Value.([]byte), c.Curve) + fr := bbs.FrFromOKM(attributes[i].Value.([]byte), c.Curve) if !fr.Equals(sm[j].FR) { return errors.Errorf("credential does not contain the correct attribute value at position [%d]", i) } diff --git a/bccsp/schemes/aries/credrequest_test.go b/bccsp/schemes/aries/credrequest_test.go index 3d195f2..e7cd5d8 100644 --- a/bccsp/schemes/aries/credrequest_test.go +++ b/bccsp/schemes/aries/credrequest_test.go @@ -12,13 +12,13 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" ) func TestCredRequest(t *testing.T) { credProto := &aries.Cred{ - Bls: bbs12381g2pub.New(math.Curves[math.BLS12_381_BBS]), + BBS: bbs.New(math.Curves[math.BLS12_381_BBS]), Curve: math.Curves[math.BLS12_381_BBS], } issuerProto := &aries.Issuer{math.Curves[math.BLS12_381_BBS]} diff --git a/bccsp/schemes/aries/go.mod b/bccsp/schemes/aries/go.mod index 1d961b4..478828c 100644 --- a/bccsp/schemes/aries/go.mod +++ b/bccsp/schemes/aries/go.mod @@ -6,8 +6,8 @@ require ( github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20240612072411-114d281b442d github.com/IBM/idemix/bccsp/types v0.0.0-20240612072411-114d281b442d github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da - github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504 github.com/golang/protobuf v1.5.4 + github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.9.0 ) diff --git a/bccsp/schemes/aries/go.sum b/bccsp/schemes/aries/go.sum index c828bac..888d75a 100644 --- a/bccsp/schemes/aries/go.sum +++ b/bccsp/schemes/aries/go.sum @@ -4,8 +4,6 @@ github.com/IBM/idemix/bccsp/types v0.0.0-20240612072411-114d281b442d h1:cv8IVW3e github.com/IBM/idemix/bccsp/types v0.0.0-20240612072411-114d281b442d/go.mod h1:IMIJ8WcUpBmV4gcOO/BYKuFYpdXCPYZjpNhFSUlO9b8= github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da h1:qqGozq4tF6EOVnWoTgBoJGudRKKZXSAYnEtDggzTnsw= github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da/go.mod h1:Tco9QzE3fQzjMS7nPbHDeFfydAzctStf1Pa8hsh6Hjs= -github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504 h1:sQyFeDcHVHWJ3IeE437NSJjv0+J/6MvGQOJew4X+Cuw= -github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504/go.mod h1:z5xq4Ji1RQojJLZzKeZH5+LKCVZxgQRZpQ4xAJWi8r0= github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE= github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce h1:YtWJF7RHm2pYCvA5t0RPmAaLUhREsKuKd+SLhxFbFeQ= @@ -21,6 +19,8 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= +github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc h1:3Ykk6MtyfnlzMOQry9zkxsoLWpCWZwDPqehO/BJwArM= +github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc/go.mod h1:Kofn6A6WWea1ZM8Rys5aBW9dszwJ7Ywa0kyyYL0TPYw= github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 h1:B1Nt8hKb//KvgGRprk0h1t4lCnwhE9/ryb1WqfZbV+M= github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2/go.mod h1:X+DIyUsaTmalOpmpQfIvFZjKHQedrURQ5t4YqquX7lE= github.com/kilic/bls12-381 v0.1.0 h1:encrdjqKMEvabVQ7qYOKu1OvhqpK4s47wDYtNiPtlp4= diff --git a/bccsp/schemes/aries/issuer.go b/bccsp/schemes/aries/issuer.go index 8d80f3d..46b0617 100644 --- a/bccsp/schemes/aries/issuer.go +++ b/bccsp/schemes/aries/issuer.go @@ -12,7 +12,7 @@ import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" ) // TODO: @@ -20,8 +20,8 @@ import ( // IssuerPublicKey is the issuer public key type IssuerPublicKey struct { - PK *bbs12381g2pub.PublicKey - PKwG *bbs12381g2pub.PublicKeyWithGenerators + PK *bbs.PublicKey + PKwG *bbs.PublicKeyWithGenerators // N is the number of attributes; it *does not* include the user secret key N int } @@ -40,7 +40,7 @@ func (i *IssuerPublicKey) Hash() []byte { // IssuerSecretKey is the issuer secret key type IssuerSecretKey struct { IssuerPublicKey - SK *bbs12381g2pub.PrivateKey + SK *bbs.PrivateKey } // Bytes returns the byte representation of this key @@ -67,7 +67,7 @@ func (i *Issuer) NewKey(AttributeNames []string) (types.IssuerSecretKey, error) return nil, fmt.Errorf("rand.Read failed [%w]", err) } - PK, SK, err := bbs12381g2pub.NewBBSLib(i.Curve).GenerateKeyPair(sha256.New, seed) + PK, SK, err := bbs.NewBBSLib(i.Curve).GenerateKeyPair(sha256.New, seed) if err != nil { return nil, fmt.Errorf("GenerateKeyPair failed [%w]", err) } @@ -90,7 +90,7 @@ func (i *Issuer) NewKey(AttributeNames []string) (types.IssuerSecretKey, error) // NewPublicKeyFromBytes converts the passed bytes to an Issuer key // It makes sure that the so obtained key has the passed attributes, if specified func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (types.IssuerSecretKey, error) { - SK, err := bbs12381g2pub.NewBBSLib(i.Curve).UnmarshalPrivateKey(raw) + SK, err := bbs.NewBBSLib(i.Curve).UnmarshalPrivateKey(raw) if err != nil { return nil, fmt.Errorf("UnmarshalPrivateKey failed [%w]", err) } @@ -115,7 +115,7 @@ func (i *Issuer) NewKeyFromBytes(raw []byte, attributes []string) (types.IssuerS // NewPublicKeyFromBytes converts the passed bytes to an Issuer public key // It makes sure that the so obtained public key has the passed attributes, if specified func (i *Issuer) NewPublicKeyFromBytes(raw []byte, attributes []string) (types.IssuerPublicKey, error) { - PK, err := bbs12381g2pub.NewBBSLib(i.Curve).UnmarshalPublicKey(raw) + PK, err := bbs.NewBBSLib(i.Curve).UnmarshalPublicKey(raw) if err != nil { return nil, fmt.Errorf("UnmarshalPublicKey failed [%w]", err) } diff --git a/bccsp/schemes/aries/nymsigner.go b/bccsp/schemes/aries/nymsigner.go index 216fd58..b468e70 100644 --- a/bccsp/schemes/aries/nymsigner.go +++ b/bccsp/schemes/aries/nymsigner.go @@ -11,8 +11,8 @@ import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" ) const nymSigLabel = "nym-sig" @@ -38,7 +38,7 @@ func (s *NymSigner) Sign( Nonce := s.Curve.NewRandomZr(s.Rng) - commit := bbs12381g2pub.NewBBSLib(s.Curve).NewProverCommittingG1() + commit := bbs.NewBBSLib(s.Curve).NewProverCommittingG1() commit.Commit(ipk.PKwG.H0) commit.Commit(ipk.PKwG.H[s.UserSecretKeyIndex]) commitNym := commit.Finish() @@ -48,11 +48,11 @@ func (s *NymSigner) Sign( challengeBytes = append(challengeBytes, commitNym.ToBytes()...) challengeBytes = append(challengeBytes, digest...) - proofChallenge := bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge := bbs.FrFromOKM(challengeBytes, s.Curve) challengeBytes = proofChallenge.Bytes() challengeBytes = append(challengeBytes, Nonce.Bytes()...) - proofChallenge = bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge = bbs.FrFromOKM(challengeBytes, s.Curve) proof := commitNym.GenerateProof(proofChallenge, []*math.Zr{RNym, sk}) @@ -82,7 +82,7 @@ func (s *NymSigner) Verify( return fmt.Errorf("error unmarshalling signature: [%w]", err) } - nymProof, err := bbs12381g2pub.NewBBSLib(s.Curve).ParseProofG1(sig.MainSignature) + nymProof, err := bbs.NewBBSLib(s.Curve).ParseProofG1(sig.MainSignature) if err != nil { return fmt.Errorf("parse nym proof: %w", err) } @@ -94,11 +94,11 @@ func (s *NymSigner) Verify( challengeBytes = append(challengeBytes, nymProof.Commitment.Bytes()...) challengeBytes = append(challengeBytes, digest...) - proofChallenge := bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge := bbs.FrFromOKM(challengeBytes, s.Curve) challengeBytes = proofChallenge.Bytes() challengeBytes = append(challengeBytes, sig.Nonce...) - proofChallenge = bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge = bbs.FrFromOKM(challengeBytes, s.Curve) return nymProof.Verify([]*math.G1{ipk.PKwG.H0, ipk.PKwG.H[skIndex]}, Nym, proofChallenge) } diff --git a/bccsp/schemes/aries/nymsigner_test.go b/bccsp/schemes/aries/nymsigner_test.go index 709f32b..5d8ca84 100644 --- a/bccsp/schemes/aries/nymsigner_test.go +++ b/bccsp/schemes/aries/nymsigner_test.go @@ -10,7 +10,7 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" ) @@ -46,7 +46,7 @@ func TestNymSigner(t *testing.T) { for skPos := range attrs { signer.UserSecretKeyIndex = skPos - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.PKwG.H0, rNym) cb.Add(ipk.PKwG.H[skPos], sk) nym := cb.Build() diff --git a/bccsp/schemes/aries/signer.go b/bccsp/schemes/aries/signer.go index 4236510..268f58e 100644 --- a/bccsp/schemes/aries/signer.go +++ b/bccsp/schemes/aries/signer.go @@ -7,13 +7,14 @@ package aries import ( "crypto/ecdsa" + "errors" "fmt" "io" "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" ) // AttributeIndexInNym is the index of the blinding factor of the attribute in a Nym commitment @@ -32,23 +33,125 @@ type Signer struct { Rng io.Reader } +type vc2SmartcardSignatureProvider struct { + r *math.Zr + bl *bbs.BBSLib +} + +func (p *vc2SmartcardSignatureProvider) New(d *math.G1, r3 *math.Zr, pubKey *bbs.PublicKeyWithGenerators, sPrime *math.Zr, + messages []*bbs.SignatureMessage, revealedMessages map[int]*bbs.SignatureMessage) (*bbs.ProverCommittedG1, []*math.Zr) { + messagesCount := len(messages) + committing2 := p.bl.NewProverCommittingG1() + baseSecretsCount := 2 + secrets2 := make([]*math.Zr, 0, baseSecretsCount+messagesCount) + + committing2.Commit(d) + + r3D := r3.Copy() + r3D.Neg() + + secrets2 = append(secrets2, r3D) + + committing2.Commit(pubKey.H0) + + sPrime = sPrime.Minus(p.r) + + secrets2 = append(secrets2, sPrime) + + for _, msg := range messages { + if _, ok := revealedMessages[msg.Idx]; ok { + continue + } + + committing2.Commit(pubKey.H[msg.Idx]) + + sourceFR := msg.FR + hiddenFRCopy := sourceFR.Copy() + + secrets2 = append(secrets2, hiddenFRCopy) + } + + pokVC2 := committing2.Finish() + + return pokVC2, secrets2 +} + +type vc2SmartcardProofVerifier struct { + curve *math.Curve + nym *math.G1 +} + +func (v *vc2SmartcardProofVerifier) Verify(challenge *math.Zr, pubKey *bbs.PublicKeyWithGenerators, + revealedMessages map[int]*bbs.SignatureMessage, messages []*bbs.SignatureMessage, ProofVC2 *bbs.ProofG1, + d *math.G1) error { + revealedMessagesCount := len(revealedMessages) + + basesVC2 := make([]*math.G1, 0, 2+pubKey.MessagesCount-revealedMessagesCount) + basesVC2 = append(basesVC2, d, pubKey.H0) + + basesDisclosed := make([]*math.G1, 0, 1+revealedMessagesCount) + exponents := make([]*math.Zr, 0, 1+revealedMessagesCount) + + basesDisclosed = append(basesDisclosed, v.curve.GenG1) + exponents = append(exponents, v.curve.NewZrFromInt(1)) + + revealedMessagesInd := 0 + + for i := range pubKey.H { + if i == 0 { + continue + } + + if _, ok := revealedMessages[i]; ok { + basesDisclosed = append(basesDisclosed, pubKey.H[i]) + exponents = append(exponents, messages[revealedMessagesInd].FR) + revealedMessagesInd++ + } else { + basesVC2 = append(basesVC2, pubKey.H[i]) + } + } + + basesDisclosed = append(basesDisclosed, v.nym) + exponents = append(exponents, v.curve.NewZrFromInt(1)) + + pr := v.curve.GenG1.Copy() + pr.Sub(v.curve.GenG1) + + for i := 0; i < len(basesDisclosed); i++ { + b := basesDisclosed[i] + s := exponents[i] + + g := b.Mul(bbs.FrToRepr(s)) + pr.Add(g) + } + + pr.Neg() + + err := ProofVC2.Verify(basesVC2, pr, challenge) + if err != nil { + return errors.New("bad signature") + } + + return nil +} + func (s *Signer) getPoKOfSignature( credential *Credential, attributes []types.IdemixAttribute, sk *math.Zr, - ipk *bbs12381g2pub.PublicKeyWithGenerators, + ipk *bbs.PublicKeyWithGenerators, sigtype types.SignatureType, Nym *math.G1, RNym *math.Zr, -) (*bbs12381g2pub.PoKOfSignature, []*bbs12381g2pub.SignatureMessage, error) { - signature, err := bbs12381g2pub.NewBBSLib(s.Curve).ParseSignature(credential.Cred) +) (*bbs.PoKOfSignature, []*bbs.SignatureMessage, error) { + signature, err := bbs.NewBBSLib(s.Curve).ParseSignature(credential.Cred) if err != nil { return nil, nil, fmt.Errorf("parse signature: %w", err) } messagesFr := credential.toSignatureMessage(sk, s.Curve) - var pokOS *bbs12381g2pub.PoKOfSignature + var pokOS *bbs.PoKOfSignature if sigtype == types.Smartcard { // this mode implements the protocol from https://eprint.iacr.org/2023/853. // The protocol is between 3 parties, a user, a smartcard and a @@ -62,22 +165,35 @@ func (s *Signer) getPoKOfSignature( // been proven by the smartcard in a separate proof. C := Nym.Copy() C.Sub(ipk.H0.Mul(RNym)) - messagesFrNoSk := append(append([]*bbs12381g2pub.SignatureMessage{}, messagesFr[:credential.SkPos]...), messagesFr[credential.SkPos+1:]...) - pokOS, err = bbs12381g2pub.NewBBSLib(s.Curve).NewPoKOfSignatureExt(signature, messagesFrNoSk, revealedAttributesIndexNoSk(attributes), ipk, Nym, RNym, C) + messagesFrNoSk := append(append([]*bbs.SignatureMessage{}, messagesFr[:credential.SkPos]...), messagesFr[credential.SkPos+1:]...) + p := &bbs.PoKOfSignatureProvider{ + VC2SignatureProvider: &vc2SmartcardSignatureProvider{ + r: RNym, + bl: bbs.NewBBSLib(s.Curve), + }, + Curve: s.Curve, + Bl: bbs.NewBBSLib(s.Curve), + } + + // compute b without the first message + b := bbs.ComputeB(signature.S, messagesFrNoSk, ipk, s.Curve) + b.Add(C) + + pokOS, err = p.PoKOfSignatureB(signature, messagesFrNoSk, revealedAttributesIndexNoSk(attributes), ipk, b) } else { - pokOS, err = bbs12381g2pub.NewBBSLib(s.Curve).NewPoKOfSignatureExt(signature, messagesFr, revealedAttributesIndex(attributes), ipk, nil, nil, nil) + pokOS, err = bbs.NewBBSLib(s.Curve).NewPoKOfSignature(signature, messagesFr, revealedAttributesIndex(attributes), ipk) } if err != nil { - return nil, nil, fmt.Errorf("bbs12381g2pub.NewPoKOfSignature error: %w", err) + return nil, nil, fmt.Errorf("bbs.NewPoKOfSignature error: %w", err) } return pokOS, messagesFr, nil } func (s *Signer) getChallengeHash( - pokSignature *bbs12381g2pub.PoKOfSignature, + pokSignature *bbs.PoKOfSignature, Nym *math.G1, - commitNym *bbs12381g2pub.ProverCommittedG1, + commitNym *bbs.ProverCommittedG1, eid *attributeCommitment, rh *attributeCommitment, msg []byte, @@ -121,33 +237,33 @@ func (s *Signer) getChallengeHash( } // hash the nonce - proofNonce := bbs12381g2pub.ParseProofNonce(msg, s.Curve) + proofNonce := bbs.ParseProofNonce(msg, s.Curve) proofNonceBytes := proofNonce.ToBytes() challengeBytes = append(challengeBytes, proofNonceBytes...) - c := bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + c := bbs.FrFromOKM(challengeBytes, s.Curve) Nonce := s.Curve.NewRandomZr(s.Rng) challengeBytes = c.Bytes() challengeBytes = append(challengeBytes, Nonce.Bytes()...) - return bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve), Nonce + return bbs.FrFromOKM(challengeBytes, s.Curve), Nonce } func (s *Signer) packageProof( attributes []types.IdemixAttribute, Nym *math.G1, - proof *bbs12381g2pub.PoKOfSignatureProof, - proofNym *bbs12381g2pub.ProofG1, + proof *bbs.PoKOfSignatureProof, + proofNym *bbs.ProofG1, nymEid *attributeCommitment, - proofNymEid *bbs12381g2pub.ProofG1, + proofNymEid *bbs.ProofG1, rhNym *attributeCommitment, - proofRhNym *bbs12381g2pub.ProofG1, + proofRhNym *bbs.ProofG1, cri *CredentialRevocationInformation, nonce *math.Zr, ) ([]byte, error) { - payload := bbs12381g2pub.NewPoKPayload(len(attributes)+1, revealedAttributesIndex(attributes)) + payload := bbs.NewPoKPayload(len(attributes)+1, revealedAttributesIndex(attributes)) payloadBytes, err := payload.ToBytes() if err != nil { @@ -189,10 +305,10 @@ func (s *Signer) packageProof( func (s *Signer) getCommitNym( ipk *IssuerPublicKey, - pokSignature *bbs12381g2pub.PoKOfSignature, + pokSignature *bbs.PoKOfSignature, sigType types.SignatureType, userSecretKeyIndex int, -) *bbs12381g2pub.ProverCommittedG1 { +) *bbs.ProverCommittedG1 { if sigType == types.Smartcard { return nil @@ -200,7 +316,7 @@ func (s *Signer) getCommitNym( // Nym is H0^{RNym} \cdot H[0]^{sk} - commit := bbs12381g2pub.NewBBSLib(s.Curve).NewProverCommittingG1() + commit := bbs.NewBBSLib(s.Curve).NewProverCommittingG1() commit.Commit(ipk.PKwG.H0) commit.Commit(ipk.PKwG.H[userSecretKeyIndex]) // we force the same blinding factor used in PokVC2 to prove equality. @@ -216,7 +332,7 @@ func (s *Signer) getCommitNym( type attributeCommitment struct { index int - proof *bbs12381g2pub.ProverCommittedG1 + proof *bbs.ProverCommittedG1 comm *math.G1 r *math.Zr } @@ -247,7 +363,7 @@ func nymEidAttrCommitmentEnabled(sigType types.SignatureType) bool { func (s *Signer) getAttributeCommitment( ipk *IssuerPublicKey, - pokSignature *bbs12381g2pub.PoKOfSignature, + pokSignature *bbs.PoKOfSignature, attr *math.Zr, idxInBases int, enabled bool, @@ -261,7 +377,7 @@ func (s *Signer) getAttributeCommitment( var Nym *math.G1 var R *math.Zr - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) if auditData != nil { if !attr.Equals(auditData.Attr) { @@ -290,7 +406,7 @@ func (s *Signer) getAttributeCommitment( return nil, fmt.Errorf("error determining index for attribute: %w", err) } - commit := bbs12381g2pub.NewBBSLib(s.Curve).NewProverCommittingG1() + commit := bbs.NewBBSLib(s.Curve).NewProverCommittingG1() commit.Commit(ipk.PKwG.H0) commit.Commit(ipk.PKwG.H[idxInBases]) @@ -306,9 +422,9 @@ func (s *Signer) getAttributeCommitment( } func (s *Signer) indexOfAttributeInCommitment( - c *bbs12381g2pub.ProverCommittedG1, + c *bbs.ProverCommittedG1, indexInPk int, - ipk *bbs12381g2pub.PublicKeyWithGenerators, + ipk *bbs.PublicKeyWithGenerators, ) (int, error) { // this is the base used in the public key for the attribute; no +1 since we assume that the caller has already catered for that @@ -435,17 +551,17 @@ func (s *Signer) Sign( // 1) main proof := pokSignature.GenerateProof(proofChallenge) // 2) Nym - var proofNym *bbs12381g2pub.ProofG1 + var proofNym *bbs.ProofG1 if commitNym != nil { proofNym = commitNym.GenerateProof(proofChallenge, []*math.Zr{RNym, sk}) } // 3) NymEid - var proofNymEid *bbs12381g2pub.ProofG1 + var proofNymEid *bbs.ProofG1 if nymEid != nil { proofNymEid = nymEid.proof.GenerateProof(proofChallenge, []*math.Zr{nymEid.r, messagesFr[eidIndex].FR}) } // 4) RhNym - var proofRhNym *bbs12381g2pub.ProofG1 + var proofRhNym *bbs.ProofG1 if rhNym != nil { proofRhNym = rhNym.proof.GenerateProof(proofChallenge, []*math.Zr{rhNym.r, messagesFr[rhIndex].FR}) } @@ -504,7 +620,7 @@ func (s *Signer) Verify( return fmt.Errorf("invalid issuer public key, expected *IssuerPublicKey, got [%T]", ipk) } - lib := bbs12381g2pub.NewBBSLib(s.Curve) + lib := bbs.NewBBSLib(s.Curve) sig := &Signature{} err := proto.Unmarshal(signature, sig) @@ -544,7 +660,7 @@ func (s *Signer) Verify( messages := attributesToSignatureMessage(attributes, s.Curve, skIndex) - payload, err := bbs12381g2pub.ParsePoKPayload(sig.MainSignature) + payload, err := bbs.ParsePoKPayload(sig.MainSignature) if err != nil { return fmt.Errorf("parse signature proof: %w", err) } @@ -563,7 +679,7 @@ func (s *Signer) Verify( return fmt.Errorf("parse nym commit: %w", err) } - var nymProof *bbs12381g2pub.ProofG1 + var nymProof *bbs.ProofG1 if verType != types.ExpectSmartcard { nymProof, err = lib.ParseProofG1(sig.NymProof) if err != nil { @@ -571,7 +687,7 @@ func (s *Signer) Verify( } } - var nymEidProof *bbs12381g2pub.ProofG1 + var nymEidProof *bbs.ProofG1 var NymEid *math.G1 if verifyEIDNym { nymEidProof, err = lib.ParseProofG1(sig.NymEidProof) @@ -585,7 +701,7 @@ func (s *Signer) Verify( } } - var rhNymProof *bbs12381g2pub.ProofG1 + var rhNymProof *bbs.ProofG1 var RhNym *math.G1 if verifyRHNym { rhNymProof, err = lib.ParseProofG1(sig.NymRhProof) @@ -615,7 +731,7 @@ func (s *Signer) Verify( challengeBytes = []byte(signLabel) } - revealedMessages := make(map[int]*bbs12381g2pub.SignatureMessage) + revealedMessages := make(map[int]*bbs.SignatureMessage) for i := range payload.Revealed { revealedMessages[payload.Revealed[i]] = messages[i] } @@ -623,7 +739,7 @@ func (s *Signer) Verify( if verType == types.ExpectSmartcard { // we add this so that GetBytesForChallenge thinks we disclose attr 0 and doesn't add its base to the ZKP chall // we will remove it later - revealedMessages[0] = &bbs12381g2pub.SignatureMessage{} + revealedMessages[0] = &bbs.SignatureMessage{} } challengeBytes = append(challengeBytes, signatureProof.GetBytesForChallenge(revealedMessages, ipk.PKwG)...) if verType == types.ExpectSmartcard { @@ -645,14 +761,14 @@ func (s *Signer) Verify( challengeBytes = append(challengeBytes, rhNymProof.Commitment.Bytes()...) } - proofNonce := bbs12381g2pub.ParseProofNonce(msg, s.Curve) + proofNonce := bbs.ParseProofNonce(msg, s.Curve) proofNonceBytes := proofNonce.ToBytes() challengeBytes = append(challengeBytes, proofNonceBytes...) - proofChallenge := bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge := bbs.FrFromOKM(challengeBytes, s.Curve) challengeBytes = proofChallenge.Bytes() challengeBytes = append(challengeBytes, sig.Nonce...) - proofChallenge = bbs12381g2pub.FrFromOKM(challengeBytes, s.Curve) + proofChallenge = bbs.FrFromOKM(challengeBytes, s.Curve) ////////////////////// // Verify responses // @@ -763,11 +879,14 @@ func (s *Signer) Verify( } // verify the proof of knowledge of the signature - if verType != types.ExpectSmartcard { - return signatureProof.Verify(proofChallenge, ipk.PKwG, revealedMessages, messages) - } else { - return signatureProof.VerifyExt(proofChallenge, ipk.PKwG, revealedMessages, messages, Nym) + if verType == types.ExpectSmartcard { + signatureProof.VC2ProofVerifier = &vc2SmartcardProofVerifier{ + curve: s.Curve, + nym: Nym, + } } + + return signatureProof.Verify(proofChallenge, ipk.PKwG, revealedMessages, messages) } // AuditNymEid permits the auditing of the nym eid generated by a signer @@ -809,7 +928,7 @@ func (s *Signer) AuditNymEid( return fmt.Errorf("invalid audit type [%d]", verType) } - eidAttr := bbs12381g2pub.FrFromOKM([]byte(enrollmentID), s.Curve) + eidAttr := bbs.FrFromOKM([]byte(enrollmentID), s.Curve) if eidIndex >= skIndex { eidIndex++ @@ -861,7 +980,7 @@ func (s *Signer) AuditNymRh( return fmt.Errorf("invalid audit type [%d]", verType) } - rhAttr := bbs12381g2pub.FrFromOKM([]byte(revocationHandle), s.Curve) + rhAttr := bbs.FrFromOKM([]byte(revocationHandle), s.Curve) if rhIndex >= skIndex { rhIndex++ diff --git a/bccsp/schemes/aries/signer_test.go b/bccsp/schemes/aries/signer_test.go index 80879c1..a049243 100644 --- a/bccsp/schemes/aries/signer_test.go +++ b/bccsp/schemes/aries/signer_test.go @@ -15,8 +15,8 @@ import ( "github.com/IBM/idemix/bccsp/schemes/aries" "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" ) @@ -35,10 +35,10 @@ func TestSmartcardSigner(t *testing.T) { ou, role, eid, rh := "ou", 34, "eid", "rh" messagesCount := 5 // includes the sk - msgsZr := []*bbs12381g2pub.SignatureMessage{ + msgsZr := []*bbs.SignatureMessage{ { Idx: 1, - FR: bbs12381g2pub.FrFromOKM([]byte(ou), curve), + FR: bbs.FrFromOKM([]byte(ou), curve), }, { Idx: 2, @@ -46,18 +46,18 @@ func TestSmartcardSigner(t *testing.T) { }, { Idx: 3, - FR: bbs12381g2pub.FrFromOKM([]byte(eid), curve), + FR: bbs.FrFromOKM([]byte(eid), curve), }, { Idx: 4, - FR: bbs12381g2pub.FrFromOKM([]byte(rh), curve), + FR: bbs.FrFromOKM([]byte(rh), curve), }, } sc.H0 = pkwg.H0 sc.H1 = pkwg.H[0] sc.H2 = pkwg.H[3] - sc.EID = bbs12381g2pub.FrFromOKM([]byte(eid), curve) + sc.EID = bbs.FrFromOKM([]byte(eid), curve) proofBytes, err := sc.NymSign(nil) assert.NoError(t, err) @@ -89,7 +89,7 @@ func TestSmartcardSigner(t *testing.T) { issuerProto := &aries.Issuer{curve} credProto := &aries.Cred{ - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), Curve: curve, } @@ -221,14 +221,14 @@ func TestSmartcardSigner(t *testing.T) { // supply as eid nym the one received from the smartcard rNymEid, NymEid := sc.NymEid() - assert.True(t, NymEid.Equals(sc.H0.Mul2(rNymEid, sc.H2, bbs12381g2pub.FrFromOKM([]byte(eid), curve)))) + assert.True(t, NymEid.Equals(sc.H0.Mul2(rNymEid, sc.H2, bbs.FrFromOKM([]byte(eid), curve)))) meta := &types.IdemixSignerMetadata{ EidNym: NymEid.Bytes(), EidNymAuditData: &types.AttrNymAuditData{ Nym: NymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(eid), curve), + Attr: bbs.FrFromOKM([]byte(eid), curve), }, } @@ -284,7 +284,7 @@ func TestSmartcardSigner1(t *testing.T) { sc.H0 = ipk.(*aries.IssuerPublicKey).PKwG.H0 sc.H1 = ipk.(*aries.IssuerPublicKey).PKwG.H[0] sc.H2 = ipk.(*aries.IssuerPublicKey).PKwG.H[3] - sc.EID = bbs12381g2pub.FrFromOKM([]byte(eid), curve) + sc.EID = bbs.FrFromOKM([]byte(eid), curve) sc.Uid_sk = curve.NewZrFromBytes(conf.Sk) // make nym eid @@ -376,7 +376,7 @@ func idemixScSign( EidNymAuditData: &types.AttrNymAuditData{ Nym: NymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(eid), sc.Curve), + Attr: bbs.FrFromOKM([]byte(eid), sc.Curve), }, } @@ -444,7 +444,7 @@ func TestW3CCred(t *testing.T) { sigBytes, err := base64.StdEncoding.DecodeString(sigBase64) assert.NoError(t, err) - bls := bbs12381g2pub.New(math.Curves[math.BLS12_381_BBS]) + bls := bbs.New(curve) err = bls.Verify(messagesBytes, sigBytes, pkBytes) assert.NoError(t, err) @@ -482,10 +482,10 @@ func TestW3CCred(t *testing.T) { attributes := make([][]byte, len(attributeNames)) for i, msg := range messagesBytes[1:] { - attributes[i] = bbs12381g2pub.FrFromOKM(msg, curve).Bytes() + attributes[i] = bbs.FrFromOKM(msg, curve).Bytes() } - sk := bbs12381g2pub.FrFromOKM(messagesBytes[0], curve) + sk := bbs.FrFromOKM(messagesBytes[0], curve) cred := &aries.Credential{ Cred: sigBytes, @@ -495,7 +495,7 @@ func TestW3CCred(t *testing.T) { assert.NoError(t, err) credProto := &aries.Cred{ - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), Curve: curve, } @@ -553,9 +553,9 @@ func TestW3CCred(t *testing.T) { sig, m, err := signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) assert.NoError(t, err) - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], bbs12381g2pub.FrFromOKM([]byte(`_:c14n0 "alice.remote" .`), curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], bbs.FrFromOKM([]byte(`_:c14n0 "alice.remote" .`), curve)) assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, 0, nil, 0, types.ExpectEidNym, nil) @@ -675,7 +675,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { sigBytes, err := base64.StdEncoding.DecodeString(sigBase64) assert.NoError(t, err) - bls := bbs12381g2pub.New(math.Curves[math.BLS12_381_BBS]) + bls := bbs.New(math.Curves[math.BLS12_381_BBS]) err = bls.Verify(messagesBytes, sigBytes, pkBytes) assert.NoError(t, err) @@ -686,11 +686,11 @@ func TestW3CCredSkElsewhere(t *testing.T) { if i == skIndex { continue } - attributes[j] = bbs12381g2pub.FrFromOKM(msg, curve).Bytes() + attributes[j] = bbs.FrFromOKM(msg, curve).Bytes() j++ } - sk := bbs12381g2pub.FrFromOKM(messagesBytes[skIndex], curve) + sk := bbs.FrFromOKM(messagesBytes[skIndex], curve) cred := &aries.Credential{ Cred: sigBytes, @@ -701,7 +701,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { assert.NoError(t, err) credProto := &aries.Cred{ - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), Curve: curve, } @@ -761,9 +761,9 @@ func TestW3CCredSkElsewhere(t *testing.T) { sig, m, err := signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) assert.NoError(t, err) - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndexInBases], bbs12381g2pub.FrFromOKM(eidAttr, curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndexInBases], bbs.FrFromOKM(eidAttr, curve)) assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) err = signer.Verify(ipk, sig, []byte("silliness"), idemixAttrs, rhIndex, eidIndex, skIndex, nil, 0, types.ExpectEidNym, nil) @@ -775,9 +775,9 @@ func TestW3CCredSkElsewhere(t *testing.T) { rNym := curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndexInBases], bbs12381g2pub.FrFromOKM(eidAttr, curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndexInBases], bbs.FrFromOKM(eidAttr, curve)) nym := cb.Build() meta := &types.IdemixSignerMetadata{ @@ -785,7 +785,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM(eidAttr, curve), + Attr: bbs.FrFromOKM(eidAttr, curve), }, } @@ -811,12 +811,12 @@ func TestW3CCredSkElsewhere(t *testing.T) { sig, m, err = signer.Sign(credBytes, sk, Nym, RNmy, ipk, idemixAttrs, []byte("tome"), rhIndex, eidIndex, nil, types.EidNymRhNym, nil) assert.NoError(t, err) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndexInBases], m.EidNymAuditData.Attr) assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.RhNymAuditData.Rand) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndexInBases], m.RhNymAuditData.Attr) assert.True(t, cb.Build().Equals(m.RhNymAuditData.Nym)) @@ -830,9 +830,9 @@ func TestW3CCredSkElsewhere(t *testing.T) { rNym = curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndexInBases], bbs12381g2pub.FrFromOKM(rhAttr, curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndexInBases], bbs.FrFromOKM(rhAttr, curve)) nym = cb.Build() meta = &types.IdemixSignerMetadata{ @@ -840,7 +840,7 @@ func TestW3CCredSkElsewhere(t *testing.T) { RhNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM(rhAttr, curve), + Attr: bbs.FrFromOKM(rhAttr, curve), }, } @@ -865,7 +865,7 @@ func TestSigner(t *testing.T) { curve := math.Curves[math.BLS12_381_BBS] credProto := &aries.Cred{ - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), Curve: curve, } issuerProto := &aries.Issuer{curve} @@ -959,7 +959,7 @@ func TestSigner(t *testing.T) { Nym, RNmy, err := userProto.MakeNym(sk, ipk) assert.NoError(t, err) - // commit := bbs12381g2pub.NewProverCommittingG1() + // commit := bbs.NewProverCommittingG1() // commit.Commit(ipk.(*aries.IssuerPublicKey).PKwG.H0) // commit.Commit(ipk.(*aries.IssuerPublicKey).PKwG.H[0]) // commitNym := commit.Finish() @@ -987,7 +987,7 @@ func TestSigner(t *testing.T) { sig, m, err := signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("silliness"), rhIndex, eidIndex, nil, types.EidNym, nil) assert.NoError(t, err) - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], m.EidNymAuditData.Attr) assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) @@ -1001,9 +1001,9 @@ func TestSigner(t *testing.T) { rNym := curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], bbs12381g2pub.FrFromOKM([]byte("nymeid"), curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], bbs.FrFromOKM([]byte("nymeid"), curve)) nym := cb.Build() meta := &types.IdemixSignerMetadata{ @@ -1011,7 +1011,7 @@ func TestSigner(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymeid"), curve), + Attr: bbs.FrFromOKM([]byte("nymeid"), curve), }, } @@ -1063,7 +1063,7 @@ func TestSigner(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: curve.GenG1.Mul(curve.NewRandomZr(rand)), Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymeid"), curve), + Attr: bbs.FrFromOKM([]byte("nymeid"), curve), }, } @@ -1114,7 +1114,7 @@ func TestSigner(t *testing.T) { rNym = curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], curve.HashToZr([]byte("Not the nymeid"))) nym = cb.Build() @@ -1124,7 +1124,7 @@ func TestSigner(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymeid"), curve), + Attr: bbs.FrFromOKM([]byte("nymeid"), curve), }, } @@ -1138,12 +1138,12 @@ func TestSigner(t *testing.T) { sig, m, err = signer.Sign(cred, sk, Nym, RNmy, ipk, idemixAttrs, []byte("tome"), rhIndex, eidIndex, nil, types.EidNymRhNym, nil) assert.NoError(t, err) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.EidNymAuditData.Rand) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[eidIndex+1], m.EidNymAuditData.Attr) assert.True(t, cb.Build().Equals(m.EidNymAuditData.Nym)) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, m.RhNymAuditData.Rand) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndex+1], m.RhNymAuditData.Attr) assert.True(t, cb.Build().Equals(m.RhNymAuditData.Nym)) @@ -1157,9 +1157,9 @@ func TestSigner(t *testing.T) { rNym = curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) - cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndex+1], bbs12381g2pub.FrFromOKM([]byte("nymrh"), curve)) + cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndex+1], bbs.FrFromOKM([]byte("nymrh"), curve)) nym = cb.Build() meta = &types.IdemixSignerMetadata{ @@ -1167,7 +1167,7 @@ func TestSigner(t *testing.T) { RhNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymrh"), curve), + Attr: bbs.FrFromOKM([]byte("nymrh"), curve), }, } @@ -1215,7 +1215,7 @@ func TestSigner(t *testing.T) { RhNymAuditData: &types.AttrNymAuditData{ Nym: curve.GenG1.Mul(curve.NewRandomZr(rand)), Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymrh"), curve), + Attr: bbs.FrFromOKM([]byte("nymrh"), curve), }, } @@ -1257,7 +1257,7 @@ func TestSigner(t *testing.T) { rNym = curve.NewRandomZr(rand) - cb = bbs12381g2pub.NewCommitmentBuilder(2) + cb = bbs.NewCommitmentBuilder(2) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H0, rNym) cb.Add(ipk.(*aries.IssuerPublicKey).PKwG.H[rhIndex+1], curve.NewZrFromInt(37)) nym = cb.Build() @@ -1267,7 +1267,7 @@ func TestSigner(t *testing.T) { RhNymAuditData: &types.AttrNymAuditData{ Nym: nym, Rand: rNym, - Attr: bbs12381g2pub.FrFromOKM([]byte("nymrh"), curve), + Attr: bbs.FrFromOKM([]byte("nymrh"), curve), }, } diff --git a/bccsp/schemes/aries/smartcard_test.go b/bccsp/schemes/aries/smartcard_test.go index b87b2dd..c5e7d6a 100644 --- a/bccsp/schemes/aries/smartcard_test.go +++ b/bccsp/schemes/aries/smartcard_test.go @@ -10,11 +10,12 @@ import ( "crypto/aes" "crypto/rand" "encoding/hex" + "errors" "testing" "github.com/IBM/idemix/bccsp/schemes/aries" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" ) @@ -70,9 +71,114 @@ func getSmartcard(t *testing.T) (*aries.Smartcard, *math.Curve) { }, c } +type defaultVC2SignatureProvider struct { + r *math.Zr + bl *bbs.BBSLib +} + +func (p *defaultVC2SignatureProvider) New(d *math.G1, r3 *math.Zr, pubKey *bbs.PublicKeyWithGenerators, sPrime *math.Zr, + messages []*bbs.SignatureMessage, revealedMessages map[int]*bbs.SignatureMessage) (*bbs.ProverCommittedG1, []*math.Zr) { + messagesCount := len(messages) + committing2 := p.bl.NewProverCommittingG1() + baseSecretsCount := 2 + secrets2 := make([]*math.Zr, 0, baseSecretsCount+messagesCount) + + committing2.Commit(d) + + r3D := r3.Copy() + r3D.Neg() + + secrets2 = append(secrets2, r3D) + + committing2.Commit(pubKey.H0) + + sPrime = sPrime.Minus(p.r) + + secrets2 = append(secrets2, sPrime) + + for _, msg := range messages { + if _, ok := revealedMessages[msg.Idx]; ok { + continue + } + + committing2.Commit(pubKey.H[msg.Idx]) + + sourceFR := msg.FR + hiddenFRCopy := sourceFR.Copy() + + secrets2 = append(secrets2, hiddenFRCopy) + } + + pokVC2 := committing2.Finish() + + return pokVC2, secrets2 +} + +type defaultVC2ProofVerifier struct { + curve *math.Curve + nym *math.G1 +} + +func (v *defaultVC2ProofVerifier) Verify(challenge *math.Zr, pubKey *bbs.PublicKeyWithGenerators, + revealedMessages map[int]*bbs.SignatureMessage, messages []*bbs.SignatureMessage, ProofVC2 *bbs.ProofG1, + d *math.G1) error { + revealedMessagesCount := len(revealedMessages) + + basesVC2 := make([]*math.G1, 0, 2+pubKey.MessagesCount-revealedMessagesCount) + basesVC2 = append(basesVC2, d, pubKey.H0) + + basesDisclosed := make([]*math.G1, 0, 1+revealedMessagesCount) + exponents := make([]*math.Zr, 0, 1+revealedMessagesCount) + + basesDisclosed = append(basesDisclosed, v.curve.GenG1) + exponents = append(exponents, v.curve.NewZrFromInt(1)) + + revealedMessagesInd := 0 + + for i := range pubKey.H { + if i == 0 { + continue + } + + if _, ok := revealedMessages[i]; ok { + basesDisclosed = append(basesDisclosed, pubKey.H[i]) + exponents = append(exponents, messages[revealedMessagesInd].FR) + revealedMessagesInd++ + } else { + basesVC2 = append(basesVC2, pubKey.H[i]) + } + } + + basesDisclosed = append(basesDisclosed, v.nym) + exponents = append(exponents, v.curve.NewZrFromInt(1)) + + // TODO: expose 0 + pr := v.curve.GenG1.Copy() + pr.Sub(v.curve.GenG1) + + for i := 0; i < len(basesDisclosed); i++ { + b := basesDisclosed[i] + s := exponents[i] + + g := b.Mul(bbs.FrToRepr(s)) + pr.Add(g) + } + + pr.Neg() + + err := ProofVC2.Verify(basesVC2, pr, challenge) + if err != nil { + return errors.New("bad signature") + } + + return nil +} + func TestAll(t *testing.T) { sc, curve := getSmartcard(t) + bl := bbs.NewBBSLib(curve) + pubKey, privKey, err := generateKeyPairRandom(curve) assert.NoError(t, err) @@ -82,6 +188,12 @@ func TestAll(t *testing.T) { pkwg, err := pubKey.ToPublicKeyWithGenerators(5) assert.NoError(t, err) + // convert public key + pkbbs, err := bbs.NewBBSLib(curve).UnmarshalPublicKey(pubKey.PointG2.Compressed()) + assert.NoError(t, err) + pkwgbbs, err := pkbbs.ToPublicKeyWithGenerators(5) + assert.NoError(t, err) + sc.H0 = pkwg.H0 sc.H1 = pkwg.H[0] sc.H2 = pkwg.H[3] @@ -98,22 +210,22 @@ func TestAll(t *testing.T) { ou, role, eid, rh := "ou", "role", "eid", "rh" messagesCount := 5 // includes the sk - sig_, err := aries.BlindSign([]*bbs12381g2pub.SignatureMessage{ + sig_, err := aries.BlindSign([]*bbs.SignatureMessage{ { Idx: 1, - FR: bbs12381g2pub.FrFromOKM([]byte(ou), curve), + FR: bbs.FrFromOKM([]byte(ou), curve), }, { Idx: 2, - FR: bbs12381g2pub.FrFromOKM([]byte(role), curve), + FR: bbs.FrFromOKM([]byte(role), curve), }, { Idx: 3, - FR: bbs12381g2pub.FrFromOKM([]byte(eid), curve), + FR: bbs.FrFromOKM([]byte(eid), curve), }, { Idx: 4, - FR: bbs12381g2pub.FrFromOKM([]byte(rh), curve), + FR: bbs.FrFromOKM([]byte(rh), curve), }, }, messagesCount, B, privKeyBytes, curve) assert.NoError(t, err) @@ -121,65 +233,213 @@ func TestAll(t *testing.T) { sigBytes, err := aries.UnblindSign(sig_, r, curve) assert.NoError(t, err) - sig, err := bbs12381g2pub.NewBBSLib(curve).ParseSignature(sigBytes) + sig, err := bbs.NewBBSLib(curve).ParseSignature(sigBytes) assert.NoError(t, err) - messagesFr := []*bbs12381g2pub.SignatureMessage{ + messagesFr := []*bbs.SignatureMessage{ { Idx: 0, FR: sc.Uid_sk, }, { Idx: 1, - FR: bbs12381g2pub.FrFromOKM([]byte(ou), curve), + FR: bbs.FrFromOKM([]byte(ou), curve), }, { Idx: 2, - FR: bbs12381g2pub.FrFromOKM([]byte(role), curve), + FR: bbs.FrFromOKM([]byte(role), curve), }, { Idx: 3, - FR: bbs12381g2pub.FrFromOKM([]byte(eid), curve), + FR: bbs.FrFromOKM([]byte(eid), curve), }, { Idx: 4, - FR: bbs12381g2pub.FrFromOKM([]byte(rh), curve), + FR: bbs.FrFromOKM([]byte(rh), curve), }, } - err = sig.Verify(messagesFr, pkwg) + err = sig.Verify(messagesFr, pkwgbbs) assert.NoError(t, err) /*********************************************************************/ /*********************************************************************/ - pok_, err := bbs12381g2pub.NewBBSLib(curve).NewPoKOfSignature(sig, messagesFr, []int{1, 2}, pkwg) + pok_, err := bbs.NewBBSLib(curve).NewPoKOfSignature(sig, messagesFr, []int{1, 2}, pkwg) assert.NoError(t, err) c := curve.NewRandomZr(rand.Reader) pok := pok_.GenerateProof(c) - err = pok.Verify(c, pkwg, map[int]*bbs12381g2pub.SignatureMessage{1: {}, 2: {}}, []*bbs12381g2pub.SignatureMessage{messagesFr[1], messagesFr[2]}) + pokbytes := pok.ToBytes() + pok, err = bbs.NewBBSLib(curve).ParseSignatureProof(pokbytes) + assert.NoError(t, err) + + err = pok.Verify(c, pkwg, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) assert.NoError(t, err) /*********************************************************************/ /*********************************************************************/ + // convert messages + messagesFrbbs := []*bbs.SignatureMessage{ + { + Idx: 0, + FR: sc.Uid_sk, + }, + { + Idx: 1, + FR: bbs.FrFromOKM([]byte(ou), curve), + }, + { + Idx: 2, + FR: bbs.FrFromOKM([]byte(role), curve), + }, + { + Idx: 3, + FR: bbs.FrFromOKM([]byte(eid), curve), + }, + { + Idx: 4, + FR: bbs.FrFromOKM([]byte(rh), curve), + }, + } + C := B.Copy() C.Sub(sc.H0.Mul(r)) assert.True(t, C.Equals(sc.H1.Mul(sc.Uid_sk))) - pok_, err = bbs12381g2pub.NewBBSLib(curve).NewPoKOfSignatureExt(sig, messagesFr[1:], []int{0, 1}, pkwg, B, r, C) + p := &bbs.PoKOfSignatureProvider{ + VC2SignatureProvider: &defaultVC2SignatureProvider{ + r: r, + bl: bbs.NewBBSLib(curve), + }, + Curve: curve, + Bl: bbs.NewBBSLib(curve), + } + + // compute b without the first message + b := bbs.ComputeB(sig.S, messagesFrbbs[1:], pkwg, curve) + + // add the first message + b.Add(C) + + pok_, err = p.PoKOfSignatureB(sig, messagesFr[1:], []int{0, 1}, pkwgbbs, b) assert.NoError(t, err) c = curve.NewRandomZr(rand.Reader) pok = pok_.GenerateProof(c) - err = pok.VerifyExt(c, pkwg, map[int]*bbs12381g2pub.SignatureMessage{1: {}, 2: {}}, []*bbs12381g2pub.SignatureMessage{messagesFr[1], messagesFr[2]}, B) + pok.VC2ProofVerifier = &defaultVC2ProofVerifier{ + curve: curve, + nym: B, + } + + err = pok.Verify(c, pkwgbbs, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) + assert.NoError(t, err) + + //////////////////////////////////////////////////////////////////////////////////////////////////// + ///////////////////////////////////////COMPATIBILITY WITH OLD CODE////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////////// + + // convert signature + sigbbs, err := bl.ParseSignature(sigBytes) + assert.NoError(t, err) + + // convert POK + proof := pok_.GenerateProof(c) + payload := bbs.NewPoKPayload(messagesCount, []int{1, 2}) + payloadBytes, err := payload.ToBytes() + assert.NoError(t, err) + signatureProofBytes := append(payloadBytes, proof.ToBytes()...) + payload, err = bbs.ParsePoKPayload(signatureProofBytes) + assert.NoError(t, err) + signatureProof, err := bl.ParseSignatureProof(signatureProofBytes[payload.LenInBytes():]) + assert.NoError(t, err) + + // set custom verifier on the new POK + signatureProof.VC2ProofVerifier = &defaultVC2ProofVerifier{ + curve: curve, + nym: B, + } + + // verify with other verifier + err = signatureProof.Verify(c, pkwg, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{ + { + FR: messagesFr[1].FR, + Idx: messagesFr[1].Idx, + }, + { + FR: messagesFr[2].FR, + Idx: messagesFr[2].Idx, + }}, + ) + assert.NoError(t, err) + + p = &bbs.PoKOfSignatureProvider{ + VC2SignatureProvider: &defaultVC2SignatureProvider{ + r: r, + bl: bl, + }, + Curve: curve, + Bl: bl, + } + + // compute b without the first message + b = bbs.ComputeB(sig.S, messagesFrbbs[1:], pkwg, curve) + + // add the first message + b.Add(C) + + // create proof with new code + pokSignature, err := p.PoKOfSignatureB(sigbbs, messagesFrbbs[1:], []int{0, 1}, pkwg, b) + assert.NoError(t, err) + proofbbs := pokSignature.GenerateProof(c) + + // set custom verifier on the new POK + proofbbs.VC2ProofVerifier = &defaultVC2ProofVerifier{ + curve: curve, + nym: B, + } + + // verify proof with new code + err = proofbbs.Verify(c, pkwg, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{ + { + FR: messagesFr[1].FR, + Idx: messagesFr[1].Idx, + }, + { + FR: messagesFr[2].FR, + Idx: messagesFr[2].Idx, + }}, + ) + assert.NoError(t, err) + + // convert POK + payloadnew := bbs.NewPoKPayload(messagesCount, []int{1, 2}) + payloadBytesnew, err := payloadnew.ToBytes() + assert.NoError(t, err) + signatureProofBytesnew := append(payloadBytesnew, proofbbs.ToBytes()...) + payloadnew, err = bbs.ParsePoKPayload(signatureProofBytesnew) + assert.NoError(t, err) + signatureProofnew, err := bbs.NewBBSLib(curve).ParseSignatureProof(signatureProofBytesnew[payloadnew.LenInBytes():]) + assert.NoError(t, err) + + // set custom verifier on the new POK + signatureProofnew.VC2ProofVerifier = &defaultVC2ProofVerifier{ + curve: curve, + nym: B, + } + + // verify proof with old code + err = signatureProofnew.Verify(c, pkwgbbs, map[int]*bbs.SignatureMessage{1: {}, 2: {}}, []*bbs.SignatureMessage{messagesFr[1], messagesFr[2]}) assert.NoError(t, err) + //////////////////////////////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////////// + //////////////////////////////////////////////////////////////////////////////////////////////////// /*********************************************************************/ @@ -187,7 +447,7 @@ func TestAll(t *testing.T) { r1, r2 := curve.NewRandomZr(rand.Reader), curve.NewRandomZr(rand.Reader) - b := computeB(sig.S, messagesFr, pkwg, curve) + b = computeB(sig.S, messagesFr, pkwgbbs, curve) aPrime := sig.A.Mul(r1) aBarDenom := aPrime.Mul(sig.E) @@ -199,7 +459,7 @@ func TestAll(t *testing.T) { r2D.Neg() commitmentBasesCount := 2 - cb := bbs12381g2pub.NewCommitmentBuilder(commitmentBasesCount) + cb := bbs.NewCommitmentBuilder(commitmentBasesCount) cb.Add(b, r1) cb.Add(pkwg.H0, r2D) @@ -252,12 +512,12 @@ func TestAll(t *testing.T) { /* custom validation here */ /***********************************/ - revealedMessages := make(map[int]*bbs12381g2pub.SignatureMessage, 2) + revealedMessages := make(map[int]*bbs.SignatureMessage, 2) revealedMessages[1] = messagesFr[1] revealedMessages[2] = messagesFr[2] // DELTA: we pass sPrime.Minus(r) as sPrime and drop the first message in messagesFr - pokVC2, secrets2 := newModifiedVC2Signature(d, r3, pkwg, sPrime.Minus(r), messagesFr[1:], revealedMessages, curve) + pokVC2, secrets2 := newModifiedVC2Signature(d, r3, pkwgbbs, sPrime.Minus(r), messagesFr[1:], revealedMessages, curve) /*************/ @@ -315,10 +575,10 @@ func TestAll(t *testing.T) { assert.NoError(t, err) } -func computeB(s *math.Zr, messages []*bbs12381g2pub.SignatureMessage, key *bbs12381g2pub.PublicKeyWithGenerators, curve *math.Curve) *math.G1 { +func computeB(s *math.Zr, messages []*bbs.SignatureMessage, key *bbs.PublicKeyWithGenerators, curve *math.Curve) *math.G1 { const basesOffset = 2 - cb := bbs12381g2pub.NewCommitmentBuilder(len(messages) + basesOffset) + cb := bbs.NewCommitmentBuilder(len(messages) + basesOffset) cb.Add(curve.GenG1, curve.NewZrFromInt(1)) cb.Add(key.H0, s) @@ -333,15 +593,15 @@ func computeB(s *math.Zr, messages []*bbs12381g2pub.SignatureMessage, key *bbs12 func newModifiedVC2Signature( d *math.G1, r3 *math.Zr, - pubKey *bbs12381g2pub.PublicKeyWithGenerators, + pubKey *bbs.PublicKeyWithGenerators, sPrime *math.Zr, - messages []*bbs12381g2pub.SignatureMessage, - revealedMessages map[int]*bbs12381g2pub.SignatureMessage, + messages []*bbs.SignatureMessage, + revealedMessages map[int]*bbs.SignatureMessage, curve *math.Curve, -) (*bbs12381g2pub.ProverCommittedG1, []*math.Zr) { +) (*bbs.ProverCommittedG1, []*math.Zr) { messagesCount := len(messages) - committing2 := bbs12381g2pub.NewBBSLib(curve).NewProverCommittingG1() + committing2 := bbs.NewBBSLib(curve).NewProverCommittingG1() baseSecretsCount := 2 secrets2 := make([]*math.Zr, 0, baseSecretsCount+messagesCount) diff --git a/bccsp/schemes/aries/user.go b/bccsp/schemes/aries/user.go index 20a872b..d7609aa 100644 --- a/bccsp/schemes/aries/user.go +++ b/bccsp/schemes/aries/user.go @@ -11,7 +11,7 @@ import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/pkg/errors" ) @@ -49,7 +49,7 @@ func (u *User) MakeNym(sk *math.Zr, key types.IssuerPublicKey) (*math.G1, *math. rNym := u.Curve.NewRandomZr(u.Rng) - cb := bbs12381g2pub.NewCommitmentBuilder(2) + cb := bbs.NewCommitmentBuilder(2) cb.Add(ipk.PKwG.H0, rNym) cb.Add(ipk.PKwG.H[u.UserSecretKeyIndex], sk) nym := cb.Build() diff --git a/bccsp/schemes/aries/util.go b/bccsp/schemes/aries/util.go index 820e698..2544abc 100644 --- a/bccsp/schemes/aries/util.go +++ b/bccsp/schemes/aries/util.go @@ -9,22 +9,22 @@ package aries import ( "github.com/IBM/idemix/bccsp/types" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" + "github.com/hyperledger/aries-bbs-go/bbs" ) -func attributesToSignatureMessage(attributes []types.IdemixAttribute, curve *math.Curve, skPos int) []*bbs12381g2pub.SignatureMessage { +func attributesToSignatureMessage(attributes []types.IdemixAttribute, curve *math.Curve, skPos int) []*bbs.SignatureMessage { attributes = append(append(append([]types.IdemixAttribute{}, attributes[:skPos]...), types.IdemixAttribute{Type: types.IdemixHiddenAttribute}), attributes[skPos:]...) - var msgsZr = make([]*bbs12381g2pub.SignatureMessage, 0, len(attributes)) + var msgsZr = make([]*bbs.SignatureMessage, 0, len(attributes)) for i, msg := range attributes { switch msg.Type { case types.IdemixBytesAttribute: - msgsZr = append(msgsZr, &bbs12381g2pub.SignatureMessage{ - FR: bbs12381g2pub.FrFromOKM(msg.Value.([]byte), curve), + msgsZr = append(msgsZr, &bbs.SignatureMessage{ + FR: bbs.FrFromOKM(msg.Value.([]byte), curve), Idx: i, }) case types.IdemixIntAttribute: - msgsZr = append(msgsZr, &bbs12381g2pub.SignatureMessage{ + msgsZr = append(msgsZr, &bbs.SignatureMessage{ FR: curve.NewZrFromInt(int64(msg.Value.(int))), Idx: i, }) @@ -60,12 +60,12 @@ func revealedAttributesIndex(attributes []types.IdemixAttribute) []int { return revealed } -func (c *Credential) toSignatureMessage(sk *math.Zr, curve *math.Curve) []*bbs12381g2pub.SignatureMessage { - msgsZr := make([]*bbs12381g2pub.SignatureMessage, 0, len(c.Attrs)+1) +func (c *Credential) toSignatureMessage(sk *math.Zr, curve *math.Curve) []*bbs.SignatureMessage { + msgsZr := make([]*bbs.SignatureMessage, 0, len(c.Attrs)+1) j := 0 for i := 0; i < len(c.Attrs)+1; i++ { - msg := &bbs12381g2pub.SignatureMessage{} + msg := &bbs.SignatureMessage{} msgsZr = append(msgsZr, msg) if i == int(c.SkPos) { diff --git a/bccsp/smartcard_test.go b/bccsp/smartcard_test.go index f90ab06..61764bd 100644 --- a/bccsp/smartcard_test.go +++ b/bccsp/smartcard_test.go @@ -20,8 +20,8 @@ import ( "github.com/IBM/idemix/bccsp/types" "github.com/IBM/idemix/idemixmsp" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/stretchr/testify/assert" ) @@ -119,7 +119,7 @@ func TestSmartcardHybrid(t *testing.T) { sc.H0 = ipk.PKwG.H0 sc.H1 = ipk.PKwG.H[0] sc.H2 = ipk.PKwG.H[3] - sc.EID = bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve) + sc.EID = bbs.FrFromOKM([]byte(conf.EnrollmentId), curve) sc.Uid_sk = curve.NewZrFromBytes(conf.Sk) /*******************************************************************************/ @@ -174,7 +174,7 @@ func TestSmartcardHybrid(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve), + Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), }, } @@ -243,7 +243,7 @@ func TestSmartcardCSP(t *testing.T) { sc.H0 = ipk.PKwG.H0 sc.H1 = ipk.PKwG.H[0] sc.H2 = ipk.PKwG.H[3] - sc.EID = bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve) + sc.EID = bbs.FrFromOKM([]byte(conf.EnrollmentId), curve) sc.Uid_sk = curve.NewZrFromBytes(conf.Sk) /*******************************************************************************/ @@ -307,7 +307,7 @@ func TestSmartcardCSP(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve), + Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), }, }, } @@ -374,7 +374,7 @@ func TestSmartcardCSP(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve), + Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), }, }, } @@ -437,7 +437,7 @@ func TestSmartcardCSP(t *testing.T) { EidNymAuditData: &types.AttrNymAuditData{ Nym: nymEid, Rand: rNymEid, - Attr: bbs12381g2pub.FrFromOKM([]byte(conf.EnrollmentId), curve), + Attr: bbs.FrFromOKM([]byte(conf.EnrollmentId), curve), }, } diff --git a/go.mod b/go.mod index af45cd3..9d025cc 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20240612072411-114d281b442d github.com/IBM/idemix/bccsp/types v0.0.0-20240612072411-114d281b442d github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da - github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/golang/protobuf v1.5.4 + github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc github.com/hyperledger/fabric-protos-go v0.3.3 github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.34.1 diff --git a/go.sum b/go.sum index 69d510d..98e787b 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,6 @@ github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20240612072411-114d281b442d h github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20240612072411-114d281b442d/go.mod h1:FC0vVgNI6bv8GH0VTwjup+arwJ8Tau1iEhroWZ1oPwU= github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da h1:qqGozq4tF6EOVnWoTgBoJGudRKKZXSAYnEtDggzTnsw= github.com/IBM/mathlib v0.0.3-0.20231011094432-44ee0eb539da/go.mod h1:Tco9QzE3fQzjMS7nPbHDeFfydAzctStf1Pa8hsh6Hjs= -github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504 h1:sQyFeDcHVHWJ3IeE437NSJjv0+J/6MvGQOJew4X+Cuw= -github.com/ale-linux/aries-framework-go/component/kmscrypto v0.0.0-20231023164747-f3f972769504/go.mod h1:z5xq4Ji1RQojJLZzKeZH5+LKCVZxgQRZpQ4xAJWi8r0= github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY= github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 h1:t3eaIm0rUkzbrIewtiFmMK5RXHej2XnoXNhxVsAYUfg= @@ -50,6 +48,8 @@ github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwg github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc h1:3Ykk6MtyfnlzMOQry9zkxsoLWpCWZwDPqehO/BJwArM= +github.com/hyperledger/aries-bbs-go v0.0.0-20240528084656-761671ea73bc/go.mod h1:Kofn6A6WWea1ZM8Rys5aBW9dszwJ7Ywa0kyyYL0TPYw= github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 h1:B1Nt8hKb//KvgGRprk0h1t4lCnwhE9/ryb1WqfZbV+M= github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2/go.mod h1:X+DIyUsaTmalOpmpQfIvFZjKHQedrURQ5t4YqquX7lE= github.com/hyperledger/fabric-protos-go v0.3.3 h1:0nssqz8QWJNVNBVQz+IIfAd2j1ku7QPKFSM/1anKizI= diff --git a/tools/idemixgen/idemixca/iedmixca_aries.go b/tools/idemixgen/idemixca/iedmixca_aries.go index 33bf6ed..faa9687 100644 --- a/tools/idemixgen/idemixca/iedmixca_aries.go +++ b/tools/idemixgen/idemixca/iedmixca_aries.go @@ -14,8 +14,8 @@ import ( bccsp "github.com/IBM/idemix/bccsp/types" im "github.com/IBM/idemix/idemixmsp" math "github.com/IBM/mathlib" - "github.com/ale-linux/aries-framework-go/component/kmscrypto/crypto/primitive/bbs12381g2pub" "github.com/golang/protobuf/proto" + "github.com/hyperledger/aries-bbs-go/bbs" "github.com/pkg/errors" ) @@ -79,7 +79,7 @@ func GenerateSignerConfigAries( credentialSigner := &aries.Cred{ Curve: curve, - Bls: bbs12381g2pub.New(curve), + BBS: bbs.New(curve), } revocationAuthority := &aries.RevocationAuthority{