diff --git a/CITATION.cff b/CITATION.cff index 77f9096..15e9a55 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -14,6 +14,9 @@ authors: - given-names: Stephan family-names: Schmiedmayer affiliation: Technical University of Munich + - given-names: Christoph + family-names: Britsch + affiliation: Technical University of Munich repository-code: 'https://github.com/Fraunhofer-AISEC/libbbs' url: 'https://fraunhofer-aisec.github.io/libbbs/' abstract: >- diff --git a/CMakeLists.txt b/CMakeLists.txt index 6866d37..72b42a3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -43,6 +43,6 @@ add_subdirectory(src) add_subdirectory(test) install(TARGETS bbs) -install(FILES include/bbs.h TYPE INCLUDE) +install(FILES include/bbs.h include/bbs_blind.h include/bbs_blind_with_nym.h TYPE INCLUDE) install(DIRECTORY doc/man3 doc/man7 TYPE MAN) diff --git a/README.md b/README.md index 0793914..0308fa1 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,14 @@ # libbbs -Specification-compliant and performant C implementation of the [BBS signature scheme](https://datatracker.ietf.org/doc/draft-irtf-cfrg-bbs-signatures/) with little to no third party dependencies.[^1] +Specification-compliant and performant C implementation of the [BBS signature scheme](https://datatracker.ietf.org/doc/draft-irtf-cfrg-bbs-signatures/) and its extensions, with little to no third party dependencies.[^1] -Provides a library `libbbs` implementing the `BLS12-381-SHA-256` and `BLS12-381-SHAKE-256` cipher suite. +Provides a library `libbbs` implementing three layers of functionality: -The API is documented in `include/bbs.h` and the manual. See +- **BBS signatures** ([draft-irtf-cfrg-bbs-signatures](https://datatracker.ietf.org/doc/draft-irtf-cfrg-bbs-signatures/)) — multi-message signatures with selective disclosure proofs. Cipher suites: `BLS12-381-SHA-256` and `BLS12-381-SHAKE-256`. +- **Blind BBS signatures** ([draft-irtf-cfrg-bbs-blind-signatures-02](https://www.ietf.org/archive/id/draft-irtf-cfrg-bbs-blind-signatures-02.html)) — extends BBS to allow messages unknown to the signer to be included in the signature via a commitment. Cipher suites: `BLS12-381-BLIND-SHA-256` and `BLS12-381-BLIND-SHAKE-256`. +- **BBS with per-verifier pseudonyms** ([draft-irtf-cfrg-bbs-per-verifier-linkability-02](https://www.ietf.org/archive/id/draft-irtf-cfrg-bbs-per-verifier-linkability-02.html)) — extends blind BBS to bind prover-controlled secrets into the signature, enabling stable per-verifier pseudonyms without revealing the prover's identity across contexts. Cipher suites: `BLS12-381-BLIND-NYM-SHA-256` and `BLS12-381-BLIND-NYM-SHAKE-256`. + +The API is documented in `include/bbs.h`, `include/bbs_blind.h`, `include/bbs_blind_with_nym.h`, and the manual. See [**bbs**(7)](https://fraunhofer-aisec.github.io/libbbs/). [^1]: The calling application needs to provide a source of randomness via diff --git a/doc/man3/bbs_blind_commit.3 b/doc/man3/bbs_blind_commit.3 new file mode 100644 index 0000000..66bd78e --- /dev/null +++ b/doc/man3/bbs_blind_commit.3 @@ -0,0 +1,107 @@ +.TH bbs_blind_commit 3 2026-03-10 libbbs +.SH NAME +bbs_blind_commit \- create a commitment for blind BBS signatures +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_commit(" "size_t num_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " void * " commitment_with_proof "," +.BI " uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]);" +.fi +.SH DESCRIPTION +The +.BR bbs_blind_commit () +function creates a commitment over the +.I num_messages +messages in +.I messages, +whose lengths in bytes are given in +.I message_lens. +The commitment is the first step of the blind BBS protocol and is performed by +the prover before requesting a signature from the signer. +.P +The function produces two outputs. +The +.I commitment_with_proof +is sent to the signer as input to +.BR bbs_blind_sign (3). +It does not reveal the committed messages. +The caller must allocate +.I BBS_BLIND_COMMITMENT_LEN(num_messages) +bytes for this buffer. +.P +The +.I secret_prover_blind +is a +.B BBS_BLIND_SECRET_PROVER_BLIND_LEN +byte value that must be kept secret by the prover. +It is required later by +.BR bbs_blind_proof_gen (3) +and must be erased with +.BR memset_explicit (3) +after proof generation is complete. +Disclosing the +.I secret_prover_blind +allows recovery of the committed messages from the blind signature. +.P +This function takes a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +This function is compatible with +.B bbs_blind_sha256_ciphersuite +and +.B bbs_blind_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which may change +in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_commit () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_commit () +function implements the algorithm from +.I draft-irtf-cfrg-bbs-blind-signatures-02. +.SH CAVEATS +The +.BR bbs_blind_commit () +function emits a call to the POSIX 2024.1-2024 function +.BR getentropy (3). +On non-POSIX systems, this function has to be provided by the application at +link-time. +.SH SEE ALSO +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_blind_sign (3), +.BR bbs_blind_proof_gen (3), +.BR getentropy (3) diff --git a/doc/man3/bbs_blind_commit_with_nym.3 b/doc/man3/bbs_blind_commit_with_nym.3 new file mode 100644 index 0000000..3eff84c --- /dev/null +++ b/doc/man3/bbs_blind_commit_with_nym.3 @@ -0,0 +1,112 @@ +.TH bbs_blind_commit_with_nym 3 2026-03-14 libbbs +.SH NAME +bbs_blind_commit_with_nym \- create a commitment for blind BBS signatures with pseudonyms +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_commit_with_nym(" "size_t num_messages, num_prover_nyms;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " void * " commitment_with_proof "," +.BI " uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]," +.BI " size_t " num_prover_nyms "," +.BI " const void *const " prover_nyms [ num_prover_nyms "]);" +.fi +.SH DESCRIPTION +The +.BR bbs_blind_commit_with_nym () +function extends +.BR bbs_blind_commit (3) +by additionally committing to one or more prover-controlled pseudonym values. +The +.I num_prover_nyms +values in +.I prover_nyms +are committed alongside the +.I num_messages +regular committed messages. +The signer never learns either. +For a description of the commitment mechanism, the outputs, and the +sensitivity of the +.IR secret_prover_blind , +see +.BR bbs_blind_commit (3). +.P +The caller must allocate +.I BBS_BLIND_COMMITMENT_LEN(num_messages + num_prover_nyms) +bytes for +.IR commitment_with_proof . +.P +If no regular committed messages are needed, +.I num_messages +may be zero and +.I messages +and +.I message_lens +may be NULL. +.I num_prover_nyms +must be at least one. +.P +This function takes a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +This function is compatible with +.B bbs_blind_nym_sha256_ciphersuite +and +.B bbs_blind_nym_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which may change +in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_commit_with_nym () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_commit_with_nym () +function implements the +.I CommitWithNym +algorithm from +.IR draft-irtf-cfrg-bbs-per-verifier-linkability-02 . +.SH CAVEATS +The +.BR bbs_blind_commit_with_nym () +function emits a call to the POSIX 2024.1-2024 function +.BR getentropy (3). +On non-POSIX systems, this function has to be provided by the application at +link-time. +.SH SEE ALSO +.BR bbs_blind_with_nym (7), +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_blind_commit (3), +.BR bbs_blind_sign_with_nym (3), +.BR bbs_blind_proof_gen_with_nym (3), +.BR getentropy (3) diff --git a/doc/man3/bbs_blind_proof_gen.3 b/doc/man3/bbs_blind_proof_gen.3 new file mode 100644 index 0000000..4c2f8dc --- /dev/null +++ b/doc/man3/bbs_blind_proof_gen.3 @@ -0,0 +1,180 @@ +.TH bbs_blind_proof_gen 3 2026-03-10 libbbs +.SH NAME +bbs_blind_proof_gen, bbs_blind_proof_verify \- create and verify blind BBS +selective disclosure proofs +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_proof_gen(" "size_t num_messages, num_committed_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " const bbs_signature " signature ", void * " proof "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " presentation_header ", size_t " presentation_header_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]," +.BI " size_t " num_committed_messages "," +.BI " const void *const " committed_messages [ num_committed_messages "]," +.BI " const size_t " committed_message_lens [ num_committed_messages "]," +.BI " size_t " num_disclosed_indexes "," +.BI " const size_t " disclosed_indexes [ num_disclosed_indexes "]," +.BI " size_t " num_disclosed_committed_indexes "," +.BI " const size_t " disclosed_committed_indexes [ num_disclosed_committed_indexes "]," +.BI " const uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]);" +.P +.BR "int bbs_blind_proof_verify(" "size_t num_signer_known_messages," +.BI " num_disclosed_messages, num_disclosed_committed_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " const void * " proof ", size_t " proof_len "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " presentation_header ", size_t " presentation_header_len "," +.BI " size_t " num_signer_known_messages "," +.BI " size_t " num_disclosed_messages "," +.BI " const void *const " disclosed_messages [ num_disclosed_messages "]," +.BI " const size_t " disclosed_message_lens [ num_disclosed_messages "]," +.BI " const size_t " disclosed_indexes [ num_disclosed_messages "]," +.BI " size_t " num_disclosed_committed_messages "," +.BI " const void *const " disclosed_committed_messages [ num_disclosed_committed_messages "]," +.BI " const size_t " disclosed_committed_message_lens [ num_disclosed_committed_messages "]," +.BI " const size_t " disclosed_committed_indexes [ num_disclosed_committed_messages "]);" +.fi +.SH DESCRIPTION +The blind BBS proof functions create and verify selective disclosure proofs +from a blind BBS signature. +The proof can disclose any subset of the signer-known messages and any subset +of the committed messages, without revealing the remaining messages or the +signature itself. +.P +The special message +.I header +of length +.I header_len +bytes must always be disclosed. +With every proof, an optional message +.I presentation_header +of length +.I presentation_header_len +bytes may be authenticated. +This can be used to prevent replay of proofs by incorporating a challenge +nonce. +.P +The length in bytes of a blind BBS proof depends on the number of undisclosed +messages and is given by +.IR BBS_PROOF_LEN(num_undisclosed) , +where +.I num_undisclosed +is the total number of messages not disclosed, counting both signer-known and +committed messages, plus one for the secret_prover_blind. +.P +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_blind_sha256_ciphersuite +and +.B bbs_blind_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SS bbs_blind_proof_gen() +Creates a selective disclosure proof from a valid blind signature. +The full set of signer-known messages must be provided in +.I messages +and the full set of committed messages in +.IR committed_messages , +both in the same order as during the signature operation. +The indices of the signer-known messages to disclose are given in ascending +order in +.IR disclosed_indexes , +and the indices of the committed messages to disclose in +.IR disclosed_committed_indexes . +The +.I secret_prover_blind +produced by +.BR bbs_blind_commit (3) +must be provided. +If no commitment was used, +.I secret_prover_blind +may be NULL. +The result is stored in +.IR proof . +.SS bbs_blind_proof_verify() +Verifies that +.I proof +of length +.I proof_len +bytes was created from a valid blind signature over a set of messages +authenticated with +.IR pk . +Only the disclosed messages are required. +The +.I num_signer_known_messages +parameter gives the total number of signer-known messages the signature +covers, including those not disclosed. +.P +The +.I num_disclosed_messages +messages in +.I disclosed_messages +correspond to the indices in +.IR disclosed_indexes . +The +.I num_disclosed_committed_messages +messages in +.I disclosed_committed_messages +correspond to the indices in +.IR disclosed_committed_indexes . +All index arrays must be in ascending order. +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which +may change in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_proof_gen (), +.BR bbs_blind_proof_verify () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_proof_gen () +and +.BR bbs_blind_proof_verify () +functions implement the corresponding algorithms from +.I draft-irtf-cfrg-bbs-blind-signatures-02. +.SH CAVEATS +The +.BR bbs_blind_proof_gen () +function emits a call to the POSIX 2024.1-2024 function +.BR getentropy (3). +On non-POSIX systems, this function has to be provided by the application at +link-time. +.SH SEE ALSO +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_keygen (3), +.BR bbs_blind_commit (3), +.BR bbs_blind_sign (3), +.BR getentropy (3) diff --git a/doc/man3/bbs_blind_proof_gen_with_nym.3 b/doc/man3/bbs_blind_proof_gen_with_nym.3 new file mode 100644 index 0000000..77a3761 --- /dev/null +++ b/doc/man3/bbs_blind_proof_gen_with_nym.3 @@ -0,0 +1,170 @@ +.TH bbs_blind_proof_gen_with_nym 3 2026-03-14 libbbs +.SH NAME +bbs_blind_proof_gen_with_nym, bbs_blind_proof_verify_with_nym \- create and +verify blind BBS selective disclosure proofs with pseudonyms +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_proof_gen_with_nym(" "size_t num_messages, num_committed_messages, num_nym_secrets;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " const bbs_signature " signature "," +.BI " void * " proof ", bbs_pseudonym " pseudonym "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " presentation_header ", size_t " presentation_header_len "," +.BI " const void * " context_id ", size_t " context_id_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]," +.BI " size_t " num_committed_messages "," +.BI " const void *const " committed_messages [ num_committed_messages "]," +.BI " const size_t " committed_message_lens [ num_committed_messages "]," +.BI " size_t " num_disclosed_indexes "," +.BI " const size_t " disclosed_indexes [ num_disclosed_indexes "]," +.BI " size_t " num_disclosed_committed_indexes "," +.BI " const size_t " disclosed_committed_indexes [ num_disclosed_committed_indexes "]," +.BI " const uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]," +.BI " size_t " num_nym_secrets "," +.BI " const void *const " nym_secrets [ num_nym_secrets "]);" +.P +.BR "int bbs_blind_proof_verify_with_nym(" "size_t num_signer_known_messages," +.BI " num_disclosed_messages, num_disclosed_committed_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " bbs_pseudonym " pseudonym "," +.BI " const void * " proof ", size_t " proof_len "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " presentation_header ", size_t " presentation_header_len "," +.BI " const void * " context_id ", size_t " context_id_len "," +.BI " size_t " length_nym_vector "," +.BI " size_t " num_signer_known_messages "," +.BI " size_t " num_disclosed_messages "," +.BI " const void *const " disclosed_messages [ num_disclosed_messages "]," +.BI " const size_t " disclosed_message_lens [ num_disclosed_messages "]," +.BI " const size_t " disclosed_indexes [ num_disclosed_messages "]," +.BI " size_t " num_disclosed_committed_messages "," +.BI " const void *const " disclosed_committed_messages [ num_disclosed_committed_messages "]," +.BI " const size_t " disclosed_committed_message_lens [ num_disclosed_committed_messages "]," +.BI " const size_t " disclosed_committed_indexes [ num_disclosed_committed_messages "]);" +.fi +.SH DESCRIPTION +These functions extend +.BR bbs_blind_proof_gen (3) +and +.BR bbs_blind_proof_verify (3) +to produce and verify proofs that include a per-verifier pseudonym. +For a description of the general blind proof flow, selective disclosure, +.IR proof_len , +.IR presentation_header , +and index ordering, see +.BR bbs_blind_proof_gen (3). +For a description of nym_secrets, the context_id, and pseudonyms, see +.BR bbs_blind_with_nym (7). +.P +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_blind_nym_sha256_ciphersuite +and +.B bbs_blind_nym_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SS bbs_blind_proof_gen_with_nym() +Extends +.BR bbs_blind_proof_gen () +with two additional features. +First, the +.I num_nym_secrets +nym_secrets in +.I nym_secrets +(as recovered by +.BR bbs_blind_verify_with_nym (3) +) are included in the proof as undisclosed committed values. +Second, a pseudonym is computed from the nym_secrets and the +.I context_id +and written to +.IR pseudonym . +The pseudonym is an output. +.P +The nym_secrets must not be added to the disclosed index arrays. +.P +The proof length is given by +.I BBS_PROOF_LEN(num_undisclosed) +where +.I num_undisclosed +counts all undisclosed signer-known messages, all undisclosed committed +messages, the secret_prover_blind, and all nym_secrets. +.SS bbs_blind_proof_verify_with_nym() +Extends +.BR bbs_blind_proof_verify () +to also verify the pseudonym. +.I pseudonym +must be the value produced by +.BR bbs_blind_proof_gen_with_nym () +for the same prover and context. +.I context_id +must match the value used during proof generation. +.I length_nym_vector +is the total number of nym_secrets covered by the proof, equal to the +.I num_prover_nyms +value used during +.BR bbs_blind_commit_with_nym (3). +.P +The nym_secrets themselves are not required by the verifier. +The function confirms that the pseudonym in +.I pseudonym +was correctly derived from secrets that are covered by the signature. +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which may change +in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_proof_gen_with_nym (), +.BR bbs_blind_proof_verify_with_nym () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_proof_gen_with_nym () +and +.BR bbs_blind_proof_verify_with_nym () +functions implement the corresponding algorithms from +.IR draft-irtf-cfrg-bbs-per-verifier-linkability-02 . +.SH CAVEATS +The +.BR bbs_blind_proof_gen_with_nym () +function emits a call to the POSIX 2024.1-2024 function +.BR getentropy (3). +On non-POSIX systems, this function has to be provided by the application at +link-time. +.SH SEE ALSO +.BR bbs_blind_with_nym (7), +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_keygen (3), +.BR bbs_blind_commit_with_nym (3), +.BR bbs_blind_sign_with_nym (3), +.BR getentropy (3) diff --git a/doc/man3/bbs_blind_proof_verify.3 b/doc/man3/bbs_blind_proof_verify.3 new file mode 120000 index 0000000..dce46ae --- /dev/null +++ b/doc/man3/bbs_blind_proof_verify.3 @@ -0,0 +1 @@ +bbs_blind_proof_gen.3 \ No newline at end of file diff --git a/doc/man3/bbs_blind_proof_verify_with_nym.3 b/doc/man3/bbs_blind_proof_verify_with_nym.3 new file mode 120000 index 0000000..865ae5c --- /dev/null +++ b/doc/man3/bbs_blind_proof_verify_with_nym.3 @@ -0,0 +1 @@ +bbs_blind_proof_gen_with_nym.3 \ No newline at end of file diff --git a/doc/man3/bbs_blind_sign.3 b/doc/man3/bbs_blind_sign.3 new file mode 100644 index 0000000..1cf47d4 --- /dev/null +++ b/doc/man3/bbs_blind_sign.3 @@ -0,0 +1,144 @@ +.TH bbs_blind_sign 3 2026-03-10 libbbs +.SH NAME +bbs_blind_sign, bbs_blind_verify \- create and verify blind BBS signatures +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_sign(" "size_t num_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_secret_key " sk ", const bbs_public_key " pk "," +.BI " bbs_signature " signature "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " commitment_with_proof ", size_t " commitment_with_proof_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]);" +.P +.BR "int bbs_blind_verify(" "size_t num_messages, num_committed_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " const bbs_signature " signature "," +.BI " const void * " header ", size_t " header_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]," +.BI " size_t " num_committed_messages "," +.BI " const void *const " committed_messages [ num_committed_messages "]," +.BI " const size_t " committed_message_lens [ num_committed_messages "]," +.BI " const uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]);" +.fi +.SH DESCRIPTION +The blind BBS signature functions create and verify a BBS signature that covers +both signer-known messages and messages committed to by the prover, where the +committed messages are not revealed to the signer. +.P +The special message +.I header +of length +.I header_len +bytes must always be disclosed to verifiers. +Like all BBS signatures, the +.I signature +is considered sensitive and must not be disclosed. +See +.BR bbs_blind (7) +for a full explanation. +.P +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_blind_sha256_ciphersuite +and +.B bbs_blind_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SS bbs_blind_sign() +Signs the +.I num_messages +signer-known messages in +.I messages +together with the committed messages encoded in +.I commitment_with_proof +of length +.I commitment_with_proof_len +bytes, as produced by +.BR bbs_blind_commit (3). +The function verifies the commitment-with-proof before signing. +If +.I commitment_with_proof +is NULL or +.I commitment_with_proof_len +is zero, the function produces a regular signature over the signer-known +messages only. +The result is stored in +.IR signature . +.SS bbs_blind_verify() +Verifies that +.I signature +is valid over the +.I num_messages +signer-known messages in +.I messages +and the +.I num_committed_messages +committed messages in +.I committed_messages, +using the public key +.IR pk . +The +.I secret_prover_blind +produced by +.BR bbs_blind_commit (3) +must be provided. +If no commitment was used, +.I secret_prover_blind +may be NULL and +.I num_committed_messages +may be zero. +Messages must be provided in the same order as during +.BR bbs_blind_sign (). +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which may change +in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_sign (), +.BR bbs_blind_verify () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_sign () +and +.BR bbs_blind_verify () +functions implement the corresponding algorithms from +.I draft-irtf-cfrg-bbs-blind-signatures-02. +.SH SEE ALSO +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_keygen (3), +.BR bbs_blind_commit (3), +.BR bbs_blind_proof_gen (3), diff --git a/doc/man3/bbs_blind_sign_with_nym.3 b/doc/man3/bbs_blind_sign_with_nym.3 new file mode 100644 index 0000000..208c8ce --- /dev/null +++ b/doc/man3/bbs_blind_sign_with_nym.3 @@ -0,0 +1,150 @@ +.TH bbs_blind_sign_with_nym 3 2026-03-14 libbbs +.SH NAME +bbs_blind_sign_with_nym, bbs_blind_verify_with_nym \- create and verify blind +BBS signatures with pseudonyms +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH SYNOPSIS +.nf +.B #include +.P +.BR "int bbs_blind_sign_with_nym(" "size_t num_messages;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_secret_key " sk ", const bbs_public_key " pk "," +.BI " bbs_signature " signature "," +.BI " const void * " signer_nym_entropy ", size_t " length_nym_vector "," +.BI " const void * " header ", size_t " header_len "," +.BI " const void * " commitment_with_proof ", size_t " commitment_with_proof_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]);" +.P +.BR "int bbs_blind_verify_with_nym(" "size_t num_messages, num_committed_messages, num_pseudonyms;" +.BI " const bbs_ciphersuite * " ciphersuite "," +.BI " const bbs_public_key " pk "," +.BI " const bbs_signature " signature "," +.BI " const void * " header ", size_t " header_len "," +.BI " size_t " num_messages "," +.BI " const void *const " messages [ num_messages "]," +.BI " const size_t " message_lens [ num_messages "]," +.BI " size_t " num_committed_messages "," +.BI " const void *const " committed_messages [ num_committed_messages "]," +.BI " const size_t " committed_message_lens [ num_committed_messages "]," +.BI " const uint8_t " secret_prover_blind "[BBS_BLIND_SECRET_PROVER_BLIND_LEN]," +.BI " const void * " signer_nym_entropy "," +.BI " size_t " num_pseudonyms "," +.BI " const void *const " prover_nyms [ num_pseudonyms "]," +.BI " void *const " nym_secrets [ num_pseudonyms "]);" +.fi +.SH DESCRIPTION +These functions extend +.BR bbs_blind_sign (3) +and +.BR bbs_blind_verify (3) +to support per-verifier pseudonyms. +For a description of the general blind signing flow, the +.IR commitment_with_proof , +.IR secret_prover_blind , +.IR header , +and the sensitivity of the signature, see +.BR bbs_blind_sign (3). +For a description of nym_secrets, the signer_nym_entropy, and pseudonyms, see +.BR bbs_blind_with_nym (7). +.P +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_blind_nym_sha256_ciphersuite +and +.B bbs_blind_nym_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). +.SS bbs_blind_sign_with_nym() +Extends +.BR bbs_blind_sign () +by incorporating +.I signer_nym_entropy +into the signature. +This binds the signer's contribution to the prover_nyms that the prover +committed, preventing a dishonest prover from manipulating their pseudonym. +.I length_nym_vector +is the number of prover_nyms committed via +.BR bbs_blind_commit_with_nym (3). +.I signer_nym_entropy +must be a freshly generated random value for each signing operation. It does +not need to be kept secret after signing. +Otherwise the parameters and behaviour are identical to +.BR bbs_blind_sign (3). +.SS bbs_blind_verify_with_nym() +Extends +.BR bbs_blind_verify () +by recovering the nym_secrets from the signature. +In addition to verifying the signature over the signer-known and committed +messages, the function derives and writes the nym_secrets into the +.I nym_secrets +output array. +The caller must provide +.I num_pseudonyms +pre-allocated 32-byte buffers in +.IR nym_secrets . +.P +.I prover_nyms +provides the values originally passed as +.I prover_nyms +to +.BR bbs_blind_commit_with_nym (3), +in the same order. +.I signer_nym_entropy +must match the value used during +.BR bbs_blind_sign_with_nym (). +.P +The recovered +.I nym_secrets +are sensitive and must be stored securely by the prover for use with +.BR bbs_blind_proof_gen_with_nym (3). +They should be erased with +.BR memset_explicit (3) +when the credential is revoked or abandoned. +.SH RETURN VALUE +Returns +.B BBS_OK +on success. +All other return values denote an error, the exact meaning of which may change +in the future. +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attribute (7). +.TS +allbox; +lbx lb lb +l l l. +Interface Attribute Value +T{ +.na +.nh +.BR bbs_blind_sign_with_nym (), +.BR bbs_blind_verify_with_nym () +T} Thread safety MT-Safe +.TE +.SH STANDARDS +The +.BR bbs_blind_sign_with_nym () +and +.BR bbs_blind_verify_with_nym () +functions implement the corresponding algorithms from +.IR draft-irtf-cfrg-bbs-per-verifier-linkability-02 . +.SH SEE ALSO +.BR bbs_blind_with_nym (7), +.BR bbs_blind (7), +.BR bbs_ciphersuite (3type), +.BR bbs_keygen (3), +.BR bbs_blind_commit_with_nym (3), +.BR bbs_blind_proof_gen_with_nym (3), diff --git a/doc/man3/bbs_blind_verify.3 b/doc/man3/bbs_blind_verify.3 new file mode 120000 index 0000000..7888b90 --- /dev/null +++ b/doc/man3/bbs_blind_verify.3 @@ -0,0 +1 @@ +bbs_blind_sign.3 \ No newline at end of file diff --git a/doc/man3/bbs_blind_verify_with_nym.3 b/doc/man3/bbs_blind_verify_with_nym.3 new file mode 120000 index 0000000..06630e1 --- /dev/null +++ b/doc/man3/bbs_blind_verify_with_nym.3 @@ -0,0 +1 @@ +bbs_blind_sign_with_nym.3 \ No newline at end of file diff --git a/doc/man3/bbs_ciphersuite.3type b/doc/man3/bbs_ciphersuite.3type index f2e4a73..f2eaaa9 100644 --- a/doc/man3/bbs_ciphersuite.3type +++ b/doc/man3/bbs_ciphersuite.3type @@ -12,6 +12,16 @@ BBS Signatures .P .BI "extern const bbs_ciphersuite *const " bbs_sha256_ciphersuite ";" .BI "extern const bbs_ciphersuite *const " bbs_shake256_ciphersuite ";" +.P +.B #include +.P +.BI "extern const bbs_ciphersuite *const " bbs_blind_sha256_ciphersuite ";" +.BI "extern const bbs_ciphersuite *const " bbs_blind_shake256_ciphersuite ";" +.P +.B #include +.P +.BI "extern const bbs_ciphersuite *const " bbs_blind_nym_sha256_ciphersuite ";" +.BI "extern const bbs_ciphersuite *const " bbs_blind_nym_shake256_ciphersuite ";" .fi .SH DESCRIPTION The BBS signature scheme is defined in terms of hash functions and elliptic @@ -31,23 +41,86 @@ The exact choice of ciphersuite is irrelevant for most applications. However, applications must choose the same one to interoperate. Multiple choices are provided mainly to facilitate the implementation of protocols with distinct preferences. +.SS Ciphersuite compatibility +Each family of functions requires a matching ciphersuite. +Functions from +.I +must be used with +.B bbs_sha256_ciphersuite +or +.BR bbs_shake256_ciphersuite . +Functions from +.I +must be used with +.B bbs_blind_sha256_ciphersuite +or +.BR bbs_blind_shake256_ciphersuite . +Functions from +.I +must be used with +.B bbs_blind_nym_sha256_ciphersuite +or +.BR bbs_blind_nym_shake256_ciphersuite . +Passing a ciphersuite from the wrong family to a function will produce an error. .P -The currently supported ciphersuites are as follows: -.SS bbs_sha256_ciphersuite +Key generation is the sole exception. +Keys generated with any ciphersuite are interoperable across all ciphersuites +and all function families. +See +.BR bbs_keygen (3). +.SS SHA-256 variants +.TP +.B bbs_sha256_ciphersuite Implements the .I BLS12-381-SHA-256 -ciphersuite, using the elliptic curve BLS12-381 and the sha2-256 hash function +ciphersuite, using the elliptic curve BLS12-381 and the SHA-256 hash function in extensible message digest (XMD) mode. -.SS bbs_shake256_ciphersuite +For use with functions from +.IR . +.TP +.B bbs_blind_sha256_ciphersuite +The blind BBS variant of the SHA-256 ciphersuite. +For use with functions from +.IR . +.TP +.B bbs_blind_nym_sha256_ciphersuite +The per-verifier pseudonym variant of the SHA-256 ciphersuite. +For use with functions from +.IR . +.SS SHAKE-256 variants +.TP +.B bbs_shake256_ciphersuite Implements the .I BLS12-381-SHAKE-256 -ciphersuite, using the elliptic curve BLS12-381 and the shake256 extendable +ciphersuite, using the elliptic curve BLS12-381 and the SHAKE-256 extendable output function (XOF). +For use with functions from +.IR . +.TP +.B bbs_blind_shake256_ciphersuite +The blind BBS variant of the SHAKE-256 ciphersuite. +For use with functions from +.IR . +.TP +.B bbs_blind_nym_shake256_ciphersuite +The per-verifier pseudonym variant of the SHAKE-256 ciphersuite. +For use with functions from +.IR . .SH STANDARDS -The currently implemented ciphersuites correspond to -.I draft-irtf-cfrg-bbs-signatures-09. +The base ciphersuites correspond to +.IR draft-irtf-cfrg-bbs-signatures-09 . +The blind ciphersuites correspond to +.IR draft-irtf-cfrg-bbs-blind-signatures-02 . +The blind-with-pseudonym ciphersuites correspond to +.IR draft-irtf-cfrg-bbs-per-verifier-linkability-02 . .SH SEE ALSO .BR bbs (7), +.BR bbs_blind (7), +.BR bbs_blind_with_nym (7), .BR bbs_keygen (3), .BR bbs_sign (3), .BR bbs_proof_gen (3), +.BR bbs_blind_sign (3), +.BR bbs_blind_proof_gen (3), +.BR bbs_blind_sign_with_nym (3), +.BR bbs_blind_proof_gen_with_nym (3) diff --git a/doc/man3/bbs_keygen.3 b/doc/man3/bbs_keygen.3 index b77fa46..e2a3f07 100644 --- a/doc/man3/bbs_keygen.3 +++ b/doc/man3/bbs_keygen.3 @@ -25,6 +25,16 @@ family of functions is used to generate signature key pairs for use with the BBS signature scheme. All functions take a pointer to a .BR bbs_ciphersuite (3type) to use, which determines several parameters for the scheme. +Key generation is compatible with all ciphersuites across all function families. +A key pair generated with any ciphersuite may be used equally with functions +from +.IR , +.IR , +or +.IR , +and vice-versa. +The ciphersuite passed to key generation does not restrict which functions the +resulting key pair may be used with. .SS bbs_keygen() The .BR bbs_keygen () @@ -155,5 +165,7 @@ int main(void) { .EE .SH SEE ALSO .BR bbs (7), +.BR bbs_blind (7), +.BR bbs_blind_with_nym (7), .BR bbs_ciphersuite (3type), .BR getentropy (3) diff --git a/doc/man3/bbs_proof_gen.3 b/doc/man3/bbs_proof_gen.3 index 4bbf30c..2a3170f 100644 --- a/doc/man3/bbs_proof_gen.3 +++ b/doc/man3/bbs_proof_gen.3 @@ -76,10 +76,22 @@ is the number of messages you do not wish to disclose, given by All functions take a pointer to a .BR bbs_ciphersuite (3type) to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_sha256_ciphersuite +and +.B bbs_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). .SS bbs_proof_gen() The .BR bbs_proof_gen () -function creates a selective disclosure proof +function creates a selective disclosure proof .I proof given a public key .I pk diff --git a/doc/man3/bbs_sign.3 b/doc/man3/bbs_sign.3 index 986cc79..4e2d049 100644 --- a/doc/man3/bbs_sign.3 +++ b/doc/man3/bbs_sign.3 @@ -47,6 +47,18 @@ bytes will always have to be disclosed if present. All functions take a pointer to a .BR bbs_ciphersuite (3type) to use, which determines several parameters for the scheme. +These functions are compatible with +.B bbs_sha256_ciphersuite +and +.B bbs_shake256_ciphersuite +only. +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). .SS bbs_sign() Sign the given .I messages diff --git a/doc/man7/bbs.7 b/doc/man7/bbs.7 index f34d499..8a02273 100644 --- a/doc/man7/bbs.7 +++ b/doc/man7/bbs.7 @@ -72,17 +72,28 @@ See the .I presentation_header parameter in .BR bbs_proof_gen (3). + .SS bbs_ciphersuite The BBS signature scheme requires several internal parameters which are bundled in cipher suites. Typically, any given protocol will only use one such cipher suite at any given time. Applications should not worry about the exact choice -presently, but need to use the same one for interoperability. +presently, but need to use the same one for interoperability. The base BBS +signature scheme uses distinct ciphersuites from the blind and the per-verifier +BBS extension schemes. .P The currently implemented cipher suites are: .IP bbs_sha256_ciphersuite The BLS12-381-SHA-256 ciphersuite .IP bbs_shake256_ciphersuite The BLS12-381-SHAKE-256 ciphersuite +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). + .SH FUNCTION OVERVIEW .SS bbs_keygen() .SS bbs_sk_to_pk() @@ -184,7 +195,7 @@ Some functions emit a call to the POSIX 2024.1-2024 function On non-POSIX systems, this function has to be provided by the application at link-time. .SH REPORTING BUGS -Bugs can be reported at +Bugs can be reported at .UR https://github.com/Fraunhofer-AISEC/libbbs .UE . .SH SEE ALSO diff --git a/doc/man7/bbs_blind.7 b/doc/man7/bbs_blind.7 new file mode 100644 index 0000000..4795ff4 --- /dev/null +++ b/doc/man7/bbs_blind.7 @@ -0,0 +1,265 @@ +.TH bbs_blind 7 2026-03-16 libbbs +.SH NAME +bbs_blind \- libbbs: blind BBS signatures and selective disclosure proofs +.SH LIBRARY +BBS Signatures +.RI ( libbbs, \~ \-lbbs ) +.SH INTRODUCTION +This page describes the blind BBS extension of +.BR libbbs . +Readers unfamiliar with the base BBS scheme should first read +.BR bbs (7). +All functions and types described here are defined in +.IR . +.P +In the base BBS scheme, the signer knows all messages before signing. +Blind BBS relaxes this constraint: the +.I prover +(the party who will later prove possession of the signature) +can include messages in the signature that the +.I signer +never sees. +The signer signs a +.I commitment +to those hidden messages without learning their content. +.SH CONCEPTS +.SS Keys +Blind BBS does not have its own key generation functions. +The same key pair produced by +.BR bbs_keygen (3) +or +.BR bbs_keygen_full (3) +is used across all blind BBS operations. +The secret key is required only by the signer for +.BR bbs_blind_sign (3). +The public key is required by all parties. +.SS The commitment +Before requesting a signature, the prover selects the messages they wish to +keep hidden from the signer. +These are called the +.IR "committed messages" . +The prover hashes them into a commitment together with a proof that the +commitment was formed honestly. +This blob is called the +.I commitment_with_proof +and is sent to the signer. +.P +.SS The secret_prover_blind +Alongside the commitment, +.BR bbs_blind_commit (3) +produces a 32-byte value called the +.IR secret_prover_blind . +The prover must keep this value +.IR secret . +It is used during proof generation to prevent the proof from leaking +information about the committed messages. +.P +Disclosing the +.I secret_prover_blind +to any other party would allow them to recover the committed messages from the +blind signature. +The +.I secret_prover_blind +must be treated with the same sensitivity as the committed messages themselves +and erased from memory after use. +.SS The blind signature +The signer calls +.BR bbs_blind_sign (3) +with their key pair, the commitment-with-proof, and any messages they wish to +add on their own (the +.IR "signer-known messages" ). +The result is a blind signature that cryptographically covers both the +signer-known messages and the committed messages, even though the signer has +only seen the latter in committed form. +.P +The blind signature is the same size as a regular BBS signature. +Like all BBS signatures, it must be kept +.IR secret . +See +.BR bbs (7) . +.SS Blind proof generation and verification +Once the prover holds the blind signature, they use +.BR bbs_blind_proof_gen (3) +to produce a selective disclosure proof, just as with the base BBS scheme. +The proof can selectively disclose any subset of the signer-known messages and +any subset of the committed messages. +.P +The verifier only receives the disclosed messages and needs to know the total +number of signer-known messages the signature covers. +All undisclosed messages remain hidden, and the +.I secret_prover_blind +is never transmitted. +.SH TYPES +Types not listed here are shared with the base BBS scheme. +See +.BR bbs (7). +.SS commitment_with_proof +A variable-length byte buffer produced by +.BR bbs_blind_commit (3). +Its length for a given number of committed messages can be computed with the +macro +.BR BBS_BLIND_COMMITMENT_LEN (num_committed_messages). +This buffer is sent to the signer as input to +.BR bbs_blind_sign (3). +It is not sensitive. +.SS secret_prover_blind +A 32-byte value produced alongside the commitment by +.BR bbs_blind_commit (3). +Its length is given by +.BR BBS_BLIND_SECRET_PROVER_BLIND_LEN . +It is +.I sensitive +and must be kept secret by the prover. +It is passed to +.BR bbs_blind_proof_gen (3) +and must be erased after the proof has been generated. +.SH FUNCTION OVERVIEW +.SS bbs_blind_commit() +Called by the prover. +Produces a +.I commitment_with_proof +and a +.I secret_prover_blind +from the committed messages. +The commitment is sent to the signer; the +.I secret_prover_blind +is retained by the prover. +.SS bbs_blind_sign() +Called by the signer. +Verifies the commitment-with-proof, then signs the commitment together with any +signer-known messages. +Returns a blind signature. +.SS bbs_blind_verify() +Called by the prover after receiving the blind signature. +Verifies that the signature is valid over all messages, both signer-known and +committed. +Requires the +.I secret_prover_blind +and the committed messages in plaintext. +.SS bbs_blind_proof_gen() +Called by the prover. +Produces a selective disclosure proof from the blind signature. +Takes the full set of both signer-known and committed messages, the +.IR secret_prover_blind , +and index arrays specifying which messages to disclose. +.SS bbs_blind_proof_verify() +Called by the verifier. +Verifies a selective disclosure proof. +Takes only the disclosed messages and the total number of signer-known messages. +The committed messages and the +.I secret_prover_blind +are not required. + +.SH CIPHER SUITES + +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +The blind BBS extension uses distinct cipher suites from the base scheme. +.IP bbs_blind_sha256_ciphersuite +The BLS12-381-SHA-256 blind ciphersuite. +.IP bbs_blind_shake256_ciphersuite +The BLS12-381-SHAKE-256 blind ciphersuite. +.P +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). + +.SH EXAMPLES +The following example commits to one hidden message, obtains a blind signature +over that message and one signer-known message, and then produces and verifies +a proof that discloses only the signer-known message. +.EX +#include +#include +#include +#include +\& +int main(void) { + const bbs_ciphersuite *s = bbs_blind_sha256_ciphersuite; +\& + bbs_secret_key sk; + bbs_public_key pk; + bbs_signature sig; +\& + const char *header = "example header"; + const char *ph = "presentation nonce"; + const char *msg = "signer-known message"; + const char *secret = "committed (hidden) message"; +\& + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(1)]; + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + uint8_t proof[BBS_PROOF_LEN(1)]; +\& + if (BBS_OK != bbs_keygen_full(s, sk, pk)) + return EXIT_FAILURE; +\& + /* Prover: commit to the hidden message */ + const void *committed_msgs[] = { secret }; + const size_t committed_lens[] = { strlen(secret) }; + if (BBS_OK != bbs_blind_commit(s, cwp, spb, 1, + committed_msgs, committed_lens)) + return EXIT_FAILURE; +\& + /* Signer: sign the commitment and one signer-known message */ + const void *signer_msgs[] = { msg }; + const size_t signer_lens[] = { strlen(msg) }; + if (BBS_OK != bbs_blind_sign(s, sk, pk, sig, + header, strlen(header), + cwp, sizeof(cwp), + 1, signer_msgs, signer_lens)) + return EXIT_FAILURE; +\& + /* Prover: verify the blind signature before using it */ + if (BBS_OK != bbs_blind_verify(s, pk, sig, + header, strlen(header), + 1, signer_msgs, signer_lens, + 1, committed_msgs, committed_lens, spb)) + return EXIT_FAILURE; +\& + /* Prover: generate a proof disclosing only the signer-known message */ + const size_t disclose_signer[] = { 0 }; + if (BBS_OK != bbs_blind_proof_gen(s, pk, sig, proof, + header, strlen(header), + ph, strlen(ph), + 1, signer_msgs, signer_lens, + 1, committed_msgs, committed_lens, + 1, disclose_signer, + 0, NULL, spb)) + return EXIT_FAILURE; +\& + /* Verifier: verify the proof with only the disclosed message */ + if (BBS_OK != bbs_blind_proof_verify(s, pk, proof, sizeof(proof), + header, strlen(header), + ph, strlen(ph), + 1, + 1, signer_msgs, signer_lens, + disclose_signer, + 0, NULL, NULL, NULL)) + return EXIT_FAILURE; +\& + memset_explicit(sk, 0, sizeof(sk)); + memset_explicit(sig, 0, sizeof(sig)); + memset_explicit(spb, 0, sizeof(spb)); +\& + puts("blind proof verified successfully"); + return EXIT_SUCCESS; +} +.EE +.SH CAVEATS +The same +.BR getentropy (3) +caveat from +.BR bbs (7) +applies here. +.SH SEE ALSO +.BR bbs (7), +.BR bbs_blind_commit (3), +.BR bbs_blind_sign (3), +.BR bbs_blind_proof_gen (3), +.BR bbs_blind_proof_verify (3), +.BR getentropy (3) diff --git a/doc/man7/bbs_blind_with_nym.7 b/doc/man7/bbs_blind_with_nym.7 new file mode 100644 index 0000000..76cb509 --- /dev/null +++ b/doc/man7/bbs_blind_with_nym.7 @@ -0,0 +1,317 @@ +.TH bbs_blind_with_nym 7 2026-03-14 libbbs +.SH NAME +bbs_blind_with_nym \- libbbs: blind BBS signatures with per-verifier pseudonyms +.SH LIBRARY +BBS Signatures +.RI ( libbbs ,\~ \-lbbs ) +.SH INTRODUCTION +This page describes the per-verifier pseudonym extension of +.BR libbbs . +Readers unfamiliar with BBS signatures should first read +.BR bbs (7), +and those unfamiliar with blind BBS should read +.BR bbs_blind (7). +All functions and types described here are defined in +.IR . +.P +Standard BBS proofs are +.IR unlinkable : +given any two proofs, there is no way to determine whether they came from the +same prover or the same signature. +This is desirable for privacy, but some applications need a verifier to +recognise presentations from the same prover over time, for example to +enforce access policies, prevent abuse, or maintain a persistent session, +without that verifier being able to correlate the prover's activity with any +other verifier. +.P +Per-verifier pseudonyms solve this problem. +The prover obtains a pseudonym that is stable for a given verifier context but +different for every other context. +The verifier can track presentations from the same prover within their own +context, but cannot collaborate with another verifier to link the prover's +identity across contexts. +.SH CONCEPTS +.SS Keys +Per-verifier pseudonyms use the same key pair as the rest of the library. +See +.BR bbs_keygen (3). +.SS The nym_secret +Before requesting a signature, the prover chooses one or more +.I nym_secrets. +These are secret values, chosen by the prover, that are committed into the +signature in the same way as committed messages in blind BBS. +The signer never learns them. +.P +The nym_secrets must be kept secret. +They are the prover's long-term identity material within any given verifier +context. +Erase them with +.BR memset_explicit (3) +when no longer needed. +.SS The context_id +Every verifier chooses a +.IR context_id , +which is an arbitrary byte string that identifies the verifier's domain or +purpose. +.P +A verifier who uses the same context_id across sessions will see the same +pseudonym from the same prover each time. +A verifier who uses a different context_id will see a completely unrelated +pseudonym, even for the same prover. +The context_id is not secret. +.SS The pseudonym +A +.I pseudonym +is a stable, verifier-specific identifier for the prover. +It is produced during proof generation and included in the proof. +.P +The pseudonym is stable: the same prover presenting to the same verifier +context always produces the same pseudonym. +The proof cryptographically demonstrates that the pseudonym was computed +correctly from secrets that are covered by the signature, without revealing +those secrets. +.P +The pseudonym is +.I not +secret. +It is given to the verifier as part of the proof. +.SS The signer_nym_entropy +The signer contributes an additional random value called +.I signer_nym_entropy +during signing. +This prevents the possibility of pseudonym collisions with any prover. +The signer_nym_entropy is not secret after signing, but it must be chosen +freshly and randomly for each signing operation. +.SS Relationship to blind BBS +The commitment step for per-verifier pseudonyms extends blind BBS commitment: +the prover commits to both regular committed messages and the nym_secrets in +a single commitment blob. +The signer, proof generation, and proof verification flows are otherwise +analogous to blind BBS. +See +.BR bbs_blind (7) +for a description of the commitment, secret_prover_blind, and the general +blind signing flow. +.SS Quantum Considerations +Standard BBS proofs provide everlasting unlinkability: even a future quantum +computer cannot link two proofs after the fact. +Per-verifier pseudonyms provide a weaker but still meaningful guarantee called +.IR "limited everlasting unlinkability" . +.P +Let +.I N +be the number of nym_secrets in the prover's commitment, and let +.I M +be the number of pseudonyms that colluding verifiers have collected, each +holding a distinct context_id. +In the presence of a cryptographically relevant quantum computer, pseudonyms +remain unlinkable as long as +.IR "N > M" , +that is, as long as the prover has not generated pseudonyms for more distinct +verifier contexts than they have nym_secrets. +.P +In practice this means that a prover who commits to +.I N +nym_secrets is protected against a coalition of up to +.IR "N - 1" +colluding verifiers, even against a future quantum adversary. +Choosing a larger +.I N +at commit time therefore directly controls the quantum unlinkability budget. +.SH TYPES +Types not listed here are shared with blind BBS or the base BBS scheme. +See +.BR bbs_blind (7) +and +.BR bbs (7). +.SS bbs_pseudonym +A fixed-length byte buffer holding a pseudonym. +Its length is given by +.BR BBS_PSEUDONYM_LEN . +It is produced as an output of +.BR bbs_blind_proof_gen_with_nym (3) +and passed to +.BR bbs_blind_proof_verify_with_nym (3). +It is not sensitive. +.SH FUNCTION OVERVIEW +.SS bbs_blind_commit_with_nym() +Called by the prover. +Extends +.BR bbs_blind_commit (3) +by also committing the nym_secrets into the commitment. +Produces a commitment_with_proof and a secret_prover_blind. +.SS bbs_blind_sign_with_nym() +Called by the signer. +Extends +.BR bbs_blind_sign (3) +by incorporating the signer_nym_entropy into the signature, binding it to the +committed nym_secrets. +.SS bbs_blind_verify_with_nym() +Called by the prover after receiving the signature. +Extends +.BR bbs_blind_verify (3) +by also verifying the nym_secrets. +Produces the nym_secrets as an output, which the prover stores for use in +proof generation. +.SS bbs_blind_proof_gen_with_nym() +Called by the prover. +Produces a selective disclosure proof together with the pseudonym for the +given context_id. +The pseudonym is an output. It is computed from the nym_secrets +and the context_id during proof generation. +.SS bbs_blind_proof_verify_with_nym() +Called by the verifier. +Verifies the proof and confirms that the pseudonym was correctly derived from +secrets covered by the signature. +Takes the pseudonym as an input. +Does not require the nym_secrets. + +.SH CIPHER SUITES +All functions take a pointer to a +.BR bbs_ciphersuite (3type) +to use, which determines several parameters for the scheme. +The per-verifier linkability BBS extension uses distinct cipher suites from the +base scheme and the blind BBS extension. +.IP bbs_blind_nym_sha256_ciphersuite +The BLS12-381-SHA-256 blind-with-pseudonym ciphersuite. +.IP bbs_blind_nym_shake256_ciphersuite +The BLS12-381-SHAKE-256 blind-with-pseudonym ciphersuite. +.P +Using a ciphersuite from +.I +or +.I +will produce an error. +Keys generated with any ciphersuite may be used here; see +.BR bbs_keygen (3). + +.SH PRIVACY CONSIDERATIONS +The pseudonym is stable per verifier context. +This means that a verifier can correlate all proof presentations from the same +prover to the same pseudonym, which is the intended design. +However, this also means that if a prover reuses nym_secrets across contexts +in a way that allows two verifiers to compare pseudonyms, those verifiers could +link the prover's activity. +To prevent this, each verifier must choose a distinct context_id that is not +shared with other verifiers. +.P +The unlinkability guarantee of BBS is preserved across different verifier contexts. +Only within the same context_id are presentations linkable, and only to the +verifier who holds that context_id. +.P +The nym_secrets must never be disclosed. +Losing the nym_secrets does not prevent proof generation if the prover stored +the output of +.BR bbs_blind_verify_with_nym (3), +but anyone who obtains them can impersonate the prover within any context. +.SH EXAMPLES +The following example illustrates the full flow: the prover commits a +nym_secret, the signer issues a blind signature, the prover generates a proof +with a pseudonym for a specific verifier context, and the verifier checks it. +.EX +#include +#include +#include +#include +\& +int main(void) { + const bbs_ciphersuite *s = bbs_blind_nym_sha256_ciphersuite; +\& + bbs_secret_key sk; + bbs_public_key pk; + bbs_signature sig; +\& + const char *header = "example header"; + const char *ph = "presentation nonce"; + const char *msg = "signer-known message"; + const char *nym_secret = "my secret nym material"; + const char *context_id = "verifier-A-domain"; + /* signer_nym_entropy should be random in production */ + uint8_t entropy[32] = { 0 }; +\& + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(1)]; + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + /* proof length: 1 undisclosed (nym_secret) + 1 spb */ + uint8_t proof[BBS_PROOF_LEN(2)]; + bbs_pseudonym nym; +\& + if (BBS_OK != bbs_keygen_full(s, sk, pk)) + return EXIT_FAILURE; +\& + /* Prover: commit to the nym_secret */ + const void *nyms[] = { nym_secret }; + const size_t nym_lens[] = { strlen(nym_secret) }; + if (BBS_OK != bbs_blind_commit_with_nym(s, cwp, spb, + 0, NULL, NULL, + 1, nyms)) + return EXIT_FAILURE; +\& + /* Signer: blind-sign with nym entropy */ + const void *msgs[] = { msg }; + const size_t msg_lens[] = { strlen(msg) }; + if (BBS_OK != bbs_blind_sign_with_nym(s, sk, pk, sig, + entropy, 1, + header, strlen(header), + cwp, sizeof(cwp), + 1, msgs, msg_lens)) + return EXIT_FAILURE; +\& + /* Prover: verify and recover nym_secrets from signature */ + void *out_secrets[1]; + uint8_t recovered_nym[32]; + out_secrets[0] = recovered_nym; + if (BBS_OK != bbs_blind_verify_with_nym(s, pk, sig, + header, strlen(header), + 1, msgs, msg_lens, + 0, NULL, NULL, spb, + entropy, 1, nyms, + out_secrets)) + return EXIT_FAILURE; +\& + /* Prover: generate a proof with pseudonym for verifier-A */ + const size_t disclose[] = { 0 }; + if (BBS_OK != bbs_blind_proof_gen_with_nym(s, pk, sig, proof, nym, + header, strlen(header), + ph, strlen(ph), + context_id, strlen(context_id), + 1, msgs, msg_lens, + 0, NULL, NULL, + 1, disclose, + 0, NULL, spb, + 1, out_secrets)) + return EXIT_FAILURE; +\& + /* Verifier: check the proof and pseudonym */ + if (BBS_OK != bbs_blind_proof_verify_with_nym(s, pk, nym, + proof, sizeof(proof), + header, strlen(header), + ph, strlen(ph), + context_id, strlen(context_id), + 1, 1, + 1, msgs, msg_lens, disclose, + 0, NULL, NULL, NULL)) + return EXIT_FAILURE; +\& + memset_explicit(sk, 0, sizeof(sk)); + memset_explicit(sig, 0, sizeof(sig)); + memset_explicit(spb, 0, sizeof(spb)); + memset_explicit(recovered_nym, 0, sizeof(recovered_nym)); +\& + puts("per-verifier proof verified successfully"); + return EXIT_SUCCESS; +} +.EE +.SH CAVEATS +The same +.BR getentropy (3) +caveat from +.BR bbs (7) +applies here. +.SH SEE ALSO +.BR bbs (7), +.BR bbs_blind (7), +.BR bbs_blind_commit_with_nym (3), +.BR bbs_blind_sign_with_nym (3), +.BR bbs_blind_proof_gen_with_nym (3), +.BR bbs_blind_proof_verify_with_nym (3), +.BR getentropy (3) diff --git a/include/bbs_blind.h b/include/bbs_blind.h new file mode 100644 index 0000000..f984daf --- /dev/null +++ b/include/bbs_blind.h @@ -0,0 +1,120 @@ +/** + * (C) 2026 Fraunhofer AISEC + */ + +/** + * @file bbs_blind.h + * @author Christoph Britsch + * @date 10 March 2026 + * @brief BBS blind signatures. Extends the BBS signature scheme by allowing messages + * that are unknown to the signer to be signed by including them in a commitment. + * Considerations from the base BBS scheme, such as keeping the signature secret + * still apply. For an introduction to BBS, see bbs(7), for an introduction to + * BBS with blinded messages, see bbs_blind(7). + */ + +#ifndef BBS_BLIND_H +#define BBS_BLIND_H + +#include "bbs.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define BBS_BLIND_COMMITMENT_WITH_PROOF_BASE_LEN 112 + +#define BBS_BLIND_COMMITMENT_LEN(n) \ + BBS_BLIND_COMMITMENT_WITH_PROOF_BASE_LEN + (n) * 32 + +#define BBS_BLIND_SECRET_PROVER_BLIND_LEN 32 + +int bbs_blind_commit( + const bbs_ciphersuite *cipher_suite, + void *commitment_with_proof, // OUT + uint8_t *secret_prover_blind, // OUT + size_t num_messages, + const void *const *messages, + const size_t *message_lens +); + +int bbs_blind_sign( + const bbs_ciphersuite *cipher_suite, + const bbs_secret_key sk, + const bbs_public_key pk, + bbs_signature out, // OUT + const void *header, + size_t header_len, + const void *commitment_with_proof, + size_t commitment_with_proof_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens +); + +int bbs_blind_verify( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + const void *header, + size_t header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + const uint8_t *secret_prover_blind // optional, NULL = zero +); + +int bbs_blind_proof_gen( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind // optional, NULL = zero +); + +int bbs_blind_proof_verify( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const void *proof, + size_t proof_len, + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_signer_known_messages, + size_t num_disclosed_messages, + const void *const *disclosed_messages, + const size_t *disclosed_message_lens, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_messages, + const void *const *disclosed_committed_messages, + const size_t *disclosed_committed_message_lens, + const size_t *disclosed_committed_indexes +); + +/* Cipher Suites */ +extern const bbs_ciphersuite *const bbs_blind_sha256_ciphersuite; +extern const bbs_ciphersuite *const bbs_blind_shake256_ciphersuite; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/bbs_blind_with_nym.h b/include/bbs_blind_with_nym.h new file mode 100644 index 0000000..14c755c --- /dev/null +++ b/include/bbs_blind_with_nym.h @@ -0,0 +1,136 @@ +/** + * (C) 2026 Fraunhofer AISEC + */ + +/** + * @file bbs_blind_with_nym.h + * @author Christoph Britsch + * @date 14 March 2026 + * @brief BBS blind signatures with per-verifier pseudonyms. Extends blind BBS + * by binding one or more prover-controlled secrets into the signature, from + * which a pseudonym is derived per verifier context. The pseudonym is stable + * for a given prover and context, enabling verifier-controlled linkability + * without revealing the prover's identity. For an introduction to BBS, see + * bbs(7), for an introduction to blind BBS, see bbs_blind(7), and for an + * introduction to per-verifier pseudonyms, see bbs_blind_with_nym(7). + */ + +#ifndef BBS_BLIND_WITH_NYM_H +#define BBS_BLIND_WITH_NYM_H + +#include "bbs_blind.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define BBS_PSEUDONYM_LEN 48 + +typedef uint8_t bbs_pseudonym[BBS_PSEUDONYM_LEN]; + +int bbs_blind_commit_with_nym( + const bbs_ciphersuite *cipher_suite, + void *commitment_with_proof, // OUT + uint8_t *secret_prover_blind, // OUT + size_t num_messages, + const void *const *messages, + const size_t *messages_lens, + size_t num_prover_nyms, + const void *const *prover_nyms +); + +int bbs_blind_sign_with_nym( + const bbs_ciphersuite *cipher_suite, + const bbs_secret_key sk, + const bbs_public_key pk, + bbs_signature out, // OUT + const void *signer_nym_entropy, + size_t length_nym_vector, + const void *header, + size_t header_len, + const void *commitment_with_proof, + size_t commitment_with_proof_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens +); + +int bbs_blind_verify_with_nym( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + const void *header, + size_t header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + const uint8_t *secret_prover_blind, // optional, NULL = zero + const void *signer_nym_entropy, // optional, NULL = zero + size_t num_pseudonyms, + const void *const *prover_nyms, + void *const *nym_secrets // OUT +); + +int bbs_blind_proof_gen_with_nym( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + bbs_pseudonym pseudonym, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + size_t num_nym_secrets, + const void *const *nym_secrets +); + +int bbs_blind_proof_verify_with_nym( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + bbs_pseudonym pseudonym, + const void *proof, + size_t proof_len, + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t length_nym_vector, + size_t num_signer_known_messages, + size_t num_disclosed_messages, + const void *const *disclosed_messages, + const size_t *disclosed_message_lens, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_messages, + const void *const *disclosed_committed_messages, + const size_t *disclosed_committed_message_lens, + const size_t *disclosed_committed_indexes +); + +/* Cipher Suites */ +extern const bbs_ciphersuite *const bbs_blind_nym_sha256_ciphersuite; +extern const bbs_ciphersuite *const bbs_blind_nym_shake256_ciphersuite; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4c3cd17..ed082ff 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,6 +1,8 @@ # Compile sources into an object library add_library(bbs_sources OBJECT bbs.c + bbs_blind.c + bbs_blind_with_nym.c bbs_ciphersuites.c bbs_util.c sha256.c diff --git a/src/bbs.c b/src/bbs.c index e1f6dbf..15c150e 100644 --- a/src/bbs.c +++ b/src/bbs.c @@ -127,8 +127,8 @@ bbs_acc_init ( ep_read_bbs (&ctx->B, s->p1); // Calculate Q_1 and initialize domain calculation - create_generator_init (s, ctx->generator_ctx); - create_generator_next (s, ctx->generator_ctx, &ctx->Q_1); + create_generator_init (s, ctx->generator_ctx, nullptr, 0); + create_generator_next (s, ctx->generator_ctx, &ctx->Q_1, nullptr, 0); calculate_domain_init (s, &ctx->dom_ctx, pk, n); calculate_domain_update (s, &ctx->dom_ctx, &ctx->Q_1); } @@ -139,7 +139,7 @@ bbs_acc_update_undisclosed ( ) { // Calculate H_i - create_generator_next (ctx->cipher_suite, ctx->generator_ctx, &ctx->H_i); + create_generator_next (ctx->cipher_suite, ctx->generator_ctx, &ctx->H_i, nullptr, 0); calculate_domain_update (ctx->cipher_suite, &ctx->dom_ctx, &ctx->H_i); } @@ -181,7 +181,7 @@ bbs_acc_finalize ( // Checks e(A,W) * e(B,-BP2) = identity // This differs slightly from the spec, which checks the equivalent e(-B,BP2) -static int bbs_check_sig_eqn( +int bbs_check_sig_eqn( blst_p1 *A, blst_p1 *B, const bbs_public_key pk @@ -211,6 +211,8 @@ bbs_sign_init ( size_t n ) { + + hash_to_scalar_init (cipher_suite, &ctx->ch_ctx); // Future: We can add some randomness to ctx->ch_ctx. This breaks the // testvectors but not interop, and is heuristically more secure against @@ -307,7 +309,10 @@ bbs_sign_v ( bbs_sign_ctx ctx; const void *msg; size_t msg_len; - va_list ap; + va_list ap; + + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } va_start (ap, n); bbs_sign_init(&ctx, cipher_suite, sk, pk, n); @@ -336,6 +341,9 @@ bbs_sign ( { bbs_sign_ctx ctx; + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + bbs_sign_init(&ctx, cipher_suite, sk, pk, n); for(size_t i=0; i< n; i++) { bbs_sign_update(&ctx, messages[i], messages_lens[i]); @@ -358,7 +366,10 @@ bbs_verify_v ( bbs_acc_ctx ctx; const void *msg; size_t msg_len; - va_list ap; + va_list ap; + + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } va_start (ap, n); bbs_verify_init(&ctx, cipher_suite, pk, n); @@ -386,6 +397,9 @@ bbs_verify ( { bbs_acc_ctx ctx; + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + bbs_verify_init(&ctx, cipher_suite, pk, n); for(size_t i=0; i< n; i++) { bbs_verify_update(&ctx, messages[i], messages_lens[i]); @@ -774,7 +788,10 @@ bbs_proof_gen_v ( size_t msg_len; bool disclosed; - // Gather randomness. The seed is used for any randomness within this + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + + // Gather randomness. The seed is used for any randomness within this // function. In particular, this implies that we do not need to store // intermediate derivations. Currently, we derive new values via // hash_to_scalar, but we might want to exchange that for @@ -817,7 +834,10 @@ bbs_proof_gen ( size_t di_idx = 0; bool disclosed; - // Gather randomness. The seed is used for any randomness within this + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + + // Gather randomness. The seed is used for any randomness within this // function. In particular, this implies that we do not need to store // intermediate derivations. Currently, we derive new values via // hash_to_scalar, but we might want to exchange that for @@ -857,7 +877,10 @@ bbs_proof_verify_v ( size_t msg_len = 0; bool disclosed; - // Sanity check + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + + // Sanity check if(proof_len != BBS_PROOF_LEN(n - disclosed_indexes_len)) return BBS_ERROR; va_start (ap, n); @@ -897,6 +920,9 @@ bbs_proof_verify ( size_t di_idx = 0; bool disclosed; + if (cipher_suite != bbs_sha256_ciphersuite && cipher_suite != bbs_shake256_ciphersuite) + { return BBS_ERROR; } + // Sanity check if(proof_len != BBS_PROOF_LEN(n - disclosed_indexes_len)) return BBS_ERROR; diff --git a/src/bbs_blind.c b/src/bbs_blind.c new file mode 100644 index 0000000..a83051f --- /dev/null +++ b/src/bbs_blind.c @@ -0,0 +1,1188 @@ +#include "bbs_blind.h" +#include "bbs_util.h" +#include "blst.h" + +//#include + +#define BBS_BLIND_API_ID_PREFIX "BLIND_" + +// forward definitions +int getentropy(void *buffer, size_t length); + +int bbs_check_sig_eqn(blst_p1 *A, blst_p1 *B, const bbs_public_key pk); + +// omit size from mult call +static inline void +ep_mult_scalar(blst_p1 *out, const blst_p1 *p, const blst_scalar *s, size_t _ignored) { + (void)_ignored; + blst_p1_mult(out, p, s->b, 255); +} + +// COMMIT +typedef struct { + const bbs_ciphersuite *s; + union bbs_hash_context hc; + uint8_t generator_ctx[48 + 8]; + blst_p1 C, Cbar, Q_2; + blst_scalar challenge, spb, st; + bbs_bn_prf *prf; + void *prf_cookie; +} bbs_commit_ctx; + +void +bbs_commit_init( + bbs_commit_ctx *ctx, + size_t num_messages +) { + uint8_t buffer[BBS_G1_ELEM_LEN]; + uint64_t num_messages_be = htobe64(num_messages); + + // init C and Cbar to infinity + (void)bbs_memset(&ctx->C.z, 0, sizeof(ctx->C.z)); + (void)bbs_memset(&ctx->Cbar.z, 0, sizeof(ctx->Cbar.z)); + + // create blind generators and save q2 + create_generator_init(ctx->s, ctx->generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(ctx->s, ctx->generator_ctx, &ctx->Q_2, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + //{ uint8_t b[48]; blst_p1_compress(b, &ctx->Q_2); printf("Q_2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // init hash_to_scalar for calculate_blind_challenge + hash_to_scalar_init(ctx->s, &ctx->hc); + hash_to_scalar_update(ctx->s, &ctx->hc, (uint8_t*) &num_messages_be, 8); + ep_write_bbs(buffer, &ctx->Q_2); + hash_to_scalar_update(ctx->s, &ctx->hc, buffer, BBS_G1_ELEM_LEN); + + // generate random secret_prover_blind and s~ + //{ printf("prf_cookie: "); for(int i=0; i<32; i++) printf("%02x", ((uint8_t*)ctx->prf_cookie)[i]); printf("\n"); } + ctx->prf(ctx->s, &ctx->spb, 0, 1, ctx->prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &ctx->spb); printf("secret_prover_blind: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + ctx->prf(ctx->s, &ctx->st, 1, 2, ctx->prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &ctx->st); printf("s~: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } +} + +void +commit_update_with_scalar( + bbs_commit_ctx *ctx, + blst_scalar *sc, + size_t msg_index, + uint8_t *scalar_tmp +) { + blst_p1 J_i, tmp; + uint8_t buffer[BBS_G1_ELEM_LEN]; + + create_generator_next(ctx->s, ctx->generator_ctx, &J_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + //{ uint8_t b[48]; blst_p1_compress(b, &J_i); printf("J_%ld: ", msg_index); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // C = ... + J_i * msg_i + ... + ep_mult_scalar(&tmp, &J_i, sc, 255); + blst_p1_add_or_double (&ctx->C, &ctx->C, &tmp); + + // at this point sc contains msg_i, save this in output buffer for later for m^_i, this is not an overflow + blst_lendian_from_scalar(scalar_tmp, sc); + + // Cbar = ... + J_i * m~_i + ... + ctx->prf(ctx->s, sc, 2, msg_index, ctx->prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, sc); printf("m~%ld: ", msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + ep_mult_scalar(&tmp, &J_i, sc, 255); + blst_p1_add_or_double (&ctx->Cbar, &ctx->Cbar, &tmp); + + // update to challenge calculation + ep_write_bbs(buffer, &J_i); + hash_to_scalar_update(ctx->s, &ctx->hc, buffer, BBS_G1_ELEM_LEN); +} + +void +bbs_commit_update( + bbs_commit_ctx *ctx, + const void *msg, + size_t msg_len, + size_t msg_index, + uint8_t *scalar_tmp +) { + blst_scalar sc; + + hash_to_scalar(ctx->s, &sc, ctx->s->map_dst, ctx->s->map_dst_len, 1, msg, msg_len); + commit_update_with_scalar(ctx, &sc, msg_index, scalar_tmp); +} + +#define CWP_SCALAR_PTR(cwp, i) \ + ((uint8_t *)(cwp) + BBS_G1_ELEM_LEN + (1 + (i)) * BBS_SCALAR_LEN) + +void +bbs_commit_finalize( + bbs_commit_ctx *ctx, + uint8_t *secret_prover_blind, + uint8_t *cwp, + size_t num_messages +) { + uint8_t buffer[BBS_G1_ELEM_LEN]; + blst_p1 tmp; + blst_scalar tmp_sc; + + // C = C + Q_2 * secret_prover_blind + ep_mult_scalar(&tmp, &ctx->Q_2, &ctx->spb, 255); + blst_p1_add_or_double(&ctx->C, &ctx->C, &tmp); + ep_write_bbs(&cwp[0], &ctx->C); + + //{ uint8_t b[48]; blst_p1_compress(b, &ctx->C); printf("C: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // Cbar = Cbar + Q_2 * s~ + ep_mult_scalar(&tmp, &ctx->Q_2, &ctx->st, 255); + blst_p1_add_or_double(&ctx->Cbar, &ctx->Cbar, &tmp); + + //{ uint8_t b[48]; blst_p1_compress(b, &ctx->Cbar); printf("Cbar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // finalize challenge calculation with C and Cbar + hash_to_scalar_update(ctx->s, &ctx->hc, &cwp[0], BBS_G1_ELEM_LEN); // read directly from c_w_p + ep_write_bbs(buffer, &ctx->Cbar); + hash_to_scalar_update(ctx->s, &ctx->hc, buffer, BBS_G1_ELEM_LEN); + + const uint8_t *api_id = (uint8_t*) ctx->s->api_id; + uint8_t api_id_len = ctx->s->api_id_len; + uint8_t domain_dst[api_id_len + 4]; + + bbs_memcpy(domain_dst, api_id, api_id_len); + bbs_memcpy(domain_dst + api_id_len, "H2S_", 4); + + hash_to_scalar_finalize(ctx->s, &ctx->hc, &ctx->challenge, domain_dst, api_id_len + 4); + bn_write_bbs(CWP_SCALAR_PTR(cwp, num_messages), &ctx->challenge); + + // s^ = s~ + secret_prover_blind * challenge + blst_sk_mul_n_check(&tmp_sc, &ctx->spb, &ctx->challenge); + // write secret_prover_blind to output + bn_write_bbs(&secret_prover_blind[0], &ctx->spb); + + blst_sk_add_n_check(&ctx->spb, &ctx->st, &tmp_sc); + // serialize s^ + bn_write_bbs(&cwp[BBS_G1_ELEM_LEN], &ctx->spb); + + // m^_i = m~_i + msg_i * challenge + for (size_t i = 0; i < num_messages; i++) { + // get scalar from tmp storage in output + blst_scalar msg_scalar, mh_i, mt_i; + blst_scalar_from_lendian(&msg_scalar, CWP_SCALAR_PTR(cwp, i)); + + // regenerate m~_i + ctx->prf(ctx->s, &mt_i, 2, i, ctx->prf_cookie); + + blst_sk_mul_n_check(&tmp_sc, &msg_scalar, &ctx->challenge); + blst_sk_add_n_check(&mh_i, &mt_i, &tmp_sc); + + // serialize into final output + bn_write_bbs(CWP_SCALAR_PTR(cwp, i), &mh_i); + } +} + +#undef CWP_SCALAR_PTR + +void +bbs_blind_commit_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *seed +) { + // All these have length 17 + static uint8_t *prf_dsts[] = { + (uint8_t*) "random spb scalar", + (uint8_t*) "random stl scalar", + (uint8_t*) "random msg scalar", + }; + + hash_to_scalar(cipher_suite, out, prf_dsts[input_type], 17, 2, seed, (size_t)32, &input, (size_t)8); +} + +int +bbs_blind_commit_with_nym_inner( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + size_t num_messages, + const void *const *messages, + const size_t *messages_lens, + size_t num_prover_nyms, + const void *const *prover_nyms, + bbs_bn_prf prf, + void *prf_cookie +); + +int +bbs_blind_commit( + const bbs_ciphersuite *cipher_suite, + void *commitment_with_proof, // OUT + uint8_t *secret_prover_blind, // OUT + size_t num_messages, + const void *const *messages, + const size_t *message_lens +) { + if (cipher_suite != bbs_blind_sha256_ciphersuite && cipher_suite != bbs_blind_shake256_ciphersuite) + { return BBS_ERROR; } + + uint8_t seed[32]; + getentropy(seed, sizeof(seed)); + return bbs_blind_commit_with_nym_inner( + cipher_suite, + commitment_with_proof, + secret_prover_blind, + num_messages, + messages, + message_lens, + 0, + NULL, + bbs_blind_commit_prf, + seed + ); +} + +// SIGNATURE + +int +deserialize_and_verify_commitment( + const bbs_ciphersuite *s, + const uint8_t *commitment_with_proof, + size_t commitment_with_proof_len, + blst_p1 *commitment, // OUT + size_t *num_messages // OUT +) { + union bbs_hash_context hc; + + blst_scalar s_hat, challenge_proof, challenge_verify, m_h; + blst_p1 Cbar, Q_2, J_i, tmp; + uint8_t generator_ctx[48 + 8], buf[BBS_G1_ELEM_LEN]; + + // empty commitment is not invalid + if (commitment_with_proof == NULL && commitment_with_proof_len == 0) { + bbs_memset(&commitment->z, 0, sizeof(commitment->z)); + *num_messages = 0; + return BBS_OK; + } + + *num_messages = + (commitment_with_proof_len - BBS_BLIND_COMMITMENT_WITH_PROOF_BASE_LEN) / BBS_SCALAR_LEN; + + // init Cbar to inf + (void)bbs_memset(&Cbar.z, 0, sizeof(Cbar.z)); + + // commitment_with_proof = (commitment, (s^, (m^_1, ..., m^_M), challenge)) + // read s^ and challenge from proof + bn_read_bbs(&s_hat, &commitment_with_proof[BBS_G1_ELEM_LEN]); + bn_read_bbs(&challenge_proof, &commitment_with_proof[commitment_with_proof_len - BBS_SCALAR_LEN]); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &s_hat); printf("s^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &challenge_proof); printf("challenge_proof: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // init generators + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &Q_2, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + //{ uint8_t b[48]; blst_p1_compress(b, &Q_2); printf("Q_2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // seed the challenge hash with (num_messages || Q_2 || ...) + uint64_t n_be = htobe64(*num_messages); + hash_to_scalar_init(s, &hc); + hash_to_scalar_update(s, &hc, &n_be, 8); + ep_write_bbs(buf, &Q_2); + hash_to_scalar_update(s, &hc, buf, BBS_G1_ELEM_LEN); + + // calculate challenge_verify and Cbar + for (size_t i = 0; i < *num_messages; i++) { + // read m^_i and create next generator J_i + size_t off = BBS_G1_ELEM_LEN + BBS_SCALAR_LEN + i * BBS_SCALAR_LEN; + bn_read_bbs(&m_h, commitment_with_proof + off); + create_generator_next(s, generator_ctx, &J_i, (uint8_t *)BBS_BLIND_API_ID_PREFIX, 6); + + // Cbar = Cbar + J_i * m^_i + ep_mult_scalar(&tmp, &J_i, &m_h, 255); + blst_p1_add_or_double(&Cbar, &Cbar, &tmp); + + // serialize generator J_i and add to challenge_verify calculation + ep_write_bbs(buf, &J_i); + hash_to_scalar_update(s, &hc, buf, BBS_G1_ELEM_LEN); + } + + // Cbar = Cbar + Q_2 * s^ + ep_mult_scalar(&tmp, &Q_2, &s_hat, 255); + blst_p1_add_or_double(&Cbar, &Cbar, &tmp); + + // Cbar = Cbar + C * (-challenge_proof) + ep_read_bbs(commitment, commitment_with_proof); + ep_mult_scalar(&tmp, commitment, &challenge_proof, 255); + blst_p1_cneg(&tmp, 1); + blst_p1_add_or_double(&Cbar, &Cbar, &tmp); + + // finalize challenge hash ( ... || C || Cbar) + ep_write_bbs(buf, commitment); + hash_to_scalar_update(s, &hc, buf, BBS_G1_ELEM_LEN); + ep_write_bbs(buf, &Cbar); + hash_to_scalar_update(s, &hc, buf, BBS_G1_ELEM_LEN); + + // could be refactored to use already existing generator_ctx buffer + uint8_t domain_dst[s->api_id_len + 4]; + bbs_memcpy(domain_dst, s->api_id, s->api_id_len); + bbs_memcpy(domain_dst + s->api_id_len, "H2S_", 4); + hash_to_scalar_finalize(s, &hc, &challenge_verify, domain_dst, s->api_id_len + 4); + + unsigned int diff = 0; + for (int i = 0; i < BBS_SCALAR_LEN; i++) + diff |= challenge_proof.b[i] ^ challenge_verify.b[i]; + + // returns BBS_OK if all bits are equal and BBS_ERROR if they're not + return diff ? BBS_ERROR : BBS_OK; +} + +int +bbs_blind_sign( + const bbs_ciphersuite *s, + const bbs_secret_key sk, + const bbs_public_key pk, + bbs_signature out, // OUT + const void *header, + size_t header_len, + const void *commitment_with_proof, + size_t commitment_with_proof_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens +) { + union bbs_hash_context h_ctx; + + uint8_t generator_ctx[48 + 8], buf[BBS_G1_ELEM_LEN]; + blst_p1 commitment, B, Q_1, H_i, res; + blst_scalar tmp, sk_n; + size_t m = 0; + + if (s != bbs_blind_sha256_ciphersuite && s != bbs_blind_shake256_ciphersuite) + { return BBS_ERROR; } + + if (deserialize_and_verify_commitment( + s, + commitment_with_proof, + commitment_with_proof_len, + &commitment, + &m) != BBS_OK) { + return BBS_ERROR; + } + + //{ uint8_t b[48]; blst_p1_compress(b, &commitment); printf("commitment: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + // init domain calculation with pk and Q_1 + //printf("initialising domain calculation with %llu messages\n", num_messages + 1 + m); + calculate_domain_init(s, &h_ctx, pk, num_messages + 1 + m); // generators + Q_2 + blind_generators + calculate_domain_update(s, &h_ctx, &Q_1); + + for (size_t i = 0; i < num_messages; i++) { + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("msg_i: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + // B = B + commitment + blst_p1_add_or_double(&B, &B, &commitment); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B (p1+c): "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // add Q_2 to domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + + for (size_t i = 0; i < m; i++) { + // update domain calculation with blind generators + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("J_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + calculate_domain_update(s, &h_ctx, &H_i); + } + + calculate_domain_finalize(s, &h_ctx, &tmp, header, header_len); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // e = hash_to_scalar(SK || B) + uint8_t dst[s->api_id_len + 4]; + bbs_memcpy(dst, s->api_id, s->api_id_len); + bbs_memcpy(dst + s->api_id_len, "H2S_", 4); + + ep_write_bbs(buf, &B); + hash_to_scalar_init(s, &h_ctx); + hash_to_scalar_update(s, &h_ctx, sk, BBS_SK_LEN); + hash_to_scalar_update(s, &h_ctx, buf, BBS_G1_ELEM_LEN); + hash_to_scalar_finalize(s, &h_ctx, &tmp, dst, s->api_id_len + 4); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("e: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // A = B * (1 / (SK + e)) + // tmp contains e, B gets reused for A + if(BBS_OK != bn_read_bbs(&sk_n, sk)) return BBS_ERROR; + blst_sk_add_n_check(&sk_n, &sk_n, &tmp); // sk_n reused + blst_sk_inverse(&sk_n, &sk_n); + ep_mult_scalar(&B, &B, &sk_n, 255); + + // serialize (A,e) + ep_write_bbs(out, &B); + bn_write_bbs(out + BBS_G1_ELEM_LEN, &tmp); + + return BBS_OK; +} + +int +bbs_blind_verify( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const bbs_signature signature, + const void *header, + size_t header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + const uint8_t *secret_prover_blind // optional, NULL = zero +) { + union bbs_hash_context h_ctx; + + // prepare_parameters essentially does this + // message_scalars = msg_0, ..., msg_L, secret_prover_blind, c_msg_0, ..., c_msg_L + // generators = Q_1, H_0, ..., H_L, Q_2, J_0, ..., J_L + // Q_1 is treated seperately and then every generator maps to a scalar, H_i to msg_i, Q_2 to secret_prover_blind, J_i to c_msg_i + + uint8_t generator_ctx[48 + 8]; + blst_scalar tmp; + blst_p1 B, Q_1, H_i, res; + + if (s != bbs_blind_sha256_ciphersuite && s != bbs_blind_shake256_ciphersuite) + { return BBS_ERROR; } + + // init B to P1 + ep_read_bbs(&B, s->p1); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + // init domain calculation with pk and Q_1 + //printf("initialising domaing calculation with %llu messages\n", num_messages + 1 + num_commited_messages); + calculate_domain_init(s, &h_ctx, pk, num_messages + 1 + num_committed_messages); // generators + Q_2 + blind_generators + calculate_domain_update(s, &h_ctx, &Q_1); + + for(size_t i = 0; i < num_messages; i++) { + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("msg_i: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // add Q_2 to domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + + // B = B + Q_2 * secret_prover_blind + // dont return on an invalid secret_prover_blind, it defaults to 0 + if (BBS_OK != bn_read_bbs(&tmp, secret_prover_blind)) bbs_memset(&tmp, 0, sizeof(tmp)); + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + for (size_t i = 0; i < num_committed_messages; i++) { + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, committed_messages[i], committed_message_lens[i]); + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + calculate_domain_finalize(s, &h_ctx, &tmp, header, header_len); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // Reuse Q_1 as A, tmp as e, H_i as A*e + if(BBS_OK != ep_read_bbs(&Q_1, signature)) return BBS_ERROR; + if(BBS_OK != bn_read_bbs(&tmp, signature + BBS_G1_ELEM_LEN)) return BBS_ERROR; + ep_mult_scalar(&H_i, &Q_1, &tmp, 255); + blst_p1_cneg(&H_i, 1); + blst_p1_add_or_double(&B, &B, &H_i); + + //{ printf("pk: "); for(int i=0; i<96; i++) printf("%02x", pk[i]); printf("\n"); } + + return bbs_check_sig_eqn(&Q_1, &B, pk); +} + +// PROOFS + +// ptr to the i-th undisclosed scalar in the proof +#define PROOF_SCALAR_PTR(proof, i) \ + ((uint8_t *)(proof) + 3 * BBS_G1_ELEM_LEN + (3 + (i)) * BBS_SCALAR_LEN) + +int +bbs_blind_proof_gen_inner( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // output + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + bbs_bn_prf prf, + void *prf_cookie +) { + if (num_disclosed_indexes > num_messages) return BBS_ERROR; + if (num_disclosed_committed_indexes > num_committed_messages) return BBS_ERROR; + + // prepare_parameters essentially does this + // message_scalars = msg_0, ..., msg_L, secret_prover_blind, c_msg_0, ..., c_msg_L + // generators = Q_1, H_0, ..., H_L, Q_2, J_0, ..., J_L + // Q_1 is treated seperately and then every generator maps to a scalar, H_i to msg_i, Q_2 to secret_prover_blind, J_i to c_msg_i + + // indexes is essentially disclosed_indexes + [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] + + union bbs_hash_context d_ctx; // domain_hash_context + union bbs_hash_context c_ctx; // challenge_hash_context + + uint8_t generator_ctx[48 + 8], sbuf[BBS_G1_ELEM_LEN]; + blst_p1 B, Q_1, H_i, D, Abar, Bbar, T1, T2, res; + blst_scalar domain, tmp, z; + size_t disclosed_idx = 0, undisclosed_idx = 0; + + // init T2, pseudonym + (void)bbs_memset(&T2.z, 0, sizeof(T2.z)); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + //printf("init domain calc in proof init with n = %llu\n", num_messages + 1 + num_commited_messages); + calculate_domain_init(s, &d_ctx, pk, num_messages + 1 + num_committed_messages); + + // init challenge calculation + uint64_t be_buffer = htobe64(num_disclosed_indexes + num_disclosed_committed_indexes); + hash_to_scalar_init(s, &c_ctx); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + //printf("init challenge calc with %ld disclosed messages\n", disclosed_indexes_len + disclosed_commitment_indexes_len); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + calculate_domain_update(s, &d_ctx, &Q_1); + + // loop over messages + for (size_t i = 0; i < num_messages; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_indexes && disclosed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // save message to proof and undisclosed ptr, if disclosed it will get overwritten eventually + uint8_t *ptr = PROOF_SCALAR_PTR(proof, undisclosed_idx); + //printf("writing msg scalar at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN); + bn_write_bbs(ptr, &tmp); + + if (is_disclosed) { + // message disclosed, update challenge + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", i); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(i); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, ptr, BBS_SCALAR_LEN); + } else { + // if undisclosed: T2 = T2 + H_ji * m~_ji + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg random scalar (m~_j%ld): ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + calculate_domain_update(s, &d_ctx, &H_i); + + // B = B + H_i * msg_i (special case: H_i = Q_2, msg_i = secret_prover_blind) + if (BBS_OK != bn_read_bbs(&tmp, secret_prover_blind)) bbs_memset(&tmp, 0, sizeof(tmp)); + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // secret_prover_blind counts as undisclosed, pre-save to proof for proof finalization + //printf("writing msg scalar (spb) at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + prf_undisclosed_msg_index) * BBS_SCALAR_LEN); + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN, &tmp); + + // secret_prover_blind counts as undisclosed so its accumulated onto T2 + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("m~_%ld: ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + // T2 = T2 + H_ji * m~_ji (H_ji = Q_2, m^_ji = secret_prover_blind) + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + // loop over commited messages + disclosed_idx = 0; + for (size_t i = 0; i < num_committed_messages; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_committed_indexes && + disclosed_committed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, committed_messages[i], committed_message_lens[i]); + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // save commited message to proof, if disclosed it will get overwritten eventually + uint8_t *ptr = PROOF_SCALAR_PTR(proof, undisclosed_idx); + //printf("writing commited msg scalar at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN); + bn_write_bbs(ptr, &tmp); + + if (is_disclosed) { + // commited message disclosed, update challenge, disclosed message index must account for normal messages too + // remember, the indexes for the commited_messages are calculated as such: [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] (L = num_messages) + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", num_messages + i + 1); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(num_messages + i + 1); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, ptr, BBS_SCALAR_LEN); + } else { + // if undisclosed: T2 = T2 + H_ji * m~_ji + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar (m~_j%ld): ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // B = B + Q_1 * domain + calculate_domain_finalize(s, &d_ctx, &domain, header, header_len); + ep_mult_scalar(&res, &Q_1, &domain, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &domain); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // generate r2, D = B * r2 + prf(s, &tmp, 0, 1, prf_cookie); // r2 + blst_sk_inverse(&z, &tmp); + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 2 * BBS_SCALAR_LEN, &z); // write r3 into output + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r2: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + ep_mult_scalar(&D, &B, &tmp, 255); + + //{ uint8_t b[48]; blst_p1_compress(b, &D); printf("D: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write D to output proof + ep_write_bbs((uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, &D); + + // read in A from signature, Abar = A * (r1 * r2) + if (BBS_OK != ep_read_bbs(&Abar, signature)) return BBS_ERROR; // Reuse Abar as A + ep_mult_scalar(&Abar, &Abar, &tmp, 255); // Abar = A * r2 + prf(s, &tmp, 0, 0, prf_cookie); // r1 + ep_mult_scalar(&Abar, &Abar, &tmp, 255); // Abar = A * r1 + + //{ uint8_t b[48]; blst_p1_compress(b, &Abar); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write Abar to output proof and add to challenge calculation + ep_write_bbs(proof, &Abar); + hash_to_scalar_update(s, &c_ctx, proof, BBS_G1_ELEM_LEN); + + // Bbar = D * r1 - Abar * e + ep_mult_scalar(&Bbar, &D, &tmp, 255); // Bbar = D * r1 + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + BBS_SCALAR_LEN, &tmp); // write r1 into output + if (BBS_OK != bn_read_bbs(&tmp, signature + BBS_G1_ELEM_LEN)) return BBS_ERROR; // overwrite tmp as e + ep_mult_scalar(&res, &Abar, &tmp, 255); // res = Abar * e + blst_p1_cneg(&res, 1); // res = -res + blst_p1_add_or_double(&Bbar, &Bbar, &res); + + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN, &tmp); // write e into output + + //{ uint8_t b[48]; blst_p1_compress(b, &Bbar); printf("Bbar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write Bbar to output proof and add to challenge calculation + ep_write_bbs((uint8_t*)proof + BBS_G1_ELEM_LEN, &Bbar); + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); + + // add D to challenge calculation + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); + + prf(s, &tmp, 0, 2, prf_cookie); // e~ + ep_mult_scalar(&T1, &Abar, &tmp, 255); // T1 = Abar * e~ + prf(s, &tmp, 0, 3, prf_cookie); // r1~ + ep_mult_scalar(&res, &D, &tmp, 255); // res = D * r1~ + blst_p1_add_or_double(&T1, &T1, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &T1); printf("T1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add T1 to challenge calculation + ep_write_bbs(sbuf, &T1); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + prf(s, &tmp, 0, 4, prf_cookie); // r3~ + ep_mult_scalar(&res, &D, &tmp, 255); // res = D * r3~ + blst_p1_add_or_double(&T2, &T2, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &T2); printf("T2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add T2 to challenge calculation + ep_write_bbs(sbuf, &T2); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + // add domain to challenge calculation + bn_write_bbs(sbuf, &domain); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + + // add (I2OSP(length(ph), 8) || ph) to challenge calculation + be_buffer = htobe64(presentation_header_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, presentation_header, presentation_header_len); + + // finalize challenge calculation + hash_to_scalar_finalize(s, &c_ctx, &tmp, s->challenge_dst, s->challenge_dst_len); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + //printf("writing challenge at offset: %lu\n", 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN + prf_undisclosed_msg_index * BBS_SCALAR_LEN); + // write challenge into proof + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN + undisclosed_idx * BBS_SCALAR_LEN, &tmp); + + uint8_t *proof_ptr = (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN; + // seperate loop for e^, r1^, and r3^ + for (uint64_t i = 0; i < 3; i++) { + prf(s, &z, 0, i + 2, prf_cookie); + bn_read_bbs(&domain, proof_ptr); + blst_sk_mul_n_check(&domain, &domain, &tmp); + if (i == 0) { + blst_sk_add_n_check(&z, &z, &domain); + } else { + blst_sk_sub_n_check(&z, &z, &domain); + } + bn_write_bbs(proof_ptr, &z); + proof_ptr += BBS_SCALAR_LEN; + } + + for (uint64_t i = 0; i < undisclosed_idx; i++) { + prf(s, &z, 1, i, prf_cookie); + bn_read_bbs(&domain, proof_ptr); // reuse domain var, cannot fail + blst_sk_mul_n_check(&domain, &domain, &tmp); + blst_sk_add_n_check(&z, &z, &domain); + bn_write_bbs(proof_ptr, &z); + proof_ptr += BBS_SCALAR_LEN; + } + + return BBS_OK; +} + +#undef PROOF_SCALAR_PTR + +static void bbs_blind_proof_gen_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *seed +) { + // input_type 0: input=0=r1 input=1=r2 input=2=e~ input=3=r1~ input=4=r2~ + // input_type 1: input=i=m~_i + + // All these have length 17 + static uint8_t *prf_dsts[] = { + (uint8_t*) "random rnd scalar", + (uint8_t*) "random msg scalar", + }; + + hash_to_scalar(cipher_suite, out, prf_dsts[input_type], 17, 2, seed, (size_t)32, &input, (size_t)8); +} + +int bbs_blind_proof_gen( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // output + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind // optional, NULL = zero +) { + int ret = BBS_OK; + + // generate single random seed for random scalar generation + uint8_t seed[32]; + getentropy(seed, 32); + + if (cipher_suite != bbs_blind_sha256_ciphersuite && cipher_suite != bbs_blind_shake256_ciphersuite) + { return BBS_ERROR; } + + ret = bbs_blind_proof_gen_inner( + cipher_suite, + pk, + signature, + proof, + header, + header_len, + presentation_header, + presentation_header_len, + num_messages, + messages, + message_lens, + num_committed_messages, + committed_messages, + committed_message_lens, + num_disclosed_indexes, + disclosed_indexes, + num_disclosed_committed_indexes, + disclosed_committed_indexes, + secret_prover_blind, + bbs_blind_proof_gen_prf, + seed + ); + + return ret; +} + +int +bbs_blind_proof_verify( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const void *proof, + size_t proof_len, + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_signer_known_messages, + size_t num_disclosed_messages, + const void *const *disclosed_messages, + const size_t *disclosed_message_lens, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_messages, + const void *const *disclosed_committed_messages, + const size_t *disclosed_committed_message_lens, + const size_t *disclosed_committed_indexes +) { + // sanity checks + if (s != bbs_blind_sha256_ciphersuite && s != bbs_blind_shake256_ciphersuite) + { return BBS_ERROR; } + + const size_t floor = 3 * BBS_G1_ELEM_LEN + 4 * BBS_SCALAR_LEN; + if (proof_len < floor) return BBS_ERROR; + if ((proof_len - floor) % BBS_SCALAR_LEN != 0) return BBS_ERROR; + + const size_t U = (proof_len - floor) / BBS_SCALAR_LEN; + if (U == 0) return BBS_ERROR; + + // L = signer-known messages; M = blind messages (all, disclosed + hidden) + const size_t L = num_signer_known_messages; + const size_t M = (num_disclosed_messages + num_disclosed_committed_messages + U - 1) - L; + + union bbs_hash_context d_ctx, c_ctx; // domain_hash context and challenge_hash context + uint8_t generator_ctx[48 + 8], sbuf[BBS_G1_ELEM_LEN]; + blst_p1 B, Q_1, H_i, Abar, Bbar, T1, T2, res; + blst_scalar domain, tmp; + size_t disclosed_idx = 0, undisclosed = 0; + + bbs_memset(&T1.z, 0, sizeof(T1.z)); + bbs_memset(&T2.z, 0, sizeof(T2.z)); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + //printf("init domain calc in proof init with n = %lu\n", L + 1 + M); + calculate_domain_init(s, &d_ctx, pk, L + 1 + M); + + // init challenge calculation + //printf("init challenge calc with %ld disclosed messages\n", num_disclosed_messages + num_disclosed_committed_messages); + uint64_t be_buffer = htobe64(num_disclosed_messages + num_disclosed_committed_messages); + hash_to_scalar_init(s, &c_ctx); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + calculate_domain_update(s, &d_ctx, &Q_1); + + // base ptr into proof to where commitments start + const uint8_t *proof_scs = (const uint8_t *)proof + 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN; + + // loop over disclosed messages + for (size_t i = 0; i < L; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_messages && disclosed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + if (is_disclosed) { + // convert message to scalar + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, disclosed_messages[disclosed_idx-1], disclosed_message_lens[disclosed_idx-1]); + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // message disclosed, update challenge + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", i); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(i); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation + bn_write_bbs(sbuf, &tmp); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + } else { + // read m^_ji from proof + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg scalar (m^_j%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // init blind_generators, reuse context, add Q_2 to domain + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + calculate_domain_update(s, &d_ctx, &H_i); + + // secret_prover_blind counts as undisclosed so its accumulated onto T2 + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg scalar (m^_%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf(" (special = secret_prover_blind)\n"); } + + // T2 = T2 + H_ji * m^_ji (H_ji = Q_2, m^_ji = secret_prover_blind) + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + disclosed_idx = 0; + for (uint64_t i = 0; i < M; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_committed_messages && disclosed_committed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("J_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + if (is_disclosed) { + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, disclosed_committed_messages[disclosed_idx-1], disclosed_committed_message_lens[disclosed_idx-1]); + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // commited message disclosed, update challenge, disclosed message index must account for normal messages too + // remember, the indices for the commited_messages are calculated as such: [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] (L = num_messages) + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", L + i + 1); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(L + i + 1); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation directly from proof + bn_write_bbs(sbuf, &tmp); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + } else { + // read m^_ji from proof + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar (m^_j%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // ProofChallengeCalculate + // add (Abar, Bbar, D, ...) directly from proof to challenge + //{ printf("[challenge add] Abar: "); for(int i=0; i<48; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof, BBS_G1_ELEM_LEN); // Abar + //{ printf("[challenge add] Bbar: "); for(int i=48; i<96; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); // Bbar + //{ printf("[challenge add] D: "); for(int i=96; i<144; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); // D + + // B = B + Q_1 * domain + calculate_domain_finalize(s, &d_ctx, &domain, header, header_len); + ep_mult_scalar(&res, &Q_1, &domain, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &domain); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load challenge + bn_read_bbs(&tmp, (uint8_t*)proof + proof_len - BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("(prime) challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + B * challenge + ep_mult_scalar(&res, &B, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + // load Bbar + ep_read_bbs(&Bbar, (uint8_t*)proof + BBS_G1_ELEM_LEN); + //{ uint8_t b[48]; blst_p1_compress(b, &Bbar); printf("Bbar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + Bbar * challenge + ep_mult_scalar(&res, &Bbar, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + + // load Abar + ep_read_bbs(&Abar, (uint8_t*)proof); + //{ uint8_t b[48]; blst_p1_compress(b, &Abar); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load e^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("e^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + Abar * e^ + ep_mult_scalar(&res, &Abar, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + + // load D, reuse Q_1 + ep_read_bbs(&Q_1, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN); + //{ uint8_t b[48]; blst_p1_compress(b, &Q_1); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load r1^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r1^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + D * r1^ + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + //{ uint8_t b[48]; blst_p1_compress(b, &T1); printf("T1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load r3^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 2 * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r3^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + D * r3^ + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + //{ uint8_t b[48]; blst_p1_compress(b, &T2); printf("T2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // ProofChallengeCalculate + // add (..., T1, T2, ...) to challenge + ep_write_bbs(sbuf, &T1); + //{ printf("[challenge add] T1: "); for(int i=0; i<48; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + ep_write_bbs(sbuf, &T2); + //{ printf("[challenge add] T2: "); for(int i=0; i<48; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + bn_write_bbs(sbuf, &domain); + //{ printf("[challenge add] domain: "); for(int i=0; i<32; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + + // add (I2OSP(length(ph), 8) || ph) to challenge calculation + be_buffer = htobe64(presentation_header_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, presentation_header, presentation_header_len); + + // finalize challenge calculation + hash_to_scalar_finalize(s, &c_ctx, &tmp, s->challenge_dst, s->challenge_dst_len); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // VERIFICATION + bn_write_bbs(sbuf, &tmp); // tmp = challenge (recalculated) + + uint8_t* challenge_ptr = (uint8_t*)proof + proof_len - BBS_SCALAR_LEN; + unsigned int err = 0; + for (int i = 0; i < BBS_SCALAR_LEN; i++) + err |= sbuf[i] ^ challenge_ptr[i]; + + err |= bbs_check_sig_eqn(&Abar, &Bbar, pk); + + return err; // if err = 0 => BBS_OK otherwise BBS_ERROR +} + diff --git a/src/bbs_blind_with_nym.c b/src/bbs_blind_with_nym.c new file mode 100644 index 0000000..c3d07a1 --- /dev/null +++ b/src/bbs_blind_with_nym.c @@ -0,0 +1,1317 @@ +#include "bbs_blind_with_nym.h" +#include "bbs_util.h" +#include "blst.h" + +//#include + +#define BBS_BLIND_API_ID_PREFIX "BLIND_" + +// forward definitions +int getentropy(void *buffer, size_t length); + +int bbs_check_sig_eqn(blst_p1 *A, blst_p1 *B, const bbs_public_key pk); + +// omit size from mult call +static inline void +ep_mult_scalar(blst_p1 *out, const blst_p1 *p, const blst_scalar *s, size_t _ignored) { + (void)_ignored; + blst_p1_mult(out, p, s->b, 255); +} + +// COMMIT +typedef struct { + const bbs_ciphersuite *s; + union bbs_hash_context hc; + uint8_t generator_ctx[48 + 8]; + blst_p1 C, Cbar, Q_2; + blst_scalar challenge, spb, st; + bbs_bn_prf *prf; + void *prf_cookie; +} bbs_commit_ctx; + +void +bbs_commit_init( + bbs_commit_ctx *ctx, + size_t num_messages +); + +void +commit_update_with_scalar( + bbs_commit_ctx *ctx, + blst_scalar *sc, + size_t msg_index, + uint8_t *scalar_tmp +); + +void +bbs_commit_update( + bbs_commit_ctx *ctx, + const void *msg, + size_t msg_len, + size_t msg_index, + uint8_t *scalar_tmp +); + +void +bbs_commit_finalize( + bbs_commit_ctx *ctx, + uint8_t *secret_prover_blind, + uint8_t *cwp, + size_t num_messages +); + +void +bbs_blind_commit_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *seed +); + +static void +bbs_commit_with_nym_update( + bbs_commit_ctx *ctx, + uint8_t *prover_nym, + size_t msg_index, + uint8_t *scalar_tmp +) { + // in this case the msg_i is the equivalent prover pseudonym which is already a scalar + blst_scalar sc; + blst_scalar_from_bendian(&sc, prover_nym); + commit_update_with_scalar(ctx, &sc, msg_index, scalar_tmp); +} + +// ptr to the i-th scalar in the commitment_with_proof +#define CWP_SCALAR_PTR(cwp, i) \ + ((uint8_t *)(cwp) + BBS_G1_ELEM_LEN + (1 + (i)) * BBS_SCALAR_LEN) + +int +bbs_blind_commit_with_nym_inner( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + size_t num_messages, + const void *const *messages, + const size_t *messages_lens, + size_t num_prover_nyms, + const void *const *prover_nyms, + bbs_bn_prf prf, + void *prf_cookie +) { + bbs_commit_ctx ctx = { + .s = cipher_suite, + .prf = prf, + .prf_cookie = prf_cookie, + }; + + bbs_commit_init(&ctx, num_messages + num_prover_nyms); + + for(size_t i = 0; i < num_messages; i++) { + bbs_commit_update(&ctx, messages[i], messages_lens[i], i, CWP_SCALAR_PTR(commitment_with_proof, i)); + } + + // additional loop over prover pseudonyms which are essentially just appended to the messages + for(size_t i = 0; i < num_prover_nyms; i++) { + bbs_commit_with_nym_update(&ctx, (uint8_t*)prover_nyms[i], num_messages + i, CWP_SCALAR_PTR(commitment_with_proof, num_messages + i)); + } + + bbs_commit_finalize(&ctx, secret_prover_blind, commitment_with_proof, num_messages + num_prover_nyms); + + return BBS_OK; +} + +#undef CWP_SCALAR_PTR + +int +bbs_blind_commit_with_nym( + const bbs_ciphersuite *cipher_suite, + void *commitment_with_proof, + uint8_t *secret_prover_blind, + size_t num_messages, + const void *const *messages, + const size_t *messages_lens, + size_t num_prover_nyms, + const void *const *prover_nyms +) { + int ret = BBS_OK; + + // generate single random seed for random scalar generation + uint8_t seed[32]; + getentropy(seed, 32); + + if (cipher_suite != bbs_blind_nym_sha256_ciphersuite && cipher_suite != bbs_blind_nym_shake256_ciphersuite) + { return BBS_ERROR; } + + ret = bbs_blind_commit_with_nym_inner( + cipher_suite, + commitment_with_proof, + secret_prover_blind, + num_messages, + messages, + messages_lens, + num_prover_nyms, + prover_nyms, + bbs_blind_commit_prf, + &seed + ); + + return ret; +} + +// BLIND SIGNATURE WITH NYM + +int deserialize_and_verify_commitment( + const bbs_ciphersuite *s, + const uint8_t *commitment_with_proof, + size_t commitment_with_proof_len, + blst_p1 *commitment, // OUT + size_t *num_messages // OUT +); + +int +bbs_blind_sign_with_nym( + const bbs_ciphersuite *s, + const bbs_secret_key sk, + const bbs_public_key pk, + bbs_signature out, // OUT + const void *signer_nym_entropy, + size_t length_nym_vector, + const void *header, + size_t header_len, + const void *commitment_with_proof, + size_t commitment_with_proof_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens +) { + union bbs_hash_context h_ctx; + + uint8_t generator_ctx[48 + 8], buffer[BBS_G1_ELEM_LEN]; + blst_p1 commitment, B, Q_1, H_i, res; + blst_scalar tmp, sk_n; + size_t m = 0; + + if (s != bbs_blind_nym_sha256_ciphersuite && s != bbs_blind_nym_shake256_ciphersuite) + { return BBS_ERROR; } + + if (deserialize_and_verify_commitment( + s, + commitment_with_proof, + commitment_with_proof_len, + &commitment, + &m + ) != BBS_OK) { + return 1; + } + + //{ uint8_t b[48]; blst_p1_compress(b, &commitment); printf("commitment: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + //printf("domain input: %llu\n", num_messages + 1 + m); + + // init domain calculation with pk and Q_1 + calculate_domain_init(s, &h_ctx, pk, num_messages + 1 + m); // generators + Q_2 + blind_generators + calculate_domain_update(s, &h_ctx, &Q_1); + + for (uint64_t i = 0; i < num_messages; i++) { + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("msg_i: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + // B = B + commitment + blst_p1_add_or_double(&B, &B, &commitment); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B (p1+c): "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add B to e calculation + //hash_to_scalar_update(cipher_suite, &h_ctx, &B, BBS_G1_ELEM_LEN); + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // add Q_2 to domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + + for (uint64_t i = 0; i < m; i++) { + // update domain calculation with blind generators + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("J_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + calculate_domain_update(s, &h_ctx, &H_i); + } + + // B = B + blind_generators[-1] * signer_nym_entropy + // last blind generator is still in H_i + if(BBS_OK != bn_read_bbs(&tmp, signer_nym_entropy)) return BBS_ERROR; + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B (pre domain): "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + //calculate_domain_finalize(s, &h_ctx, &tmp, header, header_len); + calculate_domain_finalize_with_nym(s, &h_ctx, &tmp, header, header_len, length_nym_vector); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // init e_octs calculation with serialization of the sk + hash_to_scalar_init(s, &h_ctx); + hash_to_scalar_update(s, &h_ctx, sk, BBS_SK_LEN); + + // add B to e calculation + ep_write_bbs(buffer, &B); + hash_to_scalar_update(s, &h_ctx, buffer, BBS_G1_ELEM_LEN); + + // add domain to e calculation + //bn_write_bbs(buffer, &tmp); + //hash_to_scalar_update(cipher_suite, &h_ctx, buffer, BBS_SCALAR_LEN); + + // finish calculation of e + const uint8_t *api_id = (uint8_t*) s->api_id; + uint8_t api_id_len = s->api_id_len; + uint8_t domain_dst[api_id_len + 4]; + + bbs_memcpy(domain_dst, api_id, api_id_len); + bbs_memcpy(domain_dst + api_id_len, "H2S_", 4); + + hash_to_scalar_finalize(s, &h_ctx, &tmp, domain_dst, api_id_len + 4); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("e: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // A = B * (1 / (SK + e)) + // tmp contains e, B gets reused for A + if(BBS_OK != bn_read_bbs(&sk_n, sk)) return BBS_ERROR; + blst_sk_add_n_check(&sk_n, &sk_n, &tmp); // sk_n reused + blst_sk_inverse(&sk_n, &sk_n); + ep_mult_scalar(&B, &B, &sk_n, 255); + + // serialize (A,e) + ep_write_bbs(out, &B); + bn_write_bbs(out + BBS_G1_ELEM_LEN, &tmp); + + return BBS_OK; +} + +int +bbs_blind_verify_with_nym( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const bbs_signature signature, + const void *header, + size_t header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + const uint8_t *secret_prover_blind, // optional, NULL = zero + const void *signer_nym_entropy, // optional, NULL = zero + size_t num_pseudonyms, + const void *const *prover_nyms, + void *const *nym_secrets // OUT +) { + union bbs_hash_context h_ctx; + + // prepare_parameters essentially does this, prover_nyms are then appended to message_scalars + // message_scalars = msg_0, ..., msg_L, secret_prover_blind, c_msg_0, ..., c_msg_L, nym_0, ..., nym_N + // generators = Q_1, H_0, ..., H_L, Q_2, J_0, ..., J_L, J_L+0, ..., J_L+N + // Q_1 is treated seperately and then every generator maps to a scalar, H_i to msg_i, Q_2 to secret_prover_blind, J_i to c_msg_i + + uint8_t generator_ctx[48 + 8]; + blst_scalar tmp, s_entropy; + blst_p1 B, Q_1, H_i, res; + + if (s != bbs_blind_nym_sha256_ciphersuite && s != bbs_blind_nym_shake256_ciphersuite) + { return BBS_ERROR; } + + // init B to P1 + ep_read_bbs(&B, s->p1); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + //printf("domain input: %llu\n", num_messages + 1 + num_commited_messages + num_pseudonyms); + + // init domain calculation with pk and Q_1 + calculate_domain_init(s, &h_ctx, pk, num_messages + 1 + num_committed_messages + num_pseudonyms); // generators + Q_2 + blind_generators + calculate_domain_update(s, &h_ctx, &Q_1); + + for(uint64_t i = 0; i < num_messages; i++) { + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("msg_i: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add Q_2 to domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + + // B = B + Q_2 * secret_prover_blind + if (BBS_OK != bn_read_bbs(&tmp, secret_prover_blind)) bbs_memset(&tmp, 0, sizeof(tmp)); + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + for (uint64_t i = 0; i < num_committed_messages; i++) { + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, committed_messages[i], committed_message_lens[i]); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + // read in signer_nym_entropy + if (BBS_OK != bn_read_bbs(&s_entropy, signer_nym_entropy)) return BBS_ERROR; + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &s_entropy); printf("signer_nym_entropy: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // loop over the remaining prover_nyms that are appended to message_scalars + for (uint64_t i = 0; i < num_pseudonyms; i++) { + // get next generator and read in next prover nym + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + if (BBS_OK != bn_read_bbs(&tmp, prover_nyms[i])) return BBS_ERROR; + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("msg_i: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // if last nym, add the signer entropy: prover_nym + signer_nym_entropy + if (i == num_pseudonyms - 1) blst_sk_add_n_check(&tmp, &tmp, &s_entropy); + + // write pseudonym or nym_secret to output + bn_write_bbs((uint8_t*)nym_secrets[i], &tmp); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("nym_secrets[%llu]: ", i); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // update domain calculation + calculate_domain_update(s, &h_ctx, &H_i); + } + + calculate_domain_finalize_with_nym(s, &h_ctx, &tmp, header, header_len, num_pseudonyms); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // Reuse Q_1 as A, tmp as e, H_i as A*e + if(BBS_OK != ep_read_bbs(&Q_1, signature)) return BBS_ERROR; + if(BBS_OK != bn_read_bbs(&tmp, signature + BBS_G1_ELEM_LEN)) return BBS_ERROR; + ep_mult_scalar(&H_i, &Q_1, &tmp, 255); + blst_p1_cneg(&H_i, 1); + blst_p1_add_or_double(&B, &B, &H_i); + + return bbs_check_sig_eqn(&Q_1, &B, pk); +} + +// PROOF WITH NYM + +int +bbs_blind_proof_gen_with_nym_inner( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + bbs_pseudonym pseudonym, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + size_t num_nym_secrets, + const void *const *nym_secrets, + bbs_bn_prf prf, + void *prf_cookie +) { + if (num_disclosed_indexes > num_messages) return BBS_ERROR; + if (num_disclosed_committed_indexes > num_committed_messages) return BBS_ERROR; + + // prepare_parameters essentially does this, prover_nyms are then appended to message_scalars + // message_scalars = msg_0, ..., msg_L, secret_prover_blind, c_msg_0, ..., c_msg_L, nym_0, ..., nym_N + // generators = Q_1, H_0, ..., H_L, Q_2, J_0, ..., J_L, J_L+0, ..., J_L+N + // Q_1 is treated seperately and then every generator maps to a scalar, H_i to msg_i, Q_2 to secret_prover_blind, J_i to c_msg_i, J_L+i to nym_i + + // indexes is essentially disclosed_indexes + [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] + + union bbs_hash_context d_ctx; // domain_hash_context + union bbs_hash_context c_ctx; // challenge_hash_context + + uint8_t generator_ctx[48 + 8], sbuf[BBS_G1_ELEM_LEN]; + blst_p1 B, Q_1, H_i, D, Abar, Bbar, T1, T2, nym, Ut, res; + blst_scalar domain, z, poly_eval_pseudo, poly_eval_proof, tmp; + size_t disclosed_idx = 0, undisclosed_idx = 0; + + // init T2, pseudonym, Ut to inf + (void)bbs_memset(&T2.z, 0, sizeof(T2.z)); + (void)bbs_memset(&nym.z, 0, sizeof(nym.z)); + (void)bbs_memset(&Ut.z, 0, sizeof(Ut.z)); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + //printf("init domain calc in proof init with n = %llu\n", num_messages + 1 + num_commited_messages + num_nym_secrets); + calculate_domain_init(s, &d_ctx, pk, num_messages + 1 + num_committed_messages + num_nym_secrets); + + // init challenge calculation + hash_to_scalar_init(s, &c_ctx); + //printf("init challenge calc with %ld disclosed messages\n", disclosed_indexes_len + disclosed_commitment_indexes_len); + uint64_t be_buffer = htobe64(num_disclosed_indexes + num_disclosed_committed_indexes); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + //{ uint8_t b[48]; blst_p1_compress(b, &Q_1); printf("Q_1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + calculate_domain_update(s, &d_ctx, &Q_1); + + // loop over messages + for (size_t i = 0; i < num_messages; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_indexes && disclosed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert message to scalar + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, messages[i], message_lens[i]); + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // save message to proof and undisclosed ptr, if disclosed it will get overwritten eventually + uint8_t *proof_ptr = (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN; + //printf("writing msg scalar at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + prf_undisclosed_msg_index) * BBS_SCALAR_LEN); + bn_write_bbs(proof_ptr, &tmp); + + if (is_disclosed) { + // message disclosed, update challenge + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", i); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(i); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation directly from proof + hash_to_scalar_update(s, &c_ctx, proof_ptr, BBS_SCALAR_LEN); + } else { + // if undisclosed: T2 = T2 + H_ji * m~_ji + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg random scalar (m~_j%ld): ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // B = B + H_i * msg_i (special case: H_i = Q_2, msg_i = secret_prover_blind) + if (BBS_OK != bn_read_bbs(&tmp, secret_prover_blind)) bbs_memset(&tmp, 0, sizeof(tmp)); + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // secret_prover_blind counts as undisclosed, pre-save to proof for proof finalization + //printf("writing msg scalar (spb) at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + prf_undisclosed_msg_index) * BBS_SCALAR_LEN); + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN, &tmp); + + // secret_prover_blind counts as undisclosed so its accumulated onto T2 + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("m~_%ld: ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // add Q_2 to domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + + // loop over commited messages + disclosed_idx = 0; + for (size_t i = 0; i < num_committed_messages; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_committed_indexes && + disclosed_committed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, committed_messages[i], committed_message_lens[i]); + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // save commited message to proof, if disclosed it will get overwritten eventually + uint8_t *proof_ptr = (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN; + //printf("writing commited msg scalar at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + prf_undisclosed_msg_index) * BBS_SCALAR_LEN); + bn_write_bbs(proof_ptr, &tmp); + + if (is_disclosed) { + // commited message disclosed, update challenge, disclosed message index must account for normal messages too + // remember, the indexes for the commited_messages are calculated as such: [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] (L = num_messages) + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", num_messages + i + 1); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(num_messages + i + 1); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation directly from proof + hash_to_scalar_update(s, &c_ctx, proof_ptr, BBS_SCALAR_LEN); + } else { + // if undisclosed: T2 = T2 + H_ji * m~_ji + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar (m~_j%ld): ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // init z for PseudonymProofInit + uint8_t context_id_hash_dst[s->api_id_len + 16]; + bbs_memcpy(context_id_hash_dst, s->api_id, s->api_id_len); + bbs_memcpy(context_id_hash_dst + s->api_id_len, "VECT_NYM_SECRETS", 16); + hash_to_scalar(s, &z, context_id_hash_dst, s->api_id_len + 16, 1, context_id, context_id_len); + + // loop over pseudonyms, they all count as undisclosed + // FOR DISCUSSION: Horners rule requires reverse iteration yet create_generator_next and the other operations require forward iteration. Second reverse loop feasible? + for (uint64_t i = 0; i < num_nym_secrets; i++) { + // get next generator and read in next nym_secret + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + if (BBS_OK != bn_read_bbs(&tmp, nym_secrets[i])) return BBS_ERROR; + + // B = B + J_i * nym_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // save nym secret scalar to proof because it counts as undisclosed + uint8_t *proof_ptr = (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN; + //printf("writing nym_secret scalar at offset: %ld\n", 3 * BBS_G1_ELEM_LEN + (3 + undisclosed_idx) * BBS_SCALAR_LEN); + bn_write_bbs(proof_ptr, &tmp); + + // PseudonymProofInit stuff, tmp still has the nym_secret + if (i == 0) { + poly_eval_pseudo = tmp; + } + + // accumulate onto T2 + prf(s, &tmp, 1, undisclosed_idx++, prf_cookie); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar m~_%ld: ", prf_undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + // T2 = T2 + H_ji * m~_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + // PseudonymProofInit stuff, tmp still has the random scalar + if (i == 0) { + poly_eval_proof = tmp; + } + } + + // seperate loop for Horners rule + if (num_nym_secrets > 1) { + blst_fr z_fr, acc_pseudo_fr, acc_proof_fr, coeff_fr; + size_t base_idx = undisclosed_idx - num_nym_secrets; + blst_fr_from_scalar(&z_fr, &z); + + bn_read_bbs(&tmp, nym_secrets[num_nym_secrets - 1]); + blst_fr_from_scalar(&acc_pseudo_fr, &tmp); + + prf(s, &tmp, 1, base_idx + (num_nym_secrets - 1), prf_cookie); + blst_fr_from_scalar(&acc_proof_fr, &tmp); + + for (int64_t i = (int64_t)num_nym_secrets - 2; i >= 0; i--) { + blst_fr_mul(&acc_pseudo_fr, &acc_pseudo_fr, &z_fr); + bn_read_bbs(&tmp, nym_secrets[i]); + blst_fr_from_scalar(&coeff_fr, &tmp); + blst_fr_add(&acc_pseudo_fr, &acc_pseudo_fr, &coeff_fr); + + blst_fr_mul(&acc_proof_fr, &acc_proof_fr, &z_fr); + prf(s, &tmp, 1, base_idx + i, prf_cookie); + blst_fr_from_scalar(&coeff_fr, &tmp); + blst_fr_add(&acc_proof_fr, &acc_proof_fr, &coeff_fr); + } + + blst_scalar_from_fr(&poly_eval_pseudo, &acc_pseudo_fr); + blst_scalar_from_fr(&poly_eval_proof, &acc_proof_fr); + } + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &poly_eval_pseudo); printf("poly_eval_pseudo: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &poly_eval_proof); printf("poly_eval_proof: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + //printf("calculate_domain_finalize_with_nym: %llu\n", num_nym_secrets); + calculate_domain_finalize_with_nym(s, &d_ctx, &domain, header, header_len, num_nym_secrets); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &domain); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &domain, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // generate r2, D = B * r2 + prf(s, &tmp, 0, 1, prf_cookie); // r2 + blst_sk_inverse(&z, &tmp); + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 2 * BBS_SCALAR_LEN, &z); // write r3 into output + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r2: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + ep_mult_scalar(&D, &B, &tmp, 255); + + //{ uint8_t b[48]; blst_p1_compress(b, &D); printf("D: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write D to output proof + ep_write_bbs((uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, &D); + + // read in A from signature, Abar = A * (r1 * r2) + if (BBS_OK != ep_read_bbs(&Abar, signature)) return BBS_ERROR; // Reuse Abar as A + ep_mult_scalar(&Abar, &Abar, &tmp, 255); // Abar = A * r2 + prf(s, &tmp, 0, 0, prf_cookie); // r1 + ep_mult_scalar(&Abar, &Abar, &tmp, 255); // Abar = A * r1 + + //{ uint8_t b[48]; blst_p1_compress(b, &Abar); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write Abar to output proof and add to challenge calculation + ep_write_bbs(proof, &Abar); + hash_to_scalar_update(s, &c_ctx, proof, BBS_G1_ELEM_LEN); + + // Bbar = D * r1 - Abar * e + ep_mult_scalar(&Bbar, &D, &tmp, 255); // Bbar = D * r1 + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + BBS_SCALAR_LEN, &tmp); // write r1 into output + if (BBS_OK != bn_read_bbs(&tmp, signature + BBS_G1_ELEM_LEN)) return BBS_ERROR; // overwrite tmp as e + ep_mult_scalar(&res, &Abar, &tmp, 255); // res = Abar * e + blst_p1_cneg(&res, 1); // res = -res + blst_p1_add_or_double(&Bbar, &Bbar, &res); + + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN, &tmp); // write e into output + + //{ uint8_t b[48]; blst_p1_compress(b, &Bbar); printf("Bbar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // write Bbar to output proof and add to challenge calculation + ep_write_bbs((uint8_t*)proof + BBS_G1_ELEM_LEN, &Bbar); + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); + + // add D to challenge calculation + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); + + prf(s, &tmp, 0, 2, prf_cookie); // e~ + ep_mult_scalar(&T1, &Abar, &tmp, 255); // T1 = Abar * e~ + prf(s, &tmp, 0, 3, prf_cookie); // r1~ + ep_mult_scalar(&res, &D, &tmp, 255); // res = D * r1~ + blst_p1_add_or_double(&T1, &T1, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &T1); printf("T1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add T1 to challenge calculation + ep_write_bbs(sbuf, &T1); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + prf(s, &tmp, 0, 4, prf_cookie); // r3~ + ep_mult_scalar(&res, &D, &tmp, 255); // res = D * r3~ + blst_p1_add_or_double(&T2, &T2, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &T2); printf("T2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add T2 to challenge calculation + ep_write_bbs(sbuf, &T2); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + // generate OP (reuse B) + uint8_t htg1_buf[128]; + blst_fp u, v; + union bbs_hash_context hc; + s->expand_message_init(&hc); + s->expand_message_update(&hc, context_id, context_id_len); + s->expand_message_finalize(&hc, htg1_buf, 128, s->api_id, s->api_id_len); + blst_fp_from_be_bytes(&u, htg1_buf, 64); + blst_fp_from_be_bytes(&v, htg1_buf + 64, 64); + blst_map_to_g1(&B, &u, &v); + //blst_hash_to_g1(&B, context_id, context_id_len, s->api_id, s->api_id_len, nullptr, 0); + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("hash_to_g1(context_id): "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // pseudonym = OP * poly_eval_pseudo + ep_mult_scalar(&res, &B, &poly_eval_pseudo, 255); + blst_p1_add_or_double(&nym, &nym, &res); + + // add pseudonym to challenge calculation and write to output + ep_write_bbs(pseudonym, &nym); + hash_to_scalar_update(s, &c_ctx, pseudonym, BBS_G1_ELEM_LEN); + + //{ uint8_t b[48]; blst_p1_compress(b, &pseudonym); printf("pseudonym: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // Ut = OP * poly_eval_proof + ep_mult_scalar(&res, &B, &poly_eval_proof, 255); + blst_p1_add_or_double(&Ut, &Ut, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &Ut); printf("Ut: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // add Ut to challenge calculation + ep_write_bbs(sbuf, &Ut); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + // add domain to challenge calculation + bn_write_bbs(sbuf, &domain); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + + // add (I2OSP(length(ph), 8) || ph || I2OSP(length(context_id), 8) || context_id) to challenge calculation + be_buffer = htobe64(presentation_header_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, presentation_header, presentation_header_len); + be_buffer = htobe64(context_id_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, context_id, context_id_len); + + // finalize challenge calculation + hash_to_scalar_finalize(s, &c_ctx, &tmp, s->challenge_dst, s->challenge_dst_len); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + //printf("writing challenge at offset: %lu\n", 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN + prf_undisclosed_msg_index * BBS_SCALAR_LEN); + // write challenge into proof + bn_write_bbs((uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN + undisclosed_idx * BBS_SCALAR_LEN, &tmp); + + uint8_t *proof_ptr = (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN; + // seperate loop for e^, r1^, and r3^ + for (uint64_t i = 0; i < 3; i++) { + prf(s, &z, 0, i + 2, prf_cookie); + bn_read_bbs(&domain, proof_ptr); + blst_sk_mul_n_check(&domain, &domain, &tmp); + if (i == 0) { + blst_sk_add_n_check(&z, &z, &domain); + } else { + blst_sk_sub_n_check(&z, &z, &domain); + } + bn_write_bbs(proof_ptr, &z); + proof_ptr += BBS_SCALAR_LEN; + } + + for (uint64_t i = 0; i < undisclosed_idx; i++) { + prf(s, &z, 1, i, prf_cookie); + bn_read_bbs(&domain, proof_ptr); // reuse domain var, cannot fail + blst_sk_mul_n_check(&domain, &domain, &tmp); + blst_sk_add_n_check(&z, &z, &domain); + bn_write_bbs(proof_ptr, &z); + proof_ptr += BBS_SCALAR_LEN; + } + + return BBS_OK; +} + +static void bbs_blind_proof_gen_with_nym_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *seed +) { + // input_type 0: input=0=r1 input=1=r2 input=2=e~ input=3=r1~ input=4=r2~ + // input_type 1: input=i=m~_i + + // All these have length 17 + static uint8_t *prf_dsts[] = { + (uint8_t*) "random rnd scalar", + (uint8_t*) "random msg scalar", + }; + + hash_to_scalar(cipher_suite, out, prf_dsts[input_type], 17, 2, seed, (size_t)32, &input, (size_t)8); +} + +int +bbs_blind_proof_gen_with_nym( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + bbs_pseudonym pseudonym, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + size_t num_nym_secrets, + const void *const *nym_secrets +) { + int ret = BBS_OK; + + // generate single random seed for random scalar generation + uint8_t seed[32]; + getentropy(seed, 32); + + if (cipher_suite != bbs_blind_nym_sha256_ciphersuite && cipher_suite != bbs_blind_nym_shake256_ciphersuite) + { return BBS_ERROR; } + + ret = bbs_blind_proof_gen_with_nym_inner( + cipher_suite, + pk, + signature, + proof, + pseudonym, + header, + header_len, + presentation_header, + presentation_header_len, + context_id, + context_id_len, + num_messages, + messages, + message_lens, + num_committed_messages, + committed_messages, + committed_message_lens, + num_disclosed_indexes, + disclosed_indexes, + num_disclosed_committed_indexes, + disclosed_committed_indexes, + secret_prover_blind, + num_nym_secrets, + nym_secrets, + bbs_blind_proof_gen_with_nym_prf, + seed + ); + + return ret; +} + +int +bbs_blind_proof_verify_with_nym( + const bbs_ciphersuite *s, + const bbs_public_key pk, + bbs_pseudonym pseudonym, + const void *proof, + size_t proof_len, + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t length_nym_vector, + size_t num_signer_known_messages, + size_t num_disclosed_messages, + const void *const *disclosed_messages, + const size_t *disclosed_message_lens, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_messages, + const void *const *disclosed_committed_messages, + const size_t *disclosed_committed_message_lens, + const size_t *disclosed_committed_indexes +) { + union bbs_hash_context d_ctx; // domain_hash_context + union bbs_hash_context c_ctx; // challenge_hash_context + + // sanity checks + if (s != bbs_blind_nym_sha256_ciphersuite && s != bbs_blind_nym_shake256_ciphersuite) + { return BBS_ERROR; } + + const size_t floor = 3 * BBS_G1_ELEM_LEN + 4 * BBS_SCALAR_LEN; + if (proof_len < floor) return BBS_ERROR; + if ((proof_len - floor) % BBS_SCALAR_LEN != 0) return BBS_ERROR; + + size_t U = (proof_len - floor) / BBS_SCALAR_LEN; + if (U == 0) return BBS_ERROR; + + // L = signer-known messages; M = blind messages (all, disclosed + hidden) + const size_t L = num_signer_known_messages; + const size_t M = (num_disclosed_messages + num_disclosed_committed_messages + U - 1) - L - length_nym_vector; + + uint8_t generator_ctx[48 + 8], sbuf[BBS_G1_ELEM_LEN]; + blst_p1 B, Q_1, H_i, Abar, Bbar, T1, T2, Uv, res; + blst_scalar domain, tmp; + size_t disclosed_idx = 0, undisclosed = 0; + + bbs_memset(&T1.z, 0, sizeof(T1.z)); + bbs_memset(&T2.z, 0, sizeof(T2.z)); + + // init B to P1 + ep_read_bbs(&B, s->p1); + + //printf("init domain calc in proof init with n = %lu\n", L + 1 + M); + calculate_domain_init(s, &d_ctx, pk, L + 1 + M + length_nym_vector); + + // init challenge calculation + //printf("init challenge calc with %ld disclosed messages\n", num_disclosed_indexes + num_disclosed_committed_indexes); + uint64_t be_buffer = htobe64(num_disclosed_messages + num_disclosed_committed_messages); + hash_to_scalar_init(s, &c_ctx); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // calc Q_1 and save Q_1 + create_generator_init(s, generator_ctx, nullptr, 0); + create_generator_next(s, generator_ctx, &Q_1, nullptr, 0); + + //{ uint8_t b[48]; blst_p1_compress(b, &Q_1); printf("Q_1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + calculate_domain_update(s, &d_ctx, &Q_1); + + // base ptr into proof to where commitments start + const uint8_t *proof_scs = (const uint8_t *)proof + 3 * BBS_G1_ELEM_LEN + 3 * BBS_SCALAR_LEN; + + // loop over disclosed messages + for (size_t i = 0; i < L; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_messages && disclosed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator + create_generator_next(s, generator_ctx, &H_i, nullptr, 0); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("H_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + if (is_disclosed) { + // convert message to scalar + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, disclosed_messages[disclosed_idx-1], disclosed_message_lens[disclosed_idx-1]); + + // B = B + H_i * msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // message disclosed, update challenge + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", i); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(i); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation + bn_write_bbs(sbuf, &tmp); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + } else { + // read m^_ji from proof + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg scalar (m^_j%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // init blind_generators, reuse context + bbs_memset(generator_ctx, 0, 48 + 8); + create_generator_init(s, generator_ctx, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // secret_prover_blind counts as undisclosed so its accumulated onto T2 + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. msg scalar (m^_%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf(" (special = secret_prover_blind)\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("Q_2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // add Q_2 to domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + + disclosed_idx = 0; + for (uint64_t i = 0; i < M; i++) { + bool is_disclosed = (disclosed_idx < num_disclosed_committed_messages && disclosed_committed_indexes[disclosed_idx] == i); + if (is_disclosed) disclosed_idx++; + + // get next generator and convert commited message to scalar + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("J_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + if (is_disclosed) { + hash_to_scalar(s, &tmp, s->map_dst, s->map_dst_len, 1, disclosed_committed_messages[disclosed_idx-1], disclosed_committed_message_lens[disclosed_idx-1]); + + // B = B + J_i * c_msg_i + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&B, &B, &res); + + // commited message disclosed, update challenge, disclosed message index must account for normal messages too + // remember, the indices for the commited_messages are calculated as such: [for i in disclosed_commitment_indexes: indexes.append(j + L + 1)] (L = num_messages) + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("discl. msg scalar (m_%lld): ", L + i + 1); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + uint64_t be_buffer = htobe64(L + i + 1); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + + // update challenge calculation directly from proof + bn_write_bbs(sbuf, &tmp); + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + } else { + // read m^_ji from proof + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar (m^_j%ld): ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + } + + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + // PseudonymProofVerifyInit + // init z + uint8_t context_id_hash_dst[s->api_id_len + 16]; + bbs_memcpy(context_id_hash_dst, s->api_id, s->api_id_len); + bbs_memcpy(context_id_hash_dst + s->api_id_len, "VECT_NYM_SECRETS", 16); + hash_to_scalar(s, &tmp, context_id_hash_dst, s->api_id_len + 16, 1, context_id, context_id_len); + + // we the polynom multiplication the non-horner way, because doing so requires reverse order which requires a second loop where we need to + // read in the scalars from the proof again which is suboptimal. therefore we do more multiplications but dont read in values twice + blst_fr z_fr, z_n_fr, acc_fr, coeff_fr; + blst_fr_from_scalar(&z_fr, &tmp); + blst_fr_from_uint64(&z_n_fr, (const uint64_t[]){1, 0, 0, 0}); // z_n starts as 1 + bbs_memset(&acc_fr, 0, sizeof(acc_fr)); + + // loop over pseudonyms, they all count as undisclosed and are encoded + for (uint64_t i = 0; i < length_nym_vector; i++) { + // get next generator and read in next nym_secret + create_generator_next(s, generator_ctx, &H_i, (uint8_t*)BBS_BLIND_API_ID_PREFIX, 6); + + // read m^_ji from proof + bn_read_bbs(&tmp, proof_scs + undisclosed++ * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("undiscl. commited msg random scalar m^_%ld: ", undisclosed_msg_index); for(int i=0; i<32; i++) printf("%02x", b[i]); printf(" (special = pseudonyms)\n"); } + + // T2 = T2 + H_ji * m^_ji + ep_mult_scalar(&res, &H_i, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + // poly_eval_proof += c[i] * z^i + blst_fr_from_scalar(&coeff_fr, &tmp); + blst_fr_mul(&coeff_fr, &coeff_fr, &z_n_fr); + blst_fr_add(&acc_fr, &acc_fr, &coeff_fr); + + // z_n *= z (advance to z^(i+1) for next iteration) + blst_fr_mul(&z_n_fr, &z_n_fr, &z_fr); + + //{ uint8_t b[48]; blst_p1_compress(b, &H_i); printf("J_i: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + // update domain calculation + calculate_domain_update(s, &d_ctx, &H_i); + } + + //printf("calculate_domain_finalize_with_nym: %llu\n", length_nym_vector); + calculate_domain_finalize_with_nym(s, &d_ctx, &domain, header, header_len, length_nym_vector); + + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &domain); printf("domain: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // ProofWithPseudonymChallengeCalculate + // add (Abar, Bbar, D, ...) directly from proof to challenge + //{ printf("[challenge add] Abar: "); for(int i=0; i<48; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof, BBS_G1_ELEM_LEN); // Abar + //{ printf("[challenge add] Bbar: "); for(int i=48; i<96; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); // Bbar + //{ printf("[challenge add] D: "); for(int i=96; i<144; i++) printf("%02x", ((uint8_t*)proof)[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN, BBS_G1_ELEM_LEN); // D + + // B = B + Q_1 * domain + ep_mult_scalar(&res, &Q_1, &domain, 255); + blst_p1_add_or_double(&B, &B, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("B: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load challenge + bn_read_bbs(&tmp, (uint8_t*)proof + proof_len - BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("(prime) challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + B * challenge + ep_mult_scalar(&res, &B, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + + // load Bbar + ep_read_bbs(&Bbar, (uint8_t*)proof + BBS_G1_ELEM_LEN); + //{ uint8_t b[48]; blst_p1_compress(b, &Bbar); printf("Bbar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + Bbar * challenge + ep_mult_scalar(&res, &Bbar, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + + // load Abar + ep_read_bbs(&Abar, (uint8_t*)proof); + //{ uint8_t b[48]; blst_p1_compress(b, &Abar); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load e^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("e^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + Abar * e^ + ep_mult_scalar(&res, &Abar, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + + // load D, reuse Q_1 + ep_read_bbs(&Q_1, (uint8_t*)proof + 2 * BBS_G1_ELEM_LEN); + //{ uint8_t b[48]; blst_p1_compress(b, &Q_1); printf("Abar: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load r1^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r1^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T1 = T1 + D * r1^ + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&T1, &T1, &res); + //{ uint8_t b[48]; blst_p1_compress(b, &T1); printf("T1: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // load r3^ + bn_read_bbs(&tmp, (uint8_t*)proof + 3 * BBS_G1_ELEM_LEN + 2 * BBS_SCALAR_LEN); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("r3^: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // T2 = T2 + D * r3^ + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_add_or_double(&T2, &T2, &res); + //{ uint8_t b[48]; blst_p1_compress(b, &T2); printf("T2: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // ProofWithPseudonymChallengeCalculate + // add (..., T1, T2, ...) to challenge + ep_write_bbs(sbuf, &T1); + //{ printf("[challenge add] T1: "); for(int i=0; i<48; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + ep_write_bbs(sbuf, &T2); + //{ printf("[challenge add] T2: "); for(int i=0; i<48; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + // PseudonymProofVerifyInit (second part) + // generate OP (reuse B) + uint8_t htg1_buf[128]; + blst_fp u, v; + union bbs_hash_context hc; + s->expand_message_init(&hc); + s->expand_message_update(&hc, context_id, context_id_len); + s->expand_message_finalize(&hc, htg1_buf, 128, s->api_id, s->api_id_len); + blst_fp_from_be_bytes(&u, htg1_buf, 64); + blst_fp_from_be_bytes(&v, htg1_buf + 64, 64); + blst_map_to_g1(&B, &u, &v); + //{ uint8_t b[48]; blst_p1_compress(b, &B); printf("hash_to_g1(context_id): "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // turn poly_eval_proof into scalar again + blst_scalar_from_fr(&tmp, &acc_fr); + + // Uv = OP * poly_eval_proof - pseudonym * challenge + ep_mult_scalar(&Uv, &B, &tmp, 255); + + // reload challenge (tmp is now challenge and no longer poly_eval_proof) + // FOR DISCUSSION we may want to introduce a dedicated challenge blst_scalar variable to prevent reloading + bn_read_bbs(&tmp, (uint8_t*)proof + proof_len - BBS_SCALAR_LEN); + + // Q_1 is no longer needed, reuse for pseudonym point + ep_read_bbs(&Q_1, pseudonym); + ep_mult_scalar(&res, &Q_1, &tmp, 255); + blst_p1_cneg(&res, 1); + blst_p1_add_or_double(&Uv, &Uv, &res); + + //{ uint8_t b[48]; blst_p1_compress(b, &Uv); printf("Uv: "); for(int i=0; i<48; i++) printf("%02x", b[i]); printf("\n"); } + + // ProofWithPseudonymChallengeCalculate + // add (..., pseudonym, Uv, domain) to challenge + //{ printf("[challenge add] pseudonym: "); for(int i=0; i<48; i++) printf("%02x", pseudonym[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, pseudonym, BBS_G1_ELEM_LEN); // pseudonym + + ep_write_bbs(sbuf, &Uv); + //{ printf("[challenge add] Uv: "); for(int i=0; i<48; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_G1_ELEM_LEN); + + bn_write_bbs(sbuf, &domain); + //{ printf("[challenge add] domain: "); for(int i=0; i<32; i++) printf("%02x", sbuf[i]); printf("\n"); } + hash_to_scalar_update(s, &c_ctx, sbuf, BBS_SCALAR_LEN); + + // add (I2OSP(length(ph), 8) || ph || I2OSP(length(context_id), 8) || context_id) to challenge calculation + be_buffer = htobe64(presentation_header_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, presentation_header, presentation_header_len); + be_buffer = htobe64(context_id_len); + hash_to_scalar_update(s, &c_ctx, &be_buffer, 8); + hash_to_scalar_update(s, &c_ctx, context_id, context_id_len); + + // finalize challenge calculation + hash_to_scalar_finalize(s, &c_ctx, &tmp, s->challenge_dst, s->challenge_dst_len); + //{ uint8_t b[32]; blst_bendian_from_scalar(b, &tmp); printf("challenge: "); for(int i=0; i<32; i++) printf("%02x", b[i]); printf("\n"); } + + // VERIFICATION + bn_write_bbs(sbuf, &tmp); // tmp = challenge (recalculated) + + uint8_t* challenge_ptr = (uint8_t*)proof + proof_len - BBS_SCALAR_LEN; + unsigned int err = 0; + for (int i = 0; i < BBS_SCALAR_LEN; i++) + err |= sbuf[i] ^ challenge_ptr[i]; + + err |= bbs_check_sig_eqn(&Abar, &Bbar, pk); + + return err; // if err = 0 => BBS_OK otherwise BBS_ERROR +} + diff --git a/src/bbs_ciphersuites.c b/src/bbs_ciphersuites.c index 866d054..6a34d33 100644 --- a/src/bbs_ciphersuites.c +++ b/src/bbs_ciphersuites.c @@ -4,10 +4,15 @@ // Magic constants to be used as Domain Separation Tags +// sha256 + #define BBS_SHA256_CIPHER_SUITE_ID "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_" #define BBS_SHA256_CIPHER_SUITE_LENGTH 35 #define BBS_SHA256_DEFAULT_KEY_DST BBS_SHA256_CIPHER_SUITE_ID "KEYGEN_DST_" #define BBS_SHA256_DEFAULT_KEY_DST_LENGTH BBS_SHA256_CIPHER_SUITE_LENGTH + 11 + +// sha256 normal + #define BBS_SHA256_API_ID BBS_SHA256_CIPHER_SUITE_ID "H2G_HM2S_" #define BBS_SHA256_API_ID_LENGTH BBS_SHA256_CIPHER_SUITE_LENGTH + 9 #define BBS_SHA256_SIGNATURE_DST BBS_SHA256_API_ID "H2S_" @@ -17,13 +22,43 @@ #define BBS_SHA256_MAP_DST BBS_SHA256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" #define BBS_SHA256_MAP_DST_LENGTH BBS_SHA256_API_ID_LENGTH + 26 +// sha256 blind + +#define BBS_BLIND_SHA256_API_ID BBS_SHA256_CIPHER_SUITE_ID "BLIND_H2G_HM2S_" +#define BBS_BLIND_SHA256_API_ID_LENGTH BBS_SHA256_CIPHER_SUITE_LENGTH + 15 +#define BBS_BLIND_SHA256_SIGNATURE_DST BBS_BLIND_SHA256_API_ID "H2S_" +#define BBS_BLIND_SHA256_SIGNATURE_DST_LENGTH BBS_BLIND_SHA256_API_ID_LENGTH + 4 +#define BBS_BLIND_SHA256_CHALLENGE_DST BBS_BLIND_SHA256_API_ID "H2S_" +#define BBS_BLIND_SHA256_CHALLENGE_DST_LENGTH BBS_BLIND_SHA256_API_ID_LENGTH + 4 +#define BBS_BLIND_SHA256_MAP_DST BBS_BLIND_SHA256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" +#define BBS_BLIND_SHA256_MAP_DST_LENGTH BBS_BLIND_SHA256_API_ID_LENGTH + 26 + +// sha256 blind with nym + +#define BBS_NYM_SHA256_API_ID BBS_SHA256_CIPHER_SUITE_ID "H2G_HM2S_PSEUDONYM_" +#define BBS_NYM_SHA256_API_ID_LENGTH BBS_SHA256_CIPHER_SUITE_LENGTH + 19 +#define BBS_NYM_SHA256_SIGNATURE_DST BBS_NYM_SHA256_API_ID "H2S_" +#define BBS_NYM_SHA256_SIGNATURE_DST_LENGTH BBS_NYM_SHA256_API_ID_LENGTH + 4 +#define BBS_NYM_SHA256_CHALLENGE_DST BBS_NYM_SHA256_API_ID "H2S_" +#define BBS_NYM_SHA256_CHALLENGE_DST_LENGTH BBS_NYM_SHA256_API_ID_LENGTH + 4 +#define BBS_NYM_SHA256_MAP_DST BBS_NYM_SHA256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" +#define BBS_NYM_SHA256_MAP_DST_LENGTH BBS_NYM_SHA256_API_ID_LENGTH + 26 + +// blind api_id prefix for blind_generators +#define BBS_BLIND_API_ID_PREFIX "BLIND_" + // The above collision stems from the ID. Possible oversight? Should not compromise // security too much... +// shake256 + #define BBS_SHAKE256_CIPHER_SUITE_ID "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_" #define BBS_SHAKE256_CIPHER_SUITE_LENGTH 37 #define BBS_SHAKE256_DEFAULT_KEY_DST BBS_SHAKE256_CIPHER_SUITE_ID "KEYGEN_DST_" #define BBS_SHAKE256_DEFAULT_KEY_DST_LENGTH BBS_SHAKE256_CIPHER_SUITE_LENGTH + 11 + +// shake256 normal + #define BBS_SHAKE256_API_ID BBS_SHAKE256_CIPHER_SUITE_ID "H2G_HM2S_" #define BBS_SHAKE256_API_ID_LENGTH BBS_SHAKE256_CIPHER_SUITE_LENGTH + 9 #define BBS_SHAKE256_SIGNATURE_DST BBS_SHAKE256_API_ID "H2S_" @@ -33,6 +68,28 @@ #define BBS_SHAKE256_MAP_DST BBS_SHAKE256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" #define BBS_SHAKE256_MAP_DST_LENGTH BBS_SHAKE256_API_ID_LENGTH + 26 +// shake256 blind + +#define BBS_BLIND_SHAKE256_API_ID BBS_SHAKE256_CIPHER_SUITE_ID "BLIND_H2G_HM2S_" +#define BBS_BLIND_SHAKE256_API_ID_LENGTH BBS_SHAKE256_CIPHER_SUITE_LENGTH + 15 +#define BBS_BLIND_SHAKE256_SIGNATURE_DST BBS_BLIND_SHAKE256_API_ID "H2S_" +#define BBS_BLIND_SHAKE256_SIGNATURE_DST_LENGTH BBS_BLIND_SHAKE256_API_ID_LENGTH + 4 +#define BBS_BLIND_SHAKE256_CHALLENGE_DST BBS_BLIND_SHAKE256_API_ID "H2S_" +#define BBS_BLIND_SHAKE256_CHALLENGE_DST_LENGTH BBS_BLIND_SHAKE256_API_ID_LENGTH + 4 +#define BBS_BLIND_SHAKE256_MAP_DST BBS_BLIND_SHAKE256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" +#define BBS_BLIND_SHAKE256_MAP_DST_LENGTH BBS_BLIND_SHAKE256_API_ID_LENGTH + 26 + +// shake256 blind with nym + +#define BBS_NYM_SHAKE256_API_ID BBS_SHAKE256_CIPHER_SUITE_ID "H2G_HM2S_PSEUDONYM_" +#define BBS_NYM_SHAKE256_API_ID_LENGTH BBS_SHAKE256_CIPHER_SUITE_LENGTH + 19 +#define BBS_NYM_SHAKE256_SIGNATURE_DST BBS_NYM_SHAKE256_API_ID "H2S_" +#define BBS_NYM_SHAKE256_SIGNATURE_DST_LENGTH BBS_NYM_SHAKE256_API_ID_LENGTH + 4 +#define BBS_NYM_SHAKE256_CHALLENGE_DST BBS_NYM_SHAKE256_API_ID "H2S_" +#define BBS_NYM_SHAKE256_CHALLENGE_DST_LENGTH BBS_NYM_SHAKE256_API_ID_LENGTH + 4 +#define BBS_NYM_SHAKE256_MAP_DST BBS_NYM_SHAKE256_API_ID "MAP_MSG_TO_SCALAR_AS_HASH_" +#define BBS_NYM_SHAKE256_MAP_DST_LENGTH BBS_NYM_SHAKE256_API_ID_LENGTH + 26 + // For conversion #define EXP_INIT void (*) (union bbs_hash_context *) #define EXP_UPDATE void (*) (union bbs_hash_context *, const void *, size_t) @@ -88,5 +145,105 @@ static const struct _bbs_ciphersuite _bbs_shake256_ciphersuite = { .map_dst_len = BBS_SHAKE256_MAP_DST_LENGTH, }; const bbs_ciphersuite *const bbs_shake256_ciphersuite = &_bbs_shake256_ciphersuite; + +static const struct _bbs_ciphersuite _bbs_blind_sha256_ciphersuite = { + .p1 = { + 0xa8, 0xce, 0x25, 0x61, 0x02, 0x84, 0x08, 0x21, 0xa3, 0xe9, 0x4e, 0xa9, 0x02, 0x5e, 0x46, + 0x62, 0xb2, 0x05, 0x76, 0x2f, 0x97, 0x76, 0xb3, 0xa7, 0x66, 0xc8, 0x72, 0xb9, 0x48, 0xf1, + 0xfd, 0x22, 0x5e, 0x7c, 0x59, 0x69, 0x85, 0x88, 0xe7, 0x0d, 0x11, 0x40, 0x6d, 0x16, 0x1b, + 0x4e, 0x28, 0xc9 + }, + .expand_message_init = (EXP_INIT) xmd_sha256_init, + .expand_message_update = (EXP_UPDATE) xmd_sha256_update, + .expand_message_finalize = (EXP_FINALIZE) xmd_sha256_finalize, + .cipher_suite_id = BBS_SHA256_CIPHER_SUITE_ID, + .cipher_suite_id_len = BBS_SHA256_CIPHER_SUITE_LENGTH, + .default_key_dst = BBS_SHA256_DEFAULT_KEY_DST, + .default_key_dst_len = BBS_SHA256_DEFAULT_KEY_DST_LENGTH, + .api_id = BBS_BLIND_SHA256_API_ID, + .api_id_len = BBS_BLIND_SHA256_API_ID_LENGTH, + .signature_dst = BBS_BLIND_SHA256_SIGNATURE_DST, + .signature_dst_len = BBS_BLIND_SHA256_SIGNATURE_DST_LENGTH, + .challenge_dst = BBS_BLIND_SHA256_CHALLENGE_DST, + .challenge_dst_len = BBS_BLIND_SHA256_CHALLENGE_DST_LENGTH, + .map_dst = BBS_BLIND_SHA256_MAP_DST, + .map_dst_len = BBS_BLIND_SHA256_MAP_DST_LENGTH, +}; +const bbs_ciphersuite *const bbs_blind_sha256_ciphersuite = &_bbs_blind_sha256_ciphersuite; + +static const struct _bbs_ciphersuite _bbs_blind_shake256_ciphersuite = { + .p1 = { + 0x89, 0x29, 0xdf, 0xbc, 0x7e, 0x66, 0x42, 0xc4, 0xed, 0x9c, 0xba, 0x08, 0x56, 0xe4, 0x93, + 0xf8, 0xb9, 0xd7, 0xd5, 0xfc, 0xb0, 0xc3, 0x1e, 0xf8, 0xfd, 0xcd, 0x34, 0xd5, 0x06, 0x48, + 0xa5, 0x6c, 0x79, 0x5e, 0x10, 0x6e, 0x9e, 0xad, 0xa6, 0xe0, 0xbd, 0xa3, 0x86, 0xb4, 0x14, + 0x15, 0x07, 0x55 + }, + .expand_message_init = (EXP_INIT) xof_shake256_init, + .expand_message_update = (EXP_UPDATE) xof_shake256_update, + .expand_message_finalize = (EXP_FINALIZE) xof_shake256_finalize, + .cipher_suite_id = BBS_SHAKE256_CIPHER_SUITE_ID, + .cipher_suite_id_len = BBS_SHAKE256_CIPHER_SUITE_LENGTH, + .default_key_dst = BBS_SHAKE256_DEFAULT_KEY_DST, + .default_key_dst_len = BBS_SHAKE256_DEFAULT_KEY_DST_LENGTH, + .api_id = BBS_BLIND_SHAKE256_API_ID, + .api_id_len = BBS_BLIND_SHAKE256_API_ID_LENGTH, + .signature_dst = BBS_BLIND_SHAKE256_SIGNATURE_DST, + .signature_dst_len = BBS_BLIND_SHAKE256_SIGNATURE_DST_LENGTH, + .challenge_dst = BBS_BLIND_SHAKE256_CHALLENGE_DST, + .challenge_dst_len = BBS_BLIND_SHAKE256_CHALLENGE_DST_LENGTH, + .map_dst = BBS_BLIND_SHAKE256_MAP_DST, + .map_dst_len = BBS_BLIND_SHAKE256_MAP_DST_LENGTH, +}; +const bbs_ciphersuite *const bbs_blind_shake256_ciphersuite = &_bbs_blind_shake256_ciphersuite; + +static const struct _bbs_ciphersuite _bbs_blind_nym_sha256_ciphersuite = { + .p1 = { + 0xa8, 0xce, 0x25, 0x61, 0x02, 0x84, 0x08, 0x21, 0xa3, 0xe9, 0x4e, 0xa9, 0x02, 0x5e, 0x46, + 0x62, 0xb2, 0x05, 0x76, 0x2f, 0x97, 0x76, 0xb3, 0xa7, 0x66, 0xc8, 0x72, 0xb9, 0x48, 0xf1, + 0xfd, 0x22, 0x5e, 0x7c, 0x59, 0x69, 0x85, 0x88, 0xe7, 0x0d, 0x11, 0x40, 0x6d, 0x16, 0x1b, + 0x4e, 0x28, 0xc9 + }, + .expand_message_init = (EXP_INIT) xmd_sha256_init, + .expand_message_update = (EXP_UPDATE) xmd_sha256_update, + .expand_message_finalize = (EXP_FINALIZE) xmd_sha256_finalize, + .cipher_suite_id = BBS_SHA256_CIPHER_SUITE_ID, + .cipher_suite_id_len = BBS_SHA256_CIPHER_SUITE_LENGTH, + .default_key_dst = BBS_SHA256_DEFAULT_KEY_DST, + .default_key_dst_len = BBS_SHA256_DEFAULT_KEY_DST_LENGTH, + .api_id = BBS_NYM_SHA256_API_ID, + .api_id_len = BBS_NYM_SHA256_API_ID_LENGTH, + .signature_dst = BBS_NYM_SHA256_SIGNATURE_DST, + .signature_dst_len = BBS_NYM_SHA256_SIGNATURE_DST_LENGTH, + .challenge_dst = BBS_NYM_SHA256_CHALLENGE_DST, + .challenge_dst_len = BBS_NYM_SHA256_CHALLENGE_DST_LENGTH, + .map_dst = BBS_NYM_SHA256_MAP_DST, + .map_dst_len = BBS_NYM_SHA256_MAP_DST_LENGTH, +}; +const bbs_ciphersuite *const bbs_blind_nym_sha256_ciphersuite = &_bbs_blind_nym_sha256_ciphersuite; + +static const struct _bbs_ciphersuite _bbs_blind_nym_shake256_ciphersuite = { + .p1 = { + 0x89, 0x29, 0xdf, 0xbc, 0x7e, 0x66, 0x42, 0xc4, 0xed, 0x9c, 0xba, 0x08, 0x56, 0xe4, 0x93, + 0xf8, 0xb9, 0xd7, 0xd5, 0xfc, 0xb0, 0xc3, 0x1e, 0xf8, 0xfd, 0xcd, 0x34, 0xd5, 0x06, 0x48, + 0xa5, 0x6c, 0x79, 0x5e, 0x10, 0x6e, 0x9e, 0xad, 0xa6, 0xe0, 0xbd, 0xa3, 0x86, 0xb4, 0x14, + 0x15, 0x07, 0x55 + }, + .expand_message_init = (EXP_INIT) xof_shake256_init, + .expand_message_update = (EXP_UPDATE) xof_shake256_update, + .expand_message_finalize = (EXP_FINALIZE) xof_shake256_finalize, + .cipher_suite_id = BBS_SHAKE256_CIPHER_SUITE_ID, + .cipher_suite_id_len = BBS_SHAKE256_CIPHER_SUITE_LENGTH, + .default_key_dst = BBS_SHAKE256_DEFAULT_KEY_DST, + .default_key_dst_len = BBS_SHAKE256_DEFAULT_KEY_DST_LENGTH, + .api_id = BBS_NYM_SHAKE256_API_ID, + .api_id_len = BBS_NYM_SHAKE256_API_ID_LENGTH, + .signature_dst = BBS_NYM_SHAKE256_SIGNATURE_DST, + .signature_dst_len = BBS_NYM_SHAKE256_SIGNATURE_DST_LENGTH, + .challenge_dst = BBS_NYM_SHAKE256_CHALLENGE_DST, + .challenge_dst_len = BBS_NYM_SHAKE256_CHALLENGE_DST_LENGTH, + .map_dst = BBS_NYM_SHAKE256_MAP_DST, + .map_dst_len = BBS_NYM_SHAKE256_MAP_DST_LENGTH, +}; +const bbs_ciphersuite *const bbs_blind_nym_shake256_ciphersuite = &_bbs_blind_nym_shake256_ciphersuite; // *INDENT-ON* - Restore formatting diff --git a/src/bbs_util.c b/src/bbs_util.c index 09484b8..c0186b7 100644 --- a/src/bbs_util.c +++ b/src/bbs_util.c @@ -197,22 +197,52 @@ calculate_domain_finalize ( hash_to_scalar_finalize (cipher_suite, ctx, out, domain_dst, api_id_len + 4); } +void +calculate_domain_finalize_with_nym ( + const bbs_ciphersuite *cipher_suite, + union bbs_hash_context *ctx, + blst_scalar *out, + const void *header, + size_t header_len, + uint64_t length_nym_vector + ) +{ + const uint8_t *api_id = (uint8_t*) cipher_suite->api_id; + uint8_t api_id_len = cipher_suite->api_id_len; + uint8_t domain_dst[api_id_len + 4]; + uint64_t header_len_be = htobe64 (header_len + 8); // +8 for I2OSP(length_nym_vector, 8) thats "attached" after header + uint64_t length_nym_vector_be = htobe64 (length_nym_vector); + + bbs_memcpy(domain_dst, api_id, api_id_len); + bbs_memcpy(domain_dst + api_id_len, "H2S_", 4); + + hash_to_scalar_update (cipher_suite, ctx, api_id, api_id_len); + hash_to_scalar_update (cipher_suite, ctx, &header_len_be, 8); + hash_to_scalar_update (cipher_suite, ctx, header, header_len); + hash_to_scalar_update (cipher_suite, ctx, &length_nym_vector_be, 8); + hash_to_scalar_finalize (cipher_suite, ctx, out, domain_dst, api_id_len + 4); +} + void create_generator_init ( - const bbs_ciphersuite *cipher_suite, - uint8_t state[48 + 8] + const bbs_ciphersuite *cipher_suite, + uint8_t state[48 + 8], + uint8_t *api_id_prefix, + uint32_t api_id_prefix_len ) { - const uint8_t *api_id = (uint8_t*)cipher_suite->api_id; - size_t api_id_len = cipher_suite->api_id_len; - uint8_t buffer[api_id_len + 19]; union bbs_hash_context hash_ctx; + size_t api_id_len = api_id_prefix_len + cipher_suite->api_id_len; + size_t buffer_len = api_id_len + 19; + uint8_t buffer[buffer_len]; - bbs_memcpy(buffer, api_id, api_id_len); + bbs_memcpy(buffer, api_id_prefix, api_id_prefix_len); + bbs_memcpy(buffer + api_id_prefix_len, cipher_suite->api_id, cipher_suite->api_id_len); bbs_memcpy(buffer + api_id_len, "SIG_GENERATOR_SEED_", 19); cipher_suite->expand_message_init (&hash_ctx); - cipher_suite->expand_message_update (&hash_ctx, api_id, api_id_len); + cipher_suite->expand_message_update (&hash_ctx, api_id_prefix, api_id_prefix_len); + cipher_suite->expand_message_update (&hash_ctx, cipher_suite->api_id, cipher_suite->api_id_len); cipher_suite->expand_message_update (&hash_ctx, "MESSAGE_GENERATOR_SEED", 22); cipher_suite->expand_message_finalize(&hash_ctx, state, 48, buffer, api_id_len + 19); *((uint64_t*) (state + 48)) = (uint64_t)1; @@ -221,14 +251,16 @@ create_generator_init ( void create_generator_next ( - const bbs_ciphersuite *cipher_suite, - uint8_t state[48 + 8], - blst_p1 *generator + const bbs_ciphersuite *cipher_suite, + uint8_t state[48 + 8], + blst_p1 *generator, + uint8_t *api_id_prefix, + uint32_t api_id_prefix_len ) { - const uint8_t *api_id = (uint8_t*)cipher_suite->api_id; - size_t api_id_len = cipher_suite->api_id_len; - uint8_t dst_buf[api_id_len + 19]; + uint32_t api_id_len = api_id_prefix_len + cipher_suite->api_id_len; + uint8_t dst_buf[api_id_len + 19]; + uint8_t rand_buf[128]; uint64_t i_be = htobe64 (*((uint64_t*) (state + 48))); union bbs_hash_context hash_ctx; @@ -242,7 +274,8 @@ create_generator_next ( *((uint64_t*) (state + 48)) += 1LL; - bbs_memcpy(dst_buf, api_id, api_id_len); + bbs_memcpy(dst_buf, api_id_prefix, api_id_prefix_len); + bbs_memcpy(dst_buf + api_id_prefix_len, cipher_suite->api_id, cipher_suite->api_id_len); bbs_memcpy(dst_buf + api_id_len, "SIG_GENERATOR_SEED_", 19); cipher_suite->expand_message_init (&hash_ctx); diff --git a/src/bbs_util.h b/src/bbs_util.h index 4681aad..b5c31ea 100644 --- a/src/bbs_util.h +++ b/src/bbs_util.h @@ -162,6 +162,14 @@ void calculate_domain_finalize ( const void *header, size_t header_len ); +void calculate_domain_finalize_with_nym ( + const bbs_ciphersuite *cipher_suite, + union bbs_hash_context *ctx, + blst_scalar *out, + const void *header, + size_t header_len, + uint64_t length_nym_vector + ); /** @@ -173,7 +181,9 @@ void calculate_domain_finalize ( */ void create_generator_init ( const bbs_ciphersuite *cipher_suite, - uint8_t state[48 + 8] + uint8_t state[48 + 8], + uint8_t *api_id_prefix, + uint32_t api_id_prefix_len ); /** @@ -187,7 +197,9 @@ void create_generator_init ( void create_generator_next ( const bbs_ciphersuite *cipher_suite, uint8_t state[48 + 8], - blst_p1 *generator + blst_p1 *generator, + uint8_t *api_id_prefix, + uint32_t api_id_prefix_len ); // You can control the randomness for bbs_proof_gen by supplying a prf. diff --git a/src/version.map b/src/version.map index 20738f8..9602a88 100644 --- a/src/version.map +++ b/src/version.map @@ -4,6 +4,12 @@ BBS_0.1 { bbs_proof_gen; bbs_proof_verify; bbs_sign_v; bbs_verify_v; bbs_proof_gen_v; bbs_proof_verify_v; bbs_sha256_ciphersuite; bbs_shake256_ciphersuite; + bbs_blind_commit; bbs_blind_sign; bbs_blind_verify; + bbs_blind_proof_gen; bbs_blind_proof_verify; + bbs_blind_sha256_ciphersuite; bbs_blind_shake256_ciphersuite; + bbs_blind_commit_with_nym; bbs_blind_sign_with_nym; bbs_blind_verify_with_nym; + bbs_blind_proof_gen_with_nym; bbs_blind_proof_verify_with_nym; + bbs_blind_nym_sha256_ciphersuite; bbs_blind_nym_shake256_ciphersuite; local: *; }; diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 3b71594..61ce333 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -7,26 +7,75 @@ set(BBS_FIX_TESTS bbs_fix_verify.c bbs_fix_proof_gen.c bbs_fix_proof_verify.c) +set(BBS_BLIND_FIX_TESTS + blind_bbs_fix_generators.c + blind_bbs_fix_commit.c + blind_bbs_fix_sign.c + blind_bbs_fix_proof_gen.c) +set(BBS_BLIND_WITH_NYM_FIX_TESTS + blind_with_nym_bbs_fix_generators.c + blind_with_nym_bbs_fix_commit.c + blind_with_nym_bbs_fix_sign.c + blind_with_nym_bbs_fix_proof_gen.c +) + +# e2e source files set(BBS_E2E_TESTS bbs_e2e_sign_n_proof.c) +set(BBS_BLIND_E2E_TESTS bbs_e2e_blind.c) +set(BBS_BLIND_WITH_NYM_E2E_TESTS bbs_e2e_blind_with_nym.c) + +# benchmark source files set(BBS_BENCH_TESTS bbs_bench_individual.c) +set(BBS_BLIND_BENCH_TESTS bbs_bench_blind.c) +set(BBS_BLIND_WITH_NYM_BENCH_TESTS bbs_bench_blind_with_nym.c) # Generate driver source files -create_test_sourcelist(fix_driver bbs_fix_driver.c ${BBS_FIX_TESTS}) -create_test_sourcelist(e2e_driver bbs_e2e_driver.c ${BBS_E2E_TESTS}) -create_test_sourcelist(bench_driver bbs_bench_driver.c ${BBS_BENCH_TESTS}) +create_test_sourcelist(fix_driver bbs_fix_driver.c ${BBS_FIX_TESTS}) +create_test_sourcelist(blind_fix_driver bbs_blind_fix_driver.c ${BBS_BLIND_FIX_TESTS}) +create_test_sourcelist(blind_with_nym_fix_driver bbs_blind_with_nym_fix_driver.c ${BBS_BLIND_WITH_NYM_FIX_TESTS}) + +create_test_sourcelist(e2e_driver bbs_e2e_driver.c ${BBS_E2E_TESTS}) +create_test_sourcelist(blind_e2e_driver bbs_blind_e2e_driver.c ${BBS_BLIND_E2E_TESTS}) +create_test_sourcelist(blind_with_nym_e2e_driver bbs_blind_with_nym_e2e_driver.c ${BBS_BLIND_WITH_NYM_E2E_TESTS}) + +create_test_sourcelist(bench_driver bbs_bench_driver.c ${BBS_BENCH_TESTS}) +create_test_sourcelist(blind_bench_driver bbs_blind_bench_driver.c ${BBS_BLIND_BENCH_TESTS}) +create_test_sourcelist(blind_with_nym_bench_driver bbs_blind_with_nym_bench_driver.c ${BBS_BLIND_WITH_NYM_BENCH_TESTS}) # Compile generic sources -add_library(bbs_fix_sources OBJECT ${fix_driver}) -add_library(bbs_e2e_sources OBJECT ${e2e_driver}) -add_library(bbs_bench_sources OBJECT ${bench_driver}) -target_include_directories(bbs_fix_sources PUBLIC ../include ../src) -target_include_directories(bbs_e2e_sources PUBLIC ../include) -target_include_directories(bbs_bench_sources PUBLIC ../include) +add_library(bbs_fix_sources OBJECT ${fix_driver}) +add_library(bbs_blind_fix_sources OBJECT ${blind_fix_driver}) +add_library(bbs_blind_with_nym_fix_sources OBJECT ${blind_with_nym_fix_driver}) +add_library(bbs_e2e_sources OBJECT ${e2e_driver}) +add_library(bbs_blind_e2e_sources OBJECT ${blind_e2e_driver}) +add_library(bbs_blind_with_nym_e2e_sources OBJECT ${blind_with_nym_e2e_driver}) -# For each ciphersuite, generate fixtures and compile them +add_library(bbs_bench_sources OBJECT ${bench_driver}) +add_library(bbs_blind_bench_sources OBJECT ${blind_bench_driver}) +add_library(bbs_blind_with_nym_bench_sources OBJECT ${blind_with_nym_bench_driver}) + +target_include_directories(bbs_fix_sources PUBLIC ../include ../src) +target_include_directories(bbs_blind_fix_sources PUBLIC ../include ../src) +target_include_directories(bbs_blind_with_nym_fix_sources PUBLIC ../include ../src) + +target_include_directories(bbs_e2e_sources PUBLIC ../include) +target_include_directories(bbs_blind_e2e_sources PUBLIC ../include) +target_include_directories(bbs_blind_with_nym_e2e_sources PUBLIC ../include) + +target_include_directories(bbs_bench_sources PUBLIC ../include) +target_include_directories(bbs_blind_bench_sources PUBLIC ../include) +target_include_directories(bbs_blind_with_nym_bench_sources PUBLIC ../include) + +# define ciphersuite sets set(BBS_CIPHERSUITES bls12-381-sha-256 bls12-381-shake-256) +set(BBS_BLIND_CIPHERSUITES bls12-381-blind-sha-256 bls12-381-blind-shake-256) +set(BBS_BLIND_WITH_NYM_CIPHERSUITES bls12-381-blind-with-nym-sha-256 bls12-381-blind-with-nym-shake-256) + +# single transpiler for everything add_executable(fixtures_transpiler fixtures_transpiler.c) + +# For each ciphersuite, generate fixtures and compile them foreach(suite IN LISTS BBS_CIPHERSUITES) add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/fixtures_${suite}.c" COMMAND $ "${suite}" "${CMAKE_CURRENT_SOURCE_DIR}" @@ -35,6 +84,24 @@ foreach(suite IN LISTS BBS_CIPHERSUITES) target_include_directories(bbs_fixtures_file_${suite} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) endforeach() +# Generate and compile blind fixture files +foreach(suite IN LISTS BBS_BLIND_CIPHERSUITES) + add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/fixtures_${suite}.c" + COMMAND $ "${suite}" "${CMAKE_CURRENT_SOURCE_DIR}" + DEPENDS fixtures_transpiler) + add_library(bbs_fixtures_file_${suite} OBJECT "${CMAKE_CURRENT_BINARY_DIR}/fixtures_${suite}.c") + target_include_directories(bbs_fixtures_file_${suite} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) +endforeach() + +# Generate and compile blind with nym fixture files +foreach(suite IN LISTS BBS_BLIND_WITH_NYM_CIPHERSUITES) + add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/fixtures_${suite}.c" + COMMAND $ "${suite}" "${CMAKE_CURRENT_SOURCE_DIR}" + DEPENDS fixtures_transpiler) + add_library(bbs_fixtures_file_${suite} OBJECT "${CMAKE_CURRENT_BINARY_DIR}/fixtures_${suite}.c") + target_include_directories(bbs_fixtures_file_${suite} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) +endforeach() + # Finally, link each kind of testfile against each ciphersuite file foreach(suite IN LISTS BBS_CIPHERSUITES) # Fixture tests @@ -59,10 +126,71 @@ foreach(suite IN LISTS BBS_CIPHERSUITES) add_executable(bbs-bench-${suite} $ $) target_link_libraries(bbs-bench-${suite} PRIVATE bbs) + target_link_libraries(bbs-bench-${suite} PUBLIC m) +endforeach() + +# Link blind bbs test executables +foreach(suite IN LISTS BBS_BLIND_CIPHERSUITES) + add_executable(bbs-blind-fix-${suite} $ + $) + target_link_libraries(bbs-blind-fix-${suite} PRIVATE bbs_FIXTURES_ONLY) + foreach(test ${BBS_BLIND_FIX_TESTS}) + get_filename_component(TName ${test} NAME_WE) + add_test(NAME ${TName}_${suite} COMMAND bbs-blind-fix-${suite} ${TName}) + endforeach() + + # End-to-End tests + add_executable(bbs-blind-e2e-${suite} + $ + $) + target_link_libraries(bbs-blind-e2e-${suite} PRIVATE bbs) + foreach(test ${BBS_BLIND_E2E_TESTS}) + get_filename_component(TName ${test} NAME_WE) + add_test(NAME ${TName}_${suite} + COMMAND bbs-blind-e2e-${suite} ${TName}) + endforeach() + + # Benchmarks + add_executable(bbs-blind-bench-${suite} $ + $) + target_link_libraries(bbs-blind-bench-${suite} PRIVATE bbs) + target_link_libraries(bbs-blind-bench-${suite} PUBLIC m) +endforeach() + +# Link blind with nym bbs test executables +foreach(suite IN LISTS BBS_BLIND_WITH_NYM_CIPHERSUITES) + add_executable(bbs-blind-with-nym-fix-${suite} $ + $) + target_link_libraries(bbs-blind-with-nym-fix-${suite} PRIVATE bbs_FIXTURES_ONLY) + foreach(test ${BBS_BLIND_WITH_NYM_FIX_TESTS}) + get_filename_component(TName ${test} NAME_WE) + add_test(NAME ${TName}_${suite} COMMAND bbs-blind-with-nym-fix-${suite} ${TName}) + endforeach() + + # End-to-End tests + add_executable(bbs-blind-with-nym-e2e-${suite} + $ + $) + target_link_libraries(bbs-blind-with-nym-e2e-${suite} PRIVATE bbs) + foreach(test ${BBS_BLIND_WITH_NYM_E2E_TESTS}) + get_filename_component(TName ${test} NAME_WE) + add_test(NAME ${TName}_${suite} + COMMAND bbs-blind-with-nym-e2e-${suite} ${TName}) + endforeach() + + # Benchmarks + add_executable(bbs-blind-with-nym-bench-${suite} $ + $) + target_link_libraries(bbs-blind-with-nym-bench-${suite} PRIVATE bbs) + target_link_libraries(bbs-blind-with-nym-bench-${suite} PUBLIC m) endforeach() # Benchmark command add_custom_target(bench - COMMAND bbs-bench-bls12-381-shake-256 bbs_bench_individual - COMMAND bbs-bench-bls12-381-sha-256 bbs_bench_individual) + COMMAND bbs-bench-bls12-381-shake-256 bbs_bench_individual + COMMAND bbs-bench-bls12-381-sha-256 bbs_bench_individual + COMMAND bbs-blind-bench-bls12-381-blind-shake-256 bbs_bench_blind + COMMAND bbs-blind-bench-bls12-381-blind-sha-256 bbs_bench_blind + COMMAND bbs-blind-with-nym-bench-bls12-381-blind-with-nym-shake-256 bbs_bench_blind_with_nym + COMMAND bbs-blind-with-nym-bench-bls12-381-blind-with-nym-sha-256 bbs_bench_blind_with_nym) diff --git a/test/bbs_bench_blind.c b/test/bbs_bench_blind.c new file mode 100644 index 0000000..79758d0 --- /dev/null +++ b/test/bbs_bench_blind.c @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include +#include +#include +#include +#include +#include + +#define WARMUP 1000 +#define ITERATIONS 10000 +#define MSG_LEN 64 +#define NONCE_LEN 23 +#define NUM_MSGS 2 +#define NUM_CMSGS 2 + +struct result { + const char *name; + double min; + double avg; + double max; + double stddev; +}; + +static void print_results(struct result *r, size_t n) { + size_t name_len = 9; + for (size_t i = 0; i < n; i++) + if (name_len < strlen(r[i].name)) name_len = strlen(r[i].name); + printf("| %-*s | %8s | %8s | %8s | %8s |\n", + (int)name_len, "Operation", "min (ms)", "avg (ms)", "max (ms)", "std (ms)"); + printf("| %.*s | -------- | -------- | -------- | -------- |\n", + (int)name_len, "--------------------------------------------"); + for (size_t i = 0; i < n; i++) + printf("| %-*s | %8.3f | %8.3f | %8.3f | %8.3f |\n", + (int)name_len, r[i].name, + r[i].min, r[i].avg, r[i].max, r[i].stddev); +} + +#define BBS_BENCH(_name, _code) \ + results[results_idx].name = (_name); \ + printf("Benchmarking %s... ", results[results_idx].name); \ + fflush(stdout); \ + { \ + double _min = 0, _max = 0, _mean = 0, _M2 = 0; \ + for (int _ii = -WARMUP; _ii < ITERATIONS; _ii++) { \ + double _t0 = clock(); \ + if (BBS_OK != (_code)) { puts("ERROR!"); return 1; } \ + double _t1 = clock(); \ + double _t = (((double)(_t1 - _t0) * 1000.0) / CLOCKS_PER_SEC); \ + if (_ii < 0) continue; \ + if (!_ii || _t < _min) _min = _t; \ + if (!_ii || _t > _max) _max = _t; \ + double _delta = _t - _mean; \ + _mean += _delta / (_ii + 1); \ + _M2 += _delta * (_t - _mean); \ + } \ + results[results_idx].min = _min; \ + results[results_idx].avg = _mean; \ + results[results_idx].max = _max; \ + results[results_idx].stddev = sqrt(_M2 / (ITERATIONS - 1)); \ + } \ + results_idx++; \ + puts("Done!"); + + +int +bbs_bench_blind(void) +{ + const bbs_ciphersuite *suite = *fixture_ciphersuite; + + bbs_secret_key sk; + bbs_public_key pk; + bbs_signature sig; + + char msg_buf[NUM_MSGS][MSG_LEN]; + char cmsg_buf[NUM_CMSGS][MSG_LEN]; + char nonce[NONCE_LEN]; + static const char header[] = "benchmark blind header"; + + for (int i = 0; i < NUM_MSGS; i++) + for (int j = 0; j < MSG_LEN; j++) msg_buf[i][j] = (char)rand(); + for (int i = 0; i < NUM_CMSGS; i++) + for (int j = 0; j < MSG_LEN; j++) cmsg_buf[i][j] = (char)rand(); + for (int j = 0; j < NONCE_LEN; j++) nonce[j] = (char)rand(); + + const void *msgs[] = { msg_buf[0], msg_buf[1] }; + const size_t msg_lens[] = { MSG_LEN, MSG_LEN }; + const void *cmsgs[] = { cmsg_buf[0], cmsg_buf[1] }; + const size_t cmsg_lens[] = { MSG_LEN, MSG_LEN }; + + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(NUM_CMSGS)]; + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + uint8_t proof[BBS_PROOF_LEN(3)]; + + static const size_t disclosed_signer[] = { 0 }; + static const size_t disclosed_committed[] = { 0 }; + + const void *disc_msgs[] = { msg_buf[0] }; + const size_t disc_msg_lens[] = { MSG_LEN }; + const void *disc_cmsgs[] = { cmsg_buf[0] }; + const size_t disc_cmsg_lens[] = { MSG_LEN }; + + struct result results[8]; + size_t results_idx = 0; + + int title_len = printf("Blind BBS Benchmark for Ciphersuite %s\n", fixture_ciphersuite_name); + while (--title_len) printf("="); + puts(""); + printf("- %d measured iterations, %d warmup\n", ITERATIONS, WARMUP); + printf("- %d signer messages, %d committed messages, each %d bytes\n", + NUM_MSGS, NUM_CMSGS, MSG_LEN); + printf("- 1 signer message and 1 committed message disclosed\n\n"); + + if (BBS_OK != bbs_keygen_full(suite, sk, pk)) return 1; + + BBS_BENCH("Blind Commit", + bbs_blind_commit(suite, cwp, spb, + NUM_CMSGS, cmsgs, cmsg_lens)); + + if (BBS_OK != bbs_blind_commit(suite, cwp, spb, + NUM_CMSGS, cmsgs, cmsg_lens)) return 1; + + BBS_BENCH("Blind Sign", + bbs_blind_sign(suite, sk, pk, sig, + header, sizeof(header) - 1, + cwp, sizeof(cwp), + NUM_MSGS, msgs, msg_lens)); + + if (BBS_OK != bbs_blind_sign(suite, sk, pk, sig, + header, sizeof(header) - 1, + cwp, sizeof(cwp), + NUM_MSGS, msgs, msg_lens)) return 1; + + BBS_BENCH("Blind Verify", + bbs_blind_verify(suite, pk, sig, + header, sizeof(header) - 1, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + spb)); + + BBS_BENCH("Blind Proof Generation", + bbs_blind_proof_gen(suite, pk, sig, proof, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb)); + + if (BBS_OK != bbs_blind_proof_gen(suite, pk, sig, proof, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb)) return 1; + + BBS_BENCH("Blind Proof Verification", + bbs_blind_proof_verify(suite, pk, + proof, BBS_PROOF_LEN(3), + header, sizeof(header) - 1, + nonce, NONCE_LEN, + NUM_MSGS, + 1, disc_msgs, disc_msg_lens, disclosed_signer, + 1, disc_cmsgs, disc_cmsg_lens, disclosed_committed)); + + puts(""); + print_results(results, results_idx); + puts(""); + return 0; +} diff --git a/test/bbs_bench_blind_with_nym.c b/test/bbs_bench_blind_with_nym.c new file mode 100644 index 0000000..fe6101b --- /dev/null +++ b/test/bbs_bench_blind_with_nym.c @@ -0,0 +1,208 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include +#include +#include +#include +#include +#include + +#define WARMUP 1000 +#define ITERATIONS 10000 +#define MSG_LEN 64 +#define NONCE_LEN 23 +#define NUM_MSGS 2 +#define NUM_CMSGS 2 +#define NUM_NYMS 2 + +struct result { + const char *name; + double min; + double avg; + double max; + double stddev; +}; + +static void print_results(struct result *r, size_t n) { + size_t name_len = 9; + for (size_t i = 0; i < n; i++) + if (name_len < strlen(r[i].name)) name_len = strlen(r[i].name); + printf("| %-*s | %8s | %8s | %8s | %8s |\n", + (int)name_len, "Operation", "min (ms)", "avg (ms)", "max (ms)", "std (ms)"); + printf("| %.*s | -------- | -------- | -------- | -------- |\n", + (int)name_len, "--------------------------------------------"); + for (size_t i = 0; i < n; i++) + printf("| %-*s | %8.3f | %8.3f | %8.3f | %8.3f |\n", + (int)name_len, r[i].name, + r[i].min, r[i].avg, r[i].max, r[i].stddev); +} + + +#define BBS_BENCH(_name, _code) \ + results[results_idx].name = (_name); \ + printf("Benchmarking %s... ", results[results_idx].name); \ + fflush(stdout); \ + { \ + double _min = 0, _max = 0, _mean = 0, _M2 = 0; \ + for (int _ii = -WARMUP; _ii < ITERATIONS; _ii++) { \ + double _t0 = clock(); \ + if (BBS_OK != (_code)) { puts("ERROR!"); return 1; } \ + double _t1 = clock(); \ + double _t = (((double)(_t1 - _t0) * 1000.0) / CLOCKS_PER_SEC); \ + if (_ii < 0) continue; \ + if (!_ii || _t < _min) _min = _t; \ + if (!_ii || _t > _max) _max = _t; \ + double _delta = _t - _mean; \ + _mean += _delta / (_ii + 1); \ + _M2 += _delta * (_t - _mean); \ + } \ + results[results_idx].min = _min; \ + results[results_idx].avg = _mean; \ + results[results_idx].max = _max; \ + results[results_idx].stddev = sqrt(_M2 / (ITERATIONS - 1)); \ + } \ + results_idx++; \ + puts("Done!"); + +int +bbs_bench_blind_with_nym(void) +{ + const bbs_ciphersuite *suite = *fixture_ciphersuite; + + bbs_secret_key sk; + bbs_public_key pk; + bbs_signature sig; + + char msg_buf[NUM_MSGS][MSG_LEN]; + char cmsg_buf[NUM_CMSGS][MSG_LEN]; + char nym_buf[NUM_NYMS][MSG_LEN]; + char nonce[NONCE_LEN]; + static const char header[] = "benchmark blind nym header"; + static const char context_id[] = "benchmark-verifier-domain"; + + static const uint8_t entropy[32] = { 0x42 }; + + for (int i = 0; i < NUM_MSGS; i++) + for (int j = 0; j < MSG_LEN; j++) msg_buf[i][j] = (char)rand(); + for (int i = 0; i < NUM_CMSGS; i++) + for (int j = 0; j < MSG_LEN; j++) cmsg_buf[i][j] = (char)rand(); + for (int i = 0; i < NUM_NYMS; i++) { + for (int j = 0; j < MSG_LEN; j++) nym_buf[i][j] = (char)rand(); + nym_buf[i][0] &= 0x3F; // quick hack to make them valid + } + for (int j = 0; j < NONCE_LEN; j++) nonce[j] = (char)rand(); + + const void *msgs[] = { msg_buf[0], msg_buf[1] }; + const size_t msg_lens[] = { MSG_LEN, MSG_LEN }; + const void *cmsgs[] = { cmsg_buf[0], cmsg_buf[1] }; + const size_t cmsg_lens[] = { MSG_LEN, MSG_LEN }; + const void *nyms[] = { nym_buf[0], nym_buf[1] }; + + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(NUM_CMSGS + NUM_NYMS)]; + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + uint8_t rec0[32], rec1[32]; + void *const recovered[] = { rec0, rec1 }; + + uint8_t proof[BBS_PROOF_LEN(5)]; + bbs_pseudonym pseudonym; + + static const size_t disclosed_signer[] = { 0 }; + static const size_t disclosed_committed[] = { 0 }; + + const void *disc_msgs[] = { msg_buf[0] }; + const size_t disc_msg_lens[] = { MSG_LEN }; + const void *disc_cmsgs[] = { cmsg_buf[0] }; + const size_t disc_cmsg_lens[] = { MSG_LEN }; + + struct result results[8]; + size_t results_idx = 0; + + int title_len = printf("Blind BBS with Nym Benchmark for Ciphersuite %s\n", + fixture_ciphersuite_name); + while (--title_len) printf("="); + puts(""); + printf("- %d measured iterations, %d warmup\n", ITERATIONS, WARMUP); + printf("- %d signer messages, %d committed messages, %d nym secrets, each %d bytes\n", + NUM_MSGS, NUM_CMSGS, NUM_NYMS, MSG_LEN); + printf("- 1 signer message and 1 committed message disclosed\n\n"); + + if (BBS_OK != bbs_keygen_full(suite, sk, pk)) return 1; + + BBS_BENCH("Commit with Nym", + bbs_blind_commit_with_nym(suite, cwp, spb, + NUM_CMSGS, cmsgs, cmsg_lens, + NUM_NYMS, nyms)); + + if (BBS_OK != bbs_blind_commit_with_nym(suite, cwp, spb, + NUM_CMSGS, cmsgs, cmsg_lens, + NUM_NYMS, nyms)) return 1; + + BBS_BENCH("Sign with Nym", + bbs_blind_sign_with_nym(suite, sk, pk, sig, + entropy, NUM_NYMS, + header, sizeof(header) - 1, + cwp, sizeof(cwp), + NUM_MSGS, msgs, msg_lens)); + + if (BBS_OK != bbs_blind_sign_with_nym(suite, sk, pk, sig, + entropy, NUM_NYMS, + header, sizeof(header) - 1, + cwp, sizeof(cwp), + NUM_MSGS, msgs, msg_lens)) return 1; + + BBS_BENCH("Verify with Nym", + bbs_blind_verify_with_nym(suite, pk, sig, + header, sizeof(header) - 1, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + spb, entropy, NUM_NYMS, nyms, + recovered)); + + if (BBS_OK != bbs_blind_verify_with_nym(suite, pk, sig, + header, sizeof(header) - 1, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + spb, entropy, NUM_NYMS, nyms, + recovered)) return 1; + + BBS_BENCH("Proof Generation with Nym", + bbs_blind_proof_gen_with_nym(suite, pk, sig, proof, pseudonym, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + context_id, sizeof(context_id) - 1, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb, + NUM_NYMS, + (const void *const *)recovered)); + + if (BBS_OK != bbs_blind_proof_gen_with_nym(suite, pk, sig, proof, pseudonym, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + context_id, sizeof(context_id) - 1, + NUM_MSGS, msgs, msg_lens, + NUM_CMSGS, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb, + NUM_NYMS, + (const void *const *)recovered)) return 1; + + BBS_BENCH("Proof Verification with Nym", + bbs_blind_proof_verify_with_nym(suite, pk, pseudonym, + proof, BBS_PROOF_LEN(5), + header, sizeof(header) - 1, + nonce, NONCE_LEN, + context_id, sizeof(context_id) - 1, + NUM_NYMS, NUM_MSGS, + 1, disc_msgs, disc_msg_lens, disclosed_signer, + 1, disc_cmsgs, disc_cmsg_lens, disclosed_committed)); + + puts(""); + print_results(results, results_idx); + puts(""); + return 0; +} diff --git a/test/bbs_bench_individual.c b/test/bbs_bench_individual.c index cd5cddc..e084ae9 100644 --- a/test/bbs_bench_individual.c +++ b/test/bbs_bench_individual.c @@ -1,124 +1,136 @@ // SPDX-License-Identifier: Apache-2.0 #include "fixtures.h" #include +#include #include #include #include -#include + +#define WARMUP 1000 +#define ITERATIONS 10000 +#define MSG_LEN 64 +#define NONCE_LEN 23 struct result { - const char *name; - double min; - double avg; - double max; + const char *name; + double min; + double avg; + double max; + double stddev; }; -/* Print a markdown table of results */ static void print_results(struct result *r, size_t n) { - size_t name_len = 9; /* Length of "Operation" */ - for(size_t i=0; i _max) _max = _t; \ + double _delta = _t - _mean; \ + _mean += _delta / (_ii + 1); \ + _M2 += _delta * (_t - _mean); \ + } \ + results[results_idx].min = _min; \ + results[results_idx].avg = _mean; \ + results[results_idx].max = _max; \ + results[results_idx].stddev = sqrt(_M2 / (ITERATIONS - 1)); \ + } \ + results_idx++; \ + puts("Done!"); + + int -bbs_bench_individual () +bbs_bench_individual(void) { - #define WARMUP 100 - #define ITERATIONS 1000 - #define MSG_LEN 64 - #define NONCE_LEN 23 - - clock_t clk; /* Because clock_gettime is POSIX-only */ - double timing, sum; /* recorded in ms */ - struct result results[10]; - size_t results_idx = 0; - - const bbs_ciphersuite *cipher_suite = *fixture_ciphersuite; - bbs_secret_key sk; - bbs_public_key pk; - char msg1[MSG_LEN]; - char msg2[MSG_LEN]; - bbs_signature sig; - char header[] = "But I am a header!"; - size_t header_len = strlen(header); - uint8_t proof[BBS_PROOF_LEN (1)]; - size_t disclosed_indexes[] = {0}; - char random_nonces[NONCE_LEN]; - - for (int j = 0; j < MSG_LEN; j++) msg1[j] = (char) rand (); - for (int j = 0; j < MSG_LEN; j++) msg2[j] = (char) rand (); - for (int j = 0; j < NONCE_LEN; j++) random_nonces[j] = (char) rand (); - -#define BBS_BENCH(_name, _code) \ - results[results_idx].name = _name; \ - printf("Benchmarking %s... ", results[results_idx].name); \ - sum = 0.0; \ - for(int ii = -WARMUP; ii < ITERATIONS; ii++) { \ - clk = clock(); \ - if(BBS_OK != _code) { puts("ERROR!"); return 1; } \ - timing = ((double)(clock() - clk)/CLOCKS_PER_SEC) * 1000; \ - if(ii < 0) continue; \ - sum += timing; \ - if(!ii || results[results_idx].min > timing) \ - results[results_idx].min = timing; \ - if(!ii || results[results_idx].max < timing) \ - results[results_idx].max = timing; \ - } \ - results[results_idx++].avg = sum / ITERATIONS; \ - puts("Done!"); - - if(CLOCKS_PER_SEC < 1000000) { - printf("WARNING: CLOCKS_PER_SEC is too low for accurate " - "measurements (is %ld)\n", (long)CLOCKS_PER_SEC); - } - - int title_len = printf("Benchmark for Ciphersuite %s\n", fixture_ciphersuite_name); - while(--title_len) printf("="); - puts(""); - - puts("Configuration:"); - printf("- %d measured iterations, %d round of warmup\n", ITERATIONS, WARMUP); - printf("- %d messages, each of length %d bytes\n", 2, MSG_LEN); - printf("- %d messages disclosed\n", 1); - printf("- header of length %zu bytes\n", header_len); - printf("- presentation header of length %d bytes\n\n", NONCE_LEN); - - BBS_BENCH ("Key Generation", - bbs_keygen_full (cipher_suite, sk, pk)); - - BBS_BENCH ("Signature Generation", - bbs_sign_v (cipher_suite, sk, pk, sig, - header, header_len, 2, - msg1, MSG_LEN, msg2, MSG_LEN)); - - BBS_BENCH ("Signature Verification", - bbs_verify_v (cipher_suite, pk, sig, - header, header_len, 2, - msg1, MSG_LEN, msg2, MSG_LEN)); - - BBS_BENCH ("Proof Generation", - bbs_proof_gen_v (cipher_suite, pk, sig, proof, - header, header_len, - random_nonces, NONCE_LEN, - disclosed_indexes, 1, 2, - msg1, MSG_LEN, msg2, MSG_LEN)); - - BBS_BENCH ("Proof Verification", - bbs_proof_verify_v (cipher_suite, pk, proof, BBS_PROOF_LEN (1), - header, strlen (header), - random_nonces, NONCE_LEN, - disclosed_indexes, 1, 2, - msg1, MSG_LEN)); - - puts(""); - print_results(results, results_idx); - puts(""); - return 0; + const bbs_ciphersuite *suite = *fixture_ciphersuite; + + bbs_secret_key sk; + bbs_public_key pk; + bbs_signature sig; + uint8_t proof[BBS_PROOF_LEN(1)]; + + char msg1[MSG_LEN], msg2[MSG_LEN], nonce[NONCE_LEN]; + static const char header[] = "benchmark header"; + static const size_t disclosed[] = { 0 }; + + for (int j = 0; j < MSG_LEN; j++) msg1[j] = (char)rand(); + for (int j = 0; j < MSG_LEN; j++) msg2[j] = (char)rand(); + for (int j = 0; j < NONCE_LEN; j++) nonce[j] = (char)rand(); + + const void *msgs[] = { msg1, msg2 }; + const size_t msg_lens[] = { MSG_LEN, MSG_LEN }; + + struct result results[8]; + size_t results_idx = 0; + + int title_len = printf("Benchmark for Ciphersuite %s\n", fixture_ciphersuite_name); + while (--title_len) printf("="); + puts(""); + printf("- %d measured iterations, %d warmup\n", ITERATIONS, WARMUP); + printf("- 2 messages of %d bytes, 1 disclosed\n\n", MSG_LEN); + + BBS_BENCH("Key Generation", bbs_keygen_full(suite, sk, pk)); + + if (BBS_OK != bbs_keygen_full(suite, sk, pk)) return 1; + + BBS_BENCH("Signature Generation", + bbs_sign(suite, sk, pk, sig, + header, sizeof(header) - 1, + 2, msgs, msg_lens)); + + if (BBS_OK != bbs_sign(suite, sk, pk, sig, + header, sizeof(header) - 1, + 2, msgs, msg_lens)) return 1; + + BBS_BENCH("Signature Verification", + bbs_verify(suite, pk, sig, + header, sizeof(header) - 1, + 2, msgs, msg_lens)); + + BBS_BENCH("Proof Generation", + bbs_proof_gen(suite, pk, sig, proof, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + disclosed, 1, + 2, msgs, msg_lens)); + + if (BBS_OK != bbs_proof_gen(suite, pk, sig, proof, + header, sizeof(header) - 1, + nonce, NONCE_LEN, + disclosed, 1, + 2, msgs, msg_lens)) return 1; + + BBS_BENCH("Proof Verification", + bbs_proof_verify(suite, pk, proof, BBS_PROOF_LEN(1), + header, sizeof(header) - 1, + nonce, NONCE_LEN, + disclosed, 1, + 2, (const void *const[]){ msg1 }, + (const size_t[]){ MSG_LEN })); + + puts(""); + print_results(results, results_idx); + puts(""); + return 0; } diff --git a/test/bbs_e2e_blind.c b/test/bbs_e2e_blind.c new file mode 100644 index 0000000..b6cc1a3 --- /dev/null +++ b/test/bbs_e2e_blind.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include + +int +bbs_e2e_blind(void) +{ + const bbs_ciphersuite *suite = *fixture_ciphersuite; + + bbs_secret_key sk; + bbs_public_key pk; + if (BBS_OK != bbs_keygen_full(suite, sk, pk)) { + puts("Error during key generation"); + return 1; + } + + static const char *header = "e2e blind header"; + static const char *ph = "e2e presentation nonce"; + + // signer-known messages + static const char *msg0 = "signer message 0"; + static const char *msg1 = "signer message 1"; + const void *msgs[] = { msg0, msg1 }; + const size_t msg_lens[] = { strlen(msg0), strlen(msg1) }; + + // committed messages (hidden from signer) + static const char *cmsg0 = "committed message 0"; + static const char *cmsg1 = "committed message 1"; + const void *cmsgs[] = { cmsg0, cmsg1 }; + const size_t cmsg_lens[] = { strlen(cmsg0), strlen(cmsg1) }; + + // prover commits to committed messages + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(2)]; + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + if (BBS_OK != bbs_blind_commit(suite, cwp, spb, + 2, cmsgs, cmsg_lens)) { + puts("Error during blind commit"); + return 1; + } + + // signer blind-signs + bbs_signature sig; + if (BBS_OK != bbs_blind_sign(suite, sk, pk, sig, + header, strlen(header), + cwp, sizeof(cwp), + 2, msgs, msg_lens)) { + puts("Error during blind sign"); + return 1; + } + + // prover verifies the blind signature + if (BBS_OK != bbs_blind_verify(suite, pk, sig, + header, strlen(header), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + spb)) { + puts("Error during blind verify"); + return 1; + } + + // prover generates a proof, disclosing msg0 and cmsg0 + uint8_t proof[BBS_PROOF_LEN(3)]; + + const size_t disclosed_signer[] = { 0 }; // msg0 + const size_t disclosed_committed[] = { 0 }; // cmsg0 + + if (BBS_OK != bbs_blind_proof_gen(suite, pk, sig, proof, + header, strlen(header), + ph, strlen(ph), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb)) { + puts("Error during blind proof gen"); + return 1; + } + + // verifier verifies the proof + const void *disc_msgs[] = { msg0 }; + const size_t disc_msg_lens[] = { strlen(msg0) }; + const void *disc_cmsgs[] = { cmsg0 }; + const size_t disc_cmsg_lens[] = { strlen(cmsg0) }; + + if (BBS_OK != bbs_blind_proof_verify(suite, pk, + proof, sizeof(proof), + header, strlen(header), + ph, strlen(ph), + 2, // num_signer_known_messages + 1, disc_msgs, disc_msg_lens, + disclosed_signer, + 1, disc_cmsgs, disc_cmsg_lens, + disclosed_committed)) { + puts("Error during blind proof verify"); + return 1; + } + + memset(sk, 0, sizeof(sk)); + memset(sig, 0, sizeof(sig)); + memset(spb, 0, sizeof(spb)); + + return 0; +} diff --git a/test/bbs_e2e_blind_with_nym.c b/test/bbs_e2e_blind_with_nym.c new file mode 100644 index 0000000..215e4d2 --- /dev/null +++ b/test/bbs_e2e_blind_with_nym.c @@ -0,0 +1,181 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include + +int +bbs_e2e_blind_with_nym(void) +{ + const bbs_ciphersuite *suite = *fixture_ciphersuite; + + bbs_secret_key sk; + bbs_public_key pk; + if (BBS_OK != bbs_keygen_full(suite, sk, pk)) { + puts("Error during key generation"); + return 1; + } + + static const char *header = "e2e blind nym header"; + static const char *ph = "e2e presentation nonce"; + static const char *context_id = "verifier-domain-A"; + + // signer-known messages + static const char *msg0 = "signer message 0"; + static const char *msg1 = "signer message 1"; + const void *msgs[] = { msg0, msg1 }; + const size_t msg_lens[] = { strlen(msg0), strlen(msg1) }; + + // committed messages + static const char *cmsg0 = "committed message 0"; + static const char *cmsg1 = "committed message 1"; + const void *cmsgs[] = { cmsg0, cmsg1 }; + const size_t cmsg_lens[] = { strlen(cmsg0), strlen(cmsg1) }; + + // nym secrets + static const char *nym0 = "nym secret 0"; + static const char *nym1 = "nym secret 1"; + const void *nyms[] = { nym0, nym1 }; + + static const uint8_t entropy[32] = { + 0x3d,0x40,0x96,0x1f,0xce,0x6c,0x09,0xee, + 0xc2,0x4a,0x37,0x13,0x22,0x73,0x29,0x32, + 0x50,0x3b,0x45,0x8d,0x7a,0x4c,0xf7,0x89, + 0x1b,0xda,0xa7,0x65,0xb3,0x00,0x27,0xc5, + }; + + // prover commits to committed messages and nym secrets + uint8_t cwp[BBS_BLIND_COMMITMENT_LEN(4)]; // 2 cmsgs + 2 nyms + uint8_t spb[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + if (BBS_OK != bbs_blind_commit_with_nym(suite, cwp, spb, + 2, cmsgs, cmsg_lens, + 2, nyms)) { + puts("Error during commit with nym"); + return 1; + } + + // signer blind-signs with nym entropy + bbs_signature sig; + if (BBS_OK != bbs_blind_sign_with_nym(suite, sk, pk, sig, + entropy, 2, + header, strlen(header), + cwp, sizeof(cwp), + 2, msgs, msg_lens)) { + puts("Error during blind sign with nym"); + return 1; + } + + // prover verifies and recovers nym secrets + uint8_t recovered0[32], recovered1[32]; + void *const recovered[] = { recovered0, recovered1 }; + + if (BBS_OK != bbs_blind_verify_with_nym(suite, pk, sig, + header, strlen(header), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + spb, + entropy, 2, nyms, + recovered)) { + puts("Error during blind verify with nym"); + return 1; + } + + // prover generates a proof, disclosing msg0 and cmsg0 + // undisclosed: msg1, cmsg1, spb, nym0, nym1 + uint8_t proof[BBS_PROOF_LEN(5)]; + bbs_pseudonym pseudonym; + + const size_t disclosed_signer[] = { 0 }; // msg0 + const size_t disclosed_committed[] = { 0 }; // cmsg0 + + if (BBS_OK != bbs_blind_proof_gen_with_nym(suite, pk, sig, proof, pseudonym, + header, strlen(header), + ph, strlen(ph), + context_id, strlen(context_id), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb, + 2, (const void *const *)recovered)) { + puts("Error during blind proof gen with nym"); + return 1; + } + + // verifier checks the proof and pseudonym + const void *disc_msgs[] = { msg0 }; + const size_t disc_msg_lens[] = { strlen(msg0) }; + const void *disc_cmsgs[] = { cmsg0 }; + const size_t disc_cmsg_lens[] = { strlen(cmsg0) }; + + if (BBS_OK != bbs_blind_proof_verify_with_nym(suite, pk, pseudonym, + proof, sizeof(proof), + header, strlen(header), + ph, strlen(ph), + context_id, strlen(context_id), + 2, // length_nym_vector + 2, // num_signer_known_messages + 1, disc_msgs, disc_msg_lens, + disclosed_signer, + 1, disc_cmsgs, disc_cmsg_lens, + disclosed_committed)) { + puts("Error during blind proof verify with nym"); + return 1; + } + + // same prover, same context_id -> same pseudonym + // generate a second proof and confirm the pseudonym is stable + uint8_t proof2[BBS_PROOF_LEN(5)]; + bbs_pseudonym pseudonym2; + + if (BBS_OK != bbs_blind_proof_gen_with_nym(suite, pk, sig, proof2, pseudonym2, + header, strlen(header), + ph, strlen(ph), + context_id, strlen(context_id), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb, + 2, (const void *const *)recovered)) { + puts("Error during second blind proof gen with nym"); + return 1; + } + + if (memcmp(pseudonym, pseudonym2, BBS_PSEUDONYM_LEN) != 0) { + puts("Error: pseudonym is not stable across presentations"); + return 1; + } + + // different context_id -> different pseudonym + static const char *context_id_b = "verifier-domain-B"; + uint8_t proof3[BBS_PROOF_LEN(5)]; + bbs_pseudonym pseudonym3; + + if (BBS_OK != bbs_blind_proof_gen_with_nym(suite, pk, sig, proof3, pseudonym3, + header, strlen(header), + ph, strlen(ph), + context_id_b, strlen(context_id_b), + 2, msgs, msg_lens, + 2, cmsgs, cmsg_lens, + 1, disclosed_signer, + 1, disclosed_committed, + spb, + 2, (const void *const *)recovered)) { + puts("Error during third blind proof gen with nym"); + return 1; + } + + if (memcmp(pseudonym, pseudonym3, BBS_PSEUDONYM_LEN) == 0) { + puts("Error: pseudonym did not change across different context_ids"); + return 1; + } + + // should be memset_explicit in production env + memset(sk, 0, sizeof(sk)); + memset(sig, 0, sizeof(sig)); + memset(spb, 0, sizeof(spb)); + memset(recovered0, 0, sizeof(recovered0)); + memset(recovered1, 0, sizeof(recovered1)); + + return 0; +} diff --git a/test/bbs_fix_generators.c b/test/bbs_fix_generators.c index ce41862..5f223bd 100644 --- a/test/bbs_fix_generators.c +++ b/test/bbs_fix_generators.c @@ -10,10 +10,10 @@ bbs_fix_generators () uint8_t g_buffer[BBS_G1_ELEM_LEN]; for(size_t i=0; i < vectors_generators_len; i++) { - create_generator_init (*fixture_ciphersuite, state); + create_generator_init (*fixture_ciphersuite, state, nullptr, 0); for (size_t j = 0; j < vectors_generators[i].result_len; j++) { - create_generator_next (*fixture_ciphersuite, state, &g); + create_generator_next (*fixture_ciphersuite, state, &g, nullptr, 0); ep_write_bbs (g_buffer, &g); ASSERT_EQ_PTR ("generator", diff --git a/test/blind_bbs_fix_commit.c b/test/blind_bbs_fix_commit.c new file mode 100644 index 0000000..d60667c --- /dev/null +++ b/test/blind_bbs_fix_commit.c @@ -0,0 +1,115 @@ +#include "fixtures.h" +#include "bbs_util.h" + +int +bbs_blind_commit_with_nym_inner( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + size_t num_messages, + const void *const *messages, + const size_t *messages_lens, + size_t num_prover_nyms, + const void *const *prover_nyms, + bbs_bn_prf prf, + void *prf_cookie +); + +void blind_commit_mocked_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *cookie +) { + (void)cipher_suite; + uint8_t *rand = (uint8_t*) cookie; + + // secret_prover_blind = 0 + + // s~ = 1 + if (input_type == 1) { + rand += 48; + } + + // message = index = input + if (input_type == 2) { + rand += (2 * 48) + (input * 48); + } + + blst_scalar_from_be_bytes(out, rand, 48); +} + +int mocked_bbs_blind_commit( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + uint64_t num_blinded_messages, + const void *const *messages, + const size_t *messages_lens, + const void *mocking_seed, + size_t mocking_seed_len, + const void *mocking_dst, + size_t mocking_dst_len +) { + // space for 2 + 5 random scalars at max because there is no test vector with more + union bbs_hash_context h_ctx; + uint8_t randomness[7 * 48]; + int ret = BBS_OK; + + cipher_suite->expand_message_init(&h_ctx); + cipher_suite->expand_message_update(&h_ctx, mocking_seed, mocking_seed_len); + cipher_suite->expand_message_finalize(&h_ctx, randomness, (2 + num_blinded_messages) * 48, mocking_dst, mocking_dst_len); + + ret = bbs_blind_commit_with_nym_inner( + cipher_suite, + commitment_with_proof, + secret_prover_blind, + num_blinded_messages, + messages, + messages_lens, + 0, + NULL, + blind_commit_mocked_prf, + randomness + ); + + return ret; +} + +int blind_bbs_fix_commit(void) { + for(size_t i=0; i < vectors_blind_commit_len; i++) { + // Do not try to recreate invalid commits + if(!vectors_blind_commit[i].result_valid) continue; + uint8_t blind_commit[vectors_blind_commit[i].result_len]; + uint8_t secret_prover_blind[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + if (BBS_OK != mocked_bbs_blind_commit(*fixture_ciphersuite, + blind_commit, + secret_prover_blind, + vectors_blind_commit[i].num_committed_messages, + vectors_blind_commit[i].committed_msgs, + vectors_blind_commit[i].committed_msg_lens, + vectors_blind_commit[i].mocking_seed, + vectors_blind_commit[i].mocking_seed_len, + vectors_blind_commit[i].mocking_dst, + vectors_blind_commit[i].mocking_dst_len)) + { + puts ("Error during blind commit generation"); + return 1; + } + + ASSERT_EQ_PTR ("commit generation", + blind_commit, + vectors_blind_commit[i].result, + vectors_blind_commit[i].result_len); + + ASSERT_EQ_PTR ("commit generation secret_prover_blind", + secret_prover_blind, + vectors_blind_commit[i].prover_blind, + BBS_BLIND_SECRET_PROVER_BLIND_LEN); + } + + + return 0; +} diff --git a/test/blind_bbs_fix_generators.c b/test/blind_bbs_fix_generators.c new file mode 100644 index 0000000..b2a0ba9 --- /dev/null +++ b/test/blind_bbs_fix_generators.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include "bbs_util.h" + +#define BBS_BLIND_API_ID_PREFIX "BLIND_" + +int +blind_bbs_fix_generators(void) +{ + uint8_t state[48 + 8]; + blst_p1 g; + uint8_t g_buffer[BBS_G1_ELEM_LEN]; + + for (size_t i = 0; i < vectors_blind_generators_len; i++) { + // Signer generators — normal api_id, no prefix + create_generator_init(*fixture_ciphersuite, state, NULL, 0); + for (size_t j = 0; j < vectors_blind_generators[i].signer_result_len; j++) { + create_generator_next(*fixture_ciphersuite, state, &g, NULL, 0); + ep_write_bbs(g_buffer, &g); + ASSERT_EQ_PTR("signer generator", + g_buffer, + vectors_blind_generators[i].signer_result[j], + BBS_G1_ELEM_LEN); + } + + // blind generators with BLIND_ prefix + create_generator_init(*fixture_ciphersuite, state, (uint8_t*)BBS_BLIND_API_ID_PREFIX, sizeof(BBS_BLIND_API_ID_PREFIX) - 1); + for (size_t j = 0; j < vectors_blind_generators[i].prover_result_len; j++) { + create_generator_next(*fixture_ciphersuite, state, &g, (uint8_t*)BBS_BLIND_API_ID_PREFIX, sizeof(BBS_BLIND_API_ID_PREFIX) - 1); + ep_write_bbs(g_buffer, &g); + ASSERT_EQ_PTR("prover generator", + g_buffer, + vectors_blind_generators[i].prover_result[j], + BBS_G1_ELEM_LEN); + } + } + + return 0; +} diff --git a/test/blind_bbs_fix_proof_gen.c b/test/blind_bbs_fix_proof_gen.c new file mode 100644 index 0000000..9b5c83c --- /dev/null +++ b/test/blind_bbs_fix_proof_gen.c @@ -0,0 +1,191 @@ +#include "fixtures.h" +#include "bbs_util.h" + +int +bbs_blind_proof_gen_inner( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // output + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + bbs_bn_prf prf, + void *prf_cookie +); + +void blind_blind_proof_gen_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *cookie +) { + // input_type 0: input=0=r1 input=1=r2 input=2=e~ input=3=r1~ input=4=r2~ + // input_type 1: input=i=m~_i + + (void)cipher_suite; + uint8_t *rand = (uint8_t*) cookie; + + if (input_type == 0) { + rand += (input * 48); + } + + if (input_type == 1) { + rand += (5 * 48) + (input * 48); + } + + blst_scalar_from_be_bytes(out, rand, 48); +} + +int bbs_blind_proof_gen_mock( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // output + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + const void *mocking_seed, + size_t mocking_seed_len, + const void *mocking_dst, + size_t mocking_dst_len +) { + // space for 5 + n random scalars at max + union bbs_hash_context h_ctx; + size_t count = 5; + count += num_messages - num_disclosed_indexes; + count += num_committed_messages - num_disclosed_committed_indexes; + count += 1; // secret_prover_blind + uint8_t seed[count * 48]; + int ret = BBS_OK; + + //printf("rnd mock count = %ld\n", count); + //printf("rnd mock seed = %.*s\n", (int)mocking_seed_len, (char*)mocking_seed); + //printf("rnd mock dst = %.*s\n", (int)mocking_dst_len, (char*)mocking_dst); + + cipher_suite->expand_message_init(&h_ctx); + cipher_suite->expand_message_update(&h_ctx, mocking_seed, mocking_seed_len); + cipher_suite->expand_message_finalize(&h_ctx, seed, count * 48, mocking_dst, mocking_dst_len); + + ret = bbs_blind_proof_gen_inner( + cipher_suite, + pk, + signature, + proof, + header, + header_len, + presentation_header, + presentation_header_len, + num_messages, + messages, + message_lens, + num_committed_messages, + committed_messages, + committed_message_lens, + num_disclosed_indexes, + disclosed_indexes, + num_disclosed_committed_indexes, + disclosed_committed_indexes, + secret_prover_blind, + blind_blind_proof_gen_prf, + seed + ); + + return ret; +} + +int blind_bbs_fix_proof_gen(void) { + for(size_t i=0; i < vectors_blind_proof_len; i++) { + uint8_t proof[vectors_blind_proof[i].result_len]; + + //printf("\nPROOF GEN %lu\n\n", i); + + // only generate valid proofs + if (vectors_blind_proof[i].result_valid && + BBS_OK != bbs_blind_proof_gen_mock(*fixture_ciphersuite, + vectors_blind_proof[i].pk, + vectors_blind_proof[i].signature, + proof, + vectors_blind_proof[i].header, + vectors_blind_proof[i].header_len, + vectors_blind_proof[i].presentation_header, + vectors_blind_proof[i].presentation_header_len, + vectors_blind_proof[i].num_messages, + vectors_blind_proof[i].msgs, + vectors_blind_proof[i].msg_lens, + vectors_blind_proof[i].num_committed_messages, + vectors_blind_proof[i].committed_msgs, + vectors_blind_proof[i].committed_msg_lens, + vectors_blind_proof[i].disclosed_indexes_len, + vectors_blind_proof[i].disclosed_indexes, + vectors_blind_proof[i].disclosed_committed_indexes_len, + vectors_blind_proof[i].disclosed_committed_indexes, + vectors_blind_proof[i].prover_blind, + vectors_blind_proof[i].proof_mocking_seed, + vectors_blind_proof[i].proof_mocking_seed_len, + vectors_blind_proof[i].proof_mocking_dst, + vectors_blind_proof[i].proof_mocking_dst_len)) + { + puts ("Error during blind proof generation"); + return 1; + } + + ASSERT_EQ_PTR ("blind proof generation", + proof, + vectors_blind_proof[i].result, + vectors_blind_proof[i].result_len); + + //printf("\nPROOF VERIFY %lu\n\n", i); + + if (vectors_blind_proof[i].result_valid != + (BBS_OK == bbs_blind_proof_verify( + *fixture_ciphersuite, + vectors_blind_proof[i].pk, + proof, + vectors_blind_proof[i].result_len, + vectors_blind_proof[i].header, + vectors_blind_proof[i].header_len, + vectors_blind_proof[i].presentation_header, + vectors_blind_proof[i].presentation_header_len, + vectors_blind_proof[i].L, + vectors_blind_proof[i].disclosed_indexes_len, + vectors_blind_proof[i].disclosed_msgs, + vectors_blind_proof[i].disclosed_msg_lens, + vectors_blind_proof[i].disclosed_indexes, + vectors_blind_proof[i].disclosed_committed_indexes_len, + vectors_blind_proof[i].disclosed_committed_msgs, + vectors_blind_proof[i].disclosed_committed_msg_lens, + vectors_blind_proof[i].disclosed_committed_indexes + ))) { + puts("failed blind proof verification"); + return 1; + } + } + + return 0; +} diff --git a/test/blind_bbs_fix_sign.c b/test/blind_bbs_fix_sign.c new file mode 100644 index 0000000..7434c2b --- /dev/null +++ b/test/blind_bbs_fix_sign.c @@ -0,0 +1,54 @@ +#include "fixtures.h" + +int blind_bbs_fix_sign(void) { + bbs_signature sig; + + for(size_t i=0; i < vectors_blind_signature_len; i++) { + //printf("testing test vector %lu\n", i); + + if(vectors_blind_signature[i].result_valid) { + // sign + if (BBS_OK != bbs_blind_sign(*fixture_ciphersuite, + vectors_blind_signature[i].sk, + vectors_blind_signature[i].pk, + sig, + vectors_blind_signature[i].header, + vectors_blind_signature[i].header_len, + vectors_blind_signature[i].commitment_with_proof, + vectors_blind_signature[i].commitment_with_proof_len, + vectors_blind_signature[i].num_messages, + vectors_blind_signature[i].msgs, + vectors_blind_signature[i].msg_lens)) + { + puts ("Error during blind signature generation"); + return 1; + } + + ASSERT_EQ_PTR ("blind signature creation", + sig, + vectors_blind_signature[i].result, + sizeof(vectors_blind_signature[i].result)); + } + + if (vectors_blind_signature[i].result_valid != (BBS_OK == bbs_blind_verify( + *fixture_ciphersuite, + vectors_blind_signature[i].pk, + sig, + vectors_blind_signature[i].header, + vectors_blind_signature[i].header_len, + vectors_blind_signature[i].num_messages, + vectors_blind_signature[i].msgs, + vectors_blind_signature[i].msg_lens, + vectors_blind_signature[i].num_committed_messages, + vectors_blind_signature[i].committed_msgs, + vectors_blind_signature[i].committed_msg_lens, + vectors_blind_signature[i].prover_blind + + ))) { + puts("failed blind signature verification"); + return 1; + } + } + + return 0; +} diff --git a/test/blind_fixtures_data/.DS_Store b/test/blind_fixtures_data/.DS_Store new file mode 100644 index 0000000..03b090d Binary files /dev/null and b/test/blind_fixtures_data/.DS_Store differ diff --git a/test/blind_fixtures_data/bls12-381-sha-256/.DS_Store b/test/blind_fixtures_data/bls12-381-sha-256/.DS_Store new file mode 100644 index 0000000..d770879 Binary files /dev/null and b/test/blind_fixtures_data/bls12-381-sha-256/.DS_Store differ diff --git a/test/blind_fixtures_data/bls12-381-sha-256/commit/commit001.json b/test/blind_fixtures_data/bls12-381-sha-256/commit/commit001.json new file mode 100644 index 0000000..4717b1f --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/commit/commit001.json @@ -0,0 +1,22 @@ +{ + "caseName": "valid no committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "committedMessages": [], + "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", + "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "0b71f3e3fc1517bd763b180dc4f6d269da8c96fb5307653b77205c31e40c521e", + "m_tildes": [] + } + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/commit/commit002.json b/test/blind_fixtures_data/bls12-381-sha-256/commit/commit002.json new file mode 100644 index 0000000..3dcaf64 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/commit/commit002.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid multiple committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "2c78a955f6598824fc77bf6cb5a8b58204da0cadb499faf4bbee2d4fceadc0d1", + "m_tildes": [ + "2b8c33fb06580d8dffdc72212967ae75838859096abeea973cc0d9e80ac1946c", + "2b9e86176d6a4c5b63fcd4a4ace793316c0f7adccdc888b308b5408bd6a21b89", + "005c784be3f30d47393996fe596adbbe30aeb1d3a8d888b5075aa56d3b2be35c", + "6b64079fac7b8d026520647b5764c5dbbe8b5486efb7791f5742511129c36a87", + "41cbd69ac7603928be8e96d29756fe6763e5de8103c68eb484744ebb29bd2a1b" + ] + } + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/generators.json b/test/blind_fixtures_data/bls12-381-sha-256/generators.json new file mode 100644 index 0000000..194eadb --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/generators.json @@ -0,0 +1,31 @@ +{ + "generators": { + "api_id": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_BLIND_H2G_HM2S_", + "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + "Q1": "8aa0382ea3cd294680e3425bb0bb9293210a4d3e94d8ba59096fcb24eb9b56546645bea83e170b078ff3cc5aeac18c49", + "MsgGenerators": [ + "8065ec88f9bbee345b44e7825b2d602c91b0398b7c885d722450459c26efb1619eb4249428644b9e3d8d11d469d0c62b", + "b96f3af9abcd3ee2228fbe97d4e5a0ef10aaf655c6889e284f27a732492ecdb64a91f92dbaa93f2a7fb550659935985f", + "a99d1b53cc51738a46a7e1fe9b9d89a57977154dcccb7ce741eb779bf69ff655b110f0e97c4715616401e5a47d2c373a", + "9791c624fec3d688975f9c9143f066404115e0dcc1e318ef4f5290c0103ee4a2857dbf9347d997ee507ab629216797f6", + "8a472740d4968c831a3ad3d3c55ada8aca8478e4d0698ece52eff445d15aec1a479332e34562e80831b9593c85b435ec", + "b5102a6529b39de47c136de78a8697395e11013f8aa91f695f158009b52985adee67a63fc354846b7f4b944349295c95", + "845df3031a580f6c58b6d324f42f2158088a924dab9e77151851408a8bda31c266000c10bc47cc38aa3ac24dad22462c", + "b4296c820736cafb7c9229cf499788314a4578de69e88832ca39babe36c48073e61968ae320f9bae61079724a5271eac", + "9253f55dacd9e144f6da37f4adb420773325d142d900a6ae7de851c2643532e0b9181ae3ee02fe8c123b10dd12822876", + "979a52e753c367e3baa8826e7b74a23856abca5468ba5ce5719b4c57eb7e9ee879935f98fbd6959661d3e866477063b2" + ] + }, + "blindGenerators": { + "api_id": "BLIND_BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_BLIND_H2G_HM2S_", + "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + "Q1": "a347532dc0ba9b83e4f15f3eeb7dffd934f5fa4668d927fbcb68096d5a26f6e59f66681201be1c263af1a25b6749759c", + "MsgGenerators": [ + "af590ba56aa0e526a0763ae6926347dce988ffb9cc1a0b4510ada06fe08816f5c36a6c7007cc8558e5793f9a2cbae462", + "a9a6e5f3093823745734a2195d80886f47185be6a3e4d00df2bd5996aa9d664e34244ea15e9ad4c41d8825331fcfd5a3", + "a6c1a8fd251a338e25d3ea4e09334ea250f0257783f2be4ce4406798ea9acbce41e7648c7fb1409fcd822396f652c4e7", + "80d1232ee4a5623d7ac5a3912c555f9f6f34716edfe156ae40b6ac19afba58dd18556e49529e39da91aa806c9c55d493", + "b8775d3d2f58cafd808d135de79367f34c9ad22a6a878631fd0b1383541999b16b6f3bae96ab51bb4ab25caf69462473" + ] + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof001.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof001.json new file mode 100644 index 0000000..bc5bcb5 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof001.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 6 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "L": 10, + "proof": "a80ea73d954433eca5bff121e0ad4b41e91d2b600cc717eff3804f11ef21cc9b9b20da25387722ae6b2dd78103a3413484c3a88248f51c9bfe93cbd88dabc619ba8a432814b15f8dfe601c1cac5404986541968307c8d06acf63ab906c41177ba9e5e8f4f1ff77426d3e905b7809243e9ae10acd1013c40525c257e3fe6f1bec2a5204433d354f3508eb93e24c91e49b60e8c0bd15af07241c43301024d5d8701516307a7b1bb381fbc3bfcaefa4d092519b4996840e199e7e2c40d75d593a993ea002fe4d411a9ef650cd0416033ff04d1bb51ca8377b789a274720695c86f5e70ecb56c4abcb3b6ff88edf48677c273ca24547a67e10d4deab8b9c989c48d9414b1c05bf61b8f8ae73c9d48c37dec55c1dd59fd821e66b06a117d7248b8676e5c15da737cbeb371790a37917130e74", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "2cf2bd257845b6138247ad87cb387aee347a9104fd1090f92e3b7559e855b068", + "r2": "14f989abea9c9d0cbae6d72e2eb806ac7dbfcd08a8ed647ad5b8e16a83b94d4a", + "e_tilde": "07e5d7e2b504d3e3075617400781df19831fac0763602bc494b3fe40dcdefb47", + "r1_tilde": "35888226d06bd50f1901008bdf70b1472ad98304664828c6a0fa45b396cca7d9", + "r3_tilde": "21e5d2a43d0190ddee9319dab20ad1bfaacf7c12399ac384fe9bf1235c191907", + "m_tilde_scalars": [ + "6683a44c7e1b057c7ce5e99dca9d71a091441b6c23ad9bfd45ba23862f610cf7" + ] + }, + "Abar": "a80ea73d954433eca5bff121e0ad4b41e91d2b600cc717eff3804f11ef21cc9b9b20da25387722ae6b2dd78103a34134", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "84c3a88248f51c9bfe93cbd88dabc619ba8a432814b15f8dfe601c1cac5404986541968307c8d06acf63ab906c41177b", + "D": "a9e5e8f4f1ff77426d3e905b7809243e9ae10acd1013c40525c257e3fe6f1bec2a5204433d354f3508eb93e24c91e49b", + "T1": "b0b4a637c4f6117ba5c79fca86da607be282fb339180117d1effbfb0f5c68b4fa7936a1e069b7f17b84b61b9b97f9c36", + "T2": "b828232d2502a9094146308ce88fc76181b7819ae8787dfccdca2bd6b2682ae27841908e65a1284100c4557f32fcb4b4", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "5c1dd59fd821e66b06a117d7248b8676e5c15da737cbeb371790a37917130e74" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof002.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof002.json new file mode 100644 index 0000000..b6df8ab --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof002.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 8 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "a1fe94ec24e6d325d2494e10bdc395bd82e613e8dd08ca8f4eeffee294246b9321cc0e5997de7ae473a4d4c39f27b9088c815c0ff4f8ff7da0ef6d3338e048e2b28d98e148e1e8717b6ff6dfc4c74379aab5f409212986ce667c0b9ae4c48c278720d66be792af1a62989ea56f433a17f05af1f761b48b9ae2bb24418208111680d75c8b7d781186afedbe7c7f293b644cad32737358fed7adc516ec64319298fa4d22e2119db88e846f4d8665858b0930016a56245de910baa76242d3b2f48d61e78491695773063178c1f35d392198616b619fb5019a17fd6ec0bbbf6820cfe6bf8eb58801049465d86aca537126b759f76d65d2239d71584c85c371ff9bc0fd38ebd6623df2cba477ef0ffb0c0c9f35e8a6b4c2c865f4e1b0e5bc543601c0a209816a420bd9a6b71e0cf9bc330cc2078c8d74f7c741b2fc6ce3e553fe11d4ee2e02b34e81bd06074dfc892b87046a6f77fc07c8857b819c764ae92d3779b4bf76f875b4589b37daad83c6bf1889ba", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "5a113c961c5d21bd78b50c3079ea482f5e861c20be37899d26e2ba565ea67093", + "r2": "1ce7fcf7fc75bffdf3cd0a284a5cd4acf6be87df552fa937f246a38e8c03af0b", + "e_tilde": "286458907bcd8e3fc535ed9575531919d1942a907ef8ed10360e292fca5ad0bb", + "r1_tilde": "40caa7858d917197f007c87ea7e80f638db1313b0e3d46612bb2e73798bb24c8", + "r3_tilde": "6d30be5b88e8cb333e4872bdf0c4d7cffe4540eddf03eafaae3d4cb1f3ad1cda", + "m_tilde_scalars": [ + "342ddc1b4e04cef472c764f5bda8afae4b189e78ffcbb519075a83e640c0100c", + "51608282827ece21a8ed20b774e2ff129353416006317c16e409e1a925540345", + "0c1ff555f2b0f53e8859aff2947b22b1ef9d2be2c65621d8f6aa3252340fcaf2" + ] + }, + "Abar": "a1fe94ec24e6d325d2494e10bdc395bd82e613e8dd08ca8f4eeffee294246b9321cc0e5997de7ae473a4d4c39f27b908", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "8c815c0ff4f8ff7da0ef6d3338e048e2b28d98e148e1e8717b6ff6dfc4c74379aab5f409212986ce667c0b9ae4c48c27", + "D": "8720d66be792af1a62989ea56f433a17f05af1f761b48b9ae2bb24418208111680d75c8b7d781186afedbe7c7f293b64", + "T1": "833559d2351f6942b7e49108a076b10c05a997a983f26de9153c768fa464321684cfeda210307572982c5d8cdd59f3ca", + "T2": "a59ff84bffafd5c607b3c441d69e98ae540a4e513bc31dfcb71a3b2c34d6d70d6e8e24404e6197409d4223642f6ea6e7", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "6f77fc07c8857b819c764ae92d3779b4bf76f875b4589b37daad83c6bf1889ba" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof003.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof003.json new file mode 100644 index 0000000..5fc88e2 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof003.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 11 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "L": 10, + "proof": "82a7815ebceefbfb5c1728c940b8ec6efe0d64c6c53c5b7e5a01a598f3e904bf4eb43f94f3c41c2c73bf86ad6b4d9a6f87b89bb4c08ab7d0aa1afa52de982fb5f173b88db16b09a25358489da59d7d8da1f603aa83b55a6664e276e8b24985de93c5ee7b5fe52c329660f963fa3a26b9316aaddbdb83e764fdb4323be9870a9d7fa18c9136ad79d06f6de5e820631cd30a1739ba5dd8f204020cf071e8a1a5313e4a3eb1ba058c91f37f397976920eff270ff2bb79bdab9dd006752c915b22e2fff4f362a1dd663b2a178bb7ae08d1a6251e39fb11ff14b24a237ff2d8be9fe8d0db493dc019535e53dd31c0608543fb69f9fb31d1483514e65edc9c5111281409df08b88d333e4cc76fc41a45e49767523813f5e585c562933a6d7fd8b664102bd4822ba062ccee37ea50a3c9e03fc642b84c7d422155b61d69e5a832e41169bb08748ac245be18e159be1bb343afc170483a8887fe5b889adc43f410529c7fad530084b1cc90f8854d8bf402def3f90e525e4bc99b5b8b8095495651f2cb6844b91a7832744954ca5bbf9a4f9c863c6b3485ad58bdb54fa6c71058fe29296eab761ab1a2c4be2db749c40f173f8b2e03ec71a4d9d89d066763fd6a055e6a9e42a3b6a153732a42a5be5bfd2cf85b7d", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "034d543fdd164520876e558a77c102d4ad8bc99bf82ebe74590481473df2df56", + "r2": "4a8334929ba48d36eb4ebc7f8bfa701b4d3f30ef25bc01e2a45ef9611c16037f", + "e_tilde": "19726feed8e0e5ff22e4f5de19713977beceb12c3e85c1f3fb41cfe4a7237d1a", + "r1_tilde": "73012dc2f14039c8de5853b26baab7b51280a3f41425416d78a1a91fbaae9bf2", + "r3_tilde": "68263029bdc322a3d6460758135205dec58957ff3e5397276a2f0ffdc738d5e4", + "m_tilde_scalars": [ + "52638b8d190f9fd439188b22c903507cfe5282296c2c9f605f1ef714afc14062", + "2cbc33e381cf6ae09dbb6f1d08e3ea93a5aa03c4a6574fd2fa2e879dc4deeca9", + "1ec36e6be1c702255d9aa4d590014b2b5de2f07d290c9551b66977cde157094b", + "5491612228a993693c79c11ae169dad9be4116a704ae9ed333ef96e3986373a0", + "6f4d920974d33c1e08c86b7f4b6bb7c58a5c0289d8d706a92d4855125ccedb70", + "279717a2b1e1d34cccfddfe9c8e3729f6e92e28197a09459c6dcd56e3920a0d7" + ] + }, + "Abar": "82a7815ebceefbfb5c1728c940b8ec6efe0d64c6c53c5b7e5a01a598f3e904bf4eb43f94f3c41c2c73bf86ad6b4d9a6f", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "87b89bb4c08ab7d0aa1afa52de982fb5f173b88db16b09a25358489da59d7d8da1f603aa83b55a6664e276e8b24985de", + "D": "93c5ee7b5fe52c329660f963fa3a26b9316aaddbdb83e764fdb4323be9870a9d7fa18c9136ad79d06f6de5e820631cd3", + "T1": "a6c99db0835b219a11aa9782ebeac96b3c98b2efa8cc297ed635b2b2fb4368ba1dc2d2ddbc1e3b98da5dcb45b979b0cf", + "T2": "9978718786e319a6d7581746393970e1a31f001072bf9101aef8e7e4335b571ec43c76502f751d3e06fdeebf0768fb04", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "03ec71a4d9d89d066763fd6a055e6a9e42a3b6a153732a42a5be5bfd2cf85b7d" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof004.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof004.json new file mode 100644 index 0000000..c687561 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof004.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 13 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "906a557b649ef5fa3ae1b17f814bbf1e78936daed6ac985416ce97bdaada5e874d60f34074c5f2a8c02b1c33c3cb041294aa3da2e1bb55674a4b94d860f3477be7eb1adb763894796b285df22112a153ad13c35e4b9707046de269833e27c16d9621b73f05e4c7c543bf995e76ac1013839c6e8a9909b36e979192c5497bcc9fc534aa9296ec36ae43c398cdd328d3b606ebb0642786b508eb1d38893cfffe8c9cff3c385644bd3641e0d1cbeda08bf16902d6dfeefa3ac8f8840a5f155c54695b908e729b7f0d06fa9453d28746dfae608580fab158d2966ed54a3b528346d72d49b0d69576b1094b3b14bfcba67af81c4467b424e9ac53fbf9cf8ca7c4cd20ac61243d61d91cd937eb82cb1524e38b24bd0ef235886c9f32e139ffe0b371bf1a310dd4a81bdda3994f1c2f85bd4b775dd2b716ad1a06e4b604448a8bad5a75581b8c655652b284b1f727f52fe74ff501990b95918fdac4a00c3509bcb978370224b2c38aea21d811f30fcf623aa3f917ca0193ae9fd3ad3f82c7e1dd80c5712d280faa027b90d27ffb37fad3ea7bcc5c69885dfe74acfb07213d01cd974133e5f6c423d7e3fa118c590cbf5edac814486965aadec16206156c97e37f7ebc837f9482f2b7c97e691bf80d0d4a02ccff38794349ef189ef7e7c909dc0c420236abac3be7613c66e41dee0a3246a759225c2e5be0db5131fee3e284bb3bdc98ff34eccb03eb70cac6b8aedef376110de7", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "6fe2700deae18571f365d5b549a03eca3a19414532982cdb173e6442f8488a82", + "r2": "4cc007c238298166e67bcbc8332435b27f39879b75ab00ed5e6863f6296051a4", + "e_tilde": "53f3c5e5ff89fb20a89d7fffa1198b13744d1ae78457119e5bb3da42d77bfe56", + "r1_tilde": "14e6c0d53eba55936c1f1ff11d9775fde7bc366d1859cdbd9ec9f65510a19b02", + "r3_tilde": "0a3c38367bd4f42d8b44d988580b40ad1c929a3844fd92e0d2c2a724796218b4", + "m_tilde_scalars": [ + "4e27cd534e2d06c2af769760a2651010d8f2495066c4a4bbf33778f558c72b09", + "2ea785a49f1b29d7f79323d5e369e3598665c6e6ed1352797dcdd20b249d58fe", + "438393d39c51a4efe0bf3b53acf17a7b26724ad7de58ff8bd5fdf9dea0f5675e", + "01d9d79da4918a57bd628cd625cba37cb3a278b419e04f5880c6cbc77c905c2f", + "525ec7e60016e00e8e1d039d245bd7c44c4dbff8f566deb9e902d10819edc0b5", + "1a65097b4ef6145d0ca4c8257e193afe8245c85a3cc934b1a28c876c7d65809f", + "5f3a2f4d08763ca6a6685aebb3eeb66a0887c750698b44ac17b7bed8ac3a1fd6", + "4c583e5e4fc913aa71989afc50cfd8c2024d64df96ed12c7ef82d50ed4d8bb1b" + ] + }, + "Abar": "906a557b649ef5fa3ae1b17f814bbf1e78936daed6ac985416ce97bdaada5e874d60f34074c5f2a8c02b1c33c3cb0412", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "94aa3da2e1bb55674a4b94d860f3477be7eb1adb763894796b285df22112a153ad13c35e4b9707046de269833e27c16d", + "D": "9621b73f05e4c7c543bf995e76ac1013839c6e8a9909b36e979192c5497bcc9fc534aa9296ec36ae43c398cdd328d3b6", + "T1": "b2f1b1a970f15fca8961ad740dbee9dfee1d0f06e6c7042722550b99509fd1af2dc6675d6bff4b66a0696728d10757a1", + "T2": "ae8f81524982ff4438b35a3330492a4c9acf45c64b82e6fe033aa1f510049fd6cf300aa441a11d74a98147cb774c7fe9", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "5c2e5be0db5131fee3e284bb3bdc98ff34eccb03eb70cac6b8aedef376110de7" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof005.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof005.json new file mode 100644 index 0000000..aadb185 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof005.json @@ -0,0 +1,63 @@ +{ + "caseName": "valid no prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 16 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": {}, + "L": 10, + "proof": "98805466f2fb4858dd9f60cfdc24d73b5192df64fce827b6ce942a6f2c8d5b33f7eb7bf178353cf4bac91a4d6b84b536a89f504e4b46dea57ed2bc29d83993d71fb0b5a012d36aa8c3f0ba25220435be5f1b632166228bbb496eaebc1e38267eb46b5550d6e4d32d2f5559ada94828f729cac8f192a8fdb7aac7ffcf0102fef68314723ded1927965f30096e5f89103a036f32fb9980015f9d7781f86e661e90d7b01f4c4c1bca0f7e0101098d9abcb603c3945c14b8cb298eecda9e7a8271dd407e68a45c4d2d4842b7095392873ccb4f2a0136ed04e9410b8c65eced108f5b87b9c5b84c5ff95d3345f410d8a0efd51b5d24978c578859f2183cacaffc17c031c24dc58ffc29d46922e16672140d1b078b8e7e9f87d31663ee49790274b2735bc807562c8e76f3223925ad2c15093e118ed7ec82eb590d8a9227408339f4091363da652e68cdf02c0003c94e35a2085d621447c2b0840b22af2a5d62fea5e898dba51d93bdd5f23c6b448f722d95d70459fd68f59b617adeb62b0441745b0d69e865e0fc956359e137cf4706286a9764e6b7efd431cde598876b992196c15662ba6c6768ad0ed4291963ac304dfa951c41d7233d6d85d2a9ff903468590ea787d413205b56d1892fa666230c93a87756d96fe3832930f01826651f8f449a945c0a3a9b50472c2060eceb566ec39961685560f49c36b50031dc8b4339da942e5c25498919a812209bbff527c332a5e50f27a539f805caa7c1a774034906d2aae0b6c2db4696d3ed91453ea0f1e42d4129a9812dbddec71d55d3ec1598202db88e15f3ad7f8eef3098102be8f978785e2327ce643cc12df227ef05f13ab395a6d318c59e2195d410e768cdf9e7a1784c", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "143f08e576583f264b72129ca9892b9c688e13087ed3d9509f85c43120eb79ad", + "r2": "0217e712a7b1f6b5e65590f3f440f9d9ed25b76e065294fc728b866dbf4ef148", + "e_tilde": "33b25342e7badf42d6b56c2d2db9a20fbd96b87ff39d8cd471142f3209884944", + "r1_tilde": "097f8d774312e72fd4f29f2d5d9d317b3f12942cdb9b2e9be3d191afe5cb8b2b", + "r3_tilde": "5a77c4f0644db0007295cf51a6a31457573800802640c2b1cdf28e8ec2cf6a9e", + "m_tilde_scalars": [ + "0766852f1fa8f06c12dd87e3bb6f85162d2fcd7af8e9d14521b521dde5ff8705", + "65afb4d1a56075f316f72d2aa86fb9a8379a6ea1d47be68e55eeeb6cd176f0d9", + "04a0b83f6d79bb19a9230a7f3cfbe70a81371490dee785cb0a206a462f9441ec", + "4168e396ab4deb71c39e12e10ee26d8c0b8b56b136e78b64abdf0baabdb4aa4f", + "241cceaf36d43c7f1d56264ac98e7c35fcdfb5d77022334224fa05e43ab72e23", + "59f396acf1d81dff23ea10d92dd718a0928fcd4f90585352b9f628df4904808c", + "057f3655600aaf1efe069fd15d1a8ed4f6b122fd3a54b9b2d0db6b7edf7cbfac", + "2ddb9f0733eefa0c47edbe47f55601711d2a1b3d13c6f07747a4f6a7f9405fb3", + "30d19e2d1625799e21b7dc2b8cc08376863b7b1370aafac151216ecd56985814", + "6f5c1c1071faced0bbdfb5e382ca6a0c62adf679128361ba48f890aca65fb340", + "496c5273ff17a2219473e75c203a4ee1210d43a3f31bbf18dbd262862e073bea" + ] + }, + "Abar": "98805466f2fb4858dd9f60cfdc24d73b5192df64fce827b6ce942a6f2c8d5b33f7eb7bf178353cf4bac91a4d6b84b536", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "a89f504e4b46dea57ed2bc29d83993d71fb0b5a012d36aa8c3f0ba25220435be5f1b632166228bbb496eaebc1e38267e", + "D": "b46b5550d6e4d32d2f5559ada94828f729cac8f192a8fdb7aac7ffcf0102fef68314723ded1927965f30096e5f89103a", + "T1": "9517ebbe42ced032f3668fad4b65a65f82e021092bbbe4ab0a18ce684a9c27d39859a45f8218041178a1c5dd784dad0d", + "T2": "89fa5c6968951492745e1688177976e080c1c4fc8be3a914674c9571534f5a1a2bca976abcaf2e200c1dab98b34d294e", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "2327ce643cc12df227ef05f13ab395a6d318c59e2195d410e768cdf9e7a1784c" + } +} diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof006.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof006.json new file mode 100644 index 0000000..728cde3 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof006.json @@ -0,0 +1,63 @@ +{ + "caseName": "valid half prover committed messages and no signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 18 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "aff98a4a0bc336e459d47c19816f372de628581bc626fdd20e907db10d2218dd47530fbebc78afed77f2557d344d620d9097016e84b0dc7588686bbeacb44fc55bb3004bf79e89d82ed37df3e1835975cc63a00b76685eecc4aff51426fb43cb87d8ba852fb786f1cf649271517bcc4bb72af3e3b2fa4ae57bea485b6f9886fe33d0e5bd95d21f4ccaa4d80b64692caa23d32c7368ef99f1b9ab1672ecb3ae7393a3a4d3efa6f4dc18d8563788f97d8b3fb7427593bdc21aed4332d17b94d82b8c20ea1236a756a4ec2cfa5e1050588e04582299196c1f28e04c2349c5d9e717ba6a581ed255f20bf4210f852d2cd95844fdaacf4d8339a14fe7982be4f447812616433a3e23990c180ec2540c13f9d467e996cd9a2df2bdd1b0bfe3e51c116e13888d21e26ee61d7ca070968bc13e9d3d33dce20dfc52618bfa4d340f558660f41d67d11f5af9a1e185f261a2d14eb667987d700ce77ed24e3b70c29e49c188b5963dfb16ab7c2439ec6824f738e3df128865e180a41b06b1dbad2eed8a82728fc4dd34046410345c38415d9daaa3076efbbf84b8f3c52c2bf527d10ae882b0790a7f3b6b3e2c877fbb5a7d18bda860278598f1a83c855e67e3b8f8d807b29514d2420753ace9356a39e70fe49c5f2e29cea65820b57f3b25363685a5559c577ca48046d5eaa35568a935f58dbd9dae2744eb4dfe33cbb66bc2b351f2b634f508fe2e37ae19c89f14b4d6d6f636890d62e0f4ccb9565d4f8786b429188c7351f08538aff7b760da7867683315700ab549b639a59b9025fbf67ffb34a834d8b9e893d9d5969e9022813c4529115e682758166b4d2b8af72f44b00dff7b769bb985c40bef59e18034febfd7bb5ee847b13160b0da82b28cd400c53ff004038e67b9fd49511f9e8b69df923f3aa73fb1636f1ee88214bdcd79462a1f7411e0c8ab10a8bba0140c9cddfbcdc88d7ca19dfd", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "23d8b41f82e80a32c4606bf7198b6a85bfdcbb9a87773a54e668aa6cc50f4b60", + "r2": "259cb8451e183911fd32701689c8da084a351cbc878edabb5c65892f5566cbee", + "e_tilde": "0750d611202174343211411eb9aeb18d6b09057c51e9f9524cf1ec29a845a4c9", + "r1_tilde": "519d28834203f545ce2e917b1428e59f4ca3e716351c2f03b9884bf3b84ee5d9", + "r3_tilde": "664fd86f51bd56079f1f58e8f29881ca6881f9022b267a0842eb9bd66d8ff116", + "m_tilde_scalars": [ + "35c21b4641053b0e351cecc6b4f7aa9687771ea67785ba51ddb13ee3d6616344", + "2dec7bd3fcd718500184d41d750642b55d21ea63b494bdf41011dca9d7075b57", + "277ca0dcb0183675a981bfa22e2ad09c8a61b23761575078374a9df40cb63237", + "3376f31a419eb425ae5375029f0f1caba349467ff477c30aa6a577ffbabc162b", + "22808132ab0fea4b85a2b6621abc8f2e78b65f3417db2e8350bec0a5d02f12f7", + "68b417316ece357d32bd0e94f5211a900abf5888ec25ad7762d40413d45a6ff5", + "668d12f5ef2c391c0dc06f1f2c1451d710c743311cd213c268bd7b41085300d5", + "1f45ce8d90d44399aafe97bd024636747766b670004c366af6b19dfd211fdae9", + "304b07fecf8dcc052c29b4d52934a031d4abdad430c4bd3ccc65028d4e26da8f", + "02d05a55bcfe243c268154cc03f548ffa461f84c4087c7bbb6284e4e07ffee53", + "3e20f9d1709e50cf709530e4e267f544eda9c4b9e214e4b133c20cda8477ffe9", + "6e41035b050e5ea1f97bc975eb5a63447470bc24639a7f63269e8b3f5d8f94a3", + "31dad9cf8ab3482296a766c4c6e2a97b2ad9e83cf8c83755940736235bea6e0e" + ] + }, + "Abar": "aff98a4a0bc336e459d47c19816f372de628581bc626fdd20e907db10d2218dd47530fbebc78afed77f2557d344d620d", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "9097016e84b0dc7588686bbeacb44fc55bb3004bf79e89d82ed37df3e1835975cc63a00b76685eecc4aff51426fb43cb", + "D": "87d8ba852fb786f1cf649271517bcc4bb72af3e3b2fa4ae57bea485b6f9886fe33d0e5bd95d21f4ccaa4d80b64692caa", + "T1": "a9f8656bf5bf4018b6a9addfeb9aa5868f4f0ad04e05d326f731450b9b3d26b8d36b7084452d94487a077ba9d55b0e7b", + "T2": "90da1b7c53aeb5f3c620081d70c4e1b1e4c3404fc418e500e7f324ed6d74d5941277183362052225d96597f354f37c20", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "6f1ee88214bdcd79462a1f7411e0c8ab10a8bba0140c9cddfbcdc88d7ca19dfd" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof007.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof007.json new file mode 100644 index 0000000..8ca7b43 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof007.json @@ -0,0 +1,62 @@ +{ + "caseName": "valid no prover committed messages and no signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 21 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": {}, + "L": 10, + "proof": "b27d9bc8c52a582d00db93da283346751c8da54a902703110e511fa39f184ed6c464d78c81d4bbcc57b7de1b31c7644184ba8f06266dfa8b2662b756f8c89bf3b01f7f66753028dc0ca85a0417a4f6d9dae4b393aaf5c152734f210a790a5f96a2ad1aaab7c1f5167484d18bf19570e2fa4d58b481225a1a576286bac7e4353aa7cba80939eabc492347fc05f8bd701f5410ecb5faf54d4a617bddf39bcb314d750257e99db7f0b03d043f8674668479322dc83c5c1e9e05dd760a4e1b5c45a044072bfe4e0f21bea9cc6362a38664532b4e10d0e7c4751452ff3072470b6919bded88d3e591e96a4b71603944015ca36594432351d9de6309820d5a837e28e690b662a959833fd51faf6b77e7636f206385eee2d3aa1d99758e1ef310a914f1a9fa3cd8eb2feb170c13de8e36de2dd2726430e0782cd0d5eaef64d11bd871eb27b6b2a9536a4189731b32cd16ee25ba305ee01d99689e66534d58399a514b92813873ed28f377679f3aab6e977d62226dd4fa0eef43f7b69f92ca0d69588fb8339ba0b35d1fbc3623fdf2d761fa537d54b0b2cd094a8bf98f1117a8f665c5f68f101926f729185a6d830894f4864f606d47b5b5fab349b23b9be04443d1d6bef67a1755bcb5ac2d46e8af259bc449ce19edc5a4a20f5d236bf6089012df8021ebb68c756aa85528a98aa758a5524cf71ccc9867ec837576d092c68844d8ace281fd063343b212399dcd1cc80fd7cbd822e559df5616c81eb8e6e7768d8f9819b757d3a1f9211d047bdbb172c26e2e3f0a4541d7e30b05d25b6905abba445488543a16729090eb6d0a45cef159f17cea4ebdc307f9191d76dc52277cda93c0ae75d8021ced39b064229271d673cf28ec645ba56637ecf0f54982f78773cf3ae8514dfcd4932c41337c766e9d9e6041bd0a01062da4ad80106520b29888ca5c4893a8b447cf502e6672b038698bf1b7ae0d87c4e546ae98c7b6c21ad1fb56d54ee930ba9524c55705c00b05c3b6dd0c3f42ca9f9c06748cdda8c1ca428122e780a80ae78c66c1d02728ea751dce0ac100134eed0aa579badf2131c90aea352b28586cd1dc6663008e9e38866a9f383aeb", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "60d345d6f2bf3d7b6734145a0a1c84731771d9fb8f2caa849dc33a3e1ed42906", + "r2": "5fd44fc64975d153f17a73ce413b86211acf63e62494ae73a0865f068588fb02", + "e_tilde": "6e3fdd342aa6c154fd11ba738e191c54f9877522f4648b466eb4ee1d301780bb", + "r1_tilde": "3da42b3641758dc3d8bce1ced15d1fd1d291bfd533d11373248082eca6d45d9c", + "r3_tilde": "01be275b265a083b2b8a1ba7110576e28cfcad346717c512c3311ca403168120", + "m_tilde_scalars": [ + "67ff540238565851a1f98c6357507be2da16884e44ae26fe4d0a0a8607532fbe", + "5de3cb769cc629a9ab21fe29bb7acc06cd5df979826fabe26b78cc9ab67a32f9", + "1a14acb3666d2d123db8d19ec473dd980cb1100532be1abda1b941668b43ff28", + "4f03cb50f6a25f1f7f277682ab5965a772ac0b24e9ad2f1a7b42a047d8d7adc6", + "11ef78647f2fbdc57f8d29cab816584920596bbd3813d2ee7df7f44b24617f33", + "4d7fb091d8f42be6fc0fc0401cc5ffbf0da7aad8951a451f26abf5820eece429", + "03b576c0e1b8063af7f9acc91784cb062920820e9b2d4baf11d55777d11e2946", + "5c8053e4347ad1c5f600a7d1d5aef448dc0fbbad6204430486c65e7216c18a73", + "4b81ebb73b19c698f62d0fda7505452e97382b09bbe7821ef40fb1f3b3f26172", + "1ab69f6373dcf9d87b75f2e140a34345a92f7952a44436832036bf6bc4fb3b75", + "0f0059e68095e5edccc546ac5312234ed1d6b1ca65c4b13f77dc1b7bae4623a2", + "1372682d7f0522cf87aa4805f43d493c2beb7784fe9875712480a5bec63a8b69", + "366a39b41f91f2f6faee881f06c1077e9c65257fc75587353880f6406ff828f0", + "4eac85d64994ff0b48690a25055eb62f0f0b4a89095c54fc1b08fb7ba0e90eae", + "475da477f48d661e2271eefd16d7437a64f6ec7a4cda8deaacdc9c6275489fe2", + "3a9be520243abe976b50d5ad343692ac99e28d3d11e4e9a5cd458316d097ce36" + ] + }, + "Abar": "b27d9bc8c52a582d00db93da283346751c8da54a902703110e511fa39f184ed6c464d78c81d4bbcc57b7de1b31c76441", + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "Bbar": "84ba8f06266dfa8b2662b756f8c89bf3b01f7f66753028dc0ca85a0417a4f6d9dae4b393aaf5c152734f210a790a5f96", + "D": "a2ad1aaab7c1f5167484d18bf19570e2fa4d58b481225a1a576286bac7e4353aa7cba80939eabc492347fc05f8bd701f", + "T1": "b1f727556cf63d3ef34029f7dbd02ff767da07f70a3e586b17df4b1433a63e7ff28785de107a218e4a438058084eaa96", + "T2": "add9b1369559fc88715a7ab9b5647268ccce1a02bc1cfd8ab30e532452267360a92922ba8f70547e3f3fd979d5c49b04", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936", + "challenge": "134eed0aa579badf2131c90aea352b28586cd1dc6663008e9e38866a9f383aeb" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/proof/proof008.json b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof008.json new file mode 100644 index 0000000..de332a8 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/proof/proof008.json @@ -0,0 +1,54 @@ +{ + "caseName": "valid no commitment, half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 11 + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8aa8fdfb190987d1fe1c8e34e69eae25594701958064e4483d74580a4a0f51f058a87735d727383b864904aa7b5e4a9b3821a18319df0ccb2e351a9bf75bf1f34d8858dde57119bfafd8ff56e0c54fa4", + "commitmentWithProof": null, + "proverBlind": null, + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": null, + "L": 10, + "proof": "a8c57d443b888815e25ca197a543c3a007c573cea5d2cc3c7aa312dbe4aa33a62490ced4d8f5c0a99aeada24f79b2d34b32cb742dab22663402104828af5e085a6019fb073e08374e9be9b1af64140a4d1ce2b8016f85ebca3ebb5aa02847b91936d649f19d0e85a19118e5e13e2beabf2d705e1db59f8945adddafc77310b0a02042093a5477d9efd4a98cb2fad4dc535fa9f5e6a96f744ece30bbf1fcca709d5b4fcc8c390b4e2ad755292cc20817141d9348e4a7d7c864493625c8aaa455c486afab64ae63f56c10b90047bbfa20825b2cb00f19ee3b54f7c7bdcea55f5811803b9cff2c2f2e96495dd12236e17c9581997b7880062715aa7deec4ca4b3b4eebba824cbe0adcba83f8e70bc0004ee350b5365138297983171d9cca33ca2376157f390a724f857b4212fe834898d332a582083b8791969d2a07057722a22b44132c5fc2ed0035b3b2e71f9ec08ebc33e019a1fa76bd8d642da21cd0a8b36080203c2c4d5b10411e90b8bebd454040556480519175f28f31210870454bfad2905d49e9b655b5bea6318955ba210938b279717a2b1e1d34cccfddfe9c8e3729f6e92e28197a09459c6dcd56e3920a0d73954d79b681f1e93f70566a73f42610c389ec3f0d65a4727229df891a61511d2", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "034d543fdd164520876e558a77c102d4ad8bc99bf82ebe74590481473df2df56", + "r2": "4a8334929ba48d36eb4ebc7f8bfa701b4d3f30ef25bc01e2a45ef9611c16037f", + "e_tilde": "19726feed8e0e5ff22e4f5de19713977beceb12c3e85c1f3fb41cfe4a7237d1a", + "r1_tilde": "73012dc2f14039c8de5853b26baab7b51280a3f41425416d78a1a91fbaae9bf2", + "r3_tilde": "68263029bdc322a3d6460758135205dec58957ff3e5397276a2f0ffdc738d5e4", + "m_tilde_scalars": [ + "52638b8d190f9fd439188b22c903507cfe5282296c2c9f605f1ef714afc14062", + "2cbc33e381cf6ae09dbb6f1d08e3ea93a5aa03c4a6574fd2fa2e879dc4deeca9", + "1ec36e6be1c702255d9aa4d590014b2b5de2f07d290c9551b66977cde157094b", + "5491612228a993693c79c11ae169dad9be4116a704ae9ed333ef96e3986373a0", + "6f4d920974d33c1e08c86b7f4b6bb7c58a5c0289d8d706a92d4855125ccedb70", + "279717a2b1e1d34cccfddfe9c8e3729f6e92e28197a09459c6dcd56e3920a0d7" + ] + }, + "Abar": "a8c57d443b888815e25ca197a543c3a007c573cea5d2cc3c7aa312dbe4aa33a62490ced4d8f5c0a99aeada24f79b2d34", + "B": "874d657ff2b90023d18c8eb1d2fbc0beb8b9c1ae98a285db1076466edd7c0a3179bc572d4f7b0e15b39cbe298d2023cd", + "Bbar": "b32cb742dab22663402104828af5e085a6019fb073e08374e9be9b1af64140a4d1ce2b8016f85ebca3ebb5aa02847b91", + "D": "936d649f19d0e85a19118e5e13e2beabf2d705e1db59f8945adddafc77310b0a02042093a5477d9efd4a98cb2fad4dc5", + "T1": "a468b12d0d85b5c8cc7e740e0bdda5fd7c4965587b55ce6544f2bfa2c5c75db0d89d68e7d360c8a289ae37ba7cd0d3e0", + "T2": "b9e2a34b9780298689783b5e29b79a22031f3300f9eed29edc3610bdd71e4fec5cd3c27dd474bbc51547d2f6547d520d", + "domain": "1430cf0a3d8a0519a9ecf47534b6026a7671935d9854ed5e68b42fdb543d5f7a", + "challenge": "3954d79b681f1e93f70566a73f42610c389ec3f0d65a4727229df891a61511d2" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/signature/signature001.json b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature001.json new file mode 100644 index 0000000..23d8479 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature001.json @@ -0,0 +1,27 @@ +{ + "caseName": "valid no prover committed messages, no signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [], + "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", + "signature": "ab54c35fb2af5c75d6368bc5772547e126d60a92205d011bb9ee5d1149432e91611fd376fe5b79d6ed7c2ba00a19b7434744945fd77bf02cd4628a6e5deeae50768116d55510251bb6a716a38340e184", + "result": { + "valid": true + }, + "trace": { + "B": "9964a978251fcc52c918dee3d8f102d2152fa7a805df85b1e91e0c45d4d8d7c02aab78353a240176f6a33899b98b3379", + "domain": "0b3a152bc770ff9e21f09ac58f59c99379ca0eeb61990ba666d994014085b332" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/signature/signature002.json b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature002.json new file mode 100644 index 0000000..0338d51 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature002.json @@ -0,0 +1,33 @@ +{ + "caseName": "valid multi prover committed messages, no signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "signature": "b7446e6ae4e8b5707ac0108f3b1049e9ea01bd6b2b4a7dcf06e5ad1c62a9c0b1585829f0e30fba6c9761469ed908deca52ba5499cef2827b99527b4adf1f30522ce32366385ba87594b8d0e44d156eec", + "result": { + "valid": true + }, + "trace": { + "B": "b21004683409ac48cab4ac654761afa96b90d72742c2a3d1c66343df47713737e6b2367f1dbf0bd917e6f8bc3fd1440a", + "domain": "13c94073eb7dbd279f60d5907c19d83e4a9ae19f99d6b3ca020785730a3f37eb" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/signature/signature003.json b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature003.json new file mode 100644 index 0000000..70d6159 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature003.json @@ -0,0 +1,38 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", + "signature": "b869cccbe84dce890949db3393c963ead72d044863b2c75bc26c0adfbe08b5bb01db9e4db3313fc660ebb3283634772809d177d191bffde6fe7fbd8ca95d7b842e434ae973b7e458325b9eb23b6cf076", + "result": { + "valid": true + }, + "trace": { + "B": "99c95be56780fa694d182ca279de80297eb93fae1c8f398c7bc155b0a3be3abc7c61813cfead8a35a89dc4d7118b266f", + "domain": "a2271347c620cd43982d4f53dbdd176db8c87fbec6eb15318355bdb39da7d19933f1bbb1845e7c547f8fb2e9858d1ff9" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/signature/signature004.json b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature004.json new file mode 100644 index 0000000..1b298b2 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature004.json @@ -0,0 +1,44 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", + "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", + "result": { + "valid": true + }, + "trace": { + "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", + "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-sha-256/signature/signature005.json b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature005.json new file mode 100644 index 0000000..ab79cf4 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-sha-256/signature/signature005.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid no commitment signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279" + }, + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "commitmentWithProof": null, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": null, + "proverBlind": null, + "signature": "8aa8fdfb190987d1fe1c8e34e69eae25594701958064e4483d74580a4a0f51f058a87735d727383b864904aa7b5e4a9b3821a18319df0ccb2e351a9bf75bf1f34d8858dde57119bfafd8ff56e0c54fa4", + "result": { + "valid": true + }, + "trace": { + "B": "874d657ff2b90023d18c8eb1d2fbc0beb8b9c1ae98a285db1076466edd7c0a3179bc572d4f7b0e15b39cbe298d2023cd", + "domain": "1430cf0a3d8a0519a9ecf47534b6026a7671935d9854ed5e68b42fdb543d5f7a" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/commit/commit001.json b/test/blind_fixtures_data/bls12-381-shake-256/commit/commit001.json new file mode 100644 index 0000000..111d616 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/commit/commit001.json @@ -0,0 +1,22 @@ +{ + "caseName": "valid no committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "committedMessages": [], + "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", + "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "4ead1c3cc9624bf2b82d6ce2dc1e8e7b664521f22faa543a78fc47d86fb04df3", + "m_tildes": [] + } + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/commit/commit002.json b/test/blind_fixtures_data/bls12-381-shake-256/commit/commit002.json new file mode 100644 index 0000000..67371fd --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/commit/commit002.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid multiple committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "0112ae1812a605e7cb3506f3a467e643ab4b442336e9a25a6b1811ab425fea64", + "m_tildes": [ + "0699b8ca325fb8cd89f8040966ad1211d62dce309950655f28e779bb46a2f141", + "0ea55d602ce42955ca4b61f6e2b946f5408e9dc0ba6cea304a333aacf545e7cc", + "5261a5f453128f2a7a02aa543a21a878c21f11cd54b19b740f28515369ab89d9", + "4542e45da8c5a2f160b5d7a04c738e3d2db99e504c0aa29233cd3acfd417ce10", + "65888b461d6bac4e8544377e58d37ec79029948eea0d719f5c6c9fd63e4f94a1" + ] + } + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/generators.json b/test/blind_fixtures_data/bls12-381-shake-256/generators.json new file mode 100644 index 0000000..22026d0 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/generators.json @@ -0,0 +1,31 @@ +{ + "generators": { + "api_id": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_BLIND_H2G_HM2S_", + "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + "Q1": "98947e7a6283c629cb9721fe0aeb3c32252d307307ff0608a3c97331ca4b5669abd19d90db94c58b446db705c09e7eac", + "MsgGenerators": [ + "82999b68b153ad49c9ce47d178be8d82f122cd86c836d75120c3c775a44ba95328a90beac7367c504f54a246f8e3205c", + "8c7a5dbe9e899b76154f1c6cccea621b5532b93ce927a73d9ac44ef2d0eb006d91587884ea111bbc0f66770a57a37d8a", + "895ce03ec7b8ed0b6f6004d50d52132689793672b35a01d14ea4884796afa7b33e4b78d6489ede095cf8c202946da4f6", + "b05ce29d4da638e0ea3f26fc673bbea1b343d240328ec278aaca12dcf9654983e14614a55407d2afb995f4ce145d9c3a", + "a449a514d0e1bed84d2e8951fc7fc1596cf8f79397de06cedd00201412d0a81b632b7f96b42b8323ad97d8fb80395bef", + "aac7ea0084b8acef55530990952d3842d990d32512b8ab9e543afa7d46c66fda094cb1bf84e7fc11153211c57e8e15e0", + "a26ec4c96335f503aa698c32211c777c0f0df8692e2a107eb3a62901ca96f8e312f5375afd52171ccddf738a09f1eda2", + "84206f2773436ea438d308ef90aa2d2a08e3a2555225d9c4013be119d80fc7869d0ce6fa4ab7ac7b5371f8b499dd6109", + "8ab206f6aa7bd7b96d946f3e87723ab4bd0a4bc42fd4d63e7a139f46e4f79354004e33f47e916988082c80e084b0375f", + "b88931b5c26e1e6e5566addb734be441b6f4520868a8d8c2bc16b53c8ddda2c0c3ca217c5d8245f2b0646b874365d3fc" + ] + }, + "blindGenerators": { + "api_id": "BLIND_BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_BLIND_H2G_HM2S_", + "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + "Q1": "a881a2d06ea464af4cf6c1177812f6d9d25f19fd68a3d6af2aadf065deca715d2906d1d1a5db76ba4ec843c6ad510f46", + "MsgGenerators": [ + "a9b4d7aadbfcab6e63f6d112366226c1e6b9ebac4a99fc015b444cb4768e1db1f3710b3088c0d00c74d264a2d07c4e06", + "b78ce56f07607521ef84ab56dbc2c2e2fae0948ce91cb4e33af951ae4e9a4c8aa1b816b3b99987b2157cd442808222b5", + "8f2a392c6fa4066ed4834f95400b2a69e6fc951d899805d5cf8c252379d5d0a9daa9033b2c4e6a7c63ecaa4f236933ce", + "83d6efbab354280eab4cf0feb9d064f5525c57a7ba709644df81d45596571147c383448bf44466129758dbccb43c4d29", + "916d77f038fa7b5d8abc6533ef06c3cce2018677dfe36cc8fbcdcc0bfb471c18bb82eddc71e1156bd7740c1402e6be9c" + ] + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof001.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof001.json new file mode 100644 index 0000000..a645468 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof001.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 6 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "L": 10, + "proof": "8f5edaeeba071bee79350cc4727893732842e80d936448974ea9e1628aa94703adb1c0795d1b2ec66d4b750bdb1a4409ac7e95178c30d0ca8427578368818619102571c1862b51abc7560fe1271d86a49439b172709ef7012f527f8cbaac758ab803cab84c7c19d5d4e28241da72c141f2518df44d42846ca7b5802a903bec757c83352a5789ba2d57e3686b49f41b7a1803b642118ed8acc19bdb90bcb4fbac1fc16213d557e3ffb13184c908a1b5375072cd58c4773bc9e84f65f5fb845cd4318636f91ed2c6fa619ea193be77b18e46a7760242df2ff117ba27a38574fb8ca2904423d92cfc3420f58a063703ff71170ffd1e323f667b46197f432aa9d11608ff06b0d4aae0669e0dab0599372f9645526dc44104c6e23c16279daf102b68742a1430eeae18b7e256143d17369128", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "49269fc9884182a1591f959e813384df71ffb220660cb2a4aa3956e27936d4d8", + "r2": "66b80c544ba7563a7de236678d228a36195f2b483daec4c49470b63c7231cb11", + "e_tilde": "6714fe17c1529464fd269b37dda00e6cdd2b82b592a497cc52e78f24930effda", + "r1_tilde": "1da4b2f8fe1790bbff2efabd71c8ed624f9fedd10d62dc7a3ca1088657ebf220", + "r3_tilde": "2354f9de39e2689b893f357e14cead4e405ab3486f188a0b5a503e733d007588", + "m_tilde_scalars": [ + "42510c348487be3c19994565911729eafcd4804dacf25a7cb7b7a634ddefc3b5" + ] + }, + "Abar": "8f5edaeeba071bee79350cc4727893732842e80d936448974ea9e1628aa94703adb1c0795d1b2ec66d4b750bdb1a4409", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "ac7e95178c30d0ca8427578368818619102571c1862b51abc7560fe1271d86a49439b172709ef7012f527f8cbaac758a", + "D": "b803cab84c7c19d5d4e28241da72c141f2518df44d42846ca7b5802a903bec757c83352a5789ba2d57e3686b49f41b7a", + "T1": "add05f2c54d01b694fbd67bba555b4639c2135dbeda06f41fb0b08a578b0abdded8e99f11ef292b4676cd6076de1355b", + "T2": "809721cf62dfff0ed60a62cc887eec75f901fcd3f6e62a016388cad9da327845743f339f131412cc5dafcd3aaaeb965b", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "45526dc44104c6e23c16279daf102b68742a1430eeae18b7e256143d17369128" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof002.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof002.json new file mode 100644 index 0000000..3ce1af6 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof002.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 8 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "a52e00a77f6982dcac9fe2ab683073ce3f9bc195a26d721181a3dd6217889174379afb78920d43bd28210d535cf7e581ab496573095fa41f0a134705da4037ed3099bd386d29087886f746295593c881ef1a5ad19ccbcee4a6041f00172a4dfcb18aab20ee55c319e9f76f22ab565da3dc7ddfb797bd1ccf257fdf649742fba8f01252fa17bae1a59a419de5412afaf056bac7ab67ffac0ca97ed1916cb859d9e9ab5abb1a1fcfe290d19b1660cd7dc7581b3437904023dcdebdff473e1147280719c5c65338f62b5bea1d17afc0c778047141ed5dac569b761d59989b26f79c175d3cc30e18c8519c2fc755cc4965d6448f96e8dcad1d07f8f932125645570d84b9138897ad9ce402ce6cfe73dcb70554b787a12c1eb61c2a4f3e9b6c425f2ae08c5c5eb65359e9e3a7faf08e0c6a486305fc931dda475ccd443a16310d618b71d2693d3d6ceed4d6c7d643e06ac04c4699df8ccebe97b807f5912144014bea421cc7e53b82acf1188f7420a59bcad5", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "11119e21b175fb9fc7c17cbbaf9f5193ff29018deab299e0179517f518c887ca", + "r2": "293d6d461a4cfd449607b211dcc500540c49cc73d6c77b1ec62eb982be4935b4", + "e_tilde": "3bc9fe82bbca21200fbbff238cf666d79270bbfc9293ea3fed177ac128cff30e", + "r1_tilde": "5224e6c760e66d54dae6fac6adee3edca19df9f12f84416980b5c2820b647ffd", + "r3_tilde": "723457f7d95dfeb89077f16f58f343b1d53b44d474004564a8cc9be5c5cd3244", + "m_tilde_scalars": [ + "107b5b89bc2574eed71a48bf869b094351bcb2a32fe4ed0f5c62b9063a086d4b", + "6c757b1e66cc101e9e69c2a7c665d68ce19193f11a28ac1efc0a41b5292a1a87", + "635ef91197c84f74b14ef14ed7b74ea6a2c4770a1f665cd545854330e3550221" + ] + }, + "Abar": "a52e00a77f6982dcac9fe2ab683073ce3f9bc195a26d721181a3dd6217889174379afb78920d43bd28210d535cf7e581", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "ab496573095fa41f0a134705da4037ed3099bd386d29087886f746295593c881ef1a5ad19ccbcee4a6041f00172a4dfc", + "D": "b18aab20ee55c319e9f76f22ab565da3dc7ddfb797bd1ccf257fdf649742fba8f01252fa17bae1a59a419de5412afaf0", + "T1": "933790b16c4e07e21e3027afd22288b972672ca1e15498b924ab462c2d0709cc9f071a85d3dde642de2cb690933b43c6", + "T2": "94360ea19963773ffa491df32609e77634690d472762b68394063386291567ff8db47fd273904c4d4deeee7cb1a9237e", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "4699df8ccebe97b807f5912144014bea421cc7e53b82acf1188f7420a59bcad5" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof003.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof003.json new file mode 100644 index 0000000..f03b71e --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof003.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 11 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "L": 10, + "proof": "b9b86d89d9e2a9431a8c17b5ea8426448214775d354674b2a0e956c7e10dd7e0d5a1034ae733f5591eaa4bec1f3828bba1c5f4f9fa371916a11786c4d249c433f8da8cd3d8134f3539347081d0d59aa63119406e5363beac4104dbdb22959a248e1694bd75dd3ff05a40707f9a3bc9f3e1f41ce555ca811d87514e81baa6e01923520686eab039a50cb09f9bd4c227084fdb55d2c016f406148575c08b6ee6156cb3df0de1662fea2f501ed628a34f4857213f57043ea334a655e17b3710b19502d472e7f325d5ef6a64a62c944cb84f2e2500bffdfe1fe9918e78501d2fef372cb1373c181394a4ce9adf7e37831c765b0b7ba3fcbe305cf14df858204ecb9217e9eb4f99df376f4be5d5ba43dc608551a87d6b3fcfc435c71923f32d3e8bada181269d445453ca4dbccc8a967c90af6d6194f7c3d3f92b7517ef67b7c041ae7540ff9299bf5234d6e795c8d186ffdc1c418707616978e67038f823a2327f0f12b9c015c4ca56171c4116a13c91a86a732a56e7d0261ab21b38218cb8b5701f485424e7fc1e886d021b605c37d047a134563c97d4f51161ddffa6553495fef3220918c436afcb433e82a7606feed6667137f42d2323aae0fce28b89d8188168642178799c25dd6e2e84a8939f11c77a", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "517c6ba25814e7e8a6b1e1e7a1eaefbd13a47b874a249094592b51295c896be6", + "r2": "17d278dc4ff520d8bcde7c7f35e635c19d9d0e19e0f32e4900e4a69af300b2f6", + "e_tilde": "658838c65c01e42cd39fe21885284cef7006630bf8b8ab9183bcc2d212778dee", + "r1_tilde": "21e2ce874aaef017a9d67f01e432cd16bcf2794299e6594f5065b417d0039f42", + "r3_tilde": "51a834a77851b6f5b476bd8ce9440019c0ba3b19a1739ae20e0834abca1facd4", + "m_tilde_scalars": [ + "586ad615bf1d62d511c8737ebb6a0492e0769faed21e1fb23cbbdf898b25ad55", + "441e55f5927fb14f4059f4d4c7aad45b72349b50436cd8d2cd5ae3666ecd64dd", + "10292482d9e08dc8d3a14223dfdbe4a14433ddfbff0950732a12f99edd78efd9", + "1acd7900624f83027ee6c7700c579d10eaa0060dba6b94322470949717394645", + "4e525012cc1649cd7a6a4d3a16899e39b9d877243716e6212effb6320294a382", + "65f2bf6e3dcde2dece63dd45ffcdecc8019f04664cb245f45ecdbc945e8a4772" + ] + }, + "Abar": "b9b86d89d9e2a9431a8c17b5ea8426448214775d354674b2a0e956c7e10dd7e0d5a1034ae733f5591eaa4bec1f3828bb", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "a1c5f4f9fa371916a11786c4d249c433f8da8cd3d8134f3539347081d0d59aa63119406e5363beac4104dbdb22959a24", + "D": "8e1694bd75dd3ff05a40707f9a3bc9f3e1f41ce555ca811d87514e81baa6e01923520686eab039a50cb09f9bd4c22708", + "T1": "ac571ee8f461a43ce84f81050e96ef03ea9a4a3056cb762e710a13a7404faf16582a047f9dc8f6edbe230829b04d8b68", + "T2": "b3341504f4aac92e08ef0db5557e662537268aa6cd075a02414dafaebffe3ab6577570efc8366bae6eed17b21fd8fdf1", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "7137f42d2323aae0fce28b89d8188168642178799c25dd6e2e84a8939f11c77a" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof004.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof004.json new file mode 100644 index 0000000..9d5808d --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof004.json @@ -0,0 +1,64 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 13 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "86645a1d743284cd08b0659c0f884432de1340f1fb105a7e21ba0cfc34758d756e9e20437e318a4ddff4e1b1d80720138b40b6e3b1b1f9d86aa8ccf51c1bfce10a19b8ac8a6fe4e5256f1e2ee542d44dfacfc6717780b2e4e6601d21e194442db47d0504a29994d88421cdd33950cd46a69b7c31384b17cf98c268c0de5bafb02febaae8fbe66e3246311d80d81149e82fe87605c0e233625c108c1c0bad5ba4cce88c6c363f4180f6e18dd252c3b79d06f66513eabcca7f127e2e62c84ab727f167f5732af269619f0f78a279dbe98653a70f99993f65d38fe6f180abf9286cb975b4ce6834467d86c5ec1a1ef4e8c3391f30e14b16a7a6c96e38eef5834785be198207bd5e80213ce626c72ca4222f7281120ee67e850b79b66918863b84ab894cb47cc8729af1300e6c116fa9218c6d7e90119a4964abbddf82238bb7d35a5d4390a8879fe56c6b39427623111f391c211571cf5ba209aca019c448aa7524acfeaa7504b8fa3d0e95cc0e99e83ae41b0a8663c8a440ff3b77b50808934cb4fef2645f4d000a452e692881274359fb597aaff6f73b0a33134c4d7333adc1b501c3bdf1296d5131c497bc556ad0b280409185b1cc65dd2f907e8cb93db88ce4e52c37c02dbbf696b81ecd57a11890796315d19c9bde637d9c1fbaeaa14b092dae8d7e50343e8b5f753bbff7f1944ca366a90c03c8cf53516b6fc592dce852df5bdda6151c17c199d52cca1be066f530", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "11ac0d86f78a0bcdc7c20417d73522b46d20a8f7e3ac008d2d3bd77730614b34", + "r2": "2697d76e223bda4ed35e2428030bac7c2ca77122e3bab7b5d6b8bffca307a3d3", + "e_tilde": "0fc4a68d61483036dbf45878430cc8382283c481c8c1cd3c9d3fe9aec9263be3", + "r1_tilde": "1baffa5c4d6187496310d4014bc9f15d0150f215868722186679b8e68d84b682", + "r3_tilde": "05b85a30f2f49348d34ca44242820c77421979b9b312a05b0fab16690026d86a", + "m_tilde_scalars": [ + "6f7e7893731097ba853486fea7eb62f66e3e14be47b0565b388c5a9170135b86", + "45a4a12e1a7a518a63b66eebbce90605c29f249f570c85685bc0232c8011fbf3", + "2ca1dd61fa58bc6670268750f5acdb19dbeca06ff2eb1a352d69e21318042772", + "0c79f4d9a6373202c102adf291522c06e2bf7f0da76f8e6cc3d6762bcc6bee1f", + "48f8c3fdcdde12d9949c6ba62661e5694363145f140be07d928b4ea9521a838b", + "382d6baa8558a7cd49b2fb6ad333114d7d4842c1c29aa2fcb8d6159aa40e84f2", + "53ae47dc3e329331a0cc2f46920d6f8b07f27afc4ad662ddad0e61d5e1b74751", + "6165660f8dde9349f501d169e463ddef10b94a248f2de5701966e65ba16b656a" + ] + }, + "Abar": "86645a1d743284cd08b0659c0f884432de1340f1fb105a7e21ba0cfc34758d756e9e20437e318a4ddff4e1b1d8072013", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "8b40b6e3b1b1f9d86aa8ccf51c1bfce10a19b8ac8a6fe4e5256f1e2ee542d44dfacfc6717780b2e4e6601d21e194442d", + "D": "b47d0504a29994d88421cdd33950cd46a69b7c31384b17cf98c268c0de5bafb02febaae8fbe66e3246311d80d81149e8", + "T1": "a4f4982388a9f3c630a400bae20368d48ebfecb1f9f412970f77fe22697b7a9482f2e085b676dbaa33d0eb881fddf615", + "T2": "943b190b5f8a42f4680ae552e053506f2ed0d81c4aaef0a0968c278c0382a7812efb77a1280ea9d988c0e3223a24c890", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "66a90c03c8cf53516b6fc592dce852df5bdda6151c17c199d52cca1be066f530" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof005.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof005.json new file mode 100644 index 0000000..74515b5 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof005.json @@ -0,0 +1,63 @@ +{ + "caseName": "valid no prover committed messages and half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 16 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": {}, + "L": 10, + "proof": "84de896fc56822074415cda24d66c850e5870365120586dfe07ffbb9d58dd9e8b290d72b649b63dfc8bc2473e77ea26dac12380f076960d8416cacba2fe2d5cbd3b381ebc7ceb94d7bf966b70122efb7d30d9232a8d33983d94cc8d8792ad98c95b9b4cf8007e45767c0d393c4f8366f5f483fffe59a457bcf33e810785361fd4b174d7a477accf0046b5cf0496617d2316579de07be03d310881b640aa6cf0b70c23178bfbefd65aa26e33dd28217e9627633d09dba0a6ee70ead27cd17c3bb62b92b68d5c434a913ce73e29359dc0d6dd8e735847e809ff1310218ba987d39b3a8751ef93e12c8ff3cfa9b1d4edecc10c34cc7d5c4df79a40baeeafd1ca1cc5202a8b4e366096d7a14fbc15a103f142ddbb490f422a4ccc277f0b0e2f82b0db214bf7b042a6b2f8901710bbc76f73034c4491ee7f652bedb5d75362cfeb25508071c8637c2a9fa25f49ea1be0ac97670fde3b36ea07c54a0770ceb46eb8913da3781c2537e40a71d99b1725fb85a672d8bec46660b40f5b8223492274412a66eda24a3870af56c6ccfde2e54ea37e0307f0439f18fa06e8ab46850707dfddeb3c5298df0cfc5fad95ef97d3c05bbef5f534af6366ab5cb7b6d54bb5e97afc31517c03165b0666281c67752e0be8d4c46f960bdc4b5bd35cf81cba16f3cbdc14eca3d870f8fee8697f17b06c02b76505250be5edde0c39c1397bbdec2b16696bd558aedb7efe9b1c3057798bb41b02265aeb737b02e3dc747ab2b974d6c79805802ec1a2c4117e9ebba0992c8d454fd2e8f16d1058b298fae0c6bd73287917e8bde4ed5c52e312cc2f462d23ac2a843477a74b3d777518a92fb4ef3b34ba3b63c5282bfc2cd617f19985858425bf2b7", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "211c1037bcd1316e4160817643c34a7bbb83021ddd3b1f22f37ed5253da52e25", + "r2": "6ca3bb81e84cd13823f2630f90f28084d1409bca3d08983d9901f290450ef52e", + "e_tilde": "2a37d3d049c506148362bb3411255f08bd504553caf90b877569b7250ca7f98c", + "r1_tilde": "3427333b9226659b999a422946edc23b382d9a355ac03ec8dc45ed57cbe56bc4", + "r3_tilde": "633a0ef2d7d6a96a6d273e6984d0dc3a4d8a619fad2be125dd3e4237bfe2e53a", + "m_tilde_scalars": [ + "5f2b419df907cc204177fb0f60a8865cafc792fec2a5eee336146ad811cbd483", + "03c340104c6b71dd62b77ed31d2b4863e9a6925cb9b78666a0b8c400c4ca31f8", + "45f9d520e8682e349a036b8763fd647d2a1cbb81a77f61da5879d563948cffe4", + "4010f0d66857c907ebb8f7544e04ff1ba4bdc2baa19f63b4a146f5ccc3853544", + "4ca37c03d4ab19de664f57d18874d7b86434cff1389cf9865506bcc49f63b4f8", + "47965b117a3d83c8133a1f915f858c0b4e1f3d648af84dadbf722696ab0d62f2", + "68bbcf9066fd79d6224a0a8d289bc38cc7768bca389779edfa29b0fe874b2645", + "6185e602029fe3df6f0023323d20d33c67e8e0093e4d603e00506869aa2fa57c", + "47f3355d90deaa185a76e02fc2bb521714682686569e36f016f5161babdc3006", + "461a8b4fc326abf2bc18c43df883fd512d460419c4ee361a45714d8466b5750f", + "4da6a68e742b02785c398f1693b856908138fa2376c03546ab2b4168853c255b" + ] + }, + "Abar": "84de896fc56822074415cda24d66c850e5870365120586dfe07ffbb9d58dd9e8b290d72b649b63dfc8bc2473e77ea26d", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "ac12380f076960d8416cacba2fe2d5cbd3b381ebc7ceb94d7bf966b70122efb7d30d9232a8d33983d94cc8d8792ad98c", + "D": "95b9b4cf8007e45767c0d393c4f8366f5f483fffe59a457bcf33e810785361fd4b174d7a477accf0046b5cf0496617d2", + "T1": "89038500d479d175a91ef837b7449b989859e87bf18055744ef9a29297a06582049c7a90f975817192978e4e840f5b3b", + "T2": "91abbf9385bd4edad14fa5f9e3b272a3f0f9d0591fd68275dfb7d1b5f1145a4186c4a956115e0d522a3bf4706c5e9469", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "477a74b3d777518a92fb4ef3b34ba3b63c5282bfc2cd617f19985858425bf2b7" + } +} diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof006.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof006.json new file mode 100644 index 0000000..91728e8 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof006.json @@ -0,0 +1,63 @@ +{ + "caseName": "valid half prover committed messages and no signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 18 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "L": 10, + "proof": "aaf787d7c259d7acedd1294d0523586acfd5e05c9352ef3ba19147bebba3136df55cb7af38abede5736351ad1b7a967c80b662ac990335f89b5202e881770c41b6d5da92a2d997f414ccc9e0f5ff07a916eb2262346e19127baa6d63477c40c1adfad4fc36849254eb5baca5da75b5ee3574d0f4b06655b2669ee88ed7d1fc76badaf119576cadea140b4441ba3f4ed869ed74d1349b5d625f52879d09987f9a37f67b515c1c3ae37ff95887c44641db0562dda674e046d0dd0329498d78a4c04525f5f70d46bbeba884f1315d1e0e0a11d64d2d7135ac5247d66dfc755d0ceaaacd435eb379968482f13054121743b2330bd2102da2f876bf6379f7f345a6ae731aaeeb63e3a1986c7325ce5707c9c73908d5be9fa555615626dbbc3a8893046af612189b39441e42b7433ef181d1423f3df67021fc9de3fbb3a34d69a9bee7cda3db6cfea80f3ef464b9d5abea25db3174abd99e71dc0f396f14d5579556e5c11186156a8c07938cbf860ac0f45b3c235dc8b744baf5656e76fcb25020e3069fd5e9a71966118f81246b85a46c62a070a6e66132aca408454be0fe2fa4909de71fecad7c85b2869da3787d81fa1d735c72f5479b811bc8c4cbc3af332dd7146cd8f933c009ae417a86d8c3ca9f1e5738b6050be9b690422a10128428408f1399a628c89f0d2296a4402c0fa529e06729ed80f59c2c8513f7b2776b1e5750dd71aaecc0dbf1ed783c35af918099340d614971744f1687cbf988438f7f6598a3651be1453ba4491f5c6e6442c973de305c452a8114ff07163107dbb65f96fc7ac33ea89db973bfd7e5e4c3a57654b317189220a753c30a77902cd969d7e615ec7114795d42a3f3810dadc115ee67e44b29cf35181da3903b5219fbef708e73f003e474b1b8dbfc53e1dd7a9134f17b1c48119c1d708f74bc0949d4c8192562b4dbfd026d123aa296af59e1c64dbb35b1", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "72202656d242b95e869fbcd40581b1924183ac11ac323ebbe011d63536d8287c", + "r2": "1b6f80e77f00fd46a7ab1e46be33db2582fbadbf8358e7dfb157c69f577b9063", + "e_tilde": "48e116be2272e66dac308ec305869640dcc107d3de941659e7dfa80359a3a33d", + "r1_tilde": "67dbca3425cd03873b9ef9240389de348618c4eb142eb963f03e99f5cc85755f", + "r3_tilde": "38beeb508bc526d9f70af680eb5e747daf0b0abf9c5dd2da78a795eb082c891e", + "m_tilde_scalars": [ + "41e0af39eb876d842a6fa22e739bd8557782d8bc64f1e3e8caa407acf21e9d83", + "34318199184c1d1b0088b30f12b59b5be5eaf0a6d4f1bd06cae1844ce79493db", + "449a1a27becc25364804695002bb8671d66119c6b47ca0090a42690f108b8743", + "0db0eb8b857927356955a1e251ad1df40e45427e8dd488b822608565a62a5a31", + "3030cf9de98a457fdfe9cfbe693e53a2eefbe6590557b04bc5abcc981b2c5b53", + "21e0abb919758a5b8bfd32cc6417b36ca94d091a4ef4b6e9e6840a174ed193d4", + "6d46722a4f82d87d5012bab944b18239571c6c20b7133b529d0cd81999251eee", + "38af70a2dc939db80ec191f993d38ce477fbf53f0de85c8676e0bd32fb6529b9", + "39c92b70c8e3635a623da5dfeccb3b2a706e8179f1c94c5185f8cf3a4147f0e4", + "1521952789a9f1a2c8e88d102574fc3b11644dcd57e4658bcf37f44ba575a69f", + "5ecc4872b50ac3e9159dc3eef11260766090788a864607e669c50ebc489d5a75", + "68c917c66ecd829f333f0f9b12fcaf0c93e6f085fbb0d490e1e1a43ba59d6a94", + "60f3ae300246e53d20ec89d0bce7f4ea8bb2f669f9b972f5e475401ab9a44ad1" + ] + }, + "Abar": "aaf787d7c259d7acedd1294d0523586acfd5e05c9352ef3ba19147bebba3136df55cb7af38abede5736351ad1b7a967c", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "80b662ac990335f89b5202e881770c41b6d5da92a2d997f414ccc9e0f5ff07a916eb2262346e19127baa6d63477c40c1", + "D": "adfad4fc36849254eb5baca5da75b5ee3574d0f4b06655b2669ee88ed7d1fc76badaf119576cadea140b4441ba3f4ed8", + "T1": "8c5147f8c6dc55ced50eb22f5fdc2d05687f461cdcc13a71423c303615f498a4c800dec8578586c02be4887462c2f7bf", + "T2": "8d2313c491adb048513ffc92d85141735f0a10fbbd84f787046c29adcc15f12a0c02f4dc294d05960a0cd0bc8019905f", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "48119c1d708f74bc0949d4c8192562b4dbfd026d123aa296af59e1c64dbb35b1" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof007.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof007.json new file mode 100644 index 0000000..03ffd2c --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof007.json @@ -0,0 +1,62 @@ +{ + "caseName": "valid no prover committed messages and no signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 21 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": {}, + "L": 10, + "proof": "9341832e2e6739548581a238cd563ac3f32749c2e9b3bdfe6b2c92fb72c92add1e961ce105ff9db40b4e54c4a8fd4567afaa5d76ba043383225573bedbfa7902f877a399d4eca9b78b49aa12991f5c875e1a6dcccb7901b203e1865cf27d9a75acca75dc526343fe7c0f93f546931ccb77f0e641e0c2201798fe1048163eb0f6655b337e37c832ad1ce3715c8084f0211cdf757f4db45e4a5bcabf8490f2f3b65246d0e7ee30e475cfef6349de51b637173acf28d05753dd275fc590883eaf1069e362debbb1775ccfb9b35381e21d5d5e06f74bf17819ded6ee4342e8bcaaa606363c70bc9f2b7b774edb83614d763a0f84229c99f6a33529c382c2fea6d2305ff4acc6d289bb3a576147e96d660b76058eeba1e2f0fbfd877deefbf30c218eb2eff9e5dafb65a4f3e0ce00c1ea9c734ef834dea68fd5c7ffc1bf3de96818d67a4e4c8640297a405b28285f8a4caae44d6b7b22f7afa1a9f6aeb9bb017f0ab1ebdbd894eebf5a1bd56ff3b21a2de642435935e7cb3208ad1543a01ed8473ef17ea3635d1743733253b5285a737dbd9000cd2834d27f3029b47fdafa389a56c434176f540dc39934e80fe6e1b4c210e00dc7e6b8573106fb2b2f8b772b5197c15afeeead937ed5bbd440e29e3ef6db6a60614c8462a497041549aa47f0a176caca4dfbbe27320b6f063fa1ef94fa64750f6eb670d1bd14c85bd943c948814f680c3702f5ff1cf35bb7827a43d1e85a8c57afb55285bb9d3c4315fa37ee32cf1f98125ffa662919d37426623fb827ddbc2c2da69355a9a92d23ba7aaf4276cba1d333dd96d1124e2753d08b2092a3408c19d6691443c4081593c84f05032c26c168086471f09b1906805cda31ce4a49d400679c2c4bf1aa06ac44627566a53eddff25095bdde0eb4ea4a47817e5d138fb0053401f5f6413d862679c1997439828c055c5a46de460b1eb84d077bf5b4a6f4e54296ea1b8e062a944b4678dc961b79928f6f7743d30bdb220365800508f9849b31bf2625b27b7d18cee197f2270a226872cb69ba853d0edd9245d2a4ab5bc2fbf52fe4cd4ddc5d94a808edb0ee59f72b54a5a52f2f30b1f43c169b297c741", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "2aa67d3759b3aa6cdc1e57822f10e4ac850a7f80a82f0967cd5fd21899ca0b69", + "r2": "1e946e0a41c6a6dcc24894f477899f060f0f6bbe5b913022848d39e356d83cf1", + "e_tilde": "6d6c354149a71ca3c43e5657fee3b95652c5978125350c6d317cebc9fb88292a", + "r1_tilde": "2508a44ef5e20176698f111e2375bfa84661ee27189c300bde8b9d946ceb58d7", + "r3_tilde": "35632248dc2eea031c09ae0797e1b9974d675d60df32035a5fde566ff71dd247", + "m_tilde_scalars": [ + "26f66a47894e184b5fe32a2e6568c0786af376d089e2a11e632978c183a6f3fb", + "6d3606b3086f0c44c209c5af201d48d20e015f0fc80fd00a10259f7f46ea6eed", + "22063ed43999f4ae40a03c4ea9f934b3f946dc167957b20d501a134426695cc0", + "29930e487c3e109322d0f2e097616ece04d87d91649dff92bda1dc438400256f", + "4b0cff28fe171b5179977f6bed33413ba420e0656e468a579a7fdac983d24314", + "6451fce17b93ed5dbf4d2aafbbd6afaa18e6f222046ac31ed2dc1d6df9a33291", + "1f9c3ab790fbad9b71f74783969fb01a14fc7e1f417a38696b0430a77b68fe94", + "480b325408ff54ddd292d3c3ce8253c540cc8c32ef42308389bc9543c471c2da", + "5e02607fbd4d0af561e61c377e2b31c2ae1c589ba835f93bd7be3814f65ea450", + "6849cc6bf9367386c4189859998d9c4993c84488f9b03d311c197499dda1ee0c", + "51b9c711f25213b6a63a9ae2ade5b0d517539992c40bb45297d0709b216db36e", + "6be3bcea66b6872421a2572b0c37cfdd0541d226a18fefdd60619217554eb08d", + "48fd2d36c9e119fba1ad5f5fef059838c7b0150f7a4088919ed9bf6934f7c90b", + "2c7589a2b29e0be25b1f592ecb84d072fb17659c4bfc6dfc54dba002623f5a0c", + "55976175ecac1373e3e27ed645de08514e66d50600363a6de6e791f3358b06f2", + "5a4d330bd5d5fe02528f8c3b2a7d3dcc223d11452f2f772e95cc36b74fc4c60c" + ] + }, + "Abar": "9341832e2e6739548581a238cd563ac3f32749c2e9b3bdfe6b2c92fb72c92add1e961ce105ff9db40b4e54c4a8fd4567", + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "Bbar": "afaa5d76ba043383225573bedbfa7902f877a399d4eca9b78b49aa12991f5c875e1a6dcccb7901b203e1865cf27d9a75", + "D": "acca75dc526343fe7c0f93f546931ccb77f0e641e0c2201798fe1048163eb0f6655b337e37c832ad1ce3715c8084f021", + "T1": "966f462cfd6a053920f5b4ad346281b312e8e81fcb47cb83b2b10f1d2ef63e530f5848c93ec7a71ee4cc168585b7664d", + "T2": "b91bc9bab43c8505c357e4e769855ce6e86e82d3b5c9d945d48a2bac269ed114314c8da0be1257af0c56004ed7778db0", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04", + "challenge": "2fbf52fe4cd4ddc5d94a808edb0ee59f72b54a5a52f2f30b1f43c169b297c741" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/proof/proof008.json b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof008.json new file mode 100644 index 0000000..0f0866f --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/proof/proof008.json @@ -0,0 +1,54 @@ +{ + "caseName": "valid no commitment, half signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_", + "count": 11 + } + }, + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "b80f73e22cf6c050159018539af4fd2c8ed75a7dfa247feadbdecd983e16ddb33ac5c61bfd7f17b4063a7957456ddc0b71d46e6a05b1a464df601aabf480edf17ff1d6052089c294577fcfb7b851baad", + "commitmentWithProof": null, + "proverBlind": null, + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": null, + "L": 10, + "proof": "a5de46751c4f2662be4aec33c0a7b869e0d0dd26d4131f1d4c87127058fedb60ad474c387775e8c6209c4e60f6848d91a6f09b4587a5a6ec3e2c7ce0b46ed344630f10554bdef8f92bb0b28086bc6bd77f53f3d769b8be9d0b06a4b11e38ee2c90e1a97c1b0d339107ae11f72cc2662b304b2fabc7fc3b3752d85f831873cf2ae01919569fa98f68182fa99847e4e71628e9f541ec9f9642af2eb044e33930ac345bfb59df26e0cfa02625ec836919eb4ae762b7b9f650cb6c623e51fb294cc91a5de51dbf6c6e933ce095432a0a03710af14cd2b2eea0f80bd44d4211dc56eb2a2f8482b411a2a7ecfe4e4f2702411f1855a295575288f4915f4d18c6f65f31929a22cd838571d986e8483470ace5a248a5ef191deedd241cc5613ff865b864ab19b80a600c741bd57842fab0b7284f449731f6a8071d84ebdeb3af42cfe10485b6071de72abc2b792ff729783bcea86e9d3797cbb5c6f2a14214e254bece4b797048d2a23bc6509086b4e07dd42f1b30765973fea40fb02702dcebec349889c802d8b20d4451e8f8418c9c931acbf865f2bf6e3dcde2dece63dd45ffcdecc8019f04664cb245f45ecdbc945e8a47725e3d58462e7eb65980e0253414373959c691e2e039b389beb064cfcdfcf7e3c5", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "517c6ba25814e7e8a6b1e1e7a1eaefbd13a47b874a249094592b51295c896be6", + "r2": "17d278dc4ff520d8bcde7c7f35e635c19d9d0e19e0f32e4900e4a69af300b2f6", + "e_tilde": "658838c65c01e42cd39fe21885284cef7006630bf8b8ab9183bcc2d212778dee", + "r1_tilde": "21e2ce874aaef017a9d67f01e432cd16bcf2794299e6594f5065b417d0039f42", + "r3_tilde": "51a834a77851b6f5b476bd8ce9440019c0ba3b19a1739ae20e0834abca1facd4", + "m_tilde_scalars": [ + "586ad615bf1d62d511c8737ebb6a0492e0769faed21e1fb23cbbdf898b25ad55", + "441e55f5927fb14f4059f4d4c7aad45b72349b50436cd8d2cd5ae3666ecd64dd", + "10292482d9e08dc8d3a14223dfdbe4a14433ddfbff0950732a12f99edd78efd9", + "1acd7900624f83027ee6c7700c579d10eaa0060dba6b94322470949717394645", + "4e525012cc1649cd7a6a4d3a16899e39b9d877243716e6212effb6320294a382", + "65f2bf6e3dcde2dece63dd45ffcdecc8019f04664cb245f45ecdbc945e8a4772" + ] + }, + "Abar": "a5de46751c4f2662be4aec33c0a7b869e0d0dd26d4131f1d4c87127058fedb60ad474c387775e8c6209c4e60f6848d91", + "B": "8ce18ec220f427e23eced9bc5d6a90bf242941676569b406a179e7fe8a3d1c3ba7fd0271ce37817876e55fe1fdf598e5", + "Bbar": "a6f09b4587a5a6ec3e2c7ce0b46ed344630f10554bdef8f92bb0b28086bc6bd77f53f3d769b8be9d0b06a4b11e38ee2c", + "D": "90e1a97c1b0d339107ae11f72cc2662b304b2fabc7fc3b3752d85f831873cf2ae01919569fa98f68182fa99847e4e716", + "T1": "8256332d833cf785ad5219bbfe0599a09161d86a11fb1b7e9fe9f3ab3f584e7e4275001f76a9eb480d6b41f3ae3fa7e5", + "T2": "93de57520db22920522b0333764b0d28c19883c5464230e8529555a28cee9614f55c7ec33c568eed567dcb26bff8e944", + "domain": "62638964b2b8eb67c2635a8b87731e2f876e7e84fc4f051903022a731c5fe3b8", + "challenge": "5e3d58462e7eb65980e0253414373959c691e2e039b389beb064cfcdfcf7e3c5" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/signature/signature001.json b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature001.json new file mode 100644 index 0000000..92d0db8 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature001.json @@ -0,0 +1,27 @@ +{ + "caseName": "valid no prover committed messages, no signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [], + "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", + "signature": "94403c30badaccf53c4d5f6a15e66c98fe021c149254a5b54b75f15fe674978897284db9fb6a8716fa17e69c80acfef45e56e7199abc42be2ba46cdfef5b30b3cc1ed12802225733183f02fc535a2127", + "result": { + "valid": true + }, + "trace": { + "B": "a44e7c8b4969cb821e48fc8ce3e295ed6a47923155edc19ff783993944863cd2e8712b72005f20bf51d7395c15832fc8", + "domain": "48d64a62d7dbc8d88d643f15b3c8a1eed78afe3a80bc3e41bc2f92257b25f6d8" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/signature/signature002.json b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature002.json new file mode 100644 index 0000000..3a99465 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature002.json @@ -0,0 +1,33 @@ +{ + "caseName": "valid multi prover committed messages, no signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "signature": "82f5137b728baea7d23bc610888e7dbabdae8b6ce404d5e591608bc0d550f246194cbab590eda33dd2a8aafc0f107f0f3158d330459681d5156d65f6dbdc7b3bfd003212a89052d668935b53895e70d2", + "result": { + "valid": true + }, + "trace": { + "B": "b2f39ad3749d91fae9e6b5e7326902b970c0bc0ee85fe5c4de82702faff072c923e75e2e3af19395b8a978a80b1a887a", + "domain": "3600988bb64779f01c57bfb0524521bc241aa0fdfc92e1b892ac2066edcceef1" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/signature/signature003.json b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature003.json new file mode 100644 index 0000000..e091a44 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature003.json @@ -0,0 +1,38 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 2 + } + }, + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", + "signature": "a4999abd5d20fd706cabeb2a44e6dd42b76d6ccfc29ac83d947351a19807e57b0d951d4b79d03250e0e84cc1204a143336c4decbbc7417060f1fc44159192e23e437fe0aaee3971ce89e901f99405b90", + "result": { + "valid": true + }, + "trace": { + "B": "8c1c6937d6c059c330f3d4c89ddea956b18c6e7a4d5b16fa85ac9a6f6f6a815008cfd3af0fc1a012728ba3ae62c4ac51", + "domain": "62638964b2b8eb67c2635a8b87731e2f876e7e84fc4f051903022a731c5fe3b8" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/signature/signature004.json b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature004.json new file mode 100644 index 0000000..e341770 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature004.json @@ -0,0 +1,44 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", + "count": 7 + } + }, + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", + "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", + "result": { + "valid": true + }, + "trace": { + "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", + "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/bls12-381-shake-256/signature/signature005.json b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature005.json new file mode 100644 index 0000000..a21df53 --- /dev/null +++ b/test/blind_fixtures_data/bls12-381-shake-256/signature/signature005.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid no commitment signature", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279" + }, + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "commitmentWithProof": null, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": null, + "proverBlind": null, + "signature": "b80f73e22cf6c050159018539af4fd2c8ed75a7dfa247feadbdecd983e16ddb33ac5c61bfd7f17b4063a7957456ddc0b71d46e6a05b1a464df601aabf480edf17ff1d6052089c294577fcfb7b851baad", + "result": { + "valid": true + }, + "trace": { + "B": "8ce18ec220f427e23eced9bc5d6a90bf242941676569b406a179e7fe8a3d1c3ba7fd0271ce37817876e55fe1fdf598e5", + "domain": "62638964b2b8eb67c2635a8b87731e2f876e7e84fc4f051903022a731c5fe3b8" + } +} \ No newline at end of file diff --git a/test/blind_fixtures_data/messages.json b/test/blind_fixtures_data/messages.json new file mode 100644 index 0000000..e352c67 --- /dev/null +++ b/test/blind_fixtures_data/messages.json @@ -0,0 +1,21 @@ +{ + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ] +} \ No newline at end of file diff --git a/test/blind_with_nym_bbs_fix_commit.c b/test/blind_with_nym_bbs_fix_commit.c new file mode 100644 index 0000000..4fd5a58 --- /dev/null +++ b/test/blind_with_nym_bbs_fix_commit.c @@ -0,0 +1,122 @@ +#include "fixtures.h" +#include "bbs_util.h" + +// forward declarations +int bbs_blind_commit_with_nym_inner( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + uint64_t num_blinded_messages, + const void *const *messages, + const size_t *messages_lens, + uint64_t num_prover_nyms, + const void *const *prover_nyms, + bbs_bn_prf prf, + void *prf_cookie +); + +void blind_with_nym_commit_mocked_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *cookie +) { + (void)cipher_suite; + uint8_t *rand = (uint8_t*) cookie; + + // secret_prover_blind = 0 + + // s~ = 1 + if (input_type == 1) { + rand += 48; + } + + // message = index = input + if (input_type == 2) { + rand += (2 * 48) + (input * 48); + } + + blst_scalar_from_be_bytes(out, rand, 48); +} + +// mock impl with rng +int bbs_blind_commit_with_nym_mock( + const bbs_ciphersuite *cipher_suite, + uint8_t *commitment_with_proof, + uint8_t *secret_prover_blind, + uint64_t num_blinded_messages, + const void *const *messages, + const size_t *messages_lens, + uint64_t num_prover_nyms, + const void *const *prover_nyms, + const void *mocking_seed, + size_t mocking_seed_len, + const void *mocking_dst, + size_t mocking_dst_len +) { + union bbs_hash_context h_ctx; + size_t count = (2 + num_blinded_messages + num_prover_nyms); + uint8_t randomness[count * 48]; + int ret = BBS_OK; + + cipher_suite->expand_message_init(&h_ctx); + cipher_suite->expand_message_update(&h_ctx, mocking_seed, mocking_seed_len); + cipher_suite->expand_message_finalize(&h_ctx, randomness, count * 48, mocking_dst, mocking_dst_len); + + ret = bbs_blind_commit_with_nym_inner( + cipher_suite, + commitment_with_proof, + secret_prover_blind, + num_blinded_messages, + messages, + messages_lens, + num_prover_nyms, + prover_nyms, + blind_with_nym_commit_mocked_prf, + randomness + ); + + return ret; +} + +int blind_with_nym_bbs_fix_commit(void) { + for(size_t i=0; i < vectors_blind_with_nym_commit_len; i++) { + // Do not try to recreate invalid commits + if(!vectors_blind_with_nym_commit[i].result_valid) continue; + uint8_t blind_with_nym_commit[vectors_blind_with_nym_commit[i].result_len]; + uint8_t secret_prover_blind[BBS_BLIND_SECRET_PROVER_BLIND_LEN]; + + printf("\nBLIND COMMIT GEN %lu\n\n", i); + + if (BBS_OK != bbs_blind_commit_with_nym_mock(*fixture_ciphersuite, + blind_with_nym_commit, + secret_prover_blind, + vectors_blind_with_nym_commit[i].num_committed_messages, + vectors_blind_with_nym_commit[i].committed_msgs, + vectors_blind_with_nym_commit[i].committed_msg_lens, + vectors_blind_with_nym_commit[i].num_prover_nyms, + vectors_blind_with_nym_commit[i].prover_nyms, + vectors_blind_with_nym_commit[i].mocking_seed, + vectors_blind_with_nym_commit[i].mocking_seed_len, + vectors_blind_with_nym_commit[i].mocking_dst, + vectors_blind_with_nym_commit[i].mocking_dst_len)) + { + puts ("Error during blind commit with nym generation"); + return 1; + } + + ASSERT_EQ_PTR ("commit with nym generation", + blind_with_nym_commit, + vectors_blind_with_nym_commit[i].result, + vectors_blind_with_nym_commit[i].result_len); + + ASSERT_EQ_PTR ("commit with nym generation secret_prover_blind", + secret_prover_blind, + vectors_blind_with_nym_commit[i].prover_blind, + BBS_BLIND_SECRET_PROVER_BLIND_LEN); + } + + + return 0; +} diff --git a/test/blind_with_nym_bbs_fix_generators.c b/test/blind_with_nym_bbs_fix_generators.c new file mode 100644 index 0000000..2776161 --- /dev/null +++ b/test/blind_with_nym_bbs_fix_generators.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: Apache-2.0 +#include "fixtures.h" +#include "bbs_util.h" + +#define BBS_BLIND_API_ID_PREFIX "BLIND_" + +int +blind_with_nym_bbs_fix_generators(void) +{ + uint8_t state[48 + 8]; + blst_p1 g; + uint8_t g_buffer[BBS_G1_ELEM_LEN]; + + for (size_t i = 0; i < vectors_blind_with_nym_generators_len; i++) { + // Signer generators — normal api_id, no prefix + create_generator_init(*fixture_ciphersuite, state, NULL, 0); + for (size_t j = 0; j < vectors_blind_with_nym_generators[i].signer_result_len; j++) { + create_generator_next(*fixture_ciphersuite, state, &g, NULL, 0); + ep_write_bbs(g_buffer, &g); + ASSERT_EQ_PTR("signer generator", + g_buffer, + vectors_blind_with_nym_generators[i].signer_result[j], + BBS_G1_ELEM_LEN); + } + + // blind generators with BLIND_ prefix + create_generator_init(*fixture_ciphersuite, state, (uint8_t*)BBS_BLIND_API_ID_PREFIX, sizeof(BBS_BLIND_API_ID_PREFIX) - 1); + for (size_t j = 0; j < vectors_blind_with_nym_generators[i].prover_result_len; j++) { + create_generator_next(*fixture_ciphersuite, state, &g, (uint8_t*)BBS_BLIND_API_ID_PREFIX, sizeof(BBS_BLIND_API_ID_PREFIX) - 1); + ep_write_bbs(g_buffer, &g); + ASSERT_EQ_PTR("prover generator", + g_buffer, + vectors_blind_with_nym_generators[i].prover_result[j], + BBS_G1_ELEM_LEN); + } + } + + return 0; +} diff --git a/test/blind_with_nym_bbs_fix_proof_gen.c b/test/blind_with_nym_bbs_fix_proof_gen.c new file mode 100644 index 0000000..c8f6cb6 --- /dev/null +++ b/test/blind_with_nym_bbs_fix_proof_gen.c @@ -0,0 +1,226 @@ +#include "fixtures.h" +#include "bbs_util.h" + +// forward declaration +int +bbs_blind_proof_gen_with_nym_inner( + const bbs_ciphersuite *s, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + bbs_pseudonym pseudonym, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + size_t num_nym_secrets, + const void *const *nym_secrets, + bbs_bn_prf prf, + void *prf_cookie +); + +void bbs_blind_proof_gen_with_nym_prf( + const bbs_ciphersuite *cipher_suite, + blst_scalar *out, + uint8_t input_type, + uint64_t input, + void *cookie +) { + // input_type 0: input=0=r1 input=1=r2 input=2=e~ input=3=r1~ input=4=r2~ + // input_type 1: input=i=m~_i + + (void)cipher_suite; + uint8_t *rand = (uint8_t*) cookie; + + if (input_type == 0) { + rand += (input * 48); + } + + if (input_type == 1) { + rand += (5 * 48) + (input * 48); + } + + blst_scalar_from_be_bytes(out, rand, 48); +} + +int +bbs_blind_proof_gen_with_nym_mock( + const bbs_ciphersuite *cipher_suite, + const bbs_public_key pk, + const bbs_signature signature, + void *proof, // OUT + bbs_pseudonym pseudonym, // OUT + const void *header, + size_t header_len, + const void *presentation_header, + size_t presentation_header_len, + const void *context_id, + size_t context_id_len, + size_t num_messages, + const void *const *messages, + const size_t *message_lens, + size_t num_committed_messages, + const void *const *committed_messages, + const size_t *committed_message_lens, + size_t num_disclosed_indexes, + const size_t *disclosed_indexes, + size_t num_disclosed_committed_indexes, + const size_t *disclosed_committed_indexes, + const uint8_t *secret_prover_blind, // optional, NULL = zero + size_t num_nym_secrets, + const void *const *nym_secrets, + const void *mocking_seed, + size_t mocking_seed_len, + const void *mocking_dst, + size_t mocking_dst_len +) { + // space for 5 + n random scalars at max + union bbs_hash_context h_ctx; + size_t count = 5; + count += num_messages - num_disclosed_indexes; + count += num_committed_messages - num_disclosed_committed_indexes; + count += 1; // secret_prover_blind + count += num_nym_secrets; + uint8_t seed[count * 48]; + int ret = BBS_OK; + + //printf("rnd mock count = %ld\n", count); + //printf("rnd mock seed = %.*s\n", (int)mocking_seed_len, (char*)mocking_seed); + //printf("rnd mock dst = %.*s\n", (int)mocking_dst_len, (char*)mocking_dst); + + cipher_suite->expand_message_init(&h_ctx); + cipher_suite->expand_message_update(&h_ctx, mocking_seed, mocking_seed_len); + cipher_suite->expand_message_finalize(&h_ctx, seed, count * 48, mocking_dst, mocking_dst_len); + + ret = bbs_blind_proof_gen_with_nym_inner( + cipher_suite, + pk, + signature, + proof, + pseudonym, + header, + header_len, + presentation_header, + presentation_header_len, + context_id, + context_id_len, + num_messages, + messages, + message_lens, + num_committed_messages, + committed_messages, + committed_message_lens, + num_disclosed_indexes, + disclosed_indexes, + num_disclosed_committed_indexes, + disclosed_committed_indexes, + secret_prover_blind, + num_nym_secrets, + nym_secrets, + bbs_blind_proof_gen_with_nym_prf, + seed + ); + + return ret; +} + +int blind_with_nym_bbs_fix_proof_gen(void) { + for(size_t i=0; i < vectors_blind_with_nym_proof_len; i++) { + uint8_t proof[vectors_blind_with_nym_proof[i].result_len]; + bbs_pseudonym nym; + + printf("\nBLIND PROOF GEN WITH NYM %lu\n\n", i); + + // only generate valid proofs + if (vectors_blind_with_nym_proof[i].result_valid && + BBS_OK != bbs_blind_proof_gen_with_nym_mock(*fixture_ciphersuite, + vectors_blind_with_nym_proof[i].pk, + vectors_blind_with_nym_proof[i].signature, + proof, + nym, + vectors_blind_with_nym_proof[i].header, + vectors_blind_with_nym_proof[i].header_len, + vectors_blind_with_nym_proof[i].presentation_header, + vectors_blind_with_nym_proof[i].presentation_header_len, + vectors_blind_with_nym_proof[i].context_id, + vectors_blind_with_nym_proof[i].context_id_len, + vectors_blind_with_nym_proof[i].num_messages, + vectors_blind_with_nym_proof[i].msgs, + vectors_blind_with_nym_proof[i].msg_lens, + vectors_blind_with_nym_proof[i].num_committed_messages, + vectors_blind_with_nym_proof[i].committed_msgs, + vectors_blind_with_nym_proof[i].committed_msg_lens, + vectors_blind_with_nym_proof[i].disclosed_indexes_len, + vectors_blind_with_nym_proof[i].disclosed_indexes, + vectors_blind_with_nym_proof[i].disclosed_committed_indexes_len, + vectors_blind_with_nym_proof[i].disclosed_committed_indexes, + vectors_blind_with_nym_proof[i].prover_blind, + vectors_blind_with_nym_proof[i].num_nym_secrets, + vectors_blind_with_nym_proof[i].nym_secrets, + vectors_blind_with_nym_proof[i].proof_mocking_seed, + vectors_blind_with_nym_proof[i].proof_mocking_seed_len, + vectors_blind_with_nym_proof[i].proof_mocking_dst, + vectors_blind_with_nym_proof[i].proof_mocking_dst_len)) + { + puts ("Error during blind proof with nym generation"); + return 1; + } + + ASSERT_EQ_PTR ("blind proof with nym generation", + proof, + vectors_blind_with_nym_proof[i].result, + vectors_blind_with_nym_proof[i].result_len); + + ASSERT_EQ_PTR ("blind proof with nym generation pseudonym", + nym, vectors_blind_with_nym_proof[i].pseudonym, 48); + + printf("\nBLIND PROOF VERIFY WITH NYM %lu\n\n", i); + + if (vectors_blind_with_nym_proof[i].result_valid != + (BBS_OK == bbs_blind_proof_verify_with_nym( + *fixture_ciphersuite, + vectors_blind_with_nym_proof[i].pk, + nym, + proof, + vectors_blind_with_nym_proof[i].result_len, + + vectors_blind_with_nym_proof[i].header, + vectors_blind_with_nym_proof[i].header_len, + vectors_blind_with_nym_proof[i].presentation_header, + vectors_blind_with_nym_proof[i].presentation_header_len, + + vectors_blind_with_nym_proof[i].context_id, + vectors_blind_with_nym_proof[i].context_id_len, + vectors_blind_with_nym_proof[i].num_prover_nyms, + vectors_blind_with_nym_proof[i].L, + + vectors_blind_with_nym_proof[i].disclosed_indexes_len, + vectors_blind_with_nym_proof[i].disclosed_msgs, + vectors_blind_with_nym_proof[i].disclosed_msg_lens, + vectors_blind_with_nym_proof[i].disclosed_indexes, + + vectors_blind_with_nym_proof[i].disclosed_committed_indexes_len, + vectors_blind_with_nym_proof[i].disclosed_committed_msgs, + vectors_blind_with_nym_proof[i].disclosed_committed_msg_lens, + vectors_blind_with_nym_proof[i].disclosed_committed_indexes + ))) { + puts("failed blind proof with nym verification"); + return 1; + } + } + + return 0; +} diff --git a/test/blind_with_nym_bbs_fix_sign.c b/test/blind_with_nym_bbs_fix_sign.c new file mode 100644 index 0000000..9272cc1 --- /dev/null +++ b/test/blind_with_nym_bbs_fix_sign.c @@ -0,0 +1,73 @@ +#include "fixtures.h" + +int blind_with_nym_bbs_fix_sign(void) { + bbs_signature sig; + + for(size_t i=0; i < vectors_blind_with_nym_signature_len; i++) { + //printf("testing test vector %lu\n", i); + + if(vectors_blind_with_nym_signature[i].result_valid) { + // sign + if (BBS_OK != bbs_blind_sign_with_nym(*fixture_ciphersuite, + vectors_blind_with_nym_signature[i].sk, + vectors_blind_with_nym_signature[i].pk, + sig, + vectors_blind_with_nym_signature[i].signer_nym_entropy, + vectors_blind_with_nym_signature[i].num_prover_nyms, + vectors_blind_with_nym_signature[i].header, + vectors_blind_with_nym_signature[i].header_len, + vectors_blind_with_nym_signature[i].commitment_with_proof, + vectors_blind_with_nym_signature[i].commitment_with_proof_len, + vectors_blind_with_nym_signature[i].num_messages, + vectors_blind_with_nym_signature[i].msgs, + vectors_blind_with_nym_signature[i].msg_lens)) + { + puts ("Error during blind with nym signature generation"); + return 1; + } + + ASSERT_EQ_PTR ("blind with nym signature creation", + sig, + vectors_blind_with_nym_signature[i].result, + sizeof(vectors_blind_with_nym_signature[i].result)); + } + + uint8_t nym_secret_bufs[vectors_blind_with_nym_signature[i].num_nym_secrets][32]; + void *nym_secret_ptrs[vectors_blind_with_nym_signature[i].num_prover_nyms]; + for(size_t k = 0; k < vectors_blind_with_nym_signature[i].num_prover_nyms; k++) + nym_secret_ptrs[k] = nym_secret_bufs[k]; + + if (vectors_blind_with_nym_signature[i].result_valid != ( + // verify + BBS_OK == bbs_blind_verify_with_nym( + *fixture_ciphersuite, + vectors_blind_with_nym_signature[i].pk, + sig, + vectors_blind_with_nym_signature[i].header, + vectors_blind_with_nym_signature[i].header_len, + vectors_blind_with_nym_signature[i].num_messages, + vectors_blind_with_nym_signature[i].msgs, + vectors_blind_with_nym_signature[i].msg_lens, + vectors_blind_with_nym_signature[i].num_committed_messages, + vectors_blind_with_nym_signature[i].committed_msgs, + vectors_blind_with_nym_signature[i].committed_msg_lens, + vectors_blind_with_nym_signature[i].prover_blind, + vectors_blind_with_nym_signature[i].signer_nym_entropy, + vectors_blind_with_nym_signature[i].num_prover_nyms, + vectors_blind_with_nym_signature[i].prover_nyms, + nym_secret_ptrs + ))) { + puts("failed blind with nym signature verification"); + return 1; + } + + for(size_t k = 0; k < vectors_blind_with_nym_signature[i].num_nym_secrets; k++) { + ASSERT_EQ_PTR("blind with nym signature verification nym_secrets", + nym_secret_bufs[k], + vectors_blind_with_nym_signature[i].nym_secrets[k], + 32); + } + } + + return 0; +} diff --git a/test/blind_with_pseudonym_fixtures_data/.DS_Store b/test/blind_with_pseudonym_fixtures_data/.DS_Store new file mode 100644 index 0000000..649ada0 Binary files /dev/null and b/test/blind_with_pseudonym_fixtures_data/.DS_Store differ diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/.DS_Store b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/.DS_Store new file mode 100644 index 0000000..f954a89 Binary files /dev/null and b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/.DS_Store differ diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit001.json new file mode 100644 index 0000000..713b78c --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit001.json @@ -0,0 +1,24 @@ +{ + "caseName": "valid no committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [], + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", + "commitmentWithProof": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c5c2ac3247080eb71fefc7e9622ffae372425a699a298ba991a0bc5c6a3d9211347d0ce98d5c0550667269df1fb81f8fa30c07d4917c7c0786411ee5c05b00b9d501d3f8e244b860b7b11140cddc9787a3ab54ec7fd0a8950dae339f396f2641b", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "3a3b481c984f4396a13b1f65368aa393d08455fbfd351ab80f593aa5de8b4b1d", + "m_tildes": [ + "5e82a40ae25e65fb04d7722f36ecd62fa4f07c8815e74f0a14a7e0a6547a36ce" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit002.json new file mode 100644 index 0000000..d9a142b --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit002.json @@ -0,0 +1,35 @@ +{ + "caseName": "valid multiple committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "691b0c56dff95cd15fc221a7d66ec71742fa8161a435ac51ffaa0f593b05989a", + "m_tildes": [ + "2df678f035e3b5c2628d40645c3b53d30b77b992b4d1663aa313892d08a78e85", + "2c0add8de9779bf9e3ba6ef2a863cec5e0375b66c44d326f301914eb73cabb46", + "57ea3273104c990cba7c65f88c766b013c326857be408a55fefea46c71f51a48", + "4ffdcbebe564f0aeac3e40c58cc42964b1948b581671070f85bf003ba61caafe", + "19fbc9539129d0fe065c6a19d2df1588207232d163e098f127b270c3ad25fa08", + "682afdc2c093d95b88e5e145514744d9a254cace1ecd92f20cde388da9adc20f" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit003.json new file mode 100644 index 0000000..d5fb4cf --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit003.json @@ -0,0 +1,44 @@ +{ + "caseName": "valid no committed messages commitment with proof, 10 prover nyms", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [], + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "34f0399aad9d70410e368a37d7d1c8e70b9a788d0d6093191f5a266ea75c5645", + "commitmentWithProof": "83d5f3f2f5367a48ebe534215bf9b76a632b3ac271556c172e0dc02c6171f263ecc9fc2b88254d130138214f22341cb11e4b1fef3a435cc3c8670bdde2f6be330c8ca1d055fd438b186294cbd933ea984f89bb721ba94eaab2079300606f0bd247e572e2e7d17651776a126490e9899f5e18410f24a1fb3e30676ecd93a1a9be221501b46154e8dd69e41cceacbd835f5a8ee3a663ef7f54bbd7256329cd7b120b1c8b79b535e3056cc423a78ddc68d048fde63c101d395ad7cfb1f1fdf2a9784e9ceafaae3f4a494b34429454b5801122a3cfec42cca7a257da0522167cd2bfb8c0fff3648a464b823ecd5ccc121c8f3e2d327d4302770dc7b51b23073595fc12a14255816566e0d86b0411d517459110dca39dd3829f662cafaff2b84acda030925c6cb5b628740813d6128578274553170651b33bb6b3a008e9f05bc5c240d6acd55b7bd8149157e9b48257230ae53530cd27bda98884fe767696cd9718d213e3f227993af64a1c4a8d2f80d6e2de66462aedc2b9a861413f311a1a8c620b21af703d9beb2ee5ecce75d4fbe56c85728dce09b1f3a16bc1093e2b81235bcc9cc3b4464eb8c60b644657f98b2d73bf", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "3b97f8882a6b1d811df04acba4df3bc51afec85b753a0d2fcc0a6ae40d37b07d", + "m_tildes": [ + "2fce76c7fdc66ccfbdb5284994067edac8d304fcb8fd96bbaff7d5ec0684a9d5", + "6f1ba4854341795a1b5fa472a0584e78685f917a2efa35e6c6ac32c9aef3ad83", + "22a6a7e4dc34c47452534c0425814d24ef960a56f10402adae14307b03623f20", + "2d57bc30f8bc310060f6f568abb0fea3b137fadebe8060a6cc66777d5f0dd096", + "05273b40cfb0b20f50ce81a9fd178dfcd6d60ca5d24f1b3bb1b7b70c49658baa", + "2f99b52bd9996b2e785601265fa206b507ceadb9ca13a8dfdcca5e2cb69e1eda", + "41429428e3f7b74dec71d4f28099c8ae70f102b7198e7dd592140553d5d0bef1", + "67eed19ba551c01b3656c814a6ea27e1af3ea62808b28159d1e30139501b5aad", + "086935deae886e2416da7573f25022d7f5992b74542b697b9e55c8fe3fdc5fc7", + "729c06b84e0adc38ab1cb1bac54b93a8bbb32f3674834b1124e0ca67eb164456" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit004.json new file mode 100644 index 0000000..3a71aef --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/commit/nymCommit004.json @@ -0,0 +1,55 @@ +{ + "caseName": "valid multiple committed messages commitment with proof, 10 prover nyms", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "70ddf5f833ea8c451ab0575c25f18fa016264f3a2f8110332e9090033d1af3d1", + "m_tildes": [ + "3dacd6ad54ae507a70a95982dfc5a5d9881152eff78d997066a3b1aadc26fee7", + "2034d9eba3bec2f0fb37cf6b099316d3b62604bf6131b7af586f683a171fb931", + "5231035aa8c033c8558217ae4d06910eeafe2c598e6b2caf0454e4cc6a9e0c16", + "52ce67adfe12ddf40cd5aa9568b1a972131821186662a3fe103e64251340a804", + "6f01f109415afbd96fc398a11af5cbb6c3bd83fb3f7fbd260f7d943e0e655b27", + "2e44e1fe789834d2cd9c5a7e5c4232b6bf3a94418ae3f083432d1977cef671a1", + "29e4f94856181a3002dbe883d00b693a9626cbd047a7349fc0bfc8861664a994", + "325c5381feafcc5e3321f86df84f48c8ed16e56e7f6c0979c8c87f63001ca985", + "5334aec4e6377906a891cffc765dab05732e98b878ed0588d880ce07de1e28de", + "4bf070e709788d6781987d171eb39b656f3c83cfc0e392cbd61870a35f3ab688", + "18733256ef13b6fa0782b5aed0763d0c4fe51711573779cf2c72269947b57022", + "3e63d948c67a16e756d26f4b345db09f9efa2199470d26757b0894dfd8270e86", + "468225d50f50d5f47a1e563a579dc4095d515bf7cbd864e82ac673daf68bf31f", + "2cfb81c8b053f6ad64e24337abe9355604dbec8fdf81f729125ae3da90fdece5", + "2f7134a410f5c05b1ea6ef8705ab24c39ecf5d6e899abcf5aa6c408f51c76f33" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/generators.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/generators.json new file mode 100644 index 0000000..2db8b61 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/generators.json @@ -0,0 +1,32 @@ +{ + "generators": { + "api_id": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PSEUDONYM_", + "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + "Q1": "a87fa55cfc29d0d0ef43b7816018c6162b9c4a5ddd5239ed24d9799f8e105c267d81ccb22f6379853c4070c28c71f13c", + "MsgGenerators": [ + "8c6de69580b83b7c6d773857ae64b4495955eb06e67ebc5855af89c72cd8d9bea9fd7f71eca20c6a3388dfa67b1e7ccf", + "aed1785c1c00d00893413e5011ecdc98706958a2ccf175be8a42afa56ef19c86ca6c14afe7e74a72596704fe34b6611d", + "b5b5142c6314a918882439b634adb926cf42a55da2962865bcf09fe746554851ae075d9a4a03add64a0bec997eb708a8", + "b54f25df3ba79539da4ceb375522625518590eebd52211d40cf1083f8a9e8c1bb19212f1f31711fd333678002a362830", + "8fcb548cd1e5cddba514a7f90e3b0ebd00bd82bd66158f70cc7fffdb09f14ac8fc56ef9587cc41a82614533444494e75", + "94a1d50478150c469711ccd09fa4544a590a1903f16445a4a5bc0ab639f1a408580f2464972198d128f1bb4a4fa41b0b", + "b36ceb6c0cc0850fd3a2e64fa534a1c15566f99688ec6134c5223a33de83ce5534d43c0973a2769ce887d5bac8481519", + "a4e6dff6038ab2e8265d9c177d110c742bc97f3a32bd70123ecd67176181b2068a0ae8323db6e061e4d8e62db6f283ad", + "90977c482711c97318d1e4c4205308847727ca7dbf3ca7d1c55f1906aeca21aae22b7f43e73feae41c9a9be75319015d", + "a435ee46442dd320426a1eb163176154bb144a7f829900d0e14ec7c28d882572acc1b4f670ef7cf5b41a4bea2efae6c6" + ] + }, + "blindGenerators": { + "api_id": "BLIND_BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PSEUDONYM_", + "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + "Q1": "a264ef107598f1caaeb323b65164bcea80e88814810efc61ea27412e879c7cb9344b1b513118d3cf5c79bfa81268ef36", + "MsgGenerators": [ + "8af923aaeaad46bf889049b2e5de19ff17778343114e589d716cde6eaa553c9e54fd6805afb244e445be2939ac789b35", + "aa6c94da21fafb4cd604029cf599df139aa88ca1cf3676fb7da1e12ec6a8dc83c3d7fdbf33a79e760d810c4fbac37f6a", + "8f65ebef29b60b81447821ea2d5a201d339b0c092021bd71eeee2d1f39d4972d3688c98c21831490583285c12f6da579", + "b94e4549a9ecbec9b83c004d86649f0aa6510ba292a2e68d982e79ad4de0e5bd2972313a95170f4c5881d7a5b790c205", + "a1d1d4460ee7475aa66fcd4c803b11cef74a75b9d4bfe9924de20434e01f35707855299c9d4ead6af5b93f57d9392d56", + "8852ab63577b0a382df12320c5fc900bce57680d47e371ced873399bd9c5adc793ee890a919fb9c293e55acb4ab0312b" + ] + } +} \ No newline at end of file diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof001.json new file mode 100644 index 0000000..45a08e9 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof001.json @@ -0,0 +1,93 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "8b461b6d894ca153a2e1c05ac10c1bf21778b4ba08e9ca80949525afd86d533bf4b4f53ae3f7db67b9dcf55b5c4d3816b80b033b140c3bab14da11a54bb7afeb32c357cf6a1b73f100cbf1cb4e1c3fa1376a57d3be7e2f0395ec59b9e2c39c6ba744a214e5cec73752d3aa6ca1461cc38b4f69397282e8c9552b8f2add6e878f4edb8370003e141bacca3c3131bdbe016a02395e38459b716da68c90eedf33e13d01684d271148dc05c11f934a11986c40664e63c3eddd2a7f84edac4b092dfa6eb0bc58b8ae5c44b7b4392b288e700f59c56be0674865eb7e89069c2f39fd0a2a61379d615db25d33473774ff72033304a8a62dbf5515d4475808a5f9fae6052f5031d741535af95294195a97e9f87336fa53bf566b1e88bc8987b6850b0f06fc7423d92910970ac6cf33a8a53d1fad10343839f7ad6c221366c10e96eb67949f2bcfc83614232ee7a5f9f564fe2499", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "57af863d7be8df38f5431df51734fcc8b070d4fff721eab0737be707a0479747", + "r2": "64e66eecfa127d5942a5f80e2482bb283080fa337eee066d9b4ee79e6e3c3fa2", + "e_Tilde": "05a11905301517822cefc88901a9e02987318dff415e782bf7f4d84ae9cf3f92", + "r1_Tilde": "6273b8da4fcc64de0ade6941c11b3c3a34ebd01e6f54869d563facc8ea7c143b", + "r3_Tilde": "0a03d7ec943dd16b005454ddef52ec82cf30370e49077ce19d709a0ee68ef6dc", + "m_tilde_scalars": [ + "177e9bc4a3681ab187a037fc218fb5a401a2f253c1e7a76f09532a8f9be75508", + "398d3a444831eeb55b89946106c9f35b7296c7ce0e2e2fa66a4318c10bbb98cc" + ] + }, + "Abar": "8b461b6d894ca153a2e1c05ac10c1bf21778b4ba08e9ca80949525afd86d533bf4b4f53ae3f7db67b9dcf55b5c4d3816", + "Bbar": "b80b033b140c3bab14da11a54bb7afeb32c357cf6a1b73f100cbf1cb4e1c3fa1376a57d3be7e2f0395ec59b9e2c39c6b", + "D": "a744a214e5cec73752d3aa6ca1461cc38b4f69397282e8c9552b8f2add6e878f4edb8370003e141bacca3c3131bdbe01", + "T1": "8cfe5878510ab8f2ea6d70290af52d72c17ce68df2a710b50d72ddcb2e40e507e87d18139993c0c62159259288d10c13", + "T2": "837f71d00dc87d1cda035faab27d6fcc02e8349fa82c4a60d3d4761faafe82359b7942fd2c74f2e96bcb5d87082f0b22", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "abc19d6f260398e8dfe5d146848fa7e2f2589ea90c905ff0af705ae186a6df70be5197633477993afc3de8ccf308584e", + "challenge": "10343839f7ad6c221366c10e96eb67949f2bcfc83614232ee7a5f9f564fe2499" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof002.json new file mode 100644 index 0000000..cf0a00d --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof002.json @@ -0,0 +1,93 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a9067eac3cb7bafbb54e639890583ecef49e646aeec069a8928a04cdc68ddb06236678db77c07f400fb6882ab5aae6bf93f1919bfece83649f9717f5976e75a4d35a168ec81cd09a890fbb0ab83625b2bf5cb37e707bc7b1867ddb42538de5cda84e99d1a905304d8e94455054fe91f90bbf4387a65328b370336fdb75b6f274f0096d61363c58a07a2764254cf0f7d22acd95eaad1ff589bbe83de590544156221867a61a1e3b386f84b2073e6f9d9b2b6a60ffb0efc6c0e3e80126b800e7fe577f0817313bcd3e1bf1b494bde4134a035c9f347e6a98465e551975d1451c35d45856c2f3949165c8d929c3279e8fc92bd3ddb0e515845e18bed266a92cf820d9c0e3f39fc83f07aa47ad4674caabe307a5b5dd551830561162d6fe0b05793444a9fdd36c9fadf8d21057537654ffd5016f8d5d95fadb17884d19c6a0f5ec4ae14280f2a6581a99fcfd7ca292a71cf21885cb85f3390b28a7f547f2ace9e44f49da38993bfb00734aa5e1117f2f452c06100cc974c305ddf7c74e7eea17b9df62237f770e916b19973b73dca0710aa9", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "3f7f8e5116d83e95bcc525249ad54ff216e7c4c15aad548320db23d7a7fd72cb", + "r2": "423372f6da6b802f861ac89bb679e6725cf996040fe214fb9f98883b853ff541", + "e_Tilde": "49764b7e4e70246865f484a0182f23c47f602e3589e4cc290b984435ebb19b5e", + "r1_Tilde": "69b68a617a5ce738e7b8594a0012c96aa8a0b0cc65da40ed783e4f04bd5ce4fb", + "r3_Tilde": "47e6eaf307456b76d578f639a28ce688c3ee18d44108f2974588af3b258909d3", + "m_tilde_scalars": [ + "192287eaaa219042b2217fc6fc8d39e8755bee5d61e441912f6a1399cfc12d17", + "27de130fd1b0a7e113950fd909bd7ad0ef5285fdc2a5e098f8038018a62af4d3", + "464edb5824e1a70d5d493e98bccd23abf619476e659c5de9ccf37506c48f5e7e", + "005f216a707470dacafc62ac2e5a99bf9fa42373a8c8f7531d667e4ffdd65650" + ] + }, + "Abar": "a9067eac3cb7bafbb54e639890583ecef49e646aeec069a8928a04cdc68ddb06236678db77c07f400fb6882ab5aae6bf", + "Bbar": "93f1919bfece83649f9717f5976e75a4d35a168ec81cd09a890fbb0ab83625b2bf5cb37e707bc7b1867ddb42538de5cd", + "D": "a84e99d1a905304d8e94455054fe91f90bbf4387a65328b370336fdb75b6f274f0096d61363c58a07a2764254cf0f7d2", + "T1": "b34604ecd3bc9011e03b9c453733cd803da92c8514398a6a7cb2d1631163ee842d352c97328fdc5336e92464c80003a9", + "T2": "ad3f5f203abc2b2be56fd9577d91077e6c33e06810844267b22d8ec3ed808b2123ffdce09b24d33b67f387cbea61c00d", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "a315013d4b93da38f15acadcf923614a0ea0b0d1d8a6b17827fec2ebc57b98b95b102ddbb8b9dc1117eefdec6c31a4b0", + "challenge": "06100cc974c305ddf7c74e7eea17b9df62237f770e916b19973b73dca0710aa9" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof003.json new file mode 100644 index 0000000..482c7e5 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof003.json @@ -0,0 +1,93 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "91bc88e3ca7d2f784c0e9a049a2c28edae23a9b23f8cfbfd04a61bf615f39fadd079cca6b00eb864775f579042cbc52a8431670805c77cae96b9b859c7360d2aec6f177dc2a7156738904f82497c043dd87ce896b9513290e346a46b8d2f30f983e4d3ae58965da888bac7e9a43bb54c8e8082eda0fea4f8158dcc9adccc209d8531414f9da9afaa50887f79c4de772e6559f6cd242865b97e5c5bd7cdf1de6e94b6efd70895c8778977053aaf7f8bd60c2fe70a00563b17dda2edf57f7119ede5423f8d8192ed1038b04ae070bb5db95c458052c07a909effa2fd85822876457e4ba4d2f6f8a5321f2bf81f378ed9ee06bd12afbb65911a5286f8b3eba84abbb36cb477bd43b3a23cab561b51ed5fc36477d163dda604560cc1e05dcd7b324bc485f9c69c60031a7c9cd543d10631035ad2480597b9f6c56638bcadb18fa4dee893f5b898970d0c47673e21325f126261463907e6911126a7f6a2fe94e7f0957a77297255afe329d7d4919f05b565a507b9af3d831c4c6c90e3fb80385b244d6c5dd20a05e49dcf84677446c456443655faa345d6393bfe140b7fd21534d6f3cef8b638395571c72fcb48108c1b907008a8b8d23851d7a296ed0722325e3ba920947f695cfe94aa27c56ac60f90545c190e55a6926442a97ceed5c8e44fbc4e77110d91280c8658896e5d0eb9c1ab8b", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "4b323b402acbd18f2109d611190669d66af7d4edc0ff899d308b77cbf54a1629", + "r2": "4224bfcae26523b6a34fc37637e74cd83cb9a61f78b6be0b15414993ccc3f057", + "e_Tilde": "566ee8f81f7077744ad445c1ebe51a2905127fa7bd23258d5863de20a7204305", + "r1_Tilde": "48d2f3ff92ba720da7faf9ed1828ecae99a51861f127be6c561c6b50878c1281", + "r3_Tilde": "2e1dce60f55b7f6bbae34dc56718d564576251f698a11377dce240656274541e", + "m_tilde_scalars": [ + "03da9778016b40f396a9f237e56c3ae5cfc6d5001f328f3db98448e5e1115408", + "5863a317cec4996d232afdb379aaf96cdb14e102fe00b1667b1aa68feacc5099", + "3f043505ceae96a3db8f1261552bea2053bfd21a872408ba8e19d0fa3201dc74", + "726be9c9f6af8407403c731b1a7282955dc1e563ce08b7d5705ed2cb20b04040", + "0bffdf4cf02093b2473b6d129636b21d70542048989bf92471aaf7a567e5ee0a", + "46782785ca90e9b6751e9301a320c5b1b299a20c1989b9ee0706525dfc7ac45a", + "71e38b786f98c5c77b1dac4f088aad694408882745fa24efa020549e81091d1c" + ] + }, + "Abar": "91bc88e3ca7d2f784c0e9a049a2c28edae23a9b23f8cfbfd04a61bf615f39fadd079cca6b00eb864775f579042cbc52a", + "Bbar": "8431670805c77cae96b9b859c7360d2aec6f177dc2a7156738904f82497c043dd87ce896b9513290e346a46b8d2f30f9", + "D": "83e4d3ae58965da888bac7e9a43bb54c8e8082eda0fea4f8158dcc9adccc209d8531414f9da9afaa50887f79c4de772e", + "T1": "a00e5b8480d287b34e8f01b4669a1952bedd5d824262712b34a860e66cd57fbb422d18a879be9b797165bb17b52b178c", + "T2": "a87f7d1cde463bc45d8c1dcd4a38a321cadb1e62bf6d1dc3f9d96413f57b0a9aa3efbce4dfdadf5f69de8349d4b667be", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "ac5ec459d32ae9fea34f5ec9fa3ae06df7862228b5e48fb1b653ff5248f6d2f60d04975f9ae05faffafb91471f0c6f5a", + "challenge": "190e55a6926442a97ceed5c8e44fbc4e77110d91280c8658896e5d0eb9c1ab8b" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof004.json new file mode 100644 index 0000000..6f56ac3 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof004.json @@ -0,0 +1,93 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "90b73086a74ee38b517bf6ebecadcfc2b2ea15b92dbb8debe6eb1417dd525db380f824e9b91377ff0af9bcd939d835b0accaaa10d0348bae5c05e14ee1a46bcfa62678d8927ff3ba52c2a5fca2fc8dac36eb44c657d9112b48931dc46a1a7deea3f82bce989c2c49bfbd8c8a3eda5a5302e606bc59da89ae9e2d9a56f2f6ab682a8ac453c9563f62fdd9cff3924f8a24373f1f9fd1fef2149c8207c1252b6fa1d235e9841921541da7285067507fe3f918e43f003d76d9ffafd1eb92ff7a42da802a578fc8c3e8f75b4925f7c9ac679c46cdac8861026c89fb20eec85b2872167ee146b0cb2d50418a9e01d724c1234446cb0de1023459c349c748ad1396c1df2670a2b5091b9e01671d72463c0fe83947acd2e6e6719e3c6566d2391d995bb2c0523b8af810845a90f9356f86acb0b80784ec2181757b8641c7868723f5dcf1dedf6da73669b1e61832b201955789d618e34c3c05230565e6575969f68c60c2cc3204fa9fdeab00e71ec986d431782766a2ddeb078c7fd2eb58554e0aafef57ddcab973c95d8565bb54847553a39cfe001f79da96ad6a42d605ddb047009eae14e3e64f0742232dff7caebd6b62334601f86308ae01476e3fefe1b43069be08ea7c597231a4e9c56e9f460775a60a2254673a5fb004c8b4d04c8309574f0e9aca607edb64d3722d6a219e219c71067952cdf7e10ce295a3b7353aa45e536c7cc17025bfa75568272f1582c6643aaa6e677faf57b5a9705e49685cbd34dcc0beee1439f552d1509c77eef55b91fa6545", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "54cd5cce27924327e7b102c514e3ef1ba9f1f9baad1117804203ab8825dfec30", + "r2": "5f24156b67c03f1d3bf0b9c6f465b21768a84b0f08a75545d9cae648647cc5f9", + "e_Tilde": "4ec3d446055552e3106546074982666a32cd66beb17793307c71297fa0907394", + "r1_Tilde": "5b7d134824285dd65626cc84f4609de1d36e20e5b2f1ed692ff6190ca0fc73e0", + "r3_Tilde": "0d2ff5d47840f463423b7011ae6d5283681edeb186bfd9947008e47b595237c7", + "m_tilde_scalars": [ + "1ba2fb229bd500bb65ed4fb9c44eff2a0bfb3b335bb28548e729ca10fdd34849", + "0bc5a2dde5a559d01f61a4b291391e3f238735726a723dd69954649d84a47ed1", + "07c41f1b4ea44a3bafab37e4276d7585b17ce82afd1dd099071d63677dd49298", + "737db4fb57541bea9d125581faa7f2ccea4de7c4f101456b8bae7ae6bda72ea7", + "0d92794b70ef2b6f56cf03192b9a3714df9503629081053f13f8d12d9e7d79a7", + "269df3a0585467568b6f88abedaa986297f33f4aa069f13cd392ec49426866b8", + "4a6c5ac852ddc2ef9f735647f959416dd8f2b78c56580dc1d4bf57993611b970", + "1f167fd08394e520dba66007180fbec6ea5b88ad87a4bdc21acdd80ccfa3e5e0", + "3a870cc60dc5b1083cdd510fcfda6d23c8c9bde556584ddc9f70378eb7515b0f" + ] + }, + "Abar": "90b73086a74ee38b517bf6ebecadcfc2b2ea15b92dbb8debe6eb1417dd525db380f824e9b91377ff0af9bcd939d835b0", + "Bbar": "accaaa10d0348bae5c05e14ee1a46bcfa62678d8927ff3ba52c2a5fca2fc8dac36eb44c657d9112b48931dc46a1a7dee", + "D": "a3f82bce989c2c49bfbd8c8a3eda5a5302e606bc59da89ae9e2d9a56f2f6ab682a8ac453c9563f62fdd9cff3924f8a24", + "T1": "ab548df17855a8c0571b39837eb79e342b4967924ac7320373b248f3f7354934173bc8792099bd20d6e4d94d6b76337b", + "T2": "afbf3f025ab9a1b1b23cc7218dc6d1dc2cf9c94478d42d8421cce017e103971c5e5cb5117140d047d114568f5cca0edf", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "b00fa7850d877db0c7932a4d9b5441b160532a21a9a3d31ccae5c59988ca2624cb95d2c757531731c45a8e2d02a672cd", + "challenge": "677faf57b5a9705e49685cbd34dcc0beee1439f552d1509c77eef55b91fa6545" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof005.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof005.json new file mode 100644 index 0000000..643ec0d --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof005.json @@ -0,0 +1,92 @@ +{ + "caseName": "valid no prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": {}, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "817a20f821e7d168b47a21814beefafe5d782fea324653d21b1a61f32d46cd64e25a36be1ccd8e7efe9c1242eb3c3f2aa799d99c59225f5f3bd1d8311ee0b3aae7bc4995eedcd38f48f91aecd310a4a21455220dbd703af459111b96b521a24595d59bacbe43a2b93cb90a4ac6d67da6fb5e121d1fa7ddc9dfbba670b8911e6a2888bd82dbfa48a2db892764467072f645d320f0c6785213a982b3c192b80ad345a656326127eb3d654289d9ca51ba601c81dce32e8c5153f1a50aa0f86c7a96a2e150f4f585a0cc86ca452f890508e05ce208461984887ea0449953c06088cd060890a19a18276b48487a43bfd366e6501fe7c831fe7a97850fcffe6a6796581781b42f33e8c86c89c4c7cbdd01b82f17a251cdac6e3d30de4d60ea708901f5b6c2bddeeaea77abc772d5df66cfc38e60d64402c33e4dd1accc79ff74e57a473536477000b51ed64f46bbf696cd4f9f24cb8d94439e498cb7e51d181e34e7c9e1a1e398cd81361355d215ea1f12332443d8850dec1c792bb1c0bbba52c25e686d3be3871686ea5b1e3f805774cb122b5c81206df19a77355c856b8a2c7fe04a628c943be502d5a0e12cc270f43004df1b9132a67293045a5dc6442b9661b07d2d1276603c3ad8cb05ac71271843f1dc43b064d2a1749725310abc8722891f8fc9c8cd4959cb21be92666de03cbd86501380eae938c12ab91375daa5174b11692539788fbb9641e448a593a272f763a201273c6b84f3c7820dfb7908a2b42406a132944bd5b101573ac596ce7c0065ec446425a4e9210f658349dc22ae72cdff870328d4a5dd30891c47312314da2d762ab4c3982bdc81f3c08322ed77bf6f5122e87131efa7456d7070f73e2222d3ae55811031fa2473b3b8d5b72513a0edf519d91d961b468056514f5f997d4d8f0f", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "3225bff980c15ebad66698a30058f01c7f1dc6c6cc2b959e974c11f2a1aecc15", + "r2": "57ced773ccd372849c758db968e99c36495478640309379d6cab21383a965ce5", + "e_Tilde": "544228f93bf1b142ce46f5ce0a030d7131fbac631fe61a9483bb95c8ea8dcb97", + "r1_Tilde": "1b23db9f8fb2f2618d961819abb39cff1bba09f165b445e301aae19102bbaedd", + "r3_Tilde": "24181368361d35cd08a2905d1ad2f3c808c52152e8e6de76b37c7ab4a93a6764", + "m_tilde_scalars": [ + "60154b04a4c98255e7aef7b9d08452445b613cd407cbe2ae9d42371e89b9a95b", + "70cc1da93eabc0785d2847d89eb73b723e34c3005acd39a41ff1e3954a10fa70", + "19521e59845a027b89750643fbe7779c70965a624b0be492eef6f9f305442184", + "4cce8654814637741ad543a7e8844b6e737b35e7e3c5830cf171fb5bcb8e461e", + "27b95c59ffe0163b480e802a8d713f5da75a6ead37d5cff3404770777518849b", + "3d4295c7724de36f339340e98216e78bfefa4be8172e6c7c3bc024868c8aa8d7", + "1e0f8fd41c7562a915cc9069d77f91afe2a6dea1168e06c53dc2c992f653225b", + "3017a9528ac1bf01ee7fcc37477ebc88239be178b953c7165b15bb76998e7653", + "52b7d08b79d82945295d25de22e7a604c2967c910458eddfbcd9fc60e09169ba", + "334ad48e9043501e7c8893ab351f4091b2e7f86925e814a69375d3b9fc6aa520", + "2844fcf0fce4ac751997a092e921aef4c121b3fac72c16213e4f214315279fe6", + "365dd49379b57eddc85c5665b2f4f1115686b4d94674f710d76eeaf91156c6b4" + ] + }, + "Abar": "817a20f821e7d168b47a21814beefafe5d782fea324653d21b1a61f32d46cd64e25a36be1ccd8e7efe9c1242eb3c3f2a", + "Bbar": "a799d99c59225f5f3bd1d8311ee0b3aae7bc4995eedcd38f48f91aecd310a4a21455220dbd703af459111b96b521a245", + "D": "95d59bacbe43a2b93cb90a4ac6d67da6fb5e121d1fa7ddc9dfbba670b8911e6a2888bd82dbfa48a2db892764467072f6", + "T1": "8edd9d7ddff5383cf8d316756c23ab8585cbedb7fb64306df7512f5b209c8b6e9fa5ed8747fef7b912957c80b16843ee", + "T2": "873a4e1acf97338970b6dfcb8b9994d0c8b4ff708802deac8ba75fa216007aa268a899fa9a7566b22d7bc8b37c853ced", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "a0fb7d80197b8106a1e49e0db49841e6242500290cc61896c9916554a343e1d8f55d6fb26b6889371a9a8d032065b413", + "challenge": "55811031fa2473b3b8d5b72513a0edf519d91d961b468056514f5f997d4d8f0f" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof006.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof006.json new file mode 100644 index 0000000..0258e99 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof006.json @@ -0,0 +1,92 @@ +{ + "caseName": "valid half prover committed messages and no signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "aa1d03daf3d029fe663162065bf6c56a71261409c0ddf3934e7c2e1969a5ab710f106bd66503dcd453e6f05e2774d4288b6efd014709a1f1f0f4e2b365c663fba2683df462a57eb28d46344200b836e7519a7efaa8e8fb88ff47bd75d806401494914bc998341c1bd56721e0626bd0dcdaddbe4b4f84d4798143905b81dac1d5c0b2c12d949cb6992c1fc24260b43a544b8ae8c3c955b110f48019a96584a33c77d7f28e05d1c66937187ce001a3b9fb623fa9d8bb811e9d2f7c794caf4e57ac152207d204a1d722939d86b8953055171d93177df58988822e53720003aa67d30795c119cc5ada3ecb4f2699338ea2bc6216a3c0fb353d31d3e5b1922a00b19986548c2c15509c4c786c8f12347906c90061db567bf996d2589c437d026c721eb2b5c7734ed7d538732011c8d95b1e5f4f430ce07542c59f9a7c05034512c82ba7b983c05932e83a9c464082896e8e42306809d030622f14037addba9a7cbe0fdcae68852655e2a6f48687c06c69ae364a67b0152dbabd36671de5ab8663e05d906eedc5b1c19ea8c272d8bdf5dad7fd3f46cf989339c1032b517dc43a9bc5980dc98f1bc9097b7644ed870402ff919d1bf5048d92d6e147a7ca28fae3dd5678c1855bded20cef05b21c3a4dac94dd4a26f08ade27ddab9ce45fff46fd42954987b21f38beef1a9a16b2776efbb3823142b27a6ce3702e3ed6c4df18129f3800017df4909d2f66b9601e66858883f123478c04f9878af7a540240877940a22ef39899606527d8f228fe32161cccc095c45f8907e4bb96cc7199c56c9dd9a866a854218c1e4733309284ef63aa527c8cd5db80edc85b3de5607a97f406f7fd3b91bd3e84275d0d1b976c8186ef1b23ed032504327d35abb3047258579fc36897696cb88d801ceac40c373f07810b302f141d8d59261fa92f513658def452f62613ca374357c3f681e965d6868d87bbcd20cdc48124e45bceca5c3d6e49eaba2d726948b181da772c74026af8320bf409f", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "13c56cabf679ffcd59c41f3fe18ee4993ac4accba74037e01aafc5c0e79d8524", + "r2": "2ad00067178fed38af012a1db49065e0135f7514acb184b15adc2f3bb3439c68", + "e_Tilde": "1bd3f8284098f0c0f5866aef55b05d982b6669570f496e633dd13c7f0e9ca87d", + "r1_Tilde": "727dc28ed4618e9fd6de9b0b0892176eb5ce745aaf927b1f1c830d0222ec6d89", + "r3_Tilde": "14766b8ccf4e93a3b457942a0d1892689c5d66cd36e67b8761fc9fc06521afda", + "m_tilde_scalars": [ + "55cd78757fab58eb75a8260d4a990233ab996a1be803cfec1071981b037fbfa8", + "5f22ca14b29e8217c2d80bffadba8fbe0e9a72b08676d8805f494b01ee0a322d", + "18916a46f8255442283f133902d5f16f4cd583f6b8e68b4f2651ae52792485af", + "39c6828e74bc304f475a70831781de4be5e876fd5a34a34df553666c14c1b600", + "54715e8092608f37043d85c2829eab964d0c8332ee8c0e1d31991394e367adab", + "377db8d23e45a90c39b57b9042584b87e0e870d00002aabd2e2b7432b1ee81fe", + "456503806bf43b0766c629e5fee11956ed46232049e7a4fd29ec9f50212ceb88", + "1c79c4fc9e4f696101ae41ba5728a14a54fef180e92c71471e964c8dfc1813ab", + "4c7fe9d2f777bfcd1cc185d8c252f75c4512c3ad796a665d8737c1fbccdf5246", + "58e4f89934eca37018857c9967661294a68cfb4312214696a9e060d96a6ce3e3", + "64b1632f96a49fb49f00d928e840709b24f33706bab1d72a9243b6ea011d3fd6", + "649304c1378ee20264a7b95c230b85bac9d18fd379b4e51dec087120e7e53201", + "279980776234a84dba380ae7e83241754b68e55c1fd9ba31b75156f8fcc6cb2d", + "2d11b81789c8bfaeb419a1f436dc6b7ebc82e6cff7994973ae549ee014c715e5" + ] + }, + "Abar": "aa1d03daf3d029fe663162065bf6c56a71261409c0ddf3934e7c2e1969a5ab710f106bd66503dcd453e6f05e2774d428", + "Bbar": "8b6efd014709a1f1f0f4e2b365c663fba2683df462a57eb28d46344200b836e7519a7efaa8e8fb88ff47bd75d8064014", + "D": "94914bc998341c1bd56721e0626bd0dcdaddbe4b4f84d4798143905b81dac1d5c0b2c12d949cb6992c1fc24260b43a54", + "T1": "8ae31419ecfa654823804db04a1e1894a4aa3eb501318e32759bd3b885e9bba05b30e8fda7891bd279f4733309f92119", + "T2": "8bd7366e5a8e820696446db4b9d1238b5e35174c4033b3add031498175fbb528b88c0071e7c066267940858f0d3dcee4", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "8c00dd609aa45b37a844516aa0f1771319009062f61fb1b7620d0f8022251d1ab6de3226bf7b017c46d3671066ac1298", + "challenge": "0cdc48124e45bceca5c3d6e49eaba2d726948b181da772c74026af8320bf409f" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof007.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof007.json new file mode 100644 index 0000000..c60c2ac --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof007.json @@ -0,0 +1,91 @@ +{ + "caseName": "valid no prover committed messages and no signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418" + ], + "nym_secrets": [ + "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc" + ], + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": {}, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "87162841fd4ce826997d4fb3a416f8522e5200df18c580c5282efab161b500ba9d0a132a2b8659633757834c9e7b848baebe49b81da59ee628b8a0be8a89aabffbe245eddbbb7248ed0d5491ef9e2707a19754233fd4de25cff255aa7b896ca48cbacbc148a96779b3c38ae79469ca7ecb6fafabfc48e00d3091357e5e7b09ae3e3a25d594ff25081cbe472faf1ce03738ea41d1cb076e3c6e47e2693a7ff348d4ae67bbd58ff079b9ed4e1f66a637a1150e88a5d70c04770382e8d48fb8401ed0816e04ecb0fda641896bd8b3bde9e238531b0805d573aa878e462097cefb974fcc3721d9d179657c75ba59aada49174e06ec4760394c65ef5ee1733379ae1c0160aae2936fbb6d86b5dab7f68f6a765c16b431571a7e9cfe11973bff0b831702d9f672e7efe8c36e2dbbb66ef54bba3597faefea1b8f1907dc1b141769fc84e55cc249f45067e83e8eaf73b3d10948253df71233dde2de3f1e1091fd6e68b2cb801efe3b1329b383565c9a30f85ef50e416c1d7640b8e25ae1d13f66cba9b9489297f59836cd8d98a66b3c1ed87fb9476e4400f8601a0940e8b60a872e165cdba78d1dbcc1c91b792b96aa2d744fd14cb1cd260df872035b43618a16df1e9487464592ff46e1a4b17821e34c8362df475c8ae4d625ebe65b4e50bde56260facf410974c2dca8b2777f5a79c51404071eb125a069d9ed711821340dba34554d51a89fddf9ecd4434a3e3a04bd74b1063036fe4d36d274fc147fc637c92fd47a563b32dc23a7401504e2a3f6a1e45e9244834d7902a2545f88c1684f5398eaf787892ea44db69292df28b790e336deff1844ba30ce5b3d2df4910f112e99ef6ddb7978c124cced5a66cc2c79eeae8db2527e490420b7d1b0d613d3d92ac44c2f603facd533a77c2634d646d7910a6e9f601da71a5bf426a22e32f735837948279b755cf65985be4ccbc88481b9f828f6322b8ebfa5f842fe530191fc0d96ab61e9021e7b884fdf59def27bc1f0ade5eb63f01f6d088fdbf3ea6410794c3703e278c4b1f2b10ecb95a6919a8454af1da06c6b1c92234017add2cadab0c8669a42296fc9b1b086dc855e593c949d3b2e74351176a5ed9c6e586d7e2b24c5fcb8a13287dfd1e3681cddf24476a189b13fba", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "3073243f29432d46e7f2c4d2a7d87bb15310d624809af1b84187d93d30835bf1", + "r2": "3bfe24fd593ffdf3d01853eeda787901f8a40b01180d93c3ab47034d74582c4c", + "e_Tilde": "72926ce35802f42243806aff7114f5959b45df3391f17febbd6314298163cc77", + "r1_Tilde": "4435d299d662863415c804c810e7b4e5394db6e8c475ae34e742454a24476692", + "r3_Tilde": "54835e3860ff18cf0b1073d9b62514a3e78facde06c3eafe6eca86a1efd4f2f3", + "m_tilde_scalars": [ + "167266e78b1e98792faa161d1004860d9513390c951eaa0c38bfdd8139ded981", + "11b2f012310127e20e2ba5ccdd795832dae26f337a2ac917246597c51ba0e814", + "2a02495eb38ba3648b47a540107223ec68c8adc407495286e158391bb71830cd", + "359e618bf603979957ab4eb1d8a15f3dfad16d2131f74104023a58aa4824668e", + "0d9a9076dd68a89f31587dcf07975ec95e38f54dcee6a803102010ef2b7ecfc9", + "19762e5c3b76312bca412852d98967d5ec31ad483db5c4dc54301a48c35e12b5", + "0f86ce1283a3b533eb7067a4f37e3d4f119e56ef94eeec42ca18eed0d84d611e", + "29f8e06dfe2c1173c14aa396065573168c89b177d8a2d7ca174ee5d9289760a2", + "279f39de04874cc0abffe26fedbce6a940fa84f6d66b0ce7ad0976797139b26a", + "62ec7df765cd26dec3cdee13c42e24f0f8f8f46e5606c598e82cfe20a46847c4", + "40eaf6a1bacfd7d2c9dfd2b5d89f661bfdc5d6a81b381aaf474997312a03fd61", + "135e144adc59c87a6bfea6e571e7c91af3cdc15a97ed12a1171e168f2e2b9bf7", + "0844c5e30518175069417b37ff58748e96dcf5e9405d385be3ca276a331e38ee", + "73c0dd04f96c6539deadb2ca61c272bcd154566aa8bcb4ecddf6388f575c6db8", + "25fe71c44d29832409b11626273866d4372df93669e76af3d3e284bade276ac8", + "22b7f7c40ded108e6678604d3d937c53c7c4cf81e36ff51a89dbf4af573306d1", + "073b68cea44ee1fe91040d61af84e9e665200ed34be657147171c7131db53a78" + ] + }, + "Abar": "87162841fd4ce826997d4fb3a416f8522e5200df18c580c5282efab161b500ba9d0a132a2b8659633757834c9e7b848b", + "Bbar": "aebe49b81da59ee628b8a0be8a89aabffbe245eddbbb7248ed0d5491ef9e2707a19754233fd4de25cff255aa7b896ca4", + "D": "8cbacbc148a96779b3c38ae79469ca7ecb6fafabfc48e00d3091357e5e7b09ae3e3a25d594ff25081cbe472faf1ce037", + "T1": "ac60e0dfbef525093cdcdc55c1db8c20bb52223be6750e77476e05196ae318ea85fb6254b7522b2d7af99ff717d22dc2", + "T2": "99486f04e8007df3503976946343f5affafb92c4f4c7f43968bf20501fb0aa7e284e0f0dbccd2b8b7f0b7fe3db68b520", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894", + "pseudonym": "b04bd002c85e31d2735ee2e6b36aea85147cbf197934f99ae26a7da73b98ebc34561848426aded0967e07fb333f79487", + "Ut": "b58ba65d3ace143d167293d90c723eb87857d06509bade0cce34f1124e7007f259ff3050599b2ec5255a403d6ee1a9df", + "challenge": "351176a5ed9c6e586d7e2b24c5fcb8a13287dfd1e3681cddf24476a189b13fba" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof008.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof008.json new file mode 100644 index 0000000..c7c15ed --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof008.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "aea52bed705d0d7580df393b2fae4cf29e17ea578778d49ec3f688eb4ae9d49cd492f8703be3b08ec00afa23cf8bfa97239ff1f4238cbb129da36f620d84f4b1d19491b91af4e51fff8f2d2914872829", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "8b985e629676309d2edad1070dcf899184f73839293abaa89da39453783d5064cf1a1913809c1394a2795380e91f7e85af412d63176d0ceef7e42eae5dc31adcf0672c09b9cc1d67ac15631b661d1942c2dad78aaa308871f8bf0d6cf661099aacee06d419215290905552adb90c536b5e1b65d6cae54cb6add4277e141c5323477d3916691708c63ff8e7de3486b55d4571f805657d1a246175fb5e2ee64285b94f2d6d252fa722590cd95a8b839f172d9592b6566cc77d66af8bf456a805f6195ab0eae5fe059756e2ed0e250a0ab92d41f8934c35873920d09b7fca847a9dc72152dfe37d60afce834f6abcef1ae82b78ad4d0d90bb8e77f92562f28c14eeef28e73d0c9ce7017bd0a897d9857f505159f3e882e3f4b37abd5f8b80e48acd9d7e9ee5538b0fb9cbfd90f1a1f5924515404d824fb75df0ea53db33d127c2b8c7e7156a59d8e16e3599d9ff0b869ce8214bd15ffeaef330fdbe23ace2d7989a3f8c3a285c7fe1e39a8dda9716ec449005db2cefdd01713139bb0e23d0e86d8a944760ba8e8af4416150afacb1ca461f1977fca74a411da8fa1dcb342eb56a2983ba86da04513b146cc3dafa14e13d7a686e6532e3fe57cfb0e2f41af7cf413a4d2e4ef50fa110f4e1e5679adbc0b1056c9f0e0adc517cb05a1c06a4913d95d954c38a663d12a17ddb76c687c241bd210a123ef9f1aa6d6e13f8deb4b4ccc6b63f81853a73b396ff791828fbd73a6ba826c146c4aed202c437f3acb51a656ee53cc174cfc2a0b04ce4c9f6ceb911b30231403a86041a03d089e5c2fce8790ed237081c01a3443781e068b2dea23b1b885239a9c4943eafed30f60a4e33d993ab26c21c8aefb46006410eaf44ad5154db", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "143f08e576583f264b72129ca9892b9c688e13087ed3d9509f85c43120eb79ad", + "r2": "0217e712a7b1f6b5e65590f3f440f9d9ed25b76e065294fc728b866dbf4ef148", + "e_Tilde": "33b25342e7badf42d6b56c2d2db9a20fbd96b87ff39d8cd471142f3209884944", + "r1_Tilde": "097f8d774312e72fd4f29f2d5d9d317b3f12942cdb9b2e9be3d191afe5cb8b2b", + "r3_Tilde": "5a77c4f0644db0007295cf51a6a31457573800802640c2b1cdf28e8ec2cf6a9e", + "m_tilde_scalars": [ + "0766852f1fa8f06c12dd87e3bb6f85162d2fcd7af8e9d14521b521dde5ff8705", + "65afb4d1a56075f316f72d2aa86fb9a8379a6ea1d47be68e55eeeb6cd176f0d9", + "04a0b83f6d79bb19a9230a7f3cfbe70a81371490dee785cb0a206a462f9441ec", + "4168e396ab4deb71c39e12e10ee26d8c0b8b56b136e78b64abdf0baabdb4aa4f", + "241cceaf36d43c7f1d56264ac98e7c35fcdfb5d77022334224fa05e43ab72e23", + "59f396acf1d81dff23ea10d92dd718a0928fcd4f90585352b9f628df4904808c", + "057f3655600aaf1efe069fd15d1a8ed4f6b122fd3a54b9b2d0db6b7edf7cbfac", + "2ddb9f0733eefa0c47edbe47f55601711d2a1b3d13c6f07747a4f6a7f9405fb3", + "30d19e2d1625799e21b7dc2b8cc08376863b7b1370aafac151216ecd56985814", + "6f5c1c1071faced0bbdfb5e382ca6a0c62adf679128361ba48f890aca65fb340", + "496c5273ff17a2219473e75c203a4ee1210d43a3f31bbf18dbd262862e073bea" + ] + }, + "Abar": "8b985e629676309d2edad1070dcf899184f73839293abaa89da39453783d5064cf1a1913809c1394a2795380e91f7e85", + "Bbar": "af412d63176d0ceef7e42eae5dc31adcf0672c09b9cc1d67ac15631b661d1942c2dad78aaa308871f8bf0d6cf661099a", + "D": "acee06d419215290905552adb90c536b5e1b65d6cae54cb6add4277e141c5323477d3916691708c63ff8e7de3486b55d", + "T1": "b77903892887962f261dfe9f44da389ef43a3167fd876a486b2c7bae269523bdfa2c6392813d8a0cdf296e3fb807301d", + "T2": "961da89ad8089d1473f8c2c9c96e4f5bceb5af20af2199d64a20f6542f680a53cfee31db79a4f3d7473915707ab2d449", + "domain": "2bd2649820a8c5f9dabd701f2d597d77eb84d45fa960e691813fc2b360e5ac19", + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "Ut": "868134c5636ec27ef43013baae499400eb1b54d82dadc045af9146f1d32a82da93fad1016d6127e83b294fe5e5b82379", + "challenge": "5239a9c4943eafed30f60a4e33d993ab26c21c8aefb46006410eaf44ad5154db", + "OP": "83f72c76d9bdc5765d0bc3bd4e1c5fc0428cb894fe53a62fdad80c28d295005b0f378d637bda32c1aa3df77c6d3ab884", + "poly_eval_pseudo": "4abc1446337c9a0c693de48da7584d27f5246ec26dd50e0bab2e1de85ceb0e17", + "poly_eval_proof": "2ba893dc6f0b671a0077e2800a002e5e9e735a2dcbdc62629371a177dfe04480" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof009.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof009.json new file mode 100644 index 0000000..3cfacdd --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof009.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "aea52bed705d0d7580df393b2fae4cf29e17ea578778d49ec3f688eb4ae9d49cd492f8703be3b08ec00afa23cf8bfa97239ff1f4238cbb129da36f620d84f4b1d19491b91af4e51fff8f2d2914872829", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "8c501aa2dd099a29fb1bd6681f5a2dd88af54e087955f816bc52bbb287fbade3aefab06a13c7dfdd9706b235451cf563b74ba8a0d9879e4e807964ed323118439989e4ceb1b80238b61041d569686f400756a59edd6cda830dca5e04cfd385fe82e440b2535b3ac30e431e4d30789ad5b00217f20dc65a75ba6e3940b28172b9e70c18abe5d81ced11c4e2075c2680f943f59d1bd7c531679547852bc53a6387f49d18bb4e64d119071bedda9745e08c4ab30515e539622018e3bf53f3de057ca6a2e04e7fb47b0a44f9235b76831cdf4d35b996a6cf7c6b522557071ffdb8d873f4b2f38d8664e96090f3409694b15c08564e3638459de8d3a8f93311ae972da3cae72e8564b0d6b24810e8949846033e7675009b552f5ddf5af3ce7b8ad8af254a7bc951bfd19154094113a459d11303021bb1e30c5399952772c6936905a0e4d6abfbf77edbf85080fce1ae98035d67ee716660f730090eba5cc7d96d2ec2531b5fa58250d689f8062106b7521bc76f74c91b4355ce23abc43eec9fcda60e00e5cf96d56a1688ef9f5c82eebb71776124a231af226b6ec6f3ae3e418d572a6e105bfb4b9ca3b34d3b598977c9033160829bd368d05707c20f051981be741f05301854e47a6b61add197775ee3953d5afa2c4652080a4c39b5020e44a4018de06da77fdf30311d04860b47e4238c757065728778f1250c84b62e112798cc8c797c0e915132675723adba03dfc7ed8170f8d7354cd08c79286fc51ca71afb57a15985eff31bae0154a9a95db2ea7a361a4747e712f3ea26f924f73beb7906eb34264f0cfaef767fcf3c3ef54feebf1c4b585a850a7c3fcf7f8588582ddeea0da592fa269248f2ab669e2fe5652f7b471ff2cd6fdc65f08179ac6dec973eda06c012b8f3559bf87629e23948fd1113f93123d77ff331522f0a1dc547707b87e2eb454bb2dccb3673fa6e48364e34b00c", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "23d8b41f82e80a32c4606bf7198b6a85bfdcbb9a87773a54e668aa6cc50f4b60", + "r2": "259cb8451e183911fd32701689c8da084a351cbc878edabb5c65892f5566cbee", + "e_Tilde": "0750d611202174343211411eb9aeb18d6b09057c51e9f9524cf1ec29a845a4c9", + "r1_Tilde": "519d28834203f545ce2e917b1428e59f4ca3e716351c2f03b9884bf3b84ee5d9", + "r3_Tilde": "664fd86f51bd56079f1f58e8f29881ca6881f9022b267a0842eb9bd66d8ff116", + "m_tilde_scalars": [ + "35c21b4641053b0e351cecc6b4f7aa9687771ea67785ba51ddb13ee3d6616344", + "2dec7bd3fcd718500184d41d750642b55d21ea63b494bdf41011dca9d7075b57", + "277ca0dcb0183675a981bfa22e2ad09c8a61b23761575078374a9df40cb63237", + "3376f31a419eb425ae5375029f0f1caba349467ff477c30aa6a577ffbabc162b", + "22808132ab0fea4b85a2b6621abc8f2e78b65f3417db2e8350bec0a5d02f12f7", + "68b417316ece357d32bd0e94f5211a900abf5888ec25ad7762d40413d45a6ff5", + "668d12f5ef2c391c0dc06f1f2c1451d710c743311cd213c268bd7b41085300d5", + "1f45ce8d90d44399aafe97bd024636747766b670004c366af6b19dfd211fdae9", + "304b07fecf8dcc052c29b4d52934a031d4abdad430c4bd3ccc65028d4e26da8f", + "02d05a55bcfe243c268154cc03f548ffa461f84c4087c7bbb6284e4e07ffee53", + "3e20f9d1709e50cf709530e4e267f544eda9c4b9e214e4b133c20cda8477ffe9", + "6e41035b050e5ea1f97bc975eb5a63447470bc24639a7f63269e8b3f5d8f94a3", + "31dad9cf8ab3482296a766c4c6e2a97b2ad9e83cf8c83755940736235bea6e0e" + ] + }, + "Abar": "8c501aa2dd099a29fb1bd6681f5a2dd88af54e087955f816bc52bbb287fbade3aefab06a13c7dfdd9706b235451cf563", + "Bbar": "b74ba8a0d9879e4e807964ed323118439989e4ceb1b80238b61041d569686f400756a59edd6cda830dca5e04cfd385fe", + "D": "82e440b2535b3ac30e431e4d30789ad5b00217f20dc65a75ba6e3940b28172b9e70c18abe5d81ced11c4e2075c2680f9", + "T1": "99ca8e8b6c50eb51b5cacbeeed6559a373dc2c234864a37ca511af7292be35ac2605190ee727d27603fe0a477a077584", + "T2": "b65d0e1c705c59d94d48986b9b59af18515241c931104992272f1850c88e81fc6cd303be434abeff9ac9211072682801", + "domain": "2bd2649820a8c5f9dabd701f2d597d77eb84d45fa960e691813fc2b360e5ac19", + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "Ut": "b0ebf8c20c02f90cce163c05f46c59842df740ff410c52e5a4cd2f3b0e9f827f9dbd19963359dcf01a0421ea4c518218", + "challenge": "3123d77ff331522f0a1dc547707b87e2eb454bb2dccb3673fa6e48364e34b00c", + "OP": "83f72c76d9bdc5765d0bc3bd4e1c5fc0428cb894fe53a62fdad80c28d295005b0f378d637bda32c1aa3df77c6d3ab884", + "poly_eval_pseudo": "4abc1446337c9a0c693de48da7584d27f5246ec26dd50e0bab2e1de85ceb0e17", + "poly_eval_proof": "3f6141d856fca7c3a59f3289a7108f24b0a603f2bfd258b14dfa6b71c1ee4893" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof010.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof010.json new file mode 100644 index 0000000..3898a6c --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof010.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "aea52bed705d0d7580df393b2fae4cf29e17ea578778d49ec3f688eb4ae9d49cd492f8703be3b08ec00afa23cf8bfa97239ff1f4238cbb129da36f620d84f4b1d19491b91af4e51fff8f2d2914872829", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "99d3584a494c2b060f7b9d96721c204e1578c91a72bd65dc2cbffd1f0aa6ee4689ef7813743df2d85dddf3cd0abc75d1af87ddf9a41fca0c97eafca5f436f164da639206b0ca71a9f854be54b65530c0c30677db9fe3f08ffc18bc138d0a2bb4b8ee2cfa315e3d5e075a72010c54970007d889dca16d5949ee0aec926f064bdc4d872d3c688373886b2e35111f1c687a2c0f883a0b92cabd9665ba7460c6aa5971117a71e7d740bdc09051b80b21d0124bfa99e55bec1ebac050d9213dba13ae5842596ad2157de87521d0438742d4a9580f7956b9c6343a502e3bf96a02e6e190988d3b69f940e4f9f3a0a80e8c34c32bc780d4ea7f8dc753dd937d1ea64cdb4adadb944634ebd5a8d8b38f69cb5f076dcb222d8f0bb8dacfdec6919afda09dd600696e2563ea278cd6db0bf8b7be8c3840d1fccd4ed1139a735b73568c02f261133f23049777e05851b71219ea168263fdffde499c37fb1bc7a10dbd16e95724234fef76c96315a656770ec9cc5b9035e7737f78ba0ae5d6d2ede6009475d8796ca2172dea334554e68bc4a2442f95347610824658cc213648b329caa8c18fd69cc0e5a34a3562cea142a681b1c2ea11592393220f8d136aed2f384a72234d4819a8dde4ee2336acdd940195bc86fd0de3ae2b0bcc5eded06f623173013d7d11aaacd58049808ffd8d3df24d8e29071ce40327cf1755039015fe03c3a39ee785ddb2f1b962d1853c53a8948540bd96614384c9ef61ad6c3741b32561e481b31774a201bf130a89240a556b0ebc84dc2dbdde1c52f6b605d86a5c0d6a12fb794b3d943d9dd3032d510d8576756192af0f1313f916f6ee0ac7323b569c71b8c41c36f9228b27d6436be1cf550d15d9130e6a020f3f58a9cd4f91ec2824bb575f8e665ee83101c1faa0738e2344bba744434ab78f6438c741e36358ecaf375340173cc57a9991499bc24a7dfadcd09ae96fe4c040b8e02d847342717976cb14ac2889819720a0b9b21569db15c3d0e2540f2404754ab1441c0c6865d1028994f7519620db08028475fd20449b3e29e0d96001c0414aaf493b2f483253962061f380b6bb9f89fe9b20fe217b3577f2324b", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "60d345d6f2bf3d7b6734145a0a1c84731771d9fb8f2caa849dc33a3e1ed42906", + "r2": "5fd44fc64975d153f17a73ce413b86211acf63e62494ae73a0865f068588fb02", + "e_Tilde": "6e3fdd342aa6c154fd11ba738e191c54f9877522f4648b466eb4ee1d301780bb", + "r1_Tilde": "3da42b3641758dc3d8bce1ced15d1fd1d291bfd533d11373248082eca6d45d9c", + "r3_Tilde": "01be275b265a083b2b8a1ba7110576e28cfcad346717c512c3311ca403168120", + "m_tilde_scalars": [ + "67ff540238565851a1f98c6357507be2da16884e44ae26fe4d0a0a8607532fbe", + "5de3cb769cc629a9ab21fe29bb7acc06cd5df979826fabe26b78cc9ab67a32f9", + "1a14acb3666d2d123db8d19ec473dd980cb1100532be1abda1b941668b43ff28", + "4f03cb50f6a25f1f7f277682ab5965a772ac0b24e9ad2f1a7b42a047d8d7adc6", + "11ef78647f2fbdc57f8d29cab816584920596bbd3813d2ee7df7f44b24617f33", + "4d7fb091d8f42be6fc0fc0401cc5ffbf0da7aad8951a451f26abf5820eece429", + "03b576c0e1b8063af7f9acc91784cb062920820e9b2d4baf11d55777d11e2946", + "5c8053e4347ad1c5f600a7d1d5aef448dc0fbbad6204430486c65e7216c18a73", + "4b81ebb73b19c698f62d0fda7505452e97382b09bbe7821ef40fb1f3b3f26172", + "1ab69f6373dcf9d87b75f2e140a34345a92f7952a44436832036bf6bc4fb3b75", + "0f0059e68095e5edccc546ac5312234ed1d6b1ca65c4b13f77dc1b7bae4623a2", + "1372682d7f0522cf87aa4805f43d493c2beb7784fe9875712480a5bec63a8b69", + "366a39b41f91f2f6faee881f06c1077e9c65257fc75587353880f6406ff828f0", + "4eac85d64994ff0b48690a25055eb62f0f0b4a89095c54fc1b08fb7ba0e90eae", + "475da477f48d661e2271eefd16d7437a64f6ec7a4cda8deaacdc9c6275489fe2", + "3a9be520243abe976b50d5ad343692ac99e28d3d11e4e9a5cd458316d097ce36" + ] + }, + "Abar": "99d3584a494c2b060f7b9d96721c204e1578c91a72bd65dc2cbffd1f0aa6ee4689ef7813743df2d85dddf3cd0abc75d1", + "Bbar": "af87ddf9a41fca0c97eafca5f436f164da639206b0ca71a9f854be54b65530c0c30677db9fe3f08ffc18bc138d0a2bb4", + "D": "b8ee2cfa315e3d5e075a72010c54970007d889dca16d5949ee0aec926f064bdc4d872d3c688373886b2e35111f1c687a", + "T1": "8c1bd77e2f93d1d39897bc47d5d9e0d5aad97303446fb73b6a1ac44c0d139c6481f960660d375e0be5febcc9cec1df9e", + "T2": "b2d89eef9c182837b48c2ef4c32e2f66af5e3bf8ca849040819c2510e3b49224e14f4041b662eedc1e62e45d83223bbc", + "domain": "2bd2649820a8c5f9dabd701f2d597d77eb84d45fa960e691813fc2b360e5ac19", + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "Ut": "b9b1e21fd8baefb62db6d56a21bafc84ec72dea9e5f2bf7a95565fd9602a45806894823d4a525b59927d645f5348e0ac", + "challenge": "6001c0414aaf493b2f483253962061f380b6bb9f89fe9b20fe217b3577f2324b", + "OP": "83f72c76d9bdc5765d0bc3bd4e1c5fc0428cb894fe53a62fdad80c28d295005b0f378d637bda32c1aa3df77c6d3ab884", + "poly_eval_pseudo": "4abc1446337c9a0c693de48da7584d27f5246ec26dd50e0bab2e1de85ceb0e17", + "poly_eval_proof": "1414dbcd80e2b665d2003e711a6e1f01948b169c1089b291fcb61136dcd6d294" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof011.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof011.json new file mode 100644 index 0000000..b9554ab --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/proof/nymProof011.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "aea52bed705d0d7580df393b2fae4cf29e17ea578778d49ec3f688eb4ae9d49cd492f8703be3b08ec00afa23cf8bfa97239ff1f4238cbb129da36f620d84f4b1d19491b91af4e51fff8f2d2914872829", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "b11e9c133ad81259bbf460315af9a8a8096c3dba4c67d9ffb4506c0cc235ce458f04852a03cbc852566ca8c94caa93af93f21078a2cfad67c7253d26e28d969b37d90c021c25b01a88819d71eb4e116e4cd5b7e59ed2a2eeb143652547b4b7449115162740ba876807274484d987e9227814304e09eebd0ca6cd1260a491b6ea98acc21d62d2626b1accab411d7339ef358e12b6b78efb2452bec469e3fdf9cfc29acf749d6457bf4f2166b7d65cafe354d507675c25bdba040dfdcc3a347ce1d37f9aab013902cdeb10b557c43e5983266f36c1fb0df4948d7a6a47532f1bcfbc17a6833c8a924b9a805b19d4786dc263edeb9f298ad624b99de34c263711521117fba5b4315e8619794ed3d9adc97f43fd1b96f48b35f5663c8b0bbd9324d8fed1041da2ddd2941d81df5631ce57f74547e2b984829ba98e121722efc2be9574c374096d81d0b631f5ebacc89abfc020f8d1642208521af75a971b971dbd68eec5780b03415ba41de9bde1f4e8847d08c06db1950e62b3bd4772c44b5ebee56c33f2c15d1ec5f23c0217a84da9392934782363411fad1aa907496fef49aabf835f820ff2afa2abea2b06784f79bb802890e29d4bfaaab97f3521e6a4e7d8af470a81316dc92395b65f7f122042112b39e8225ce3db322176415986786ad6834b508916165bf608899ec8a6669297e819a940e4f7224ec8abd221d8d89ca7cd5f819cb5801338cd552838d03430a5253f7aaa3a3b5958f808265621127f0757a0afe501d6a048a9d4159299ae2e68a10a651af8f696ecf3ce13a336cd13b8181ee13d998fa2f59f3664636dcfd074322e23fb945ae690bea3c17da9dbd8d201de390023445d3f632bddb5b70f0c793b3dd20c711cefe1f3dd79fed105bca1a1bfc5aa2d05349261c1bf94edb98dc70b0ba5b0541354a18f4104aae46337a022ad459dd28b641c91d9b2df2dee70f3924161bc358847dfc0ff5643dfea4990080efdf0ce0dcb45119dae1d4fe82b7c005f7e714d53d055dd2fbda61885cd3b98caccc876cf5c84d002df4406c869da2f3bd8f28c2223eb0bc6e80bf51349cc73bc463e5cc1abc9307278ea3b18a03bca6573f984d298bcb86c4873771b589c5a54a7b140787102185c919325de126642123c412371088d155c68b2fc4948bd1a1d4bae96fbfdb9b04516d4f41c13a405", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "414bcc4ac920da4a01535ab8d929b2c3628fd6d2828eb3a3f2736d183db9e0ef", + "r2": "3f586bd262fca990f9ad2190514d4e044cb2f2989d7ed84e7889997430bdd41f", + "e_Tilde": "6d51915af5c1b15bb92d981458f2a8617daacd922610abcaef01bc83abcc9f6a", + "r1_Tilde": "71cf6883e664eb57463aa303f035748704b01b3ad1a351ad77e7c4dfc8d014d0", + "r3_Tilde": "30035eeda39dc9961121f2573b48961c97dda02606c3111a4ac8b9827881f9a5", + "m_tilde_scalars": [ + "136c4cd2aae1a84e6c62a6d5befb76222ca2dd1acd09083a8dbffc0cde280a1a", + "53a03d8a9c60e1c70dd6a180be85ace25b8eaff37d708cff2b9f940b97669be1", + "4e7b63fd66902ccc748e63210fbea67438a5ab7829ed0457e1b31b2db20237c4", + "3476e2c7d88ab3dbaa6133827591970c1189d5c911035d5d6f5cea90f1de8e99", + "25de59b666d1e9e20a779fc4c754870a4e5933f902895db5c8bf32ba95cf915c", + "696a07a66c9a03354b0a630df775933db57666c38ad1378736aae94b06b54e70", + "08a7022edb981f636bde984df00c9beee9b506173711d6c930d84a3a039dfbac", + "3d50f6590af8739748a936a5b59e6b2992177055e7f5669cfd4667451edb1a58", + "43f1f0fdc47da27035228e3ae48bd4cdbef9b4ac069bb4e219d19e73ec21fe61", + "3bdac2179d3f88c8582b03d214d865eff23e833f60f96c61e84fc0d8f77d3aed", + "2383bbf712ff4737271177d3c5e06eb7b66395b5705d7e0577cd88fc48f124a6", + "071e27bea3f87d90ef615351983e261fb0a73af04ea4963f7ecd5012f9312d4f", + "163151be5fa1950cced3b7a059b9435da9c0b14307f5bfd97c398d500361fa1f", + "4a86b36a83dd399c39772514a11b5d37bb2e0adbf906149a456dbc7d09b87065", + "279bbef12053c1d6bb7f06c8e31b4d4f079642386debf613f55413fb7ce3dec5", + "4ade8c03e15f588dbebaec83267cb6e48ed2fc5220d33991502ffb3ea07365cc", + "3b57cd1e01b7289064943ba1878d5b142a962616712e8a992cf73a1c5e827cb9", + "5106b2c98d91f98a5a2fd9a4b6991943ec017ce7df2fe85b11cfb41792f39033" + ] + }, + "Abar": "b11e9c133ad81259bbf460315af9a8a8096c3dba4c67d9ffb4506c0cc235ce458f04852a03cbc852566ca8c94caa93af", + "Bbar": "93f21078a2cfad67c7253d26e28d969b37d90c021c25b01a88819d71eb4e116e4cd5b7e59ed2a2eeb143652547b4b744", + "D": "9115162740ba876807274484d987e9227814304e09eebd0ca6cd1260a491b6ea98acc21d62d2626b1accab411d7339ef", + "T1": "a5b2f6f6ce4a24102e2944fde54ce9e74faead04693ae386ae0620a4cd59f3f7a3d8778406aef97e3e94ee8f347257e4", + "T2": "8d470cc16607d838e925bd7ca70b3165db23feaa45153317cac8f364faa18e3272dc5ed073479675d4924fd60f7650e4", + "domain": "2bd2649820a8c5f9dabd701f2d597d77eb84d45fa960e691813fc2b360e5ac19", + "pseudonym": "87ff975d2c107aa3b8c26c5e22b54fee0a25fcdfcfcc4f8c2b62c26f80269f7a52aff0cc3ac6a5f37b216ba2c70b1cd4", + "Ut": "906cb047dc9e5fd32231da7cdd5ee8a7de986932685d85a031486a48b63814b37432b5e6c19769e7c17a5dad6b3706b4", + "challenge": "123c412371088d155c68b2fc4948bd1a1d4bae96fbfdb9b04516d4f41c13a405", + "OP": "83f72c76d9bdc5765d0bc3bd4e1c5fc0428cb894fe53a62fdad80c28d295005b0f378d637bda32c1aa3df77c6d3ab884", + "poly_eval_pseudo": "4abc1446337c9a0c693de48da7584d27f5246ec26dd50e0bab2e1de85ceb0e17", + "poly_eval_proof": "2146ce7255293c618671b151d76a27a5205b52502116099de578f4a5c7cb7198" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature001.json new file mode 100644 index 0000000..f82136b --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature001.json @@ -0,0 +1,23 @@ +{ + "caseName": "valid no prover committed messages, no signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c5c2ac3247080eb71fefc7e9622ffae372425a699a298ba991a0bc5c6a3d9211347d0ce98d5c0550667269df1fb81f8fa30c07d4917c7c0786411ee5c05b00b9d501d3f8e244b860b7b11140cddc9787a3ab54ec7fd0a8950dae339f396f2641b", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [], + "signature": "aabc3014c598f3cd8fcc162950ff9aa9ac93c0877d33d1cc0b71b31964e3b109715d5af307e580b498b0ec8c0b8f848028ba9d881be84bf405295f27f02131028498c50c4fa3f6bb93483bf676ef1f1c", + "result": { + "valid": true + }, + "trace": { + "B": "8b74e51a16d305b01d3ca60329e697a3cbc8f3272cd6d65d398b529656b5159f9589293b1ba4507d8e7eec9f2d4d1a79s", + "domain": "01b0b85ea47afe36f772bbce626fb8064f85a3aa6233c33776194a170f45fa61" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature002.json new file mode 100644 index 0000000..2bfcc60 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature002.json @@ -0,0 +1,29 @@ +{ + "caseName": "valid multi prover committed messages, no signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "88b2a07b490f81f8be334fe30b4034f90bbf77d7ccacc488fa8bfd7d98996f95ca7a02bfa5fef4983240f80e5956e7836b4630d6bc54a0a28b246bed38f83b0c4bb378ef315e51b581abd6d8f3a6fded", + "result": { + "valid": true + }, + "trace": { + "B": "8aa0835565a69418b9010e4e2cb82757a97c729d26ca8227863941659a9a37a14728461dd0a6f5338e2acdcb34498c84", + "domain": "3f7830ef29ea1742aa66c15c4b9748ea8b1bd40a83f2204d419c4baabdf8b31f" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature003.json new file mode 100644 index 0000000..17a0ef4 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature003.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c5c2ac3247080eb71fefc7e9622ffae372425a699a298ba991a0bc5c6a3d9211347d0ce98d5c0550667269df1fb81f8fa30c07d4917c7c0786411ee5c05b00b9d501d3f8e244b860b7b11140cddc9787a3ab54ec7fd0a8950dae339f396f2641b", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "signature": "9737d3d2ae17d170b3320329df8af1639b41ef2251e07437908786fd6421465ac46f98ff8091455d5bfd9394262a818631b7034648ef8a6c940a0b8232e7b160e4e71d8c676958b2d587da285bbf890a", + "result": { + "valid": true + }, + "trace": { + "B": "b6c39d33218bc3adaa6cd9d5539f51c66c75c30ee129d7f981e135c0ee5716d60cb5ee82f709224e0c8d9efefa778a38", + "domain": "55891afaaadc4df689ca0d112e8aef3ea38b4256db93226ede05546eb8f1daf2" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature004.json new file mode 100644 index 0000000..d1ec6f3 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature004.json @@ -0,0 +1,40 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "proverBlind": "15494ae70742a6a4f420106c79ee405c138557385f3f6f7256449d147ebf22b8", + "commitmentWithProof": "99efccc0ccd91efabb8821ee33edacb823b1dd999682aaa54f38a9c4585e7e7aa746357b2842d38c008f6d732dd501c70eed41caf3eafdd4bb6151ce2c0289401c7d13381e7db90137d7aa2a64224aa2499a4548b2654481a2f0dd16d799116fe41db7b7a5c3ae8b1c64bef6a89a46f5040a5178d2e1126f7f35189f0f6cea3803e679ce92eff73856b164425ac4ff8405a934f65ada8ccbe21558ab66db113662ea17ce0c9aa0280db20dcf79301c61269ddfdbdcc22025b85f7089c4ebebc224a938b745daae833ac4698d9d32bfa8382b4bbb2679ae232d2f6e8e19239e6ea919665ea736b45a61bbd0e4f4d7431f3038c3db25833b9a0cc1a7709419ac241fb6f02ee13e51101743f1983d3fa69b5d344b984c48a265ee6a7b0df8450004ceec7c1997b859be16af624e3da2cf44", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "818f434f737d58ed13b7cbb53885b7a19fe9b4b7d7dc34d8fcc53ca1bfe376bd569053d8733a89b97fed23da4a04833c57ce2b42cfd0d60e1b862f7774431e80b0ed910a217f37837ab90a94dc1253bb", + "result": { + "valid": true + }, + "trace": { + "B": "b677b21f402d69919483418900e0647b1a73aada9e081808b313cf5f83c43f0522b8682857659aa7920bb511ef4a477f", + "domain": "18a554af90e12ae7a81bd511901abfe1cf882387033796cc47df19b244a15894" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature005.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature005.json new file mode 100644 index 0000000..4de9631 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature005.json @@ -0,0 +1,56 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature, 10 nym secrets", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "34f0399aad9d70410e368a37d7d1c8e70b9a788d0d6093191f5a266ea75c5645", + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "commitmentWithProof": "83d5f3f2f5367a48ebe534215bf9b76a632b3ac271556c172e0dc02c6171f263ecc9fc2b88254d130138214f22341cb11e4b1fef3a435cc3c8670bdde2f6be330c8ca1d055fd438b186294cbd933ea984f89bb721ba94eaab2079300606f0bd247e572e2e7d17651776a126490e9899f5e18410f24a1fb3e30676ecd93a1a9be221501b46154e8dd69e41cceacbd835f5a8ee3a663ef7f54bbd7256329cd7b120b1c8b79b535e3056cc423a78ddc68d048fde63c101d395ad7cfb1f1fdf2a9784e9ceafaae3f4a494b34429454b5801122a3cfec42cca7a257da0522167cd2bfb8c0fff3648a464b823ecd5ccc121c8f3e2d327d4302770dc7b51b23073595fc12a14255816566e0d86b0411d517459110dca39dd3829f662cafaff2b84acda030925c6cb5b628740813d6128578274553170651b33bb6b3a008e9f05bc5c240d6acd55b7bd8149157e9b48257230ae53530cd27bda98884fe767696cd9718d213e3f227993af64a1c4a8d2f80d6e2de66462aedc2b9a861413f311a1a8c620b21af703d9beb2ee5ecce75d4fbe56c85728dce09b1f3a16bc1093e2b81235bcc9cc3b4464eb8c60b644657f98b2d73bf", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "signature": "aa0286075cea84b31710a5543bc4bdc0f070262be278afdd990740a06fadd5f492db53247cbb7e50244bb32034d6d23d22f18aeacfb28f2d620854c0021b8a882014ee9ae870db923b787757e746f468", + "result": { + "valid": true + }, + "trace": { + "B": "983e6635cabf2d7565b31bd50f9a73891aeff2c9a7f2234277accc9b46716811fafbbc05a699b7e4544bd2c27a65bb57", + "domain": "2b847b9ee94b8cf3fce5efa877f668d3be61f0d8499e44ae31fdeaf56f3f6510" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature006.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature006.json new file mode 100644 index 0000000..5ad067c --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-sha-256/signature/nymSignature006.json @@ -0,0 +1,62 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature, 10 Nym secrets", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "proverBlind": "4068c9f3e1b9e0f64be76b454501f7c63ac206e8c71fe1dc5b9e14e50a718b07", + "commitmentWithProof": "b795ef403f8144708b55eddec82463846f7682027e151375fd5186a71d07fdf9356d9681308b07e4633e942f3e1a83375b1e134319b0827669153ea4f6fcac3e2bf16c60ced2c8d253712533871bdca73d5b0054d9d2a7e71b2c9c7cb70cf051aed61c756f11858d23f8c31c77a97721623828e723c3aa302d62d5b6e440f7309f821fefc676ab79c6cb8b8c2294c54a0800a82bf4b7f0414f01f5e06c3aae9cd754c792736cf8b4fbf00e268d07ef4c40ecb02f29fa9192a613c9ec5e6863e6e6f4efe7d3c6019ac8f51783b0d7f52707931ac3545e1c9d78f323c3f6f0216f70bf5b64e55098192f35838d0b2d492c5da4b219bed0d31f84f313d77bfa118b3ead6fb458c85468c3e3a030e1ba7ac00173f2683eda92a11fbd0855510a10db27cf6aa004c04c72055dafe7b5c9eeaf4492ab8be1d50923fe76bc27cb58d6145adac19fb299f0ca8b57910839f9be224efa211b0eae0f8b72eceb94a567d1df79cdf6f8f9b9c926c9b169abcf2ec1dc661f9cafa1afc5c0fd9b961a9e8adae8f2ac2eeb4d2062fc652ecd1ab57f0a655b5c1ebe9066ef5e8d7acf51675a9e96c2d466b269a4c69f03d01a809c6f757a59846e9cdb0c4850fff6640471bc8057a2284629004af0401f240182b938f68527a15cb14768f5a15b38792b45f3540f03e7c0fdcc76e14a677977708e171e481870daf4dcbfdc08781032cf07fd729347f9949e4447e3625dec4903dfd701f43e662de6531d1f14c07b8cd9204216dd1d845c63ec94ceb83623047138261ffe4208dc90f182e27c4fc2cbb2e56b9e52d1548334df31f1bba1a724aacc3b9bfc", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "aea52bed705d0d7580df393b2fae4cf29e17ea578778d49ec3f688eb4ae9d49cd492f8703be3b08ec00afa23cf8bfa97239ff1f4238cbb129da36f620d84f4b1d19491b91af4e51fff8f2d2914872829", + "result": { + "valid": true + }, + "trace": { + "B": "a03f66dede924340bc5b307c77ef226426584a04c8f1a5dd80e07a3cc7af8794973d4ac8d2d0977a8c9af8ce170b6708", + "domain": "2bd2649820a8c5f9dabd701f2d597d77eb84d45fa960e691813fc2b360e5ac19" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/.DS_Store b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/.DS_Store new file mode 100644 index 0000000..0ac3e6d Binary files /dev/null and b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/.DS_Store differ diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit001.json new file mode 100644 index 0000000..4ac02b4 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit001.json @@ -0,0 +1,24 @@ +{ + "caseName": "valid no committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [], + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", + "commitmentWithProof": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde4753a18a8286aca2bf58e8bb9a3d77a3e0052aefc427e5e47b666255e53cfcaa7d34d36adc13da01798b8eb041652a57c3b595ace54ed5eee43370c1697eb5ce996020d88ca5d811c011cde10c6c07dc2f4acbc89bd5652414d5b8823a250ed40b", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "40e7b7bc3a17cbd4fa61f81728b6f1224a934a34f8cd57000c360f1b301690b8", + "m_tildes": [ + "43a77228890e6cf2c297292b8989751a6e0c9713caa592f39e61e23a997321cb" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit002.json new file mode 100644 index 0000000..682720d --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit002.json @@ -0,0 +1,35 @@ +{ + "caseName": "valid multiple committed messages commitment with proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "4cdc5d3fdbe932953dd181851ebf6c134103666761013ff3db4e6dbe47d3992a", + "m_tildes": [ + "3aca8b66d624ae8974e93fd1f654ddc5f071c9b026eb6eb116401a4cce87d699", + "0eb04c03f3571cc6cfaf29f19126d032b85bc1e9ac0af917ec5dc8ba61ce2d28", + "0824fe0cfae8bdb1d2c88cd0d8a4c1b432a48f7f12e35afe5494400a3caaa974", + "05faf4555ddc6450e9f4b26ac7ed56ae57998c529d3a898f93f72406d9c63990", + "253782ab563a180dcdb220d0b75ad1499c70c8e7da183c2720f313368cf001a3", + "58ca8d9150a51f432c32e41bbfc4b630333ccd19fd8daa6d581ff651392dbece" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit003.json new file mode 100644 index 0000000..d5aa283 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit003.json @@ -0,0 +1,44 @@ +{ + "caseName": "valid no committed messages commitment with proof, 10 prover nyms", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [], + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "40de1fecb8c22b87ddcf04be40edbaa92be5dab6cf234cd93715df41b90187ad", + "commitmentWithProof": "9687606711dac140272b918a10e3c1647900c24ce5ee494b8fed722b8a5b9a83803fb97e0241e0f31a5dc60c4330424523545f0a93d8e6c5067654898786c230814cb8348e7d622252da723917a9693031f3849c11d6578f4805fdf949916cedf8b09eb34bd6311b1a1c6595bb462b13659fbc190ead7ad7d4acfae47e12ff15d0e3741a045e76c2b9c22420350aba445b752d329f8bdec9c9f070ffe642ff73f8f6518b2b367e18b6cdcd139849b3162445483e1c7e2b1f7363ece3869c09f3fb05833fe1fbb3bd9b14a8c3e1a81480232ca578a9b437940dfaadb52feb506a4793dec89162f8d4171da13c0d1d0ed7365f4748939b654c5c220771ddda611f012226ecdf1cad19aaa3950180af35e4096feda806c7a7818096dcb67f82b455ec6ae6a41c279d5cf26e81efb2d129181a5505c293ce29f64d7b4db300b4ca380f89f70758941a220e2f6939af8502d91a4e9b5402c6bfd647e73412d62b0510b42b319c3b41f64dddb8a584152fc591223270899f1a44fa5d557007b62e249afde6523f5479ea29bd0e2a2f75e690504ec36d07ff4d52d89f170dfacf38983f8f6e9fda5787e5e9fb3299e19658f3d1", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "19044e3e21a436713312009a85be87a3ab6331dec20fcd09c51e407f61c13771", + "m_tildes": [ + "1e56fc65f5a4026a57396f8e2c60f2639c5d5bbc7cab7c7221569e81a6a4a4d2", + "44d0f7d3781c8e636bc4ecc36b77665db86ebecdb51ee0a2c682e307e7024095", + "5fd499948288de9d781cbd119c8205b8cca1f3390d99c5c26c6642eccf81054a", + "16649b159d639d424f60bc2828a438d7d093cbb0ba3ef1b2f29a95f878d6fbee", + "3c9d95b8bd5721b94ade40e14548ba9f562cb2fb747bbb70590ce7f35cdc1fd9", + "3e4f90f7152218d0347c350ef7073b07e5166ca1bc0f33a844e865608ea5c3a5", + "61224d6e135408ca9237c6bf1d158171bfc5cc00376e7aa06dc59c9c0581125c", + "0c1aab4ebffd4ed221455eabc57b41c14ffdd6a962bbf04b4d834e98beff1b84", + "0eef352bcfc1b997c3ce735e34679ba4bba92e158ef989213fa187df64ba6214", + "6ccb48eb777d8a7a7b7d7ad10bbc3ab273063bfb44c11bc116e380675d97ff42" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit004.json new file mode 100644 index 0000000..84d5c2f --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/commit/nymCommit004.json @@ -0,0 +1,55 @@ +{ + "caseName": "valid multiple committed messages commitment with proof, 10 prover nyms", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + } + }, + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "s_tilde": "1666ce201281120fa844434e3ded31e4d5a447e48fdc481414e1f307e2528e1e", + "m_tildes": [ + "0e143bb79ebf723bb05e450d1b3d5181e8bd5dd5286777a2ae0fa7c6438d7a38", + "2ab283a4c5b8d72fd4f89b00b9937514010f3353f2756682601001bc18a33d35", + "707cbf72c410f786945fc45bae274c15d838ea1f1c1257066efb947e34316849", + "6ae9528976619198f8a53632a64c2bb6ac4c1eaaeaa6cbb74ec8a6c77be4e8f4", + "6dbf50d572eeff2f3d4bc8f5825a6d57d6b2fc0a13f06d989d6e9f3f0fd80f98", + "429f751d279b37fe1a849b84fd7cc0d707f42a2df91fb45d3824aeacc155c85d", + "6682bcaebace7de53eca826b1a231df4622bb7f303e95fb98d37cfa994dc5c71", + "45f37a25a350c4cb71967a50da0259f787448e84caf466c94ea3e3feed99c624", + "119620e35ffc03b0cc987c7616f7af721640f0a2e9b08776395065106a69e436", + "2ff9cbb1178ea5286aa29c7b3c175d8ed5032302dc774cca598e0d3e929a4fd7", + "4349ab0d8f4701517a526a095b593939eec70f41c29bd52ff8d34106b517f0f1", + "5ca311faff8f105ab614146d1520e4116d0ca5500ef18004da6349dc3c702317", + "04a19f50937aeef939e93b101f3c188730de02fc1ec73439284ae93246326311", + "40fb0df2190c1121e9f973cb9f6d3e3081e41926d6c49e16e98cafdc8902639b", + "1db29e56538578193fdcfc09134779fbb4284769d605471d00d6fde68a9db3e3" + ] + } + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/generators.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/generators.json new file mode 100644 index 0000000..a3c8bae --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/generators.json @@ -0,0 +1,32 @@ +{ + "generators": { + "api_id": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PSEUDONYM_", + "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + "Q1": "8c6f8b5efd544cb72ffc140a4585031ebbb8f25acb881ff559c42b94b8ba867be23b183069032ea18c50910c9b7d3fcf", + "MsgGenerators": [ + "896962df2851d1b83640182052fc49d07e9492347aee5ba8cbbf6414249367a175d3e09f812dc2ff7d22618e7f0cb630", + "80562c843a305661c2588da3ae2e3b96a5faab147fe6a58ff456648b42407af5beddc2009b4078288e2a8e6a73d4ae4b", + "896dabeba9bb98ef48d665cfaa894857cac7ed41f2c4b55bb64fd318dde0a8b0350578d9c37010dd266629d6bc9f8e70", + "b3941ebfc0a011c442c8902d1e654b19d184385691aba1aeec60d87bfbedbcbf5d23ea3075126842522638613921240c", + "8619d28414b303bc8accde9989b3caf9c9036303c9b8178d25a6fcd738b74c779b0a27c867e1a7f0e9b80c5cae3f4e7a", + "85d6077858f8ad500df7e928a25cd0e5dbfc43aff4d761852d42feea68123212ff7d41978280be66e56724e98f776c9c", + "adc477c6cf52b8aaaf055734c12dca89305937001e10e34e9007accb374d16d540c97fa3ba026d6020f64319ce8d52c2", + "ad24e98787eb7318cf04fd58793e77d41707e95fb5ab357237f88e2c9566400cb085748a3593e2f838caaf3a5223a7ac", + "879db6d14a3ead2a81763f4909a6c4633cbd4e20c602e344e1f7d9891b517a329f72df0b516c4bbfa4f05c6204c242af", + "8f01fc380b30f177090dba078af493e76c51e867f9f5f8f23b1ac162149d58264b1e262fbeaaa2f26624de592cc1ae4c" + ] + }, + "blindGenerators": { + "api_id": "BLIND_BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PSEUDONYM_", + "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + "Q1": "986e83f847c8c3fe1ad9d3efd0265b66268fc80f4add90b3e96192616364016bfe73a4005d2d86f841806a3132a0f544", + "MsgGenerators": [ + "9536711b4ff6e1038102b1473bd1be23b77ac6e85684662c7f340ca522f4e5fb5c02d7cb2c31c712324b29c540c9d7dc", + "91611180da0248d8f7279a962c32472fb1e57b21fc41c09e6ab8aad61fcab5bbb51a4095aee80b070d8ca1e80f725339", + "ac4f5344e62eafd1e96fc95539db6f568a3cd3dfd8c5cdafdc0bd2f95572c1083800f0f4538449051dd3aa362d33b718", + "b823809960dafeb4d405c95d44b38cf868efe320b3c1d995daee411507e672a45a050f0b3a73c0175fa521f549dfac04", + "9319ad949d6c5a368ed996732f0a665551604ee4a57cbadcbdd3f538ef2391f44ceef6f3509ead912cf64623da7e12ad", + "b755da890d37cb97fc623b228dec163a6138489ff382292f608ac7adabe15856b74a5bed22364744d076b39cfda85faa" + ] + } +} \ No newline at end of file diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof001.json new file mode 100644 index 0000000..2c1eb18 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof001.json @@ -0,0 +1,92 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "b77dafdcaf6bc6e6340c2584d3fc2ba43fb3d3efa04a4f08d89f8fb7f5dab12454eca51f82b9723765bc3a3d95ee8a1eb5dc57e7bc4496e516261f7e0a010f954fb3d3e221518676eab1fc433a131e82437332e57fee380cf8adb1e440bb723ab007dbe2eded5167f4e8f15f5c7dbb4055ec573db2a171597410a903dfcaa61487297127a14faf23885abe134410b09602697599007d6bd605a15fb8b18ed7172be7dec6468204af3ba292f64406137309ee11b05a2e4517077de9851ef5abdf21df6a1566373a8cc967445fc89b0922714a1779efcdb259ee9ee71b9f6db592458c570279ad9c284f5ba3e400f8793f50dbf5ac0d1bc06a8ea48c4f92c8b493144134004287620d1aea4ec4e26402cc5e0fee3a11e3a5054841896f5bc0e590edc4a27b4c69caf8c628b96bdf002fb14774b210d213ba4104d0ba1c8c7f3161509084de363ca223708af76ec5b51e10", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "63a03d9b47b688aae279fb7a53bf1e27f3be6c718e5bc7c3388bfc859a3fff92", + "r2": "00dc935c7b744dd702e49d388a587e7a974336e5392cde39d84a0484c6a0c895", + "e_Tilde": "1b995c87fd809dd986d799ee988e9d02f47485f7b743923f966d3c178c7e14db", + "r1_Tilde": "0494515d6506bdf96a26733af07a4a46e79af28a702f21a41784bf4ccf10bb44", + "r3_Tilde": "27dfacef6cde8458fa44ee5c5cd4d4fa79a53c9502fc3ca4c1ccfa272b09ba23", + "m_tilde_scalars": [ + "516259fc7668cceb1f7e68181daa3697df471f8354cb22ebdab01e00336441b9", + "2f5e1e67418fb18d0d7359dac450ca67ce4608defa9c80d7edcf85278a929130" + ] + }, + "Abar": "b77dafdcaf6bc6e6340c2584d3fc2ba43fb3d3efa04a4f08d89f8fb7f5dab12454eca51f82b9723765bc3a3d95ee8a1e", + "Bbar": "b5dc57e7bc4496e516261f7e0a010f954fb3d3e221518676eab1fc433a131e82437332e57fee380cf8adb1e440bb723a", + "D": "b007dbe2eded5167f4e8f15f5c7dbb4055ec573db2a171597410a903dfcaa61487297127a14faf23885abe134410b096", + "T1": "a0d5ab23a3af07ff5ac51310b8d55a126f5d39854a5680bfa9e16d77b82aa9d39e331473abbd207f57eb4b5bf25be3b8", + "T2": "9867f2dc7fb94029a95a2222fdd680d1f8ae504421423d61c5712675b2e985e4b0c04798b5d3f7a60af752b6ca80376e", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "860f850f099d1f8fee1376abf1f2c1b0ecfab8083ff4a21f0f115685d88eb706f36c858d6349700bb891a4e0804e60dd", + "challenge": "4774b210d213ba4104d0ba1c8c7f3161509084de363ca223708af76ec5b51e10", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "2f5e1e67418fb18d0d7359dac450ca67ce4608defa9c80d7edcf85278a929130" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof002.json new file mode 100644 index 0000000..8585c52 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof002.json @@ -0,0 +1,91 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a6f95f58c37762de5818c98f0432f1cf878ed4703e6653c6a008dd5b7ec73b2b9f82b8075716ed55172c3904c44ba819a6e6238af6bfd430c208c7b6c2ad45a13bf5df561dc23fbf385cbb51ca80689f4505d138739f3f7ca95b6f1a473be050a20c55d9a0bccbbbbb78a52f7b56938847b97504f29a703a93e23b11c014ad90de3dff1ee97bb4c14bdebd33b8a874252a3ee50e8e126064127a7080591a00791ab767a9e3431321e5bd88169813958746901f84c263f4505196cd192148bee47a493871941cdd8a18cb3aac4d27f54f43b92ce82b4fc8b9a99b45c72187d77d86675fb5387c4f24ddbb802df1902c0d09ce610dbfa9cbb93f0edaf31bff55691d4c9f6f133ea6e2bf3e547eab929f0902a6b33123823637ab1e87c33daa9db1ec8064b7332963142abdf3af8a4d96da7171e87fc8b73f1a6a798295e2414b31249019ecba5ff78b41c1a0d1fb004f176adc5df643264cdd4434ce30058a5a3cc298b2f6cc8ab1887d253735185acb8c1a5d0bb33157806e5a9d60bfd28c3ee2d08231b228fe08eb26378729dcca5c10", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "37fd1e468e9836a372c056fcc1aaf2a0faf7e3192391d2119525cadd1a21cc84", + "r2": "3bafe2de79f657cc90b66b65c43af8ab0362841b2b5f1358aad2c861266b12c3", + "e_Tilde": "29719e71ffaaf6d6b9f929e592cd61a6176420c2c3da8e901527ab426f460005", + "r1_Tilde": "4d20f020ac626cc497a210981a03c7c843e6adfaffbce705004094a8c06b112f", + "r3_Tilde": "4c1c90836cfaf5a4da9054f0bd3542d466deb1bb0b2eb40be8548b9dee5c25a0", + "m_tilde_scalars": [ + "5cc47d2ef4f1fd7acacbd9f21708564c024e71d63f0a1dc9cf42844654777716", + "17db681847018b04fbe5cab8c5a3aa6c90296104a0b7af985f8e9ee66300ac7a", + "0ad1b39daa6b6abe354992dd2601e8997c23a593c116040800e1e9619d675a7d", + "3557de528565c4a0d75aeebf63bfa459becad78d8b2aecdcb289adc047f2b083" + ] + }, + "Abar": "a6f95f58c37762de5818c98f0432f1cf878ed4703e6653c6a008dd5b7ec73b2b9f82b8075716ed55172c3904c44ba819", + "Bbar": "a6e6238af6bfd430c208c7b6c2ad45a13bf5df561dc23fbf385cbb51ca80689f4505d138739f3f7ca95b6f1a473be050", + "D": "a20c55d9a0bccbbbbb78a52f7b56938847b97504f29a703a93e23b11c014ad90de3dff1ee97bb4c14bdebd33b8a87425", + "T1": "a6d93d9c9f8b263529d3e9e094f787fee14dde26e3372171103bac05828a3d3901d19bffde70a99b54e6f41546cdc20c", + "T2": "b143c739f0e18286f5aacfeb7eab7b6579e706e37db54134ea222ffc77009143ab3abe99dbbe5f9d16f6da1e4e474925", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "8fb264ee15e1a790babfe695bffaa31b3ce72717e24684e7f605ac84ea6245c96e0126aef33f0879600aefd70307ceb7", + "challenge": "1a5d0bb33157806e5a9d60bfd28c3ee2d08231b228fe08eb26378729dcca5c10", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "3557de528565c4a0d75aeebf63bfa459becad78d8b2aecdcb289adc047f2b083" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof003.json new file mode 100644 index 0000000..2ac6450 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof003.json @@ -0,0 +1,92 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a60ac69442fb739e4e3bbfdfd6538a199c5a194f01c60b748d7df295a990d7c300c7faacde9157f6c78f519c3fec0167b432999917d646de19a0cc0ea4b7dd9ee7eb3488e0f7173386ea6880a4bee3751cab8cd2f3b0648f1de650715e46d569ac09cd3b1aa69af38ed503859f47db3e6458e0e94b28eecfc1f0989e1454d87b2ed5c516fe054424f8348f13678b61fb263c60463633fc23ad684269fb7f76e0d9f81ccd977ae04fc7c73d89d3d95b3e4e7c0ccf488b44b3ea5160c14a2a472a7ee796b1089d96f1225f49bbafeffe752fe86e6f9df6fc4de968053bbadda5f79e0531cdf48a8dfeadc33da2e364414f454146aaec6437b360d59dc1b70b66521dde547dfaa17027919cbe3b714cb331295e6048786b6e84b8ed0c553ef90dcb94bb48b9cabcb34cedf50ff72036076a6b965cca0d68aacd2ec050843f82bedddcc27839aba9e1c07824b6cb2332b10b2ef6920d693b8b632d63a4b74fbe98d6a90b2a6be8d5bed00acd2b9459407dd4271952f75f9b19c73266a098d450613c7d2d979e18efd53357389674981dd3772aea9b94ef7cc998323fe782c9cae3930c5a4fc2b200b4d9c55ced0b76a02cab6348d850ad29aec666fcd2d8d445ff4f41d7bbd4b172df0688d909dabbbfd201385a2515cfae58be534fdf1d60a897ba22041c3a97eeae3fea8cbd14e030efd1", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "7313e18d146909fcb0768f65bc7b40d1470bf6c7eaaf32cabe9d4efef57b4d6c", + "r2": "43241d9968e2960809d9f4c7b0caad95903aeb236889723182dd66808b1447b9", + "e_Tilde": "07038736fce6e67ed21aad1113c745a516f66760ce7ad68e42c697d592f94e2b", + "r1_Tilde": "5467df068ec92aa90fac1cac051bc26452c928b12721b2e546ff6536c1dca4ab", + "r3_Tilde": "26c8b37634ff5d2caea8333de422e41a10329c5887dc2d56b32f0e882527dcf3", + "m_tilde_scalars": [ + "69e1449113b7cccb77270a88081447496f292f3fdaff5063125a2d4a2dfe90d3", + "175efe5d253a12dcae58d30b190b421b43eebfc11a1e0a375179712c053bbb5f", + "334b6f76a164abfad2424757001a06c32e5780ee1b46dcf641c08753d26731a7", + "3d49a5055e254a8f7bd0559d7f8af12c61e12141c3582b938dbb1dd11bc485fe", + "4d1d2808c702b371de6834b4e9d3b89ed246c06ded576a9b52b0ba9e969ba4c0", + "31e82a5bff25fb098a63b15151a4a4cb0ecbc8b0ea2c2f90d160390600c4998b", + "5ec90143423471c547ef946907b2f7d52c2c8aac3444090191eddbde1557c2ba" + ] + }, + "Abar": "a60ac69442fb739e4e3bbfdfd6538a199c5a194f01c60b748d7df295a990d7c300c7faacde9157f6c78f519c3fec0167", + "Bbar": "b432999917d646de19a0cc0ea4b7dd9ee7eb3488e0f7173386ea6880a4bee3751cab8cd2f3b0648f1de650715e46d569", + "D": "ac09cd3b1aa69af38ed503859f47db3e6458e0e94b28eecfc1f0989e1454d87b2ed5c516fe054424f8348f13678b61fb", + "T1": "ad3349298094196422e6afb0d996d817530303386af7c7d6453e2dd5ba5db156bcf3b2042e68e65a7940c3c99b803981", + "T2": "b2c47bb77a82e2ff160b803c6e8e7cebbe282ced4d2d04fb100bc1b98aa72f917a3d8eaad1983c4fe00c6bcbd6812c9e", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "91c251bf3adb9a876554d52a077ccafeeef9fb7fc9148902ed2143014172c7d088e46ad693f6d4be1ee7d87799e9a13f", + "challenge": "385a2515cfae58be534fdf1d60a897ba22041c3a97eeae3fea8cbd14e030efd1", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "5ec90143423471c547ef946907b2f7d52c2c8aac3444090191eddbde1557c2ba" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof004.json new file mode 100644 index 0000000..c8e96c5 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof004.json @@ -0,0 +1,92 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a1f1f6f051a401e823b8fa554a007db04db7140071735d7f9a9c3c5378ffeb25fd4566a2b752048136bb850dd322aec496d1f2dc4c0285efbb00145e8a9dce4481b9b1497b16ea12a2e6679874b734d5bca1e997f9f64a17ba9333b330e531188870f64ad87d45ab86d56e4972f1dd55bc534b575759cebf75413de2ac0e91befc5278db9d99bbfd039ce75413a750693266fb28b35f69a9a521519427943cc1f22df6d111d1ba8e6df00baecf94ad2d63ee2520eb718e73a10c0d79ad205dadfb2d782ba75b931a522f0f2122f8fa903f7ec8266e8ebe4bd3c82e84812b25570b462f415e7db6436ad82729fbcd0ee65f9b83a3b0bf0769090e24c58e4c339bc12e81ed66433faa3ff71c6a2e7080876729b9dad11eb583fb8035a4182e5aa80193c77124fbd8153e99dad48fd65907095316313883b0726cb99a473f2e9c9d61e99193b3b476cc40d0902e1f81841439c571b7b38167986872aabb205a10eefebf36a2a003936d263cc2b3eded8fec3968433472652bcee7f1509dba33684bef308d9a560be2e87b0c4048248bb2c038852cfdf4d3a9b525c1baaf177f94b5a17b482394bd5688a47215096e5e4b08167adab1c231c05daee205a69b805a3658311a7c3f3a229e398781196f1dd1f336476d6c2783564b416a8bc7351f4c968083da142b44886b783ce4a97871a20c5f3c2a69ddd09d4f721e7e6f3c2ce64f3964b18de02271021a7ac266594eeacc2347f6c339f712af4456b3488362d6e9700ec0fcfdb73f49acdc1061e4391f61", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "645e79d9cda4c43c9379b57bcf0fd3bf91551d7d3506cdc5ddf0ecd6f1d62ef8", + "r2": "4651e4a1ca07e8b9027be1593efbe7b3739c689f4fa35f15e08bfd6e1fb403a9", + "e_Tilde": "03545fa544108d9d5464c986d1db4c3692b5e853c052d2c6d7c465e711e35a15", + "r1_Tilde": "502a91c16b7aac5cfc20d469546b70d9bd605c94d14df6c1f394a769671531e5", + "r3_Tilde": "01ebcc53a524ae237088be445b685dea78f5b299db3278d9171682439a0855ac", + "m_tilde_scalars": [ + "19eff867cb51d34a5dcfd09842babd26246fb0f31e9d6495547dfca626ea6218", + "4a453094c95378613b7883d8c6134050eac73155047406d9d9bc14c13f1ca43c", + "3305b0eb13b29fde6433e5a7e6397973304320e4538d530718865003691fdec1", + "20d1e7865a12778a333d5a8629250f552b62a8b5ee72392d8dea199af3d99af4", + "0fffec53443eee11097ee9f1ca1629f0ada14f58e834027bc519285708978a2a", + "1f4bbeb4fa9afd52feae084cc8957cfcaf897b6056b57341fabbd7b2da0bc8dc", + "30172f3663cc33948d1f6d290eb86e39ed91feebe4f89578056b627513db4388", + "2354405c3a0d0a2836fa077ac742c86fe908c7babacaefc915af6249024442f2", + "0fc44c488c657f7b3b299769713c611a1b8284750c085334b03345865912dfff" + ] + }, + "Abar": "a1f1f6f051a401e823b8fa554a007db04db7140071735d7f9a9c3c5378ffeb25fd4566a2b752048136bb850dd322aec4", + "Bbar": "96d1f2dc4c0285efbb00145e8a9dce4481b9b1497b16ea12a2e6679874b734d5bca1e997f9f64a17ba9333b330e53118", + "D": "8870f64ad87d45ab86d56e4972f1dd55bc534b575759cebf75413de2ac0e91befc5278db9d99bbfd039ce75413a75069", + "T1": "863a8212ac64b5daddee230508f466d809e3953be65bee5c4405e283f91120770fda7edf22c3a06f1c754e22e0d99f98", + "T2": "924b3b4405ed8203e129bca0fd763b4a7d7f5e178db6dd3e1cce9c2100d74e58a9058db6b3217970e1a988766945f05c", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "b84558c983a965518180f45a692b54046bec7a26a2150ece72824c706940ad22a553881b3eb9b4882a1fbcf1427c611e", + "challenge": "2347f6c339f712af4456b3488362d6e9700ec0fcfdb73f49acdc1061e4391f61", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "0fc44c488c657f7b3b299769713c611a1b8284750c085334b03345865912dfff" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof005.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof005.json new file mode 100644 index 0000000..cbc560c --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof005.json @@ -0,0 +1,91 @@ +{ + "caseName": "valid no prover committed messages and half signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": {}, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "853619679818ae01ced0c601c52146f85364d3d11e8e595217b83a733ac9253a432b36b6ee574f450e3d3107d31ccf90828c11ae50d5717871d58e6abe796c32517943b470b8e20cdb92adb6237b5d2e08e1ae8b6705134e1229d7e3174476a1b709eb010bb73c2429aae3aa1a321192e477644a414e991b56a139b03a57b123d366af06658e2daeeca583da28a405b16f8ac6221a9372f8f556fdf422de90d9c8449d995c8208be5bd02d3a497418fa1bc23021af3f9b2116d84618385daf295498aadc3b892bdc128d8ee32b1477830ee1d78409b23d86ea61fc07c3959d8d6d4894b6f446d2fd0181338a47d802484abbe9d59a397d9839ac45c5cd22ce82d8cd125040cf919ae967fe6d35943df1502bf1a576a34fb5fde1174a7e556cb6bb5747f93415b9b06a5414fe6cbe569f3cb44eb2d36f0d07bed0f8c1e3bf552cdfc3bbb7ff795653ce1c255233ee4d0935af29032545ffdbd3ec4007b803668acf79f1f06d015eecdbd52a08d0d2e17a545bcc4c49d5a89125e040a69d07e2b185041bc3c143729370a06fb768af94f45a031020b992ac9d5309ccc8a88bb76296ce8575cea2cbe7e675f61735bf7dd86538088c3c7dced1b4d6d3cfd5731f8a55f6c4d918aa92811900aea61744a01b1aa0ee25baa2286abaf5d44b69d650ff005c5e59cf5df8a895b73bb9f2a3be5507ad690c76c7701667e21650b3ba0c9122c23de8f930825ccdf5cfdbcb44a95e51faa0f9a390973bd3553cbd4a9980341627fe13243c5a4cc1362f64a896378c2af7f12a3daa1ecc92b4b426fdb7a22f2846168b90389efbbb75d2ea8e3e345150b9adaab4a4122a2fc7e6d0cf0608f1daa1ee8f7d727654af3e2b99f05d17d7001f8fc7911ddbd368e4dd2272368e711f85b0e8ce84f3446647e188d01bce2b", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "04ba5026d055fb29e48748ab435e4b61aa60fc480a826be9cdfa9e2aed3648fb", + "r2": "1fcac43a8b494879ad6717566080583245f11776fbe555bd974fa99b1dc68353", + "e_Tilde": "39c0f80071d8775b06d511b3e16f0a78eebcf5c5c8c8a7c4f0a2887fb5ae0f9b", + "r1_Tilde": "2017645049ed5c9ecf04550373d3add9fbfe6f28cb88b3ec2e78c35a2e2f76c7", + "r3_Tilde": "2b5a27fe59cc1fa8376d55945d2c29d10a295152f30852fc896404be08335081", + "m_tilde_scalars": [ + "637517351b2e91be4cab8d8cba3ce605d6b5bf4709fcec17ab9c7302d188f7e4", + "0d2857e8286db4c060f05875b34159b7a3b2342868f4da8e421f1a1362a07030", + "40af4c858f59b35c74d2b33539e29ba7ac642cc90482eca5615b3c915cf9f0f9", + "71840e81d0294ac5b3ad0ba9c0b0136f078d8cdac595a64f0d9e63b3fca8a2da", + "22979e0e072479f80a81fe43c7b5ce6c21c0064b6039d8637950212a7b90c192", + "3671cc511ee5093111052d78af04270df346315f6fe3f9a7a32c8f5a92ef6d4c", + "1e096373f281d8a87f63a3ff0c925017cd825f2dc97d34f39eff08362e4db6c6", + "44ea9cdb9c05e4b5119f2500f4648481fb07d12a1cc75a5b2957e95367b7d681", + "4da405d28b04edc0adb8043ec95053543d879a067f27b1051dc27e268340d77a", + "1ceb3358e8e4617ad361b95563cbf3701a9173ed00b5e303c207879c8f294523", + "6d216a3f24966d7baa9049cc320765ef18bfa5162f2d60cac425845ca11f60f0", + "2d679ebc3e75c72b60e7ba485503789542e5d20f923ddf346fea3399269c2e0a" + ] + }, + "Abar": "853619679818ae01ced0c601c52146f85364d3d11e8e595217b83a733ac9253a432b36b6ee574f450e3d3107d31ccf90", + "Bbar": "828c11ae50d5717871d58e6abe796c32517943b470b8e20cdb92adb6237b5d2e08e1ae8b6705134e1229d7e3174476a1", + "D": "b709eb010bb73c2429aae3aa1a321192e477644a414e991b56a139b03a57b123d366af06658e2daeeca583da28a405b1", + "T1": "b8775b5f7ee8205e08209f9bfd89460d3e5f1f5024e395023aaad8f040d8b6f30052213245b34a24045a5b184be1dc34", + "T2": "8215e3a7dc5d99d6940f5f1384d0c11863f598ae22a508045225c297d9b42b658569d25b87fbd407f961cb63dfa80440", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "ad5b4f5c88886a697da6044653577018756ba984dc0b0748f5647f99671b28960a2407f290065fb89ce0dc1fbe745ff9", + "challenge": "001f8fc7911ddbd368e4dd2272368e711f85b0e8ce84f3446647e188d01bce2b", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "2d679ebc3e75c72b60e7ba485503789542e5d20f923ddf346fea3399269c2e0a" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof006.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof006.json new file mode 100644 index 0000000..b735751 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof006.json @@ -0,0 +1,91 @@ +{ + "caseName": "valid half prover committed messages and no signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a7ef58d02fc849635b0e64fb23ccbde361e4f76354c34f75b53c3ae88612e4252accc3944a59293c6473b04f76acb1578b40f25f0d5878c8419e3d20c6052792f7b99ded10e8651135c39425c4d461020eb6f8014d372b0ad7169b83dd15b5db861c5d86ec8d0b93e8f7e57df7126dfb4f4c26c9e46b41b508bd20a48d76d0a3171623aec71bd4d77dff14f2752c26ea123a501f6f78d2f7d5390923a45dc2e9d906ffd986bef6c23538b4abbd9d6a7b3799600723f0054e45a0f0e630fc74d90452cb0808e46420c2637c9fdd039e072929d62a3ba48d11911d6140c8ce06a7bb7799efdc01a4b1b92957f60a2c436a29593b2e0cc9ddc36589538e812a75f505c8e7bb8e09fc2ed95082a40335609229468b8c7feb66fecc4d27e1df788f7c8a130318a0476beeb935708c4193e264296dd2ee994f6c1c312059278603601a910129d118c3c1ef74b843182eea1cf123ffd5184ef146a11cf91b2dead002d5c761d028a1c7ac54fae2ed0ee5d9bbcb12407f71040bdb1bc5fcf565607c40b7ad31c45ed961d0a5cd186922164c4d2e14dfe14d3d792329560abb657b480dd45128972420efba5be67f954a7cf2b6b6737f1ee9d00b89c2161d7fb844819bbf55a0c2c7e392b9b0d7a51fca325070f55fa240e1a683ff669b83308ec9731779b35fbb9e7e8dfc5157dfcf1168b63ab35189b6657eab0fa2c3667d22e3e84de8213536289569089b75f007e6774b54a742feed5f6d30cadea9896f79b219debbb93a4a5ee81f878def938a4d6256ea336dd8c3cd2fa656423e39ada0c8411adb44694c0ebb61d8ad8790d10e35c51cee49f8e626cd345dd242f7d8c57909754a5596d46fca25fcc15fcd0c9ad69d80b5028e638af418343a578b6e9aa2750a24633fba37c48746422233366361c813a75e941030c7b13261a2b82642d21abdde098f1ea86df00d25c245d876f2089a8325e05527d98eccabb98ac160f65f2584dda742417bc6623b2d85fcff118a9ecb", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "2782e9be32645456d20a01a8ce5dd233b8049efe8d25eafdb8576f4e8d85826a", + "r2": "180ea80200b800d1cb672bc1aa52e2e6ecf0acaf794b810f3c16e8b07c413f5e", + "e_Tilde": "6aeddf95a081d0bfab06a327980dcfdae5b3dd977cdfee4fdf1b340ee8e4b617", + "r1_Tilde": "3eb55f0e3a5017408bab63ac12547727d762f7121ee217f484e48507c4c64165", + "r3_Tilde": "0707d3931ba4c72a4bf4f9dd75cac1bc489fb7ce207fd45eac7e58834427d66e", + "m_tilde_scalars": [ + "11f580b98813f609f6099d00f35412ae67aa1aa5c35cec654da7fd04eb023616", + "3d33bc719b4b5ff24fe54b281a361858912006eff78184deffbf6769ca87b9a4", + "2a2fe081ccd47b8a669e86232470b13a5157931bfb3b770dac1080bcccd28d81", + "6d0e8353ed62e613e6223334709ad0e146efb9c522633daf44840a2b5424195c", + "4a1742ed19312608a1095a476a5fc2533b3df79d065c62494f7a0fe9aef2f455", + "58d11e68c4ee775d999f69bc33efc83c7557423420b48cf915d772c975c9fcab", + "50886691287e055accbec2696c2fb20e9072d704461dc358261d30116f78eca2", + "080126141ef0de78e1454319dc179a72f95d98e8e1c5912d71a09f6113bfd6a9", + "3983a595dde792593983b34198422b2d2f13215cb4803b510cd4e59ca0297f0f", + "34c8e1e41b5718d9dc82232ea9fd6895601c5366dfdc65a1f58e9b0bc40472cc", + "6f9ea2c849ece4b9e6271e0e01775fc358e18b8c0974bbe3fdd7d58a04b6d4dd", + "3eb917340ca5788ce9266b29b984756addc2e9d9574e3140ad90ee1a1e668e37", + "05aa05f0dee70e3b5905f5d894be11d37a2e1bf98a838130a5a136968d8c4811", + "4e66ec908e4379b5298f7ab5ab8a3690677297690444183674a694ad3a0e5639" + ] + }, + "Abar": "a7ef58d02fc849635b0e64fb23ccbde361e4f76354c34f75b53c3ae88612e4252accc3944a59293c6473b04f76acb157", + "Bbar": "8b40f25f0d5878c8419e3d20c6052792f7b99ded10e8651135c39425c4d461020eb6f8014d372b0ad7169b83dd15b5db", + "D": "861c5d86ec8d0b93e8f7e57df7126dfb4f4c26c9e46b41b508bd20a48d76d0a3171623aec71bd4d77dff14f2752c26ea", + "T1": "9378e47d1719d7996918bffd105b141987bbd8faca7e80ce042bebb9db60b8c063e81b1ace758c6ccd87458888795044", + "T2": "a47fed8c14fb1c876f6e883a29b4196ef047a433f2217362fd251b4269b6d15b650f7cc6f9c784195fdfb90b9505ead2", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "af7fcc021037c6271c49d4c0b10db81fc6bd6c8fef5e81df2d1f66befd98b5cb28eb20999f6f816970a861e7168655b4", + "challenge": "25e05527d98eccabb98ac160f65f2584dda742417bc6623b2d85fcff118a9ecb", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "4e66ec908e4379b5298f7ab5ab8a3690677297690444183674a694ad3a0e5639" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof007.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof007.json new file mode 100644 index 0000000..89ed83c --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof007.json @@ -0,0 +1,90 @@ +{ + "caseName": "valid no prover committed messages and no signer messages revealed proof", + "notes": "Based on nymSignature004.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": {}, + "revealedCommittedMessages": {}, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "8c5508a7262fe9aee86720f7f2ade66289179468b872e4bbe854a94c27dcc0b8af2b8a0f6e2732d110de3c8bb7a24b84aea28faf71f94682feeaab2d6d8eaf17286cec952f0b406174cc63839f9ea993d8a0dca5ac772ae8f2b5841d1d4777ad8c0f87e5108206ee1c2ecfbfcf563827b591c2585116fbf6525d14498db775f7e1e3aea90f0c4ccff01ba7a2f6f415fd1adb6ab79b43201239cf0c14f8ee939518f5040a27819eac726ea42cc0ecc6ca4a2aed4f95933abc68ef640151bf94037e78335e88dca0cf305d158483c5db37605b8123f45f62a7d01b1ea742354f3770b826d434057caa769585334677245511334642462b86a10ec1c5c84e2195750eecff0d7bd160791ee608b27505506e5ba6b212844dcca750485af44b2dc667b71a638e54c21f0dca1c47c18d3c9201303ca80d4b9657ce1a040cea234843ff14104fafaba915ccffe8fd6e9fdfa3e91eacae0706718c4184874f14f16346488c234196fe5d348aa86513eacdfe78c04f53ae31b7313d8f285b91b9af2e673a5fc9545235bef034c1caa6958f28d465168bf5e4806f2c295979da5cacfa0ad2a1b4d17416bde66807a3d9ccd4706b71508358a587dc912a7f5cc8d96e9e62a6defdcc1b357ff88a3c74a999ea9c340b2fc32c03cf4b45d4b37690d9a0c3321663fba714d6be1865996e2edceb7532590f046d8120577958506268ba726bc4d1b6783daeffe1d751601a7b63d1a8fce6101ad733b6dae03f33d6426dfbc3883eddb021c79fe4284ac5837a83a098b704253bea009182ed77c891892ebec571bd06c13f2e3f64197e599614811f1e450a53a084cc27b339836b6ca13f6be62bb73e66a6160298caf3db3ffe11db48cf2a28f89433aca10bee9850e0c13d6cbe8730f4ce01f8c8c3799e4910b67a1c0d5b3a474900524718ad0b8def6de1df6d6d4b27571986b04ad3e20c5fc96603beb31b6c2d1d5e1fdf5ad0f0f4a0ab571a44451c1dca1f64f4b51345e2b8352e9a380f58d8f465d60c552fb9f7d1babcbad9dca348f15adb7a5dae5d12b4c0d433e81e6a98ba53f70624e433bcabe1d22466ec44db7b620684cf87579d473c4570346da88a0785efb7ce0d795834a85acdcf4e3a0ef413f4c613229ed96ccc73cf93", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "326a49e2d8d7913701012fee5c5d928455d70a150535ee83ba8f838289023b1f", + "r2": "056572994ba90ba03e44b30acc945aca792335b27c5f5ea05a0bf9c4c360603a", + "e_Tilde": "6602352090c605558e0de251307c1fb092cc78108a5137e6c24991625d86e0ed", + "r1_Tilde": "3d934481b10d4a6059bc94137558a35ca1740e8353773ff4bb99ccf8b1f73484", + "r3_Tilde": "082b222bd54ebc839baa1f489f1d4dce56247d770d9d45669dc3a105064fa8a7", + "m_tilde_scalars": [ + "19c6e4aacf97f53bff27c7de44179fd91380cdb164405b6518994a92e78a2066", + "4aa2ce863a88a4ba2d0d3b7abf4faa42ffa77425d1226f8649855d3b07ab0098", + "325d5fdfb63d63a1ed4821521d5e8dd7bdbd3a82d033b0d607f9bc2f263d487c", + "4ce828b81b72bed30f74f5f32c6c0e1cd744f03faf0ef901a2bdb1d6952fe523", + "05601ec295d3a2675f3fbce27e5657d1082f5f1c38c4b6e157d4b66c64846453", + "6df288dfa867d51ac44ac185aaa92f7e097a1b405178d88502066298e2e35e49", + "1bf8f8de4f3a15233bb4cf3d9be23a5e022b0a3b55a492e84dfbbc093a0d0459", + "1f501b827c4b13e3381e26997894aa3f4559062bee1c56d2f79535934c07ffca", + "46391415dde3df672c839ef8b3d8316d01b8a08265041872f49d267788851990", + "2db4ff5a39bdedfec9bca340748c55b825d9809dd2ab58dec9f27d9b54dde60d", + "07ad541e1dad6534c92c5707d168a5c08dc4cb916b22b63d174b78261fcc0728", + "60d1c9f4285a4c69a900d97bd22cc3788272d0dcdec5f9e1e6d64be10a01a0ed", + "1d21cf6835ee4d6729c0520135afa68e3125430a97d9502dd86e9ddde148c298", + "687c44782b9bdd724a3402d1e929c9f74febc3cf9b91a55431790b3460b6f02b", + "09abd129e4fb8d7e3a817bd65f389d53c3eb8df45d03325461756c5932d32a8c", + "2cf3011ae8b91a14c5a058a43385885324cca7c78da2aaf1b2cc15cc751962f1", + "154099a6f2a3df481fc6bc052b7ece804de2acdbb34b5cc945570a30416878cb" + ] + }, + "Abar": "8c5508a7262fe9aee86720f7f2ade66289179468b872e4bbe854a94c27dcc0b8af2b8a0f6e2732d110de3c8bb7a24b84", + "Bbar": "aea28faf71f94682feeaab2d6d8eaf17286cec952f0b406174cc63839f9ea993d8a0dca5ac772ae8f2b5841d1d4777ad", + "D": "8c0f87e5108206ee1c2ecfbfcf563827b591c2585116fbf6525d14498db775f7e1e3aea90f0c4ccff01ba7a2f6f415fd", + "T1": "961f20fc13e895069f2e5297cbe51d6b146b5d3f0934155ba1ee3f167d5a7dbb28798decae2f38bbcfd28c6967751507", + "T2": "b5c647f818feedde385340721dcb998de35bdd7e532da82b16f061013d6564c3b57fc070774dc0691b16609454551f0a", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd", + "pseudonym": "8ef7b8516387badcdf24eda35553031d01c392b93fb943445ae90979d7285d877ba6509cec3a3520f46128e97ecbd136", + "Ut": "a3aaedffacfd4ad36cf8ec8f195ff83fc0a49ced3f7d81bb105e64a4ed590818547e59e466d1af5be96cf03655605171", + "challenge": "6da88a0785efb7ce0d795834a85acdcf4e3a0ef413f4c613229ed96ccc73cf93", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", + "poly_eval_proof": "154099a6f2a3df481fc6bc052b7ece804de2acdbb34b5cc945570a30416878cb" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof101.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof101.json new file mode 100644 index 0000000..75b6fbf --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof101.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid all prover committed messages and signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8d6a5469075c123b88b44add5ff350c437423b604a918b88ee0d2fc88c84a9c1428318645755a30b452c529b1a8543e3443d5397b56d0da221beeafd12526f8b42d03291512f8505e94cdccd4bf0a9d6", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "8dedc85bd1fdf59b5af98fe53b8edfc14312741e7d4118ff1569a156df985236b87b32f9022921d694ac65ad3ded5537a41afb4e9b1d411042135b9e52e229ff9bc6f28e027aad6d2239e50fe22255f70028486fd03673d34479516715b4a254b9345f0dad0982f1aa86911a6800db9a68ab79aa79274a85bedc2931201528f90f7bec13503047948672a271a6dc372a55460dcf8c810241c7203c6a83ac268bb424d3f6f00e6ad21ecac9d7dfe9c9ed6fd4c69edb99db76f13852d49171b1d40e852a5e2bf9c8762bd2b180f67eec216db60677efc8e96bd35a266f1eea0be7a49e802f74ac1ad41e745a678b6a88a43bf7e24ddbbc39d61578f2b2df8c415e615412c3e8685ee689fd95046a5a63445cd8f1eb344cff3e3df345a56efd5a1227e36868ffaafb1a334ba99071690ce30574818848b3d790744e27cc3ef98f4317444408b0386085cbbed0fd086f6cb32d0f91a7ff479671619b1f4364e5baf6d9ee17783635561916a4332c0c96a2391157941098f05ec630f6cc1c94cd625f13289842230b5c9488885e3074f7019131c6d86f316f1c933e0e81d7dd16548008deba58e5ed19b0a9c5763f26a9d07073a5ff1e57ef0a48bc6acb82398687e5b9a36047745388a3ef7ae1b0e30c746f1ffa7060c9a836abae60c282e52ae2315b2dd0d7943a0ae6d6f4f533d09dbb3960a98cc59590e6437705f64e73b6be20703fc76dc603cea98edb9fdc42c9975b52de663a367ca6ef286826637a7136ae87cde553b8e0bc78f49259244a17b9e24596c254d8df36c2391c65edcb877ab1d91da6298926fbd0c529c2199d0377221d937cfaa04f830304d8bf030bddcf43e181aa062079a3216d1c4286e1d84adc", + "result": { + "valid": true + }, + "trace": { +"randomScalars": { + "r1": "211c1037bcd1316e4160817643c34a7bbb83021ddd3b1f22f37ed5253da52e25", + "r2": "6ca3bb81e84cd13823f2630f90f28084d1409bca3d08983d9901f290450ef52e", + "e_Tilde": "2a37d3d049c506148362bb3411255f08bd504553caf90b877569b7250ca7f98c", + "r1_Tilde": "3427333b9226659b999a422946edc23b382d9a355ac03ec8dc45ed57cbe56bc4", + "r3_Tilde": "633a0ef2d7d6a96a6d273e6984d0dc3a4d8a619fad2be125dd3e4237bfe2e53a", + "m_tilde_scalars": [ + "5f2b419df907cc204177fb0f60a8865cafc792fec2a5eee336146ad811cbd483", + "03c340104c6b71dd62b77ed31d2b4863e9a6925cb9b78666a0b8c400c4ca31f8", + "45f9d520e8682e349a036b8763fd647d2a1cbb81a77f61da5879d563948cffe4", + "4010f0d66857c907ebb8f7544e04ff1ba4bdc2baa19f63b4a146f5ccc3853544", + "4ca37c03d4ab19de664f57d18874d7b86434cff1389cf9865506bcc49f63b4f8", + "47965b117a3d83c8133a1f915f858c0b4e1f3d648af84dadbf722696ab0d62f2", + "68bbcf9066fd79d6224a0a8d289bc38cc7768bca389779edfa29b0fe874b2645", + "6185e602029fe3df6f0023323d20d33c67e8e0093e4d603e00506869aa2fa57c", + "47f3355d90deaa185a76e02fc2bb521714682686569e36f016f5161babdc3006", + "461a8b4fc326abf2bc18c43df883fd512d460419c4ee361a45714d8466b5750f", + "4da6a68e742b02785c398f1693b856908138fa2376c03546ab2b4168853c255b" + ] + }, + "Abar": "8dedc85bd1fdf59b5af98fe53b8edfc14312741e7d4118ff1569a156df985236b87b32f9022921d694ac65ad3ded5537", + "Bbar": "a41afb4e9b1d411042135b9e52e229ff9bc6f28e027aad6d2239e50fe22255f70028486fd03673d34479516715b4a254", + "D": "b9345f0dad0982f1aa86911a6800db9a68ab79aa79274a85bedc2931201528f90f7bec13503047948672a271a6dc372a", + "T1": "abf3741376d5c48d9c4dac52a1ea31479c1cd1e1aeb2f60e0ff76c3e5bab6ce0e14aafc482534b6bc6b8e4fe426b4209", + "T2": "b6bb7ed0f48e4c684a5f03f17526eed6fb61b599bd0c74b3bf7b778486407cb046e2b1be84e3af851053046eda6ad9c3", + "domain": "69f462a6947e52f1a67cb259d6d2f5eb85949e9e93810941da8bb9922736a4a9", + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "Ut": "ad1a6af167a61a38f44b173bdda996caafbce1cc4235c7d094963a4ed83fcfcf91945140400b6179dc8d804520c523e0", + "challenge": "1d937cfaa04f830304d8bf030bddcf43e181aa062079a3216d1c4286e1d84adc", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "4c56d62cc652128947f79a4e6767b917b45fc1499c781498ec5f7ef18c61473f", + "poly_eval_proof": "6ef866fdadf2be8869eaf5d3e1c4bb575dadd140f93cf26f059204c47e3214e4" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof102.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof102.json new file mode 100644 index 0000000..eae0f62 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof102.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid half prover committed messages and all signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8d6a5469075c123b88b44add5ff350c437423b604a918b88ee0d2fc88c84a9c1428318645755a30b452c529b1a8543e3443d5397b56d0da221beeafd12526f8b42d03291512f8505e94cdccd4bf0a9d6", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "1": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "3": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "5": "515ae153e22aae04ad16f759e07237b4", + "6": "d183ddc6e2665aa4e2f088af", + "7": "ac55fb33a75909ed", + "8": "96012096", + "9": "" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a04808eb420cf8e510d834c8a4e68354fd550177640f0480c171912ee302bc6bd3541415add2a0aff1f6e90e95f3fcbba911a53471f24122e5b16c69cb3b2e2403122b7dce6d6407a1d9ca94573002d146dfa722bb70b54395d79f485bbf2b6d81f47848e94416aa1921e7bb1f90ea6a6cea3605b06a10111678e7fdfe3264651bbb808b02cccfc543c0a3f2024bd71e17050402aaa769e52546d3493723b5cd0bc71555271c8c09ea6800195349bcac71db54ef851d8f898cb079b8f04d1110e2804ee13d3ae455b0625f387554dae871252922d8dabee12639d282c1349ac47e0760c4aed25184936cc0c002d0daf5535bdc637ec172d420f75f528cef556b8b9f63815af2d139b1d8a04a9228d95f29aaca6d75a81de0be8ecb867eb70964a46d340a7f12d451e49e3b34243ae4063a3905caf36b5047380c02b4d04f0ae82580d77598a0ce84c3879ac887796d352c54ded9cf30132154ec1794fadccc0e9b96370e830b9718dfbe337c9db963fb10d2e657bcdb1e1275d963f30f5f584fa743f4e9cfccfe14130165eb7fd97f75189c2c66b4370b8aae1080053cc85116e8e64a92ca93d17c024bc80bfb6077607358588baa55a181b2ebb409fd2f4e9e3b843d5d3d4098ded8695731619a6a944af8db7abe309f9b727d6601ecbe8dc2cb942ba020497baa904e8b4b953829095203474916796b10e8505a3e910791d62c18fbb37fa1a2b9304c1b09cd7b960e2dd78fb729d4e5a9c3eac09aabff7a164c3c305b0f90ee387c4608dde654c9f816e54f5d050ea0a448aaaa375513cee3b7f312d5f401a5450479e94ff0dace403d48909e80fd06d46e8eadc67f2586b4a77b7348bf980495c128fb290a4501df0ad70f44ea887b9b44e9f14b7564133d71b834be482cc9af19827b88f37fdfa609d747b22ea47edddc21bfffff7f386ad3a0b7908be117e6a3b23b8ae99a005c", + "result": { + "valid": true + }, + "trace": { +"randomScalars": { + "r1": "72202656d242b95e869fbcd40581b1924183ac11ac323ebbe011d63536d8287c", + "r2": "1b6f80e77f00fd46a7ab1e46be33db2582fbadbf8358e7dfb157c69f577b9063", + "e_Tilde": "48e116be2272e66dac308ec305869640dcc107d3de941659e7dfa80359a3a33d", + "r1_Tilde": "67dbca3425cd03873b9ef9240389de348618c4eb142eb963f03e99f5cc85755f", + "r3_Tilde": "38beeb508bc526d9f70af680eb5e747daf0b0abf9c5dd2da78a795eb082c891e", + "m_tilde_scalars": [ + "41e0af39eb876d842a6fa22e739bd8557782d8bc64f1e3e8caa407acf21e9d83", + "34318199184c1d1b0088b30f12b59b5be5eaf0a6d4f1bd06cae1844ce79493db", + "449a1a27becc25364804695002bb8671d66119c6b47ca0090a42690f108b8743", + "0db0eb8b857927356955a1e251ad1df40e45427e8dd488b822608565a62a5a31", + "3030cf9de98a457fdfe9cfbe693e53a2eefbe6590557b04bc5abcc981b2c5b53", + "21e0abb919758a5b8bfd32cc6417b36ca94d091a4ef4b6e9e6840a174ed193d4", + "6d46722a4f82d87d5012bab944b18239571c6c20b7133b529d0cd81999251eee", + "38af70a2dc939db80ec191f993d38ce477fbf53f0de85c8676e0bd32fb6529b9", + "39c92b70c8e3635a623da5dfeccb3b2a706e8179f1c94c5185f8cf3a4147f0e4", + "1521952789a9f1a2c8e88d102574fc3b11644dcd57e4658bcf37f44ba575a69f", + "5ecc4872b50ac3e9159dc3eef11260766090788a864607e669c50ebc489d5a75", + "68c917c66ecd829f333f0f9b12fcaf0c93e6f085fbb0d490e1e1a43ba59d6a94", + "60f3ae300246e53d20ec89d0bce7f4ea8bb2f669f9b972f5e475401ab9a44ad1" + ] + }, + "Abar": "a04808eb420cf8e510d834c8a4e68354fd550177640f0480c171912ee302bc6bd3541415add2a0aff1f6e90e95f3fcbb", + "Bbar": "a911a53471f24122e5b16c69cb3b2e2403122b7dce6d6407a1d9ca94573002d146dfa722bb70b54395d79f485bbf2b6d", + "D": "81f47848e94416aa1921e7bb1f90ea6a6cea3605b06a10111678e7fdfe3264651bbb808b02cccfc543c0a3f2024bd71e", + "T1": "8c896a5b8d08d66b69276467c2e076cdf59c986efb8ad20cbc86d98c44a2d539666afc4616108de00578c565f71d88bb", + "T2": "a0e62bd4cd90f85e219ca1fd6cb6c22adb9810348218dac6c398add47497803a236af09ce85c12a164e2ea0225b0fd8c", + "domain": "69f462a6947e52f1a67cb259d6d2f5eb85949e9e93810941da8bb9922736a4a9", + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "Ut": "b894530350b2c1969320dcb379269d13ce00b8ad9a507b52f72b8eb6e769dea7453e69226e7e1986224f19ee5253f238", + "challenge": "09d747b22ea47edddc21bfffff7f386ad3a0b7908be117e6a3b23b8ae99a005c", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "4c56d62cc652128947f79a4e6767b917b45fc1499c781498ec5f7ef18c61473f", + "poly_eval_proof": "64aa10eedcc3f3f8a3b297b1b0867d5ba4a440fd158627e48a035387b7847260" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof103.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof103.json new file mode 100644 index 0000000..71aaa9d --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof103.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid all prover committed messages and half signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8d6a5469075c123b88b44add5ff350c437423b604a918b88ee0d2fc88c84a9c1428318645755a30b452c529b1a8543e3443d5397b56d0da221beeafd12526f8b42d03291512f8505e94cdccd4bf0a9d6", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "1": "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "2": "835889a40744813a892eff9deb1edaeb", + "3": "e1ca9729410dc6ba", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a4ec9c87596b13da4768edd440d56218317e9d15dfd7c8fbae8bf0a520ea2ce1eb425b9e99e7cdad782eb9016453b9a6b45b4c8fc997c760064126115c1643dd046a80db1bce7ed6b4c8deca7f19f944260120c0021ae9d106592745b82b6716812400b92c34710670fa925b4e49e11bf4ef7dff79118fada8821c97f1b3bcb2037b7c436aa28031bf2cdf5163d68d1c4dec39dfeea186e61753e9e2ac5aa71663d98c874bbd611925ef143c6186a90c21b9d6864eece440cec19c2b898b63c8ee1e000a3812783dd05fbdbde8f062ba481d996f21dacabdb9f507ceffe6464821fad2e39a3e1e3eb290401f4a6630db3ca1a3067b2657b0669a64231b4acbf793f840bddf564aef6cd73bdfce7a45172a066b6b30e9d8317aaf19d644b9b7a22cdca5fdfe60bd902a4bc0d859189ba02a2c5d1fb7889d6434811c668e7cc4c75ce449954c7121dc57d1c16d474c599d08e0ccc9584642548ff7e516b2adaf5ef52cbc5691b0d0315870d6413445a0ae13692b734a81045bf482ccb7128d145cc2284940470b15b88555fd4fb98f20c234fa8927cbdfb38edce74597936d150923de2db94e997bb00ab821af87aa4449565ac378836906069524c7e6e8f5e9ba3038bcb6e15bc261b2d88286b2c8842c0009daf50cff5e1f5c71fbf1c519c4b4a34435dc5b261995d93d1dd87818933a58ed856967ef7e1dd2f810dd0583be09bc9b9379c935cc4532bb758e2c1c58c559c67319c07f5560453c4eae463c563689fce1675e2e9906b310fbe4c9981af165a91063b2a2edbe01d7d4d51c0f7670acef7d073a3c654c50709d64bc35fb031980c53cf43d6bd88b322cd849b6f9fdd7f0ba4a928183991c970cdfdd30cb7b1b109151ddf0b85c24eacccf534456934c5f1b495477c6c1da6b1e3ef3deffe36dcb364e954f1262b5fb58e0c60980aedb5102fd0a5cb88ed6bea777715f8cc3235e3a1fc0740cacfc10422966aea0de340d31952c3fe1f7f071b1c29614347416f617e58582a33dbeee6119adf0939a3542acb7461d9b0e1c4393e1eb4d373b2f19ec501b78874ae68a6adc2b2042768b17ebfb46f94796c75bdb4eccbf7f38", + "result": { + "valid": true + }, + "trace": { +"randomScalars": { + "r1": "2aa67d3759b3aa6cdc1e57822f10e4ac850a7f80a82f0967cd5fd21899ca0b69", + "r2": "1e946e0a41c6a6dcc24894f477899f060f0f6bbe5b913022848d39e356d83cf1", + "e_Tilde": "6d6c354149a71ca3c43e5657fee3b95652c5978125350c6d317cebc9fb88292a", + "r1_Tilde": "2508a44ef5e20176698f111e2375bfa84661ee27189c300bde8b9d946ceb58d7", + "r3_Tilde": "35632248dc2eea031c09ae0797e1b9974d675d60df32035a5fde566ff71dd247", + "m_tilde_scalars": [ + "26f66a47894e184b5fe32a2e6568c0786af376d089e2a11e632978c183a6f3fb", + "6d3606b3086f0c44c209c5af201d48d20e015f0fc80fd00a10259f7f46ea6eed", + "22063ed43999f4ae40a03c4ea9f934b3f946dc167957b20d501a134426695cc0", + "29930e487c3e109322d0f2e097616ece04d87d91649dff92bda1dc438400256f", + "4b0cff28fe171b5179977f6bed33413ba420e0656e468a579a7fdac983d24314", + "6451fce17b93ed5dbf4d2aafbbd6afaa18e6f222046ac31ed2dc1d6df9a33291", + "1f9c3ab790fbad9b71f74783969fb01a14fc7e1f417a38696b0430a77b68fe94", + "480b325408ff54ddd292d3c3ce8253c540cc8c32ef42308389bc9543c471c2da", + "5e02607fbd4d0af561e61c377e2b31c2ae1c589ba835f93bd7be3814f65ea450", + "6849cc6bf9367386c4189859998d9c4993c84488f9b03d311c197499dda1ee0c", + "51b9c711f25213b6a63a9ae2ade5b0d517539992c40bb45297d0709b216db36e", + "6be3bcea66b6872421a2572b0c37cfdd0541d226a18fefdd60619217554eb08d", + "48fd2d36c9e119fba1ad5f5fef059838c7b0150f7a4088919ed9bf6934f7c90b", + "2c7589a2b29e0be25b1f592ecb84d072fb17659c4bfc6dfc54dba002623f5a0c", + "55976175ecac1373e3e27ed645de08514e66d50600363a6de6e791f3358b06f2", + "5a4d330bd5d5fe02528f8c3b2a7d3dcc223d11452f2f772e95cc36b74fc4c60c" + ] + }, + "Abar": "a4ec9c87596b13da4768edd440d56218317e9d15dfd7c8fbae8bf0a520ea2ce1eb425b9e99e7cdad782eb9016453b9a6", + "Bbar": "b45b4c8fc997c760064126115c1643dd046a80db1bce7ed6b4c8deca7f19f944260120c0021ae9d106592745b82b6716", + "D": "812400b92c34710670fa925b4e49e11bf4ef7dff79118fada8821c97f1b3bcb2037b7c436aa28031bf2cdf5163d68d1c", + "T1": "9312028e52e1a34fc239e66ac84b32cfaa49037bb16f2f57a07d6af112f2b7fd2b53f65a214c52763f005e64906451bc", + "T2": "96bb2fdc032ad06e2cd600b0664cfa7a2e4b183a1ded94203e1f663df9d11a759b703dd90535566633f95af06258ab95", + "domain": "69f462a6947e52f1a67cb259d6d2f5eb85949e9e93810941da8bb9922736a4a9", + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "Ut": "a9a9527d66913162dfe710b1a5536394d990614958ce858bb04699260430ead7fa20a16e3a6c20224c2633a54c8659e5", + "challenge": "2f19ec501b78874ae68a6adc2b2042768b17ebfb46f94796c75bdb4eccbf7f38", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "4c56d62cc652128947f79a4e6767b917b45fc1499c781498ec5f7ef18c61473f", + "poly_eval_proof": "1b150b09040b50679658b370bd22f533da0b1665b2af68fbf50196170afa42f9" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof104.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof104.json new file mode 100644 index 0000000..87858b6 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/proof/nymProof104.json @@ -0,0 +1,123 @@ +{ + "caseName": "valid half prover committed messages and half signer messages revealed proof, 10 nym secrets", + "notes": "Based on nymSignature006.json and messages.json", + "mockRngParameters": { + "SEED": "3.141592653589793238462643383279", + "commit": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_" + }, + "proof": { + "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_PROOF_MOCK_RANDOM_SCALARS_DST_" + } + }, + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8d6a5469075c123b88b44add5ff350c437423b604a918b88ee0d2fc88c84a9c1428318645755a30b452c529b1a8543e3443d5397b56d0da221beeafd12526f8b42d03291512f8505e94cdccd4bf0a9d6", + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "context_id": "bbb4750cdce6d2122bb4c4f039b6ad5a79f028eb448013a38636a95d63af360a", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "revealedMessages": { + "0": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "2": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "4": "496694774c5604ab1b2544eababcf0f53278ff50", + "6": "d183ddc6e2665aa4e2f088af", + "8": "96012096" + }, + "revealedCommittedMessages": { + "0": "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "2": "835889a40744813a892eff9deb1edaeb", + "4": "" + }, + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "L": 10, + "proof": "a479cdfb455ccc510087c61d4338675863ae003c00020a02de526736b7a4513344678198b0754f7b1f8ac465feadd6918040f21b3ecc07eda598ae0b06b5faeb4482f3b5c122361de4462c4b739ae78e97afdb5caf2c6ccf6eb56929ff90a6b7acb2b3ba345fc3c4cf1f5a34ebbf6a148a5d85d8417a08697ce941151b6d4fc360b72250cdf9d38afb2bad064853e5f05c82dc043bd7f2e34675123441b1a08bd4af6cf1b471c3b6a103ca9e71a04d896530ce0635705fde783f4c5c44f3009abba1bdc5a74014f1520cb9a6aeecbbd4460d553a08b5fbd6b77a4ed9c42ade469c388c11c55fd5361f8ac92ba5b46de83bd3ce660d07d0bd1e5ceacea941d1710720587451bb38dd0af4a96333bd34e8411cf67c83aa324948ac053a994e07f99f4cacee9be6ab62f3bb4ce452bdc41c041f83002a7c040e36a55eed31b9f4ea37325e33fb18c26773d98f0c3b7464345809c73b7b3efee484634d7025b1aa33991709350eca06a56557f472ba71a007243fd608534006c922620aa71e773fcdc7bbb8339d6321cc5c9efecf52c52429039e07adf5d90bbc5aec7bccd021ca6eb503bbcc3b91110fa7edd75427bbcb876e872c52bae533599d8f41a3e27571dc217c369da6d1c851e72a72f6e23923f64b34e93cd17b30e7d3f4fc70485b488e1632e1cd1a6c048e9100cb7ab714488c3948fa700576aaad86f813907180a5c2e495227b5084d14ec3e41f48f2e65b0e505ae577431597a21c675ca1237d62bd08651db6f8c9f2241c408198ea3f014b30dde7fdf8e0c0b238265e6aedbc206b9a3d2e6e5119215ef064eefb10a3819631acdc597808b75fc62bc0d6804317f92d4ad5456fa7c0d50c05b9865732ac9b503a641886b9987f880250af37f20fffee1b224f1f6d70af4f53fab76469620a415a70a0346a567d6167b133eb4174f9f38012b50b108560a663a50ce09cc00834fd78d8b6eb114985811c4e47a6b14e65f44453e5cbb60c2bcc27b1993b4bcc735ccd41e087591ce92cb68a565fc1d6ab355ddd9145c6a449f1282cbb5c09c70af0f8df59c2b6a82a50c8d71597f0a69e7b1bc40ffb301d1f05f517adf68a8f2dcb1d46f5cc31b0be9dd425b16995bd805034b324b5254b06d6aea2e33c9211275a1862cc355882483eb85cb3727a1c0afdb85382d7306b16e811509b299818", + "result": { + "valid": true + }, + "trace": { +"randomScalars": { + "r1": "6edc6eb047b0f61c17b8c3a25f6de28000a7e9082de1d376cfbc762e81bf409e", + "r2": "2fbb2392bbc64855d877d2960217b452b71050b570a5ff97a146821dbcc13a50", + "e_Tilde": "355384f3a037ddfd9b0679b50894318463f0494b8c72dd13b8c9308041a2b798", + "r1_Tilde": "730212afd7d4edee8186d515c3d9e74733fbca56159d5b9af887898c8475086b", + "r3_Tilde": "349b61797c54a1dcd2bbe9a9e6aafb8e8996de41f77868bcd306e8c0716db699", + "m_tilde_scalars": [ + "6434f7b9dd2f385140d2e63d1873657b957920c66b8908acc4a1b5ce1d445d7b", + "4a6595e0fa84b9528f2aa9092cffc45d548f4abe3c1ce9bb0e44d6b7e0c2e314", + "639164b292a0cd4baf0ba8e8092e16d18e4930b03c9dc1d8d2a86fdaa4e65b52", + "044007f63b1161416b5154993458e28ff9510da4c9741e567e57348790f33342", + "59f756ce9e4e11d6e9c9c47cda9c94a95abd58138003e1041956a7d2c3e071d8", + "0ed6cee4fb2776b57fb8d8bd004abfddd95c7d99cbb40198679191ad94c1f2dc", + "40455c27016bfc5583998bece90fef2e2286d7074394aa845d168f671487a24f", + "0b9a530806b525a52554aefc9dd4ecbbd975ebf788ad981dd67f6e6c47c0713b", + "00ee84567a568a0a9aea1b2ad4ad86d940e8748643ef1e11c59f398b75e8cb9d", + "3a03ff9b6eb7219df17acce3c8fcb40e76a4533c9ca8c3c407ee9982e7d24609", + "71d61c612ce37a6d154977d9520bd4d2dd6431ada968ab29d3209a5a05d90dc8", + "10bb7d156ce54f35403788cf6b148c3d07a22707d5f737952f5e3500f6b64bb8", + "5ce1b2f70fa0a01943bef08f9826d5381bd879543f6bbcc8d306b6999d524136", + "694a7d7903f71d31f1a2e83d3b781ea8f700a51f616a8380d62dbb8ad6445fa3", + "1effb345cfa79d9c7738a925192b81250e10f2c785043b71beb9898b6d9dbc53", + "38663d17b2f341e35147a1719d403ee4f09a9486efccf2b37da3e68948bbcc98", + "5327dca48e5c36d9f7b7df231d36d3fd36957dde7d34d06b40acc7a9414cbb62", + "69395a3c9658eb20818be1b90404be8491fe827e48fde2e2c414ea9744c06654" + ] + }, + "Abar": "a479cdfb455ccc510087c61d4338675863ae003c00020a02de526736b7a4513344678198b0754f7b1f8ac465feadd691", + "Bbar": "8040f21b3ecc07eda598ae0b06b5faeb4482f3b5c122361de4462c4b739ae78e97afdb5caf2c6ccf6eb56929ff90a6b7", + "D": "acb2b3ba345fc3c4cf1f5a34ebbf6a148a5d85d8417a08697ce941151b6d4fc360b72250cdf9d38afb2bad064853e5f0", + "T1": "8bf5856f2113a231da5050c6eb9ae2b83af6202d37d62b558c45705fb73414bf1d5cfe7d956bc6c940b37667cb80fa79", + "T2": "94c51542bc463b8eff8b0463bc10132b1e2bf3bcf00541a5c58bac439acb75973790c1117bae3b2c77f6df7b5d43406a", + "domain": "69f462a6947e52f1a67cb259d6d2f5eb85949e9e93810941da8bb9922736a4a9", + "pseudonym": "b1f78ce7925c4d378159b7a7dbe40f6a4235cccee54213e1470d1e3b803585872e0207f048d545243e436fc462df7700", + "Ut": "a38415b029f6a0a06be7acfa492f93702305400f86c104f66d586b0b4a56d5ce91a5e114a36fc05e4939f8c514b416f7", + "challenge": "275a1862cc355882483eb85cb3727a1c0afdb85382d7306b16e811509b299818", + "OP": "b3df1bf9b539ff9aaaf4a8e7ca1964fac8653854178769f1a93386fb221cef2ed7a16b36d385f68ac1da68438b9316f7", + "poly_eval_pseudo": "4c56d62cc652128947f79a4e6767b917b45fc1499c781498ec5f7ef18c61473f", + "poly_eval_proof": "14badd6ecb951f6879e5ae8d3c305be3304f479f99cc7fbf0c998eb57aa8b495" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature001.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature001.json new file mode 100644 index 0000000..3269079 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature001.json @@ -0,0 +1,23 @@ +{ + "caseName": "valid no prover committed messages, no signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde4753a18a8286aca2bf58e8bb9a3d77a3e0052aefc427e5e47b666255e53cfcaa7d34d36adc13da01798b8eb041652a57c3b595ace54ed5eee43370c1697eb5ce996020d88ca5d811c011cde10c6c07dc2f4acbc89bd5652414d5b8823a250ed40b", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [], + "signature": "8c184a9844d7220ac2d65ac2ea9319f8a9fbe56e59e58e8c89e4c095a2f2c63675c85aa04e368e2f2cd451af94558c390660c636807b1f74412310271761d398e7cb48719aaec0d21043cbdb94d45f2a", + "result": { + "valid": true + }, + "trace": { + "B": "8d8c93a08cad41749cbd944e778027984498382efe5fd6a110ff9cc741ae65b1d5087d9bd0edffaefa492d8cffc1be3a", + "domain": "65f5322d0c1035ffcc8a93ded3cf56ab258257d5169d6cef81caab0cbebe5bc4" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature002.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature002.json new file mode 100644 index 0000000..23f7a04 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature002.json @@ -0,0 +1,29 @@ +{ + "caseName": "valid multi prover committed messages, no signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "header": "11223344556677889900aabbccddeeff", + "messages": [], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "a861c09a27a58197416e8df99c55d6500eeb01b007df418c5871e0da3cd9741c3e80e8a83c7ccb2ff697bbee1c22953a4adcc9627ecb16654b4a9b19c0346c5d5fa79d20c8b77208f4bc4deceff065ba", + "result": { + "valid": true + }, + "trace": { + "B": "a3e9e31869a174bd298fdb5510dfa387362aa26a91ebcfeb2290e75a6eb844a2fcaf874cd75b74e242e59fc25b2ff5ce", + "domain": "347edba7f30d3b0fe44611797091bcfc61c118b246125050fd609ecabef1b908" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature003.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature003.json new file mode 100644 index 0000000..f65cc21 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature003.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde4753a18a8286aca2bf58e8bb9a3d77a3e0052aefc427e5e47b666255e53cfcaa7d34d36adc13da01798b8eb041652a57c3b595ace54ed5eee43370c1697eb5ce996020d88ca5d811c011cde10c6c07dc2f4acbc89bd5652414d5b8823a250ed40b", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "signature": "ad0a0326d2d8196fb7942f3d0c5dbdc1d7e7277e5cba6ab3ce6bc9794855f2242b1eb198228c78f4aaa20725ffda015438f11e13cd7fd21dc2247844c26ce34e82264ca2554ef337648ddd66d75c8cf5", + "result": { + "valid": true + }, + "trace": { + "B": "8a2d9aced02797ca4a20dd7655dba6e27a442d482225af27a9ed7da592d196618c41ea235f3774b5656ecd7d3f4813e1", + "domain": "0777a5e4e6f3a1c64efe741339dc9c68a50aebaf279b5c0138e70c874e97959f" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature004.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature004.json new file mode 100644 index 0000000..89d33e9 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature004.json @@ -0,0 +1,40 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": ["6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418"], + "proverBlind": "1ade8b27cccac993dfe3d57be0cd1a200a5cae52d9ea525f106c94f06fea89c3", + "nym_secrets": ["3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc"], + "commitmentWithProof": "a9577c3e2f15081c03d2e86789c1d9208bc04409b1ca33c25d06017c8fef5d139aee028ac96b9c09636a45846e9a5ee51f83bfd55f12193061e3f707d11d9993d6e08293de7f3dd0a298c21f369208b43b7b401706a9a0a5dcfa12d28d5a59b09da337b435cf4aa2a869842c8e1409004865ce6ff78d345e5c8142c9c440b677824ce06a8f70c50bbbb01838a91eb0041fd853c2005109d3aec272dd03346f37fc90828490fbedc4fc88e7307662b785653aba1a28a45bca913b7dd778e8bd141652e6f0507c3f836c8852b8ddbf2c62659dbd7b83f096e7b351f2f0dc6046bce3c8d0c5bb892a7a3d76d6bac899b3d356b099f88287ac25e6879d5808f832927c8e28acae41ab3699b5c0f9da4f58bf67d7e87c5ddb6dadd80fe281e158cc7a24bc398f84022dc0dc3a123971f7546c", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "b6bb95cb52f5f44ca1ff76ae305b03f014945746871b057ea08c2e45c24846bccd26f14858afdcb942896630cc16439002f802e700bc2c83347064b3ff69bfdc8552119ab13b07b52e233d908f859237", + "result": { + "valid": true + }, + "trace": { + "B": "8df28b59593bf5e65a4c3785c0bddc06958b18ae9376bdc2a973c86a9c91c3dcc6d6a8af8391f21f6352285df948123f", + "domain": "28ef090980cdc152a3c1e56f778a09a54eeffb4117d051892df580f38e362afd" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature005.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature005.json new file mode 100644 index 0000000..1672620 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature005.json @@ -0,0 +1,56 @@ +{ + "caseName": "valid no prover committed messages, multiple signer messages signature, 10 nym secrets", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "proverBlind": "40de1fecb8c22b87ddcf04be40edbaa92be5dab6cf234cd93715df41b90187ad", + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "commitmentWithProof": "9687606711dac140272b918a10e3c1647900c24ce5ee494b8fed722b8a5b9a83803fb97e0241e0f31a5dc60c4330424523545f0a93d8e6c5067654898786c230814cb8348e7d622252da723917a9693031f3849c11d6578f4805fdf949916cedf8b09eb34bd6311b1a1c6595bb462b13659fbc190ead7ad7d4acfae47e12ff15d0e3741a045e76c2b9c22420350aba445b752d329f8bdec9c9f070ffe642ff73f8f6518b2b367e18b6cdcd139849b3162445483e1c7e2b1f7363ece3869c09f3fb05833fe1fbb3bd9b14a8c3e1a81480232ca578a9b437940dfaadb52feb506a4793dec89162f8d4171da13c0d1d0ed7365f4748939b654c5c220771ddda611f012226ecdf1cad19aaa3950180af35e4096feda806c7a7818096dcb67f82b455ec6ae6a41c279d5cf26e81efb2d129181a5505c293ce29f64d7b4db300b4ca380f89f70758941a220e2f6939af8502d91a4e9b5402c6bfd647e73412d62b0510b42b319c3b41f64dddb8a584152fc591223270899f1a44fa5d557007b62e249afde6523f5479ea29bd0e2a2f75e690504ec36d07ff4d52d89f170dfacf38983f8f6e9fda5787e5e9fb3299e19658f3d1", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [], + "signature": "8e2ba855fe1eee651f055de2a384b27875a5cf66aaed734034303b3e5adaa98954369a712353aba368754a618ef766da0243780ab9cb34c5260bbb53a122ffca51d8148cac4a6704b7121a961ee460fb", + "result": { + "valid": true + }, + "trace": { + "B": "8dbccc859e66ee9c8ed9b03ef522545d9564690a63f827a9bbf0557d569a63ec1be1b5ac0cf6bf7511e1380fb7019664", + "domain": "625435a963bf131c3dda0580e60b7d004aa0937310aafaec4126c1e3ee105af2" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature006.json b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature006.json new file mode 100644 index 0000000..c9c62ed --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/bls12-381-shake-256/signature/nymSignature006.json @@ -0,0 +1,62 @@ +{ + "caseName": "valid multiple signer and prover committed messages signature, 10 Nym secrets", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", + "proverNyms": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "2c66ff30503ed03a9571dedb5e5a301aeb0d9f02294fb875554f7f4af04397c8" + ], + "nym_secrets": [ + "359a3ff97fe4554a128ccca9e4940d72776324148625064ed7f8c9e076267872", + "31a3eef9c4f64660fd3cf4b5415c5664b0428fbb1a67e55a15fb64f679052dce", + "27e4799055e7fb866ebf33d0015d969595893b8a32f697cd3ad8fb4eae2789b3", + "4fdf6edd605a5739ab0f3c3c270c1cf3966a3dd4612a3938e65df46a943684b9", + "49b977366fa3dfa3bb3b69b9339c72e07696d9d82542c040c839cf981cea751", + "fda4e24ef0b8710c6a1d05ee860e78d46acc906fecc88e5e8e51ca70add646b", + "3802c1b3aa27dbe7961c0da5556979e7237bd140b697bc0e61e8a016a3d3c781", + "3aaf0f90d978d84e92ba9fd32e4997f30ae489417af921f2d21550f4dbacf1ca", + "667c5e1643f0f5df65bdb35fa401f1c3bed45fe91f1e26f430dd44b8bbef6a4b", + "69a795501eaada2957bc15ee80cd594d3b48e48fa39caffe712a26b0a343bf8d" + ], + "proverBlind": "341301965cd9cb48e6a62ae6a5e84fcff35777aeecf99332534cf510ed7de0d1", + "commitmentWithProof": "b366bd456163efb7cc9f1dbfe5d230d44de2c5682514a20abf2c78204272cd3915abeb2e92766680829874353bc1d75f3d318e0dca360502ae29e81fbfd71907037761b5ab87b77a22b7e6907d169291015477d8647da3640871f200654827742557563470123efd73d37a063ccc8e2965542daefdd72ad6124de90aadcaffd20a7b09e83804d4fcc146522a3635cef967eefc8f9950495ef2d81e75b3dc428535e9b6c61025735967472779248fea6d5e6b6734abd659a44c911a5847260278bd04c2e2cee46c91b2b163fb6952d2d0036c103ca11aa7937e4a8c0f034ef35da653c902bf9171c73008fd6c020caae51b74073ea013b2fa47e9d0f4d913542e99d41839bfb6355606d0e70cc377177d234cae0ce42fbf5916a8393072adba8adbe924174cf2fe281885cadeeedb1044254df570873d834e2f11c4610e7230581ddbe323c08a3050f701f26a6ced75a913430b8b4ba59056ffd43b4cf388b06e49dd6e564becf76a86736610bffd691c1fc0c20d7ac4d9a1d422fbb33bb0fe9020b26a55da7d9d9827e345081efbc1b46464adb83386cd8bb8eff27bec7f023e4a2c289a5417ffb68a76f072041b7a823a1c65cf4a5a463651f0ba2621174d00fe08eab0401b006ec3fe94a64f87ba3b1f2c772d71a42e7f7a8d1a99fa47b20ea95027645ec4fe293024c75d94f6232b0a7740e79c59c0b0a81aa13b4efb41f6786417f86598cc666fc65c0ff21a6ee73ed59535fc034bb4d4777e3f5627f7767815dd535baff5c9d16fe0310d424c082826f3e660235757ce380a404b47482edda7a3bf0546fe55776851f95e3dd8c8", + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ], + "signature": "8d6a5469075c123b88b44add5ff350c437423b604a918b88ee0d2fc88c84a9c1428318645755a30b452c529b1a8543e3443d5397b56d0da221beeafd12526f8b42d03291512f8505e94cdccd4bf0a9d6", + "result": { + "valid": true + }, + "trace": { + "B": "89c75ee05aaf8fc3b773fa657685356e4209167ad1beac82faa741e27a7e3c9a69feab502234b3bf5bcd83888412cff7", + "domain": "69f462a6947e52f1a67cb259d6d2f5eb85949e9e93810941da8bb9922736a4a9" + } +} diff --git a/test/blind_with_pseudonym_fixtures_data/messages.json b/test/blind_with_pseudonym_fixtures_data/messages.json new file mode 100644 index 0000000..e352c67 --- /dev/null +++ b/test/blind_with_pseudonym_fixtures_data/messages.json @@ -0,0 +1,21 @@ +{ + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "committedMessages": [ + "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", + "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", + "835889a40744813a892eff9deb1edaeb", + "e1ca9729410dc6ba", + "" + ] +} \ No newline at end of file diff --git a/test/fixtures.h b/test/fixtures.h index e4e4ee7..fd7cbbd 100644 --- a/test/fixtures.h +++ b/test/fixtures.h @@ -3,6 +3,8 @@ #define FIXTURES_H #include "bbs.h" +#include "bbs_blind.h" +#include "bbs_blind_with_nym.h" #include #include @@ -101,4 +103,253 @@ extern const struct fixture_proof { } *const vectors_proof; extern const size_t vectors_proof_len; +// Blind BBS extension fixtures + +extern const struct blind_fixture_generators { + const uint8_t (*signer_result)[48]; // Q_1, H_0 .. H_(L-1) + size_t signer_result_len; + const uint8_t (*prover_result)[48]; // Q_2, J_0 .. J_(M-1) + size_t prover_result_len; +} *const vectors_blind_generators; +extern const size_t vectors_blind_generators_len; + +extern const struct blind_fixture_commit { + // random init values + const void *mocking_seed; + size_t mocking_seed_len; + const void *mocking_dst; + size_t mocking_dst_len; + size_t mocking_count; + + // input + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + // output + uint8_t prover_blind[32]; + const void *result; + size_t result_len; + int result_valid; +} *const vectors_blind_commit; +extern const size_t vectors_blind_commit_len; + +extern const struct blind_fixture_signature { + uint8_t sk[32]; + uint8_t pk[96]; + + const void *header; + size_t header_len; + + // commitment + const void *commitment_with_proof; + size_t commitment_with_proof_len; + + // signer-known messages + size_t num_messages; + const void *const *msgs; + const size_t *msg_lens; + + // committed messages + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + uint8_t prover_blind[32]; + + // expected output + uint8_t result[80]; + int result_valid; +} *const vectors_blind_signature; +extern const size_t vectors_blind_signature_len; + +extern const struct blind_fixture_proof { + uint8_t pk[96]; + uint8_t signature[80]; + + const void *header; + size_t header_len; + const void *presentation_header; + size_t presentation_header_len; + + // commitment + //const void *commitment_with_proof; + //size_t commitment_with_proof_len; + uint8_t prover_blind[32]; + + // signer-known messages + size_t num_messages; + const void *const *msgs; + const size_t *msg_lens; + + // committed messages + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + // subset of signer messages to disclose + const size_t *disclosed_indexes; + size_t disclosed_indexes_len; + + // subset of committed messages to disclose + const size_t *disclosed_committed_indexes; + size_t disclosed_committed_indexes_len; + + // num_signer_known_messages + size_t L; + + // mocked rng for the proof + const void *proof_mocking_seed; + size_t proof_mocking_seed_len; + const void *proof_mocking_dst; + size_t proof_mocking_dst_len; + //size_t proof_mocking_count; + + // disclosed message content (filtered subset, for verify) + const void *const *disclosed_msgs; + const size_t *disclosed_msg_lens; + size_t disclosed_msgs_len; + const void *const *disclosed_committed_msgs; + const size_t *disclosed_committed_msg_lens; + size_t disclosed_committed_msgs_len; + + // expected output + const void *result; + size_t result_len; + int result_valid; +} *const vectors_blind_proof; +extern const size_t vectors_blind_proof_len; + +// Blind BBS with pseudonyms + +extern const struct blind_with_nym_fixture_generators { + const uint8_t (*signer_result)[48]; // Q_1, H_0 .. H_(L-1) + size_t signer_result_len; + const uint8_t (*prover_result)[48]; // Q_2, J_0 .. J_(M-1) + size_t prover_result_len; +} *const vectors_blind_with_nym_generators; +extern const size_t vectors_blind_with_nym_generators_len; + +extern const struct blind_with_nym_fixture_commit { + // random init values + const void *mocking_seed; + size_t mocking_seed_len; + const void *mocking_dst; + size_t mocking_dst_len; + + // input + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + // pseudonym stuff + size_t num_prover_nyms; + const void *const *prover_nyms; + + // output + uint8_t prover_blind[32]; + const void *result; + size_t result_len; + int result_valid; +} *const vectors_blind_with_nym_commit; +extern const size_t vectors_blind_with_nym_commit_len; + +extern const struct blind_with_nym_fixture_signature { + uint8_t sk[32]; + uint8_t pk[96]; + + uint8_t signer_nym_entropy[32]; + + const void *header; + size_t header_len; + + // commitment + const void *commitment_with_proof; + size_t commitment_with_proof_len; + + // signer-known messages + size_t num_messages; + const void *const *msgs; + const size_t *msg_lens; + + // committed messages + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + // pseudonym stuff + size_t num_prover_nyms; + const void *const *prover_nyms; + + // output + size_t num_nym_secrets; + const void *const *nym_secrets; + uint8_t prover_blind[32]; + uint8_t result[80]; + int result_valid; +} *const vectors_blind_with_nym_signature; +extern const size_t vectors_blind_with_nym_signature_len; + +extern const struct blind_with_nym_fixture_proof { + uint8_t pk[96]; + uint8_t signature[80]; + + uint8_t signer_nym_entropy[32]; + + const void *header; + size_t header_len; + const void *presentation_header; + size_t presentation_header_len; + + const void *context_id; + size_t context_id_len; + + uint8_t pseudonym[48]; + + const void *commitment_with_proof; + size_t commitment_with_proof_len; + uint8_t prover_blind[32]; + + // all signer messages + size_t num_messages; + const void *const *msgs; + const size_t *msg_lens; + + // all committed messages + size_t num_committed_messages; + const void *const *committed_msgs; + const size_t *committed_msg_lens; + + // prover nyms and nym secrets + size_t num_prover_nyms; + const void *const *prover_nyms; + size_t num_nym_secrets; + const void *const *nym_secrets; + + // disclosed subsets + const size_t *disclosed_indexes; + size_t disclosed_indexes_len; + const void *const *disclosed_msgs; + const size_t *disclosed_msg_lens; + + const size_t *disclosed_committed_indexes; + size_t disclosed_committed_indexes_len; + const void *const *disclosed_committed_msgs; + const size_t *disclosed_committed_msg_lens; + + // total number of signer known messages + size_t L; + + // proof mocking only + const void *proof_mocking_seed; + size_t proof_mocking_seed_len; + const void *proof_mocking_dst; + size_t proof_mocking_dst_len; + + const void *result; + size_t result_len; + int result_valid; +} *const vectors_blind_with_nym_proof; +extern const size_t vectors_blind_with_nym_proof_len; + #endif /* FIXTURES_H */ diff --git a/test/fixtures_transpiler.c b/test/fixtures_transpiler.c index 3bf584d..f80008f 100644 --- a/test/fixtures_transpiler.c +++ b/test/fixtures_transpiler.c @@ -75,9 +75,17 @@ size_t json_array_len(struct json *j) { } void print_hex_str(struct json *string, FILE *out) { - if(!string->len) fprintf(out, "{0"); // Beware: sizeof will be off!!! - for(size_t i=0; ilen; i+=2) fprintf(out, "%c0x%.2s", i?',':'{', string->string + i); - fprintf(out, "}"); + if(!string->len) { fprintf(out, "{0}"); return; } + size_t i = 0; + if(string->len % 2) { // for odd length hex strings, a 0 needs to be PREpended + fprintf(out, "{0x0%c", string->string[i++]); + } else { + fprintf(out, "{0x%.2s", string->string); + i = 2; + } + for(; i < string->len; i += 2) + fprintf(out, ",0x%.2s", string->string + i); + fprintf(out, "}"); } int existsat(int dirfd, const char *path) { @@ -103,29 +111,491 @@ char *read_file(int dirfd, const char *path) { return res; } +void parse_blind_with_nym_fixtures(FILE* out, int dirfd) { + int i = 0 ,filenum = 0; + char filename[256]; + struct json *j, *tmp; + + // blind with nym generators + char *f = read_file(dirfd, "generators.json"); + json_parse(f, &j); + struct json *signer_gen = json_object_get(j, "generators"); + struct json *prover_gen = json_object_get(j, "blindGenerators"); + + fprintf(out, "static const uint8_t blind_nym_signer_generators[][48] = {\n\t"); + print_hex_str(json_object_get(signer_gen, "Q1"), out); + i = 1; + for(struct json *k = json_object_get(signer_gen, "MsgGenerators")->value; k; k = k->next) { + fprintf(out, ",\n\t"); print_hex_str(k, out); i++; + } + int signer_count = i; + fprintf(out, "\n};\n"); + + fprintf(out, "static const uint8_t blind_nym_prover_generators[][48] = {\n\t"); + print_hex_str(json_object_get(prover_gen, "Q1"), out); + i = 1; + for(struct json *k = json_object_get(prover_gen, "MsgGenerators")->value; k; k = k->next) { + fprintf(out, ",\n\t"); print_hex_str(k, out); i++; + } + int prover_count = i; + fprintf(out, "\n};\n"); + + fprintf(out, "static const struct blind_with_nym_fixture_generators _vectors_blind_with_nym_generators[] = {\n"); + fprintf(out, "\t{ .signer_result = blind_nym_signer_generators, .signer_result_len = %d,\n", signer_count); + fprintf(out, "\t .prover_result = blind_nym_prover_generators, .prover_result_len = %d }\n", prover_count); + fprintf(out, "};\n"); + fprintf(out, "const struct blind_with_nym_fixture_generators *const vectors_blind_with_nym_generators = _vectors_blind_with_nym_generators;\n"); + fprintf(out, "const size_t vectors_blind_with_nym_generators_len = 1;\n\n"); + json_free(j); free(f); + + // Blind Commits with Pseudonym + fprintf(out, "static const struct blind_with_nym_fixture_commit _vectors_blind_with_nym_commit[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "commit/nymCommit%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *mock = json_object_get(j, "mockRngParameters"); + struct json *commit = json_object_get(mock, "commit"); + struct json *cms = json_object_get(j, "committedMessages"); + struct json *nyms = json_object_get(j, "proverNyms"); + + fprintf(out, "\t{\n"); + + tmp = json_object_get(mock, "SEED"); + fprintf(out, "\t\t.mocking_seed = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .mocking_seed_len = %zu,\n", tmp->len); + + tmp = json_object_get(commit, "DST"); + fprintf(out, "\t\t.mocking_dst = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .mocking_dst_len = %zu,\n", tmp->len); + + // committed messages + i = 0; + for(struct json *k = cms->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_committed_messages = %d,\n", i); + if(i == 0) { + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.committed_msgs = (const void *const[]){\n"); + for(struct json *k = cms->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = cms->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // prover nyms + i = 0; + for(struct json *k = nyms->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_prover_nyms = %d,\n", i); + fprintf(out, "\t\t.prover_nyms = (const void *const[]){\n"); + for(struct json *k = nyms->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n"); + + fprintf(out, "\t\t.prover_blind = "); + print_hex_str(json_object_get(j, "proverBlind"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "commitmentWithProof"); + fprintf(out, "\t\t.result = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .result_len = %zu,\n", tmp->len / 2); + + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_with_nym_fixture_commit *const vectors_blind_with_nym_commit = _vectors_blind_with_nym_commit;\n"); + fprintf(out, "const size_t vectors_blind_with_nym_commit_len = %d;\n\n", --filenum); + + // Blind Signatures with Pseudonyms + fprintf(out, "static const struct blind_with_nym_fixture_signature _vectors_blind_with_nym_signature[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "signature/nymSignature%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *kp = json_object_get(j, "signerKeyPair"); + struct json *cwp = json_object_get(j, "commitmentWithProof"); + struct json *pb = json_object_get(j, "proverBlind"); + struct json *cm = json_object_get(j, "committedMessages"); + struct json *msgs = json_object_get(j, "messages"); + struct json *nyms = json_object_get(j, "proverNyms"); + struct json *nsec = json_object_get(j, "nym_secrets"); + + fprintf(out, "\t{\n"); + + fprintf(out, "\t\t.sk = "); + print_hex_str(json_object_get(kp, "secretKey"), out); + fprintf(out, ",\n\t\t.pk = "); + print_hex_str(json_object_get(kp, "publicKey"), out); + fprintf(out, ",\n"); + + fprintf(out, "\t\t.signer_nym_entropy = "); + print_hex_str(json_object_get(j, "signer_nym_entropy"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "header"); + fprintf(out, "\t\t.header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .header_len = %zu,\n", tmp->len / 2); + + // commitmentWithProof + if(cwp->type == JSON_NULL) { + fprintf(out, "\t\t.commitment_with_proof = NULL, .commitment_with_proof_len = 0,\n"); + } else { + fprintf(out, "\t\t.commitment_with_proof = (const uint8_t[])"); + print_hex_str(cwp, out); + fprintf(out, ", .commitment_with_proof_len = %zu,\n", cwp->len / 2); + } + + // signer messages + i = 0; + for(struct json *k = msgs->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_messages = %d,\n", i); + if(i == 0) { + fprintf(out, "\t\t.msgs = NULL, .msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.msgs = (const void *const[]){"); + for(struct json *k = msgs->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.msg_lens = (const size_t[]){"); + for(struct json *k = msgs->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // committed messages + if(cwp->type == JSON_NULL) { + fprintf(out, "\t\t.num_committed_messages = 0,\n"); + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + i = 0; + if(cm->type != JSON_NULL) + for(struct json *k = cm->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_committed_messages = %d,\n", i); + if(i == 0) { + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.committed_msgs = (const void *const[]){"); + for(struct json *k = cm->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = cm->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + } + + // prover nyms + i = 0; + for(struct json *k = nyms->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_prover_nyms = %d,\n", i); + fprintf(out, "\t\t.prover_nyms = (const void *const[]){\n"); + for(struct json *k = nyms->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "},\n"); + + // nym secrets + i = 0; + for(struct json *k = nsec->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_nym_secrets = %d,\n", i); + fprintf(out, "\t\t.nym_secrets = (const void *const[]){\n"); + for(struct json *k = nsec->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "},\n"); + + // prover blind + fprintf(out, "\t\t.prover_blind = "); + if(pb->type == JSON_NULL) fprintf(out, "{0}"); + else print_hex_str(pb, out); + fprintf(out, ",\n"); + + fprintf(out, "\t\t.result = "); + print_hex_str(json_object_get(j, "signature"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", + JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_with_nym_fixture_signature *const vectors_blind_with_nym_signature = _vectors_blind_with_nym_signature;\n"); + fprintf(out, "const size_t vectors_blind_with_nym_signature_len = %d;\n\n", --filenum); + + // Blind Proofs with Pseudonyms + fprintf(out, "static const struct blind_with_nym_fixture_proof _vectors_blind_with_nym_proof[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "proof/nymProof%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *mock = json_object_get(j, "mockRngParameters"); + struct json *proof_rng = json_object_get(mock, "proof"); + struct json *cwp = json_object_get(j, "commitmentWithProof"); + struct json *pb = json_object_get(j, "proverBlind"); + struct json *all_msgs = json_object_get(j, "messages"); + struct json *all_committed = json_object_get(j, "committedMessages"); + struct json *revealed = json_object_get(j, "revealedMessages"); + struct json *revealed_committed = json_object_get(j, "revealedCommittedMessages"); + struct json *nyms = json_object_get(j, "proverNyms"); + struct json *nsec = json_object_get(j, "nym_secrets"); + + // count all messages + int n_msgs = 0; + for(struct json *k = all_msgs->value; k; k = k->next) n_msgs++; + int n_committed = 0; + if(all_committed && all_committed->type != JSON_NULL) + for(struct json *k = all_committed->value; k; k = k->next) n_committed++; + + // count disclosed + int n_disclosed = 0; + if(revealed->type != JSON_NULL) + for(struct json *k = revealed->value; k; k = k->next) n_disclosed++; + int n_disclosed_committed = 0; + if(revealed_committed && revealed_committed->type != JSON_NULL) + for(struct json *k = revealed_committed->value; k; k = k->next) n_disclosed_committed++; + + // count nyms + int n_nyms = 0; + for(struct json *k = nyms->value; k; k = k->next) n_nyms++; + int n_nsec = 0; + for(struct json *k = nsec->value; k; k = k->next) n_nsec++; + + fprintf(out, "\t{\n"); + + fprintf(out, "\t\t.pk = "); + print_hex_str(json_object_get(j, "signerPublicKey"), out); + fprintf(out, ",\n\t\t.signature = "); + print_hex_str(json_object_get(j, "signature"), out); + fprintf(out, ",\n"); + + fprintf(out, "\t\t.signer_nym_entropy = "); + print_hex_str(json_object_get(j, "signer_nym_entropy"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "header"); + fprintf(out, "\t\t.header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .header_len = %zu,\n", tmp->len / 2); + + tmp = json_object_get(j, "presentationHeader"); + fprintf(out, "\t\t.presentation_header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .presentation_header_len = %zu,\n", tmp->len / 2); + + tmp = json_object_get(j, "context_id"); + fprintf(out, "\t\t.context_id = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .context_id_len = %zu,\n", tmp->len / 2); + + fprintf(out, "\t\t.pseudonym = "); + print_hex_str(json_object_get(j, "pseudonym"), out); + fprintf(out, ",\n"); + + // commitmentWithProof + if(cwp->type == JSON_NULL) { + fprintf(out, "\t\t.commitment_with_proof = NULL, .commitment_with_proof_len = 0,\n"); + } else { + fprintf(out, "\t\t.commitment_with_proof = (const uint8_t[])"); + print_hex_str(cwp, out); + fprintf(out, ", .commitment_with_proof_len = %zu,\n", cwp->len / 2); + } + + fprintf(out, "\t\t.prover_blind = "); + if(pb->type == JSON_NULL) fprintf(out, "{0}"); + else print_hex_str(pb, out); + fprintf(out, ",\n"); + + // all signer messages + fprintf(out, "\t\t.num_messages = %d,\n", n_msgs); + if(n_msgs == 0) { + fprintf(out, "\t\t.msgs = NULL, .msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.msgs = (const void *const[]){\n"); + for(struct json *k = all_msgs->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n\t\t.msg_lens = (const size_t[]){"); + for(struct json *k = all_msgs->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // all committed messages + if(cwp->type == JSON_NULL) { + fprintf(out, "\t\t.num_committed_messages = 0,\n"); + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.num_committed_messages = %d,\n", n_committed); + if(n_committed == 0) { + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.committed_msgs = (const void *const[]){\n"); + for(struct json *k = all_committed->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = all_committed->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + } + + // prover nyms + fprintf(out, "\t\t.num_prover_nyms = %d,\n", n_nyms); + fprintf(out, "\t\t.prover_nyms = (const void *const[]){\n"); + for(struct json *k = nyms->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n"); + + // nym secrets + fprintf(out, "\t\t.num_nym_secrets = %d,\n", n_nsec); + fprintf(out, "\t\t.nym_secrets = (const void *const[]){\n"); + for(struct json *k = nsec->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n"); + + // disclosed signer indexes and messages + fprintf(out, "\t\t.disclosed_indexes_len = %d,\n", n_disclosed); + if(n_disclosed == 0) { + fprintf(out, "\t\t.disclosed_indexes = NULL,\n"); + fprintf(out, "\t\t.disclosed_msgs = NULL, .disclosed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.disclosed_indexes = (const size_t[]){"); + int idx = 0; + for(struct json *k = revealed->value; k; k = k->next, idx++) + fprintf(out, "%s%.*s", idx ? ", " : "", (int)k->len, k->string); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_msgs = (const void *const[]){\n"); + for(struct json *k = revealed->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k->value, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n\t\t.disclosed_msg_lens = (const size_t[]){"); + for(struct json *k = revealed->value; k; k = k->next) + fprintf(out, "%zu, ", k->value->len / 2); + fprintf(out, "},\n"); + } + + // disclosed committed indexes and messages + fprintf(out, "\t\t.disclosed_committed_indexes_len = %d,\n", n_disclosed_committed); + if(n_disclosed_committed == 0) { + fprintf(out, "\t\t.disclosed_committed_indexes = NULL,\n"); + fprintf(out, "\t\t.disclosed_committed_msgs = NULL, .disclosed_committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.disclosed_committed_indexes = (const size_t[]){"); + int idx = 0; + for(struct json *k = revealed_committed->value; k; k = k->next, idx++) + fprintf(out, "%s%.*s", idx ? ", " : "", (int)k->len, k->string); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_committed_msgs = (const void *const[]){\n"); + for(struct json *k = revealed_committed->value; k; k = k->next) { + fprintf(out, "\t\t\t(const uint8_t[])"); print_hex_str(k->value, out); fprintf(out, ",\n"); + } + fprintf(out, "\t\t},\n\t\t.disclosed_committed_msg_lens = (const size_t[]){"); + for(struct json *k = revealed_committed->value; k; k = k->next) + fprintf(out, "%zu, ", k->value->len / 2); + fprintf(out, "},\n"); + } + + tmp = json_object_get(j, "L"); + fprintf(out, "\t\t.L = %.*s,\n", (int)tmp->len, tmp->string); + + // proof mocking + tmp = json_object_get(mock, "SEED"); + fprintf(out, "\t\t.proof_mocking_seed = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .proof_mocking_seed_len = %zu,\n", tmp->len); + tmp = json_object_get(proof_rng, "DST"); + fprintf(out, "\t\t.proof_mocking_dst = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .proof_mocking_dst_len = %zu,\n", tmp->len); + + tmp = json_object_get(j, "proof"); + fprintf(out, "\t\t.result = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .result_len = %zu,\n", tmp->len / 2); + + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", + JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_with_nym_fixture_proof *const vectors_blind_with_nym_proof = _vectors_blind_with_nym_proof;\n"); + fprintf(out, "const size_t vectors_blind_with_nym_proof_len = %d;\n\n", --filenum); +} + int main(int argc, char **argv) { FILE *out; char filename[100]; char *cipher_suite; char *f, *f2; struct json *j, *j2, *tmp; - int dirfd, i, filenum; + int dirfd, i, filenum, is_blind = 0; size_t mocked_seed_len, mocked_dst_len; // Argument parsing if(argc != 3) { printf("Usage: %s \n", argv[0]); exit(0); } - if (!strcmp(argv[1], "bls12-381-sha-256")) - cipher_suite = "bbs_sha256_ciphersuite"; + if (!strcmp(argv[1], "bls12-381-sha-256")) + { cipher_suite = "bbs_sha256_ciphersuite"; } else if(!strcmp(argv[1], "bls12-381-shake-256")) - cipher_suite = "bbs_shake256_ciphersuite"; + { cipher_suite = "bbs_shake256_ciphersuite"; } + else if(!strcmp(argv[1], "bls12-381-blind-sha-256")) + { cipher_suite = "bbs_blind_sha256_ciphersuite"; is_blind = 1; } + else if(!strcmp(argv[1], "bls12-381-blind-shake-256")) + { cipher_suite = "bbs_blind_shake256_ciphersuite"; is_blind = 1; } + else if(!strcmp(argv[1], "bls12-381-blind-with-nym-sha-256")) + { cipher_suite = "bbs_blind_nym_sha256_ciphersuite"; is_blind = 2; } + else if(!strcmp(argv[1], "bls12-381-blind-with-nym-shake-256")) + { cipher_suite = "bbs_blind_nym_shake256_ciphersuite"; is_blind = 2; } else fail("Invalid Cipher Suite"); - // Open directory and outfile + // Open directory and outfile. sprintf(filename, "fixtures_%s.c", argv[1]); if(!(out = fopen(filename, "w"))) fail("fopen"); - //if(!(out = fopen("/dev/stdout", "w"))) fail("fopen"); if(-1 == chdir(argv[2])) fail("chdir"); - sprintf(filename, "fixtures_data/%s", argv[1]); + + if(is_blind == 1) { + sprintf(filename, "blind_fixtures_data/%s", + !strcmp(argv[1], "bls12-381-blind-sha-256") + ? "bls12-381-sha-256" : "bls12-381-shake-256"); + } else if(is_blind == 2) { + sprintf(filename, "blind_with_pseudonym_fixtures_data/%s", + !strcmp(argv[1], "bls12-381-blind-with-nym-sha-256") + ? "bls12-381-sha-256" : "bls12-381-shake-256"); + } else { + sprintf(filename, "fixtures_data/%s", argv[1]); + } + if(-1 == (dirfd = open(filename, O_RDONLY | O_DIRECTORY))) fail("open"); // Header @@ -136,240 +606,610 @@ int main(int argc, char **argv) { fprintf(out, "const bbs_ciphersuite *const *const fixture_ciphersuite = &%s; \n\n", cipher_suite); fprintf(out, "const char *const fixture_ciphersuite_name = \"%s\"; \n\n", argv[1]); - // Hash to Scalar - f = read_file(dirfd, "MapMessageToScalarAsHash.json"); - json_parse(f, &j); - f2 = read_file(dirfd, "h2s.json"); - json_parse(f2, &j2); - fprintf(out, "static const uint8_t h2s_message%d[] = ", i = 0); - tmp = json_object_get(j2, "message"); - print_hex_str(tmp, out); - fprintf(out, ";\nstatic const uint8_t h2s_dst%d[] = ", i++); - tmp = json_object_get(j2, "dst"); - print_hex_str(tmp, out); - fprintf(out, ";\n"); - for(struct json *k=json_object_get(j, "cases")->value; k; k = k->next) { - fprintf(out, "static const uint8_t h2s_message%d[] = ", i); - tmp = json_object_get(k, "message"); - print_hex_str(tmp, out); - fprintf(out, ";\nstatic const uint8_t h2s_dst%d[] = ", i++); - tmp = json_object_get(j, "dst"); - print_hex_str(tmp, out); - fprintf(out, ";\n"); - } - fprintf(out, "static const struct fixture_hash_to_scalar _vectors_hash_to_scalar[] = {\n"); - tmp = json_object_get(j2, "message"); - fprintf(out, "\t{ .msg = h2s_message%d, .msg_len = %zu, ", i = 0, tmp->len / 2); - tmp = json_object_get(j2, "dst"); - fprintf(out, ".dst = h2s_dst%d, .dst_len = %zu, .result = ", i++, tmp->len / 2); - tmp = json_object_get(j2, "scalar"); - print_hex_str(tmp, out); - fprintf(out, "},\n"); - for(struct json *k=json_object_get(j, "cases")->value; k; k = k->next) { - tmp = json_object_get(k, "message"); - fprintf(out, "\t{ .msg = h2s_message%d, .msg_len = %zu, ", i, tmp->len / 2); - tmp = json_object_get(j, "dst"); - fprintf(out, ".dst = h2s_dst%d, .dst_len = %zu, .result = ", i++, tmp->len / 2); - tmp = json_object_get(k, "scalar"); - print_hex_str(tmp, out); - fprintf(out, "},\n"); - } - fprintf(out, "};\n"); - fprintf(out, "const struct fixture_hash_to_scalar *const vectors_hash_to_scalar = _vectors_hash_to_scalar;\n"); - fprintf(out, "const size_t vectors_hash_to_scalar_len = %d;\n\n", i); - json_free(j2); - free(f2); - json_free(j); - free(f); - - // Generators - f = read_file(dirfd, "generators.json"); - json_parse(f, &j); - fprintf(out, "static const uint8_t generators[][48] = {\n\t"); - print_hex_str(json_object_get(j, "Q1"), out); - i=1; - for(struct json *k=json_object_get(j, "MsgGenerators")->value; k; k = k->next) { - fprintf(out, ",\n\t"); - print_hex_str(k, out); - i++; - } - fprintf(out, "\n};\n"); - fprintf(out, "static const struct fixture_generators _vectors_generators[] = {\n"); - fprintf(out, "\t{ .result = generators, .result_len = %d }\n", i); - fprintf(out, "};\n"); - fprintf(out, "const struct fixture_generators *const vectors_generators = _vectors_generators;\n"); - fprintf(out, "const size_t vectors_generators_len = %d;\n\n", 1); - json_free(j); - free(f); - - // Keygen - f = read_file(dirfd, "keypair.json"); - json_parse(f, &j); - fprintf(out, "static const uint8_t keygen_material[] = "); - print_hex_str(json_object_get(j, "keyMaterial"), out); - fprintf(out, ";\nstatic const uint8_t keygen_info[] = "); - print_hex_str(json_object_get(j, "keyInfo"), out); - fprintf(out, ";\nstatic const uint8_t keygen_dst[] = "); - print_hex_str(json_object_get(j, "keyDst"), out); - fprintf(out, ";\nstatic const struct fixture_keygen _vectors_keygen[] = {\n"); - fprintf(out, "\t{ .key_material = keygen_material, .key_material_len = %zu, ", json_object_get(j, "keyMaterial")->len/2); - fprintf(out, ".key_info = keygen_info, .key_info_len = %zu, ", json_object_get(j, "keyInfo")->len/2); - fprintf(out, ".key_dst = keygen_dst, .key_dst_len = %zu, ", json_object_get(j, "keyDst")->len/2); - tmp = json_object_get(j, "keyPair"); - fprintf(out, ".result_sk = "); - print_hex_str(json_object_get(tmp, "secretKey"), out); - fprintf(out, ", .result_pk = "); - print_hex_str(json_object_get(tmp, "publicKey"), out); - fprintf(out, "}\n};\n"); - fprintf(out, "const struct fixture_keygen *const vectors_keygen = _vectors_keygen;\n"); - fprintf(out, "const size_t vectors_keygen_len = %d;\n\n", 1); - json_free(j); - free(f); - - // Signatures - for(filenum = 1; 1; filenum++) { - sprintf(filename, "signature/signature%03d.json", filenum); - if(!existsat(dirfd, filename)) break; - - f = read_file(dirfd, filename); + if (is_blind == 1) { + // Blind Generators + f = read_file(dirfd, "generators.json"); json_parse(f, &j); - fprintf(out, "static const uint8_t signature%d_header[] = ", filenum); - print_hex_str(json_object_get(j, "header"), out); - i = 0; - for(struct json *k=json_object_get(j, "messages")->value; k; k = k->next) { - fprintf(out, ";\nstatic const uint8_t signature%d_msg%d[] = ", filenum, i++); + struct json *signer_gen = json_object_get(j, "generators"); + struct json *prover_gen = json_object_get(j, "blindGenerators"); + + fprintf(out, "static const uint8_t blind_signer_generators[][48] = {\n\t"); + print_hex_str(json_object_get(signer_gen, "Q1"), out); + i = 1; + for(struct json *k = json_object_get(signer_gen, "MsgGenerators")->value; k; k = k->next) { + fprintf(out, ",\n\t"); print_hex_str(k, out); + i++; } - fprintf(out, ";\nstatic const void *const signature%d_msgs[] = {", filenum); - for(int ii=0; iivalue; k; k = k->next) { - fprintf(out, "%zu, ", k->len/2); - } - fprintf(out, "};\n"); - json_free(j); - free(f); - } - fprintf(out, "static const struct fixture_signature _vectors_signature[] = {\n"); - for(filenum = 1; 1; filenum++) { - sprintf(filename, "signature/signature%03d.json", filenum); - if(!existsat(dirfd, filename)) break; + int signer_count = i; + fprintf(out, "\n};\n"); - f = read_file(dirfd, filename); - json_parse(f, &j); - fprintf(out, "\t{ .sk = "); - tmp = json_object_get(j, "signerKeyPair"); - print_hex_str(json_object_get(tmp, "secretKey"), out); - fprintf(out, ", .pk = "); - print_hex_str(json_object_get(tmp, "publicKey"), out); - tmp = json_object_get(j, "header"); - fprintf(out, ", .header = signature%d_header, .header_len = %zu", filenum, tmp->len/2); - fprintf(out, ", .num_messages = %zu", json_array_len(json_object_get(j, "messages"))); - fprintf(out, ", .msgs = signature%d_msgs, .msg_lens = signature%d_msg_lens", filenum, filenum); - fprintf(out, ", .result = "); - print_hex_str(json_object_get(j, "signature"), out); - tmp = json_object_get(j, "result"); - fprintf(out, ", .result_valid = %d },\n", JSON_TRUE == json_object_get(tmp, "valid")->type); - json_free(j); - free(f); - } - fprintf(out, "};\n"); - fprintf(out, "const struct fixture_signature *const vectors_signature = _vectors_signature;\n"); - fprintf(out, "const size_t vectors_signature_len = %d;\n\n", --filenum); - - // Mocked Scalars - f = read_file(dirfd, "mockedRng.json"); - json_parse(f, &j); - fprintf(out, "static const uint8_t mocked_seed[] = "); - tmp = json_object_get(j, "seed"); - print_hex_str(tmp, out); - mocked_seed_len = tmp->len/2; - fprintf(out, ";\nstatic const uint8_t mocked_dst[] = "); - tmp = json_object_get(j, "dst"); - print_hex_str(tmp, out); - mocked_dst_len = tmp->len/2; - fprintf(out, ";\nstatic const uint8_t mocked_scalars[][32] = {\n"); - i=0; - for(struct json *k=json_object_get(j, "mockedScalars")->value; k; k = k->next) { - fprintf(out, "\t"); - print_hex_str(k, out); - fprintf(out, ",\n"); - i++; - } - fprintf(out, "};\n"); - fprintf(out, "static const struct fixture_mocked_scalars _vectors_mocked_scalars[] = {\n"); - fprintf(out, "\t{ .seed = mocked_seed, .seed_len = %zu", mocked_seed_len); - fprintf(out, ", .dst = mocked_dst, .dst_len = %zu", mocked_dst_len); - fprintf(out, ", .result = mocked_scalars, .result_len = %d }\n", i); - fprintf(out, "};\n"); - fprintf(out, "const struct fixture_mocked_scalars *const vectors_mocked_scalars = _vectors_mocked_scalars;\n"); - fprintf(out, "const size_t vectors_mocked_scalars_len = %d;\n\n", 1); - json_free(j); - free(f); - - // Proofs - for(filenum = 1; 1; filenum++) { - sprintf(filename, "proof/proof%03d.json", filenum); - if(!existsat(dirfd, filename)) break; - - f = read_file(dirfd, filename); - json_parse(f, &j); - fprintf(out, "static const uint8_t proof%d_header[] = ", filenum); - print_hex_str(json_object_get(j, "header"), out); - fprintf(out, ";\nstatic const uint8_t proof%d_presentation_header[] = ", filenum); - print_hex_str(json_object_get(j, "presentationHeader"), out); - i = 0; - for(struct json *k=json_object_get(j, "messages")->value; k; k = k->next) { - fprintf(out, ";\nstatic const uint8_t proof%d_msg%d[] = ", filenum, i++); + fprintf(out, "static const uint8_t blind_prover_generators[][48] = {\n\t"); + print_hex_str(json_object_get(prover_gen, "Q1"), out); + i = 1; + for(struct json *k = json_object_get(prover_gen, "MsgGenerators")->value; k; k = k->next) { + fprintf(out, ",\n\t"); print_hex_str(k, out); + i++; } - fprintf(out, ";\nstatic const void *const proof%d_msgs[] = {", filenum); - for(int ii=0; iivalue; k; k = k->next) { - fprintf(out, "%zu, ", k->len/2); - } - fprintf(out, "};\nstatic const size_t proof%d_disclosed_indexes[] = {", filenum); - for(struct json *k=json_object_get(j, "disclosedIndexes")->value; k; k = k->next) { - fprintf(out, "%.*s, ", (int)k->len, k->string); - } - fprintf(out, "};\nstatic const uint8_t proof%d_proof[] = ", filenum); - print_hex_str(json_object_get(j, "proof"), out); - fprintf(out, ";\n"); - json_free(j); - free(f); - } - fprintf(out, "static const struct fixture_proof _vectors_proof[] = {\n"); - for(filenum = 1; 1; filenum++) { - sprintf(filename, "proof/proof%03d.json", filenum); - if(!existsat(dirfd, filename)) break; + int prover_count = i; + fprintf(out, "\n};\n"); - f = read_file(dirfd, filename); - json_parse(f, &j); - fprintf(out, "\t{ .pk = "); - print_hex_str(json_object_get(j, "signerPublicKey"), out); - fprintf(out, ", .signature = "); - print_hex_str(json_object_get(j, "signature"), out); - tmp = json_object_get(j, "header"); - fprintf(out, ", .header = proof%d_header, .header_len = %zu", filenum, tmp->len/2); - tmp = json_object_get(j, "presentationHeader"); - fprintf(out, ", .presentation_header = proof%d_presentation_header, .presentation_header_len = %zu", filenum, tmp->len/2); - fprintf(out, ", .num_messages = %zu", json_array_len(json_object_get(j, "messages"))); - fprintf(out, ", .msgs = proof%d_msgs, .msg_lens = proof%d_msg_lens", filenum, filenum); - fprintf(out, ", .disclosed_indexes = proof%d_disclosed_indexes", filenum); - fprintf(out, ", .disclosed_indexes_len = %zu", json_array_len(json_object_get(j, "disclosedIndexes"))); - fprintf(out, ", .mocking_seed = mocked_seed, .mocking_seed_len = %zu", mocked_seed_len); - fprintf(out, ", .mocking_dst = mocked_dst, .mocking_dst_len = %zu", mocked_dst_len); - tmp = json_object_get(j, "proof"); - fprintf(out, ", .result = proof%d_proof, .result_len = %zu", filenum, tmp->len/2); - tmp = json_object_get(j, "result"); - fprintf(out, ", .result_valid = %d },\n", JSON_TRUE == json_object_get(tmp, "valid")->type); + fprintf(out, "static const struct blind_fixture_generators _vectors_blind_generators[] = {\n"); + fprintf(out, "\t{ .signer_result = blind_signer_generators, .signer_result_len = %d,\n", signer_count); + fprintf(out, "\t .prover_result = blind_prover_generators, .prover_result_len = %d }\n", prover_count); + fprintf(out, "};\n"); + fprintf(out, "const struct blind_fixture_generators *const vectors_blind_generators = _vectors_blind_generators;\n"); + fprintf(out, "const size_t vectors_blind_generators_len = 1;\n\n"); json_free(j); free(f); - } - fprintf(out, "};\n"); - fprintf(out, "const struct fixture_proof *const vectors_proof = _vectors_proof;\n"); - fprintf(out, "const size_t vectors_proof_len = %d;\n\n", --filenum); + + // Blind Commit + fprintf(out, "static const struct blind_fixture_commit _vectors_blind_commit[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "commit/commit%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *mock = json_object_get(j, "mockRngParameters"); + struct json *commit = json_object_get(mock, "commit"); + + fprintf(out, "\t{\n"); + + tmp = json_object_get(mock, "SEED"); + fprintf(out, "\t\t.mocking_seed = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "},\n\t\t.mocking_seed_len = %zu,\n", tmp->len); + + tmp = json_object_get(commit, "DST"); + fprintf(out, "\t\t.mocking_dst = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "},\n\t\t.mocking_dst_len = %zu,\n", tmp->len); + + tmp = json_object_get(commit, "count"); + fprintf(out, "\t\t.mocking_count = %.*s,\n", (int)tmp->len, tmp->string); + + i = 0; + for(struct json *k = json_object_get(j, "committedMessages")->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_committed_messages = %d,\n", i); + + if (i == 0) { // print array as NULL if empty + fprintf(out, "\t\t.committed_msgs = NULL,\n"); + fprintf(out, "\t\t.committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.committed_msgs = (const void *const[]){"); + for(struct json *k = json_object_get(j, "committedMessages")->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); + print_hex_str(k, out); + fprintf(out, ", "); + } + fprintf(out, "},\n"); + + fprintf(out, "\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = json_object_get(j, "committedMessages")->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + fprintf(out, "\t\t.prover_blind = "); + print_hex_str(json_object_get(j, "proverBlind"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "commitmentWithProof"); + fprintf(out, "\t\t.result = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .result_len = %zu,\n", tmp->len / 2); + + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_fixture_commit *const vectors_blind_commit = _vectors_blind_commit;\n"); + fprintf(out, "const size_t vectors_blind_commit_len = %d;\n\n", --filenum); + + // Blind Signatures + fprintf(out, "static const struct blind_fixture_signature _vectors_blind_signature[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "signature/signature%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *kp = json_object_get(j, "signerKeyPair"); + struct json *cwp = json_object_get(j, "commitmentWithProof"); + struct json *pb = json_object_get(j, "proverBlind"); + struct json *cm = json_object_get(j, "committedMessages"); + struct json *msgs = json_object_get(j, "messages"); + + fprintf(out, "\t{\n"); + + fprintf(out, "\t\t.sk = "); + print_hex_str(json_object_get(kp, "secretKey"), out); + fprintf(out, ",\n\t\t.pk = "); + print_hex_str(json_object_get(kp, "publicKey"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "header"); + fprintf(out, "\t\t.header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .header_len = %zu,\n", tmp->len / 2); + + // commitmentWithProof + if(cwp->type == JSON_NULL) { + fprintf(out, "\t\t.commitment_with_proof = NULL, .commitment_with_proof_len = 0,\n"); + } else { + fprintf(out, "\t\t.commitment_with_proof = (const uint8_t[])"); + print_hex_str(cwp, out); + fprintf(out, ", .commitment_with_proof_len = %zu,\n", cwp->len / 2); + } + + // signer messages + i = 0; + for(struct json *k = msgs->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_messages = %d,\n", i); + if(i == 0) { + fprintf(out, "\t\t.msgs = NULL, .msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.msgs = (const void *const[]){"); + for(struct json *k = msgs->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); + print_hex_str(k, out); + fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.msg_lens = (const size_t[]){"); + for(struct json *k = msgs->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // committed messages + i = 0; + if(cm->type != JSON_NULL) + for(struct json *k = cm->value; k; k = k->next) i++; + fprintf(out, "\t\t.num_committed_messages = %d,\n", i); + if(i == 0) { + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.committed_msgs = (const void *const[]){"); + for(struct json *k = cm->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); + print_hex_str(k, out); + fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = cm->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // proverBlind + fprintf(out, "\t\t.prover_blind = "); + if(pb->type == JSON_NULL) + fprintf(out, "{0}"); + else + print_hex_str(pb, out); + fprintf(out, ",\n"); + + fprintf(out, "\t\t.result = "); + print_hex_str(json_object_get(j, "signature"), out); + fprintf(out, ",\n"); + + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", + JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_fixture_signature *const vectors_blind_signature = _vectors_blind_signature;\n"); + fprintf(out, "const size_t vectors_blind_signature_len = %d;\n\n", --filenum); + + // read messages and committed messages once from messages.json as those are all the same for all test vectors + f = read_file(dirfd, "../messages.json"); + json_parse(f, &j2); + struct json *all_msgs = json_object_get(j2, "messages"); + struct json *all_committed = json_object_get(j2, "committedMessages"); + int n_msgs = 0; + for(struct json *k = all_msgs->value; k; k = k->next) n_msgs++; + int n_committed = 0; + for(struct json *k = all_committed->value; k; k = k->next) n_committed++; + + // Blind Proofs + fprintf(out, "static const struct blind_fixture_proof _vectors_blind_proof[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "proof/proof%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + f = read_file(dirfd, filename); + json_parse(f, &j); + + struct json *mock = json_object_get(j, "mockRngParameters"); + struct json *proof_rng = json_object_get(mock, "proof"); + struct json *pb = json_object_get(j, "proverBlind"); + struct json *revealed = json_object_get(j, "revealedMessages"); + struct json *revealed_committed = json_object_get(j, "revealedCommittedMessages"); + + // count disclosed + int n_disclosed = 0; + if(revealed->type != JSON_NULL) + for(struct json *k = revealed->value; k; k = k->next) n_disclosed++; + int n_disclosed_committed = 0; + if(revealed_committed && revealed_committed->type != JSON_NULL) + for(struct json *k = revealed_committed->value; k; k = k->next) n_disclosed_committed++; + + fprintf(out, "\t{\n"); + + // pk and signature + fprintf(out, "\t\t.pk = "); + print_hex_str(json_object_get(j, "signerPublicKey"), out); + fprintf(out, ",\n\t\t.signature = "); + print_hex_str(json_object_get(j, "signature"), out); + fprintf(out, ",\n"); + + // header and presentation header + tmp = json_object_get(j, "header"); + fprintf(out, "\t\t.header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .header_len = %zu,\n", tmp->len / 2); + tmp = json_object_get(j, "presentationHeader"); + fprintf(out, "\t\t.presentation_header = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .presentation_header_len = %zu,\n", tmp->len / 2); + + // proverBlind + fprintf(out, "\t\t.prover_blind = "); + if(pb->type == JSON_NULL) fprintf(out, "{0}"); + else print_hex_str(pb, out); + fprintf(out, ",\n"); + + // all messages (from messages.json) + fprintf(out, "\t\t.num_messages = %d,\n", n_msgs); + fprintf(out, "\t\t.msgs = (const void *const[]){"); + for(struct json *k = all_msgs->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.msg_lens = (const size_t[]){"); + for(struct json *k = all_msgs->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + + // all committed messages, if there is no committmentWithProof in the test vector there is also + // no committed messages + if(pb->type == JSON_NULL) { + fprintf(out, "\t\t.num_committed_messages = 0,\n"); + fprintf(out, "\t\t.committed_msgs = NULL, .committed_msg_lens = NULL,\n"); + } else { + fprintf(out, "\t\t.num_committed_messages = %d,\n", n_committed); + fprintf(out, "\t\t.committed_msgs = (const void *const[]){"); + for(struct json *k = all_committed->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.committed_msg_lens = (const size_t[]){"); + for(struct json *k = all_committed->value; k; k = k->next) + fprintf(out, "%zu, ", k->len / 2); + fprintf(out, "},\n"); + } + + // revealedMessages + fprintf(out, "\t\t.disclosed_indexes_len = %d,\n", n_disclosed); + if(n_disclosed == 0) { + fprintf(out, "\t\t.disclosed_indexes = NULL,\n"); + fprintf(out, "\t\t.disclosed_msgs = NULL, .disclosed_msg_lens = NULL,\n"); + fprintf(out, "\t\t.disclosed_msgs_len = 0,\n"); + } else { + fprintf(out, "\t\t.disclosed_indexes = (const size_t[]){"); + for(struct json *k = revealed->value; k; k = k->next) + fprintf(out, "%.*s, ", (int)k->len, k->string); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_msgs = (const void *const[]){"); + for(struct json *k = revealed->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k->value, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.disclosed_msg_lens = (const size_t[]){"); + for(struct json *k = revealed->value; k; k = k->next) + fprintf(out, "%zu, ", k->value->len / 2); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_msgs_len = %d,\n", n_disclosed); + } + + // revealedCommittedMessages + fprintf(out, "\t\t.disclosed_committed_indexes_len = %d,\n", n_disclosed_committed); + if(n_disclosed_committed == 0) { + fprintf(out, "\t\t.disclosed_committed_indexes = NULL,\n"); + fprintf(out, "\t\t.disclosed_committed_msgs = NULL, .disclosed_committed_msg_lens = NULL,\n"); + fprintf(out, "\t\t.disclosed_committed_msgs_len = 0,\n"); + } else { + fprintf(out, "\t\t.disclosed_committed_indexes = (const size_t[]){"); + for(struct json *k = revealed_committed->value; k; k = k->next) + fprintf(out, "%.*s, ", (int)k->len, k->string); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_committed_msgs = (const void *const[]){"); + for(struct json *k = revealed_committed->value; k; k = k->next) { + fprintf(out, "(const uint8_t[])"); print_hex_str(k->value, out); fprintf(out, ", "); + } + fprintf(out, "},\n\t\t.disclosed_committed_msg_lens = (const size_t[]){"); + for(struct json *k = revealed_committed->value; k; k = k->next) + fprintf(out, "%zu, ", k->value->len / 2); + fprintf(out, "},\n"); + fprintf(out, "\t\t.disclosed_committed_msgs_len = %d,\n", n_disclosed_committed); + } + + // L + tmp = json_object_get(j, "L"); + fprintf(out, "\t\t.L = %.*s,\n", (int)tmp->len, tmp->string); + + // proof mocking + tmp = json_object_get(mock, "SEED"); + fprintf(out, "\t\t.proof_mocking_seed = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .proof_mocking_seed_len = %zu,\n", tmp->len); + tmp = json_object_get(proof_rng, "DST"); + fprintf(out, "\t\t.proof_mocking_dst = (const uint8_t[]){"); + for(size_t si = 0; si < tmp->len; si++) + fprintf(out, "%s0x%02x", si ? "," : "", (unsigned char)tmp->string[si]); + fprintf(out, "}, .proof_mocking_dst_len = %zu,\n", tmp->len); + + // result + tmp = json_object_get(j, "proof"); + fprintf(out, "\t\t.result = (const uint8_t[])"); + print_hex_str(tmp, out); + fprintf(out, ", .result_len = %zu,\n", tmp->len / 2); + tmp = json_object_get(j, "result"); + fprintf(out, "\t\t.result_valid = %d\n", + JSON_TRUE == json_object_get(tmp, "valid")->type); + + fprintf(out, "\t},\n"); + json_free(j); free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct blind_fixture_proof *const vectors_blind_proof = _vectors_blind_proof;\n"); + fprintf(out, "const size_t vectors_blind_proof_len = %d;\n\n", --filenum); + } else if (is_blind == 2) { + // BLIND WITH NYM + parse_blind_with_nym_fixtures(out, dirfd); + } else { + // Hash to Scalar + f = read_file(dirfd, "MapMessageToScalarAsHash.json"); + json_parse(f, &j); + f2 = read_file(dirfd, "h2s.json"); + json_parse(f2, &j2); + fprintf(out, "static const uint8_t h2s_message%d[] = ", i = 0); + tmp = json_object_get(j2, "message"); + print_hex_str(tmp, out); + fprintf(out, ";\nstatic const uint8_t h2s_dst%d[] = ", i++); + tmp = json_object_get(j2, "dst"); + print_hex_str(tmp, out); + fprintf(out, ";\n"); + for(struct json *k=json_object_get(j, "cases")->value; k; k = k->next) { + fprintf(out, "static const uint8_t h2s_message%d[] = ", i); + tmp = json_object_get(k, "message"); + print_hex_str(tmp, out); + fprintf(out, ";\nstatic const uint8_t h2s_dst%d[] = ", i++); + tmp = json_object_get(j, "dst"); + print_hex_str(tmp, out); + fprintf(out, ";\n"); + } + fprintf(out, "static const struct fixture_hash_to_scalar _vectors_hash_to_scalar[] = {\n"); + tmp = json_object_get(j2, "message"); + fprintf(out, "\t{ .msg = h2s_message%d, .msg_len = %zu, ", i = 0, tmp->len / 2); + tmp = json_object_get(j2, "dst"); + fprintf(out, ".dst = h2s_dst%d, .dst_len = %zu, .result = ", i++, tmp->len / 2); + tmp = json_object_get(j2, "scalar"); + print_hex_str(tmp, out); + fprintf(out, "},\n"); + for(struct json *k=json_object_get(j, "cases")->value; k; k = k->next) { + tmp = json_object_get(k, "message"); + fprintf(out, "\t{ .msg = h2s_message%d, .msg_len = %zu, ", i, tmp->len / 2); + tmp = json_object_get(j, "dst"); + fprintf(out, ".dst = h2s_dst%d, .dst_len = %zu, .result = ", i++, tmp->len / 2); + tmp = json_object_get(k, "scalar"); + print_hex_str(tmp, out); + fprintf(out, "},\n"); + } + fprintf(out, "};\n"); + fprintf(out, "const struct fixture_hash_to_scalar *const vectors_hash_to_scalar = _vectors_hash_to_scalar;\n"); + fprintf(out, "const size_t vectors_hash_to_scalar_len = %d;\n\n", i); + json_free(j2); + free(f2); + json_free(j); + free(f); + + // Generators + f = read_file(dirfd, "generators.json"); + json_parse(f, &j); + fprintf(out, "static const uint8_t generators[][48] = {\n\t"); + print_hex_str(json_object_get(j, "Q1"), out); + i=1; + for(struct json *k=json_object_get(j, "MsgGenerators")->value; k; k = k->next) { + fprintf(out, ",\n\t"); + print_hex_str(k, out); + i++; + } + fprintf(out, "\n};\n"); + fprintf(out, "static const struct fixture_generators _vectors_generators[] = {\n"); + fprintf(out, "\t{ .result = generators, .result_len = %d }\n", i); + fprintf(out, "};\n"); + fprintf(out, "const struct fixture_generators *const vectors_generators = _vectors_generators;\n"); + fprintf(out, "const size_t vectors_generators_len = %d;\n\n", 1); + json_free(j); + free(f); + + // Keygen + f = read_file(dirfd, "keypair.json"); + json_parse(f, &j); + fprintf(out, "static const uint8_t keygen_material[] = "); + print_hex_str(json_object_get(j, "keyMaterial"), out); + fprintf(out, ";\nstatic const uint8_t keygen_info[] = "); + print_hex_str(json_object_get(j, "keyInfo"), out); + fprintf(out, ";\nstatic const uint8_t keygen_dst[] = "); + print_hex_str(json_object_get(j, "keyDst"), out); + fprintf(out, ";\nstatic const struct fixture_keygen _vectors_keygen[] = {\n"); + fprintf(out, "\t{ .key_material = keygen_material, .key_material_len = %zu, ", json_object_get(j, "keyMaterial")->len/2); + fprintf(out, ".key_info = keygen_info, .key_info_len = %zu, ", json_object_get(j, "keyInfo")->len/2); + fprintf(out, ".key_dst = keygen_dst, .key_dst_len = %zu, ", json_object_get(j, "keyDst")->len/2); + tmp = json_object_get(j, "keyPair"); + fprintf(out, ".result_sk = "); + print_hex_str(json_object_get(tmp, "secretKey"), out); + fprintf(out, ", .result_pk = "); + print_hex_str(json_object_get(tmp, "publicKey"), out); + fprintf(out, "}\n};\n"); + fprintf(out, "const struct fixture_keygen *const vectors_keygen = _vectors_keygen;\n"); + fprintf(out, "const size_t vectors_keygen_len = %d;\n\n", 1); + json_free(j); + free(f); + + // Signatures + for(filenum = 1; 1; filenum++) { + sprintf(filename, "signature/signature%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + + f = read_file(dirfd, filename); + json_parse(f, &j); + fprintf(out, "static const uint8_t signature%d_header[] = ", filenum); + print_hex_str(json_object_get(j, "header"), out); + i = 0; + for(struct json *k=json_object_get(j, "messages")->value; k; k = k->next) { + fprintf(out, ";\nstatic const uint8_t signature%d_msg%d[] = ", filenum, i++); + print_hex_str(k, out); + } + fprintf(out, ";\nstatic const void *const signature%d_msgs[] = {", filenum); + for(int ii=0; iivalue; k; k = k->next) { + fprintf(out, "%zu, ", k->len/2); + } + fprintf(out, "};\n"); + json_free(j); + free(f); + } + fprintf(out, "static const struct fixture_signature _vectors_signature[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "signature/signature%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + + f = read_file(dirfd, filename); + json_parse(f, &j); + fprintf(out, "\t{ .sk = "); + tmp = json_object_get(j, "signerKeyPair"); + print_hex_str(json_object_get(tmp, "secretKey"), out); + fprintf(out, ", .pk = "); + print_hex_str(json_object_get(tmp, "publicKey"), out); + tmp = json_object_get(j, "header"); + fprintf(out, ", .header = signature%d_header, .header_len = %zu", filenum, tmp->len/2); + fprintf(out, ", .num_messages = %zu", json_array_len(json_object_get(j, "messages"))); + fprintf(out, ", .msgs = signature%d_msgs, .msg_lens = signature%d_msg_lens", filenum, filenum); + fprintf(out, ", .result = "); + print_hex_str(json_object_get(j, "signature"), out); + tmp = json_object_get(j, "result"); + fprintf(out, ", .result_valid = %d },\n", JSON_TRUE == json_object_get(tmp, "valid")->type); + json_free(j); + free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct fixture_signature *const vectors_signature = _vectors_signature;\n"); + fprintf(out, "const size_t vectors_signature_len = %d;\n\n", --filenum); + + // Mocked Scalars + f = read_file(dirfd, "mockedRng.json"); + json_parse(f, &j); + fprintf(out, "static const uint8_t mocked_seed[] = "); + tmp = json_object_get(j, "seed"); + print_hex_str(tmp, out); + mocked_seed_len = tmp->len/2; + fprintf(out, ";\nstatic const uint8_t mocked_dst[] = "); + tmp = json_object_get(j, "dst"); + print_hex_str(tmp, out); + mocked_dst_len = tmp->len/2; + fprintf(out, ";\nstatic const uint8_t mocked_scalars[][32] = {\n"); + i=0; + for(struct json *k=json_object_get(j, "mockedScalars")->value; k; k = k->next) { + fprintf(out, "\t"); + print_hex_str(k, out); + fprintf(out, ",\n"); + i++; + } + fprintf(out, "};\n"); + fprintf(out, "static const struct fixture_mocked_scalars _vectors_mocked_scalars[] = {\n"); + fprintf(out, "\t{ .seed = mocked_seed, .seed_len = %zu", mocked_seed_len); + fprintf(out, ", .dst = mocked_dst, .dst_len = %zu", mocked_dst_len); + fprintf(out, ", .result = mocked_scalars, .result_len = %d }\n", i); + fprintf(out, "};\n"); + fprintf(out, "const struct fixture_mocked_scalars *const vectors_mocked_scalars = _vectors_mocked_scalars;\n"); + fprintf(out, "const size_t vectors_mocked_scalars_len = %d;\n\n", 1); + json_free(j); + free(f); + + // Proofs + for(filenum = 1; 1; filenum++) { + sprintf(filename, "proof/proof%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + + f = read_file(dirfd, filename); + json_parse(f, &j); + fprintf(out, "static const uint8_t proof%d_header[] = ", filenum); + print_hex_str(json_object_get(j, "header"), out); + fprintf(out, ";\nstatic const uint8_t proof%d_presentation_header[] = ", filenum); + print_hex_str(json_object_get(j, "presentationHeader"), out); + i = 0; + for(struct json *k=json_object_get(j, "messages")->value; k; k = k->next) { + fprintf(out, ";\nstatic const uint8_t proof%d_msg%d[] = ", filenum, i++); + print_hex_str(k, out); + } + fprintf(out, ";\nstatic const void *const proof%d_msgs[] = {", filenum); + for(int ii=0; iivalue; k; k = k->next) { + fprintf(out, "%zu, ", k->len/2); + } + fprintf(out, "};\nstatic const size_t proof%d_disclosed_indexes[] = {", filenum); + for(struct json *k=json_object_get(j, "disclosedIndexes")->value; k; k = k->next) { + fprintf(out, "%.*s, ", (int)k->len, k->string); + } + fprintf(out, "};\nstatic const uint8_t proof%d_proof[] = ", filenum); + print_hex_str(json_object_get(j, "proof"), out); + fprintf(out, ";\n"); + json_free(j); + free(f); + } + fprintf(out, "static const struct fixture_proof _vectors_proof[] = {\n"); + for(filenum = 1; 1; filenum++) { + sprintf(filename, "proof/proof%03d.json", filenum); + if(!existsat(dirfd, filename)) break; + + f = read_file(dirfd, filename); + json_parse(f, &j); + fprintf(out, "\t{ .pk = "); + print_hex_str(json_object_get(j, "signerPublicKey"), out); + fprintf(out, ", .signature = "); + print_hex_str(json_object_get(j, "signature"), out); + tmp = json_object_get(j, "header"); + fprintf(out, ", .header = proof%d_header, .header_len = %zu", filenum, tmp->len/2); + tmp = json_object_get(j, "presentationHeader"); + fprintf(out, ", .presentation_header = proof%d_presentation_header, .presentation_header_len = %zu", filenum, tmp->len/2); + fprintf(out, ", .num_messages = %zu", json_array_len(json_object_get(j, "messages"))); + fprintf(out, ", .msgs = proof%d_msgs, .msg_lens = proof%d_msg_lens", filenum, filenum); + fprintf(out, ", .disclosed_indexes = proof%d_disclosed_indexes", filenum); + fprintf(out, ", .disclosed_indexes_len = %zu", json_array_len(json_object_get(j, "disclosedIndexes"))); + fprintf(out, ", .mocking_seed = mocked_seed, .mocking_seed_len = %zu", mocked_seed_len); + fprintf(out, ", .mocking_dst = mocked_dst, .mocking_dst_len = %zu", mocked_dst_len); + tmp = json_object_get(j, "proof"); + fprintf(out, ", .result = proof%d_proof, .result_len = %zu", filenum, tmp->len/2); + tmp = json_object_get(j, "result"); + fprintf(out, ", .result_valid = %d },\n", JSON_TRUE == json_object_get(tmp, "valid")->type); + json_free(j); + free(f); + } + fprintf(out, "};\n"); + fprintf(out, "const struct fixture_proof *const vectors_proof = _vectors_proof;\n"); + fprintf(out, "const size_t vectors_proof_len = %d;\n\n", --filenum); + } if(fclose(out)) fail("fclose"); return 0;