lovesh
diff --git a/‎delg_cred_cdd/Cargo.toml
Lines changed: 1 addition & 1 deletion b/‎delg_cred_cdd/Cargo.toml
Lines changed: 1 addition & 1 deletion
diff --git a/‎delg_cred_cdd/README.md
Lines changed: 3 additions & 3 deletions b/‎delg_cred_cdd/README.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎delg_cred_cdd/src/attribute_token.rs
Lines changed: 34 additions & 29 deletions b/‎delg_cred_cdd/src/attribute_token.rs
Lines changed: 34 additions & 29 deletions
diff --git a/‎delg_cred_cdd/src/issuer.rs
Lines changed: 71 additions & 0 deletions b/‎delg_cred_cdd/src/issuer.rs
Lines changed: 71 additions & 0 deletions
diff --git a/‎ps/Cargo.toml
Lines changed: 4 additions & 5 deletions b/‎ps/Cargo.toml
Lines changed: 4 additions & 5 deletions
@@ -12,6 +12,6 @@ serde = "1.0"
 serde_derive = "1.0"
 
 [dependencies.amcl_wrapper]
-version = "0.1.5"
+version = "0.1.6"
 default-features = false
 features = ["bls381"]
@@ -4,17 +4,17 @@
 
 ### Brief description of the API
 1. [Groth1 and Groth2 signatures](src/groth_sig.rs).  
-    - Parameters can be generated by calling `GrothS1::setup` or `GrothS2::setup`. `setup` takes the maximum number of attributes that need to be supported. Keep it one more than the number you want to support to accomodate the public key.
+    - Parameters can be generated by calling `GrothS1::setup` or `GrothS2::setup`. `setup` takes the maximum number of attributes that need to be supported. Keep it one more than the number you want to support to accommodate the public key.
     - Signing keys can be generated by calling `GrothS1::keygen` or `GrothS2::keygen`. Takes the corresponding setup parameters.
     - A new signature can be created by calling `Groth1Sig:new` or `Groth2Sig:new`. An existing signature can be randomized by calling `randomize` on the siganture.
     - 2 methods for signature verification, `verify` and `verify_fast`, both with the same API. `verify` computes several pairings to verify the signature whereas `verify_fast` does only 1 big multi-pairing. Applies this observation to pairings: if it needs to be cheched that a == b and c == d and e == f, then choose a random number `r` and check whether (a-b) + (c-d)*r + (e-f)*r<sup>2</sup> == 0. Refer the docs for the method for more details     
 2. [Issuers and delegation](src/issuer.rs).  
    - Issuers are instantiated by calling `EvenLevelIssuer::new` or `OddLevelIssuer::new` by passing their level to the `new` function. Root issuers is at level 0 so always instantiated by `EvenLevelIssuer::new(0)`.
    - Issuers generate their keys with `EvenLevelIssuer::keygen` or `OddLevelIssuer::keygen`.
    - Issuers can delegate by calling `delegate` method that takes the attributes to sign, who to delegate to etc resulting in a credential. 
-   - A credential is a called a link and there credentials issued by `EvenLevelIssuer`s are called `CredLinkOdd` and credentials issued by `OddLevelIssuer`s are called `CredLinkEven`.
+   - A credential is a called a link and the credentials issued by `EvenLevelIssuer`s are called `CredLinkOdd` and credentials issued by `OddLevelIssuer`s are called `CredLinkEven`.
    - A link stores its associated `level`, `attributes` and `signature`. The last element of `attributes` is the verification key of the delegatee and the signature is on `attributes`.
-   - To verify the correctness of link, call `verify` on it with delegator public key, delegatee public key ans setup params.    
+   - To verify the correctness of link, call `verify` on it with delegator public key, delegatee public key and setup params.    
    - The chain of credentials is kept in `CredChain` which internally has 2 lists, 1 for odd level links and 1 for even. Even or odd level links can be added by calling `extend_with_even` or `extend_with_odd` on the chain.
    - To verify that all delegations are valid in the chain, call `verify_delegations` on the chain. 
 3. [Attribute tokens](src/attribute_token.rs)  
 
@@ -363,11 +363,15 @@ impl<'a> AttributeToken<'a> {
         })
     }
 
-    // XXX: Add other instance data
-    pub fn gen_challenge(at: &AttributeTokenComm, ipk: &Groth1Verkey) -> FieldElement {
+    pub fn gen_challenge(
+        at: &AttributeTokenComm,
+        ipk: &Groth1Verkey,
+        mut extra: Vec<u8>,
+    ) -> FieldElement {
         let mut bytes = Vec::<u8>::new();
         bytes.extend_from_slice(&ipk.0.to_bytes());
         bytes.extend_from_slice(&at.to_bytes());
+        bytes.append(&mut extra);
         FieldElement::from_msg_hash(&bytes)
     }
 
@@ -1398,7 +1402,7 @@ mod tests {
 
         assert!(com_1.odd_level_revealed_attributes[0].is_empty());
 
-        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
+        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_1 = at_1
@@ -1421,7 +1425,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk);
+        let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk, vec![]);
         assert_eq!(c_1, recon_c_1);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1449,7 +1453,7 @@ mod tests {
         assert!(com_2.odd_level_revealed_attributes[0].is_empty());
         assert!(com_2.even_level_revealed_attributes[0].is_empty());
 
-        let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk);
+        let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_2 = at_2
@@ -1478,7 +1482,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk);
+        let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk, vec![]);
         assert_eq!(c_2, recon_c_2);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1508,7 +1512,7 @@ mod tests {
         assert!(com_3.odd_level_revealed_attributes[1].is_empty());
         assert!(com_3.even_level_revealed_attributes[0].is_empty());
 
-        let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk);
+        let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_3 = at_3
@@ -1536,7 +1540,7 @@ mod tests {
         )
         .unwrap();
         let recon_duration = start_recon.elapsed();
-        let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk);
+        let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk, vec![]);
         assert_eq!(c_3, recon_c_3);
 
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
@@ -1568,7 +1572,7 @@ mod tests {
         assert!(com_4.even_level_revealed_attributes[0].is_empty());
         assert!(com_4.even_level_revealed_attributes[1].is_empty());
 
-        let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk);
+        let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_4 = at_4
@@ -1597,7 +1601,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk);
+        let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk, vec![]);
         assert_eq!(c_4, recon_c_4);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1629,7 +1633,7 @@ mod tests {
         assert!(com_5.even_level_revealed_attributes[0].is_empty());
         assert!(com_5.even_level_revealed_attributes[1].is_empty());
 
-        let c_5 = AttributeToken::gen_challenge(&com_5, &l_0_issuer_vk);
+        let c_5 = AttributeToken::gen_challenge(&com_5, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_5 = at_5
@@ -1658,7 +1662,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_5 = AttributeToken::gen_challenge(&recon_com_5, &l_0_issuer_vk);
+        let recon_c_5 = AttributeToken::gen_challenge(&recon_com_5, &l_0_issuer_vk, vec![]);
         assert_eq!(c_5, recon_c_5);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1691,7 +1695,7 @@ mod tests {
         assert!(com_6.even_level_revealed_attributes[1].is_empty());
         assert!(com_6.even_level_revealed_attributes[2].is_empty());
 
-        let c_6 = AttributeToken::gen_challenge(&com_6, &l_0_issuer_vk);
+        let c_6 = AttributeToken::gen_challenge(&com_6, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_6 = at_6
@@ -1720,7 +1724,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_6 = AttributeToken::gen_challenge(&recon_com_6, &l_0_issuer_vk);
+        let recon_c_6 = AttributeToken::gen_challenge(&recon_com_6, &l_0_issuer_vk, vec![]);
         assert_eq!(c_6, recon_c_6);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1780,7 +1784,7 @@ mod tests {
         assert_eq!(com_1.odd_level_revealed_attributes[0][&1], attributes_1[1]);
         assert_eq!(com_1.odd_level_revealed_attributes[0][&3], attributes_1[3]);
 
-        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
+        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_1 = at_1
@@ -1803,7 +1807,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk);
+        let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk, vec![]);
         assert_eq!(c_1, recon_c_1);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1849,7 +1853,7 @@ mod tests {
         assert_eq!(com_2.even_level_revealed_attributes[0][&3], attributes_2[3]);
         assert_eq!(com_2.even_level_revealed_attributes[0][&4], attributes_2[4]);
 
-        let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk);
+        let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_2 = at_2
@@ -1881,7 +1885,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk);
+        let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk, vec![]);
         assert_eq!(c_2, recon_c_2);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -1930,7 +1934,7 @@ mod tests {
         assert_eq!(com_3.even_level_revealed_attributes[0][&4], attributes_2[4]);
         assert_eq!(com_3.odd_level_revealed_attributes[1][&1], attributes_3[1]);
 
-        let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk);
+        let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_3 = at_3
@@ -1962,7 +1966,7 @@ mod tests {
         )
         .unwrap();
         let recon_duration = start_recon.elapsed();
-        let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk);
+        let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk, vec![]);
         assert_eq!(c_3, recon_c_3);
 
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
@@ -2019,7 +2023,7 @@ mod tests {
         assert_eq!(com_4.even_level_revealed_attributes[1][&1], attributes_4[1]);
         assert_eq!(com_4.even_level_revealed_attributes[1][&4], attributes_4[4]);
 
-        let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk);
+        let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk, vec![]);
 
         let start_resp = Instant::now();
         let resp_4 = at_4
@@ -2053,7 +2057,7 @@ mod tests {
         .unwrap();
         let recon_duration = start_recon.elapsed();
 
-        let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk);
+        let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk, vec![]);
         assert_eq!(c_4, recon_c_4);
         println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
                  com_duration, resp_duration, recon_duration, com_duration + resp_duration);
@@ -2191,9 +2195,10 @@ mod tests {
                 .unwrap();
             let com_precomp_duration = start.elapsed();
 
-            let c = AttributeToken::gen_challenge(&com, &l_0_issuer_vk);
-            let c_precomp_setup = AttributeToken::gen_challenge(&com_precomp_setup, &l_0_issuer_vk);
-            let c_precomp = AttributeToken::gen_challenge(&com_precomp, &l_0_issuer_vk);
+            let c = AttributeToken::gen_challenge(&com, &l_0_issuer_vk, vec![]);
+            let c_precomp_setup =
+                AttributeToken::gen_challenge(&com_precomp_setup, &l_0_issuer_vk, vec![]);
+            let c_precomp = AttributeToken::gen_challenge(&com_precomp, &l_0_issuer_vk, vec![]);
 
             let sk = if i % 2 == 1 {
                 let sk = &odd_level_issuer_keys[i / 2].0;
@@ -2243,7 +2248,7 @@ mod tests {
             .unwrap();
             let recon_duration = start.elapsed();
 
-            let recon_c = AttributeToken::gen_challenge(&recon_com, &l_0_issuer_vk);
+            let recon_c = AttributeToken::gen_challenge(&recon_com, &l_0_issuer_vk, vec![]);
             assert_eq!(c, recon_c);
 
             let start = Instant::now();
@@ -2263,7 +2268,7 @@ mod tests {
             let recon_precomp_duration = start.elapsed();
 
             let recon_c_precomp_setup_com =
-                AttributeToken::gen_challenge(&recon_precomp_setup_com, &l_0_issuer_vk);
+                AttributeToken::gen_challenge(&recon_precomp_setup_com, &l_0_issuer_vk, vec![]);
             assert_eq!(c_precomp_setup, recon_c_precomp_setup_com);
 
             let recon_precomp_com = AttributeToken::reconstruct_commitment_with_precomputed_vals(
@@ -2280,7 +2285,7 @@ mod tests {
             .unwrap();
 
             let recon_c_precomp_com =
-                AttributeToken::gen_challenge(&recon_precomp_com, &l_0_issuer_vk);
+                AttributeToken::gen_challenge(&recon_precomp_com, &l_0_issuer_vk, vec![]);
             assert_eq!(c_precomp, recon_c_precomp_com);
 
             println!("For delegation chain of length {}", L);
@@ -2351,7 +2356,7 @@ mod tests {
         // Supplying same number of collections of revealed attributes as the chain size
         let com_1 = at_1.commitment(vec![HashSet::<usize>::new(); 1]).unwrap();
 
-        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
+        let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);
 
         let mut morphed_commitment = com_1.clone();
         // Adding an element of comms_s to increase its size
 
@@ -42,6 +42,10 @@ pub struct OddLevelIssuer {
     pub level: usize,
 }
 
+pub struct RootIssuer {}
+
+pub type RootIssuerVerkey = EvenLevelVerkey;
+
 impl CredLinkOdd {
     pub fn attribute_count(&self) -> usize {
         self.attributes.len()
@@ -375,6 +379,22 @@ impl OddLevelIssuer {
     }
 }
 
+impl RootIssuer {
+    pub fn keygen(setup_params: &Groth1SetupParams) -> (Sigkey, RootIssuerVerkey) {
+        GrothS1::keygen(setup_params)
+    }
+
+    pub fn delegate(
+        mut delegatee_attributes: G1Vector,
+        delegatee_vk: OddLevelVerkey,
+        sk: &Sigkey,
+        setup_params: &Groth1SetupParams,
+    ) -> DelgResult<CredLinkOdd> {
+        let issuer = EvenLevelIssuer::new(0)?;
+        issuer.delegate(delegatee_attributes, delegatee_vk, sk, setup_params)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -452,6 +472,57 @@ mod tests {
             .unwrap());
     }
 
+    #[test]
+    fn test_root_issuer() {
+        let max_attributes = 5;
+        let label = "test".as_bytes();
+        let params1 = GrothS1::setup(max_attributes, label);
+        let params2 = GrothS2::setup(max_attributes, label);
+
+        let l_1_issuer = OddLevelIssuer::new(1).unwrap();
+        let l_2_issuer = EvenLevelIssuer::new(2).unwrap();
+
+        let (root_issuer_sk, root_issuer_vk) = RootIssuer::keygen(&params1);
+        let (l_1_issuer_sk, l_1_issuer_vk) = OddLevelIssuer::keygen(&params2);
+        let (l_2_issuer_sk, l_2_issuer_vk) = EvenLevelIssuer::keygen(&params1);
+
+        let attributes_1: G1Vector = (0..max_attributes - 1)
+            .map(|_| G1::random())
+            .collect::<Vec<G1>>()
+            .into();
+        let cred_link_1 = RootIssuer::delegate(
+                attributes_1.clone(),
+                l_1_issuer_vk.clone(),
+                &root_issuer_sk,
+                &params1,
+            )
+            .unwrap();
+
+        assert!(cred_link_1
+            .verify(&l_1_issuer_vk, &root_issuer_vk, &params1)
+            .unwrap());
+
+        let mut chain_1 = CredChain::new();
+        chain_1.extend_with_odd(cred_link_1).unwrap();
+
+        let attributes_2: G2Vector = (0..max_attributes - 1)
+            .map(|_| G2::random())
+            .collect::<Vec<G2>>()
+            .into();
+        let cred_link_2 = l_1_issuer
+            .delegate(
+                attributes_2.clone(),
+                l_2_issuer_vk.clone(),
+                &l_1_issuer_sk,
+                &params2,
+            )
+            .unwrap();
+
+        assert!(cred_link_2
+            .verify(&l_2_issuer_vk, &l_1_issuer_vk, &params2)
+            .unwrap());
+    }
+
     #[test]
     fn test_delegation_chain_verification() {
         let max_attributes = 3;
 
@@ -1,20 +1,19 @@
 [package]
-name = "ps"
+name = "ps_sig"
 version = "0.1.0"
 authors = ["lovesh <[email protected]>"]
 edition = "2018"
+description = "Pointcheval Sanders signatures"
+license = "Apache-2.0"
 
 [dependencies]
 rand = "0.6"
-lazy_static = "1.3.0"
-log = "*"
-merlin = "1.2.0"
 failure = "0.1.5"
 serde = "1.0"
 serde_derive = "1.0"
 
 [dependencies.amcl_wrapper]
-version = "0.1.1"
+version = "0.1.6"
 default-features = false
 features = ["bls381"]