idemix

package
v0.0.0-...-241780c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 24, 2021 License: GPL-3.0, Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var FieldBytes = int(FP256BN.MODBYTES)

FieldBytes is the bytelength of the group order

GenG1 is a generator of Group G1

GenG2 is a generator of Group G2

GenGT is a generator of Group GT

GroupOrder is the order of the groups

Functions

func BigToBytes

func BigToBytes(big *FP256BN.BIG) []byte

BigToBytes takes an *amcl.BIG and returns a []byte representation

func Ecp2FromProto

func Ecp2FromProto(p *ECP2) *FP256BN.ECP2

Ecp2FromProto converts a proto struct *ECP2 into an *amcl.ECP2

func EcpFromProto

func EcpFromProto(p *ECP) *FP256BN.ECP

EcpFromProto converts a proto struct *ECP into an *amcl.ECP

func EcpToBytes

func EcpToBytes(E *FP256BN.ECP) []byte

func GenerateLongTermRevocationKey

func GenerateLongTermRevocationKey() (*ecdsa.PrivateKey, error)

GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation

func GetRand

func GetRand() (*amcl.RAND, error)

GetRand returns a new *amcl.RAND with a fresh seed

func HashModOrder

func HashModOrder(data []byte) *FP256BN.BIG

HashModOrder hashes data into 0, ..., GroupOrder-1

func MakeNym

func MakeNym(sk *FP256BN.BIG, IPk *IssuerPublicKey, rng *amcl.RAND) (*FP256BN.ECP, *FP256BN.BIG)

MakeNym creates a new unlinkable pseudonym

func Modadd

func Modadd(a, b, m *FP256BN.BIG) *FP256BN.BIG

Modadd takes input BIGs a, b, m, and returns a+b modulo m

func Modsub

func Modsub(a, b, m *FP256BN.BIG) *FP256BN.BIG

Modsub takes input BIGs a, b, m and returns a-b modulo m

func RandModOrder

func RandModOrder(rng *amcl.RAND) *FP256BN.BIG

RandModOrder returns a random element in 0, ..., GroupOrder-1

func SetLogger

func SetLogger(l Logger)

SetLogger sets the logger instance used for debug and error reporting. The logger reference is not mutex-protected so this must be set before calling any other library functions.

If a custom logger is not defined, the global logger from the standard library's log package is used.

func VerifyEpochPK

func VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error

VerifyEpochPK verifies that the revocation PK for a certain epoch is valid, by checking that it was signed with the long term revocation key. Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need to verify the signature to make sure the issuer indeed signed that no revocation is used in this epoch.

func WBBKeyGen

func WBBKeyGen(rng *amcl.RAND) (*FP256BN.BIG, *FP256BN.ECP2)

WBBKeyGen creates a fresh weak-Boneh-Boyen signature key pair (http://ia.cr/2004/171)

func WBBSign

func WBBSign(sk *FP256BN.BIG, m *FP256BN.BIG) *FP256BN.ECP

WBBSign places a weak Boneh-Boyen signature on message m using secret key sk

func WBBVerify

func WBBVerify(pk *FP256BN.ECP2, sig *FP256BN.ECP, m *FP256BN.BIG) error

WBBVerify verifies a weak Boneh-Boyen signature sig on message m with public key pk

Types

type CredRequest

type CredRequest struct {
	Nym                  *ECP     `protobuf:"bytes,1,opt,name=nym,proto3" json:"nym,omitempty"`
	IssuerNonce          []byte   `protobuf:"bytes,2,opt,name=issuer_nonce,json=issuerNonce,proto3" json:"issuer_nonce,omitempty"`
	ProofC               []byte   `protobuf:"bytes,3,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"`
	ProofS               []byte   `protobuf:"bytes,4,opt,name=proof_s,json=proofS,proto3" json:"proof_s,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

CredRequest specifies a credential request object that consists of nym - a pseudonym, which is a commitment to the user secret issuer_nonce - a random nonce provided by the issuer proof_c, proof_s - a zero-knowledge proof of knowledge of the user secret inside Nym

func NewCredRequest

func NewCredRequest(sk *FP256BN.BIG, IssuerNonce []byte, ipk *IssuerPublicKey, rng *amcl.RAND) *CredRequest

NewCredRequest creates a new Credential Request, the first message of the interactive credential issuance protocol (from user to issuer)

func (*CredRequest) Check

func (m *CredRequest) Check(ipk *IssuerPublicKey) error

Check cryptographically verifies the credential request

func (*CredRequest) Descriptor

func (*CredRequest) Descriptor() ([]byte, []int)

func (*CredRequest) GetIssuerNonce

func (m *CredRequest) GetIssuerNonce() []byte

func (*CredRequest) GetNym

func (m *CredRequest) GetNym() *ECP

func (*CredRequest) GetProofC

func (m *CredRequest) GetProofC() []byte

func (*CredRequest) GetProofS

func (m *CredRequest) GetProofS() []byte

func (*CredRequest) ProtoMessage

func (*CredRequest) ProtoMessage()

func (*CredRequest) Reset

func (m *CredRequest) Reset()

func (*CredRequest) String

func (m *CredRequest) String() string

func (*CredRequest) XXX_DiscardUnknown

func (m *CredRequest) XXX_DiscardUnknown()

func (*CredRequest) XXX_Marshal

func (m *CredRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CredRequest) XXX_Merge

func (m *CredRequest) XXX_Merge(src proto.Message)

func (*CredRequest) XXX_Size

func (m *CredRequest) XXX_Size() int

func (*CredRequest) XXX_Unmarshal

func (m *CredRequest) XXX_Unmarshal(b []byte) error

type Credential

type Credential struct {
	A                    *ECP     `protobuf:"bytes,1,opt,name=a,proto3" json:"a,omitempty"`
	B                    *ECP     `protobuf:"bytes,2,opt,name=b,proto3" json:"b,omitempty"`
	E                    []byte   `protobuf:"bytes,3,opt,name=e,proto3" json:"e,omitempty"`
	S                    []byte   `protobuf:"bytes,4,opt,name=s,proto3" json:"s,omitempty"`
	Attrs                [][]byte `protobuf:"bytes,5,rep,name=attrs,proto3" json:"attrs,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Credential specifies a credential object that consists of a, b, e, s - signature value attrs - attribute values

func NewCredential

func NewCredential(key *IssuerKey, m *CredRequest, attrs []*FP256BN.BIG, rng *amcl.RAND) (*Credential, error)

NewCredential issues a new credential, which is the last step of the interactive issuance protocol All attribute values are added by the issuer at this step and then signed together with a commitment to the user's secret key from a credential request

func (*Credential) Descriptor

func (*Credential) Descriptor() ([]byte, []int)

func (*Credential) GetA

func (m *Credential) GetA() *ECP

func (*Credential) GetAttrs

func (m *Credential) GetAttrs() [][]byte

func (*Credential) GetB

func (m *Credential) GetB() *ECP

func (*Credential) GetE

func (m *Credential) GetE() []byte

func (*Credential) GetS

func (m *Credential) GetS() []byte

func (*Credential) ProtoMessage

func (*Credential) ProtoMessage()

func (*Credential) Reset

func (m *Credential) Reset()

func (*Credential) String

func (m *Credential) String() string

func (*Credential) Ver

func (cred *Credential) Ver(sk *FP256BN.BIG, ipk *IssuerPublicKey) error

Ver cryptographically verifies the credential by verifying the signature on the attribute values and user's secret key

func (*Credential) XXX_DiscardUnknown

func (m *Credential) XXX_DiscardUnknown()

func (*Credential) XXX_Marshal

func (m *Credential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Credential) XXX_Merge

func (m *Credential) XXX_Merge(src proto.Message)

func (*Credential) XXX_Size

func (m *Credential) XXX_Size() int

func (*Credential) XXX_Unmarshal

func (m *Credential) XXX_Unmarshal(b []byte) error

type CredentialRevocationInformation

type CredentialRevocationInformation struct {
	// epoch contains the epoch (time window) in which this CRI is valid
	Epoch int64 `protobuf:"varint,1,opt,name=epoch,proto3" json:"epoch,omitempty"`
	// epoch_pk is the public key that is used by the revocation authority in this epoch
	EpochPk *ECP2 `protobuf:"bytes,2,opt,name=epoch_pk,json=epochPk,proto3" json:"epoch_pk,omitempty"`
	// epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key
	EpochPkSig []byte `protobuf:"bytes,3,opt,name=epoch_pk_sig,json=epochPkSig,proto3" json:"epoch_pk_sig,omitempty"`
	// revocation_alg denotes which revocation algorithm is used
	RevocationAlg int32 `protobuf:"varint,4,opt,name=revocation_alg,json=revocationAlg,proto3" json:"revocation_alg,omitempty"`
	// revocation_data contains data specific to the revocation algorithm used
	RevocationData       []byte   `protobuf:"bytes,5,opt,name=revocation_data,json=revocationData,proto3" json:"revocation_data,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func CreateCRI

func CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*FP256BN.BIG, epoch int, alg RevocationAlgorithm, rng *amcl.RAND) (*CredentialRevocationInformation, error)

CreateCRI creates the Credential Revocation Information for a certain time period (epoch). Users can use the CRI to prove that they are not revoked. Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used, and the resulting CRI can be used by any signer.

func (*CredentialRevocationInformation) Descriptor

func (*CredentialRevocationInformation) Descriptor() ([]byte, []int)

func (*CredentialRevocationInformation) GetEpoch

func (m *CredentialRevocationInformation) GetEpoch() int64

func (*CredentialRevocationInformation) GetEpochPk

func (m *CredentialRevocationInformation) GetEpochPk() *ECP2

func (*CredentialRevocationInformation) GetEpochPkSig

func (m *CredentialRevocationInformation) GetEpochPkSig() []byte

func (*CredentialRevocationInformation) GetRevocationAlg

func (m *CredentialRevocationInformation) GetRevocationAlg() int32

func (*CredentialRevocationInformation) GetRevocationData

func (m *CredentialRevocationInformation) GetRevocationData() []byte

func (*CredentialRevocationInformation) ProtoMessage

func (*CredentialRevocationInformation) ProtoMessage()

func (*CredentialRevocationInformation) Reset

func (*CredentialRevocationInformation) String

func (*CredentialRevocationInformation) XXX_DiscardUnknown

func (m *CredentialRevocationInformation) XXX_DiscardUnknown()

func (*CredentialRevocationInformation) XXX_Marshal

func (m *CredentialRevocationInformation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CredentialRevocationInformation) XXX_Merge

func (m *CredentialRevocationInformation) XXX_Merge(src proto.Message)

func (*CredentialRevocationInformation) XXX_Size

func (m *CredentialRevocationInformation) XXX_Size() int

func (*CredentialRevocationInformation) XXX_Unmarshal

func (m *CredentialRevocationInformation) XXX_Unmarshal(b []byte) error

type ECP

type ECP struct {
	X                    []byte   `protobuf:"bytes,1,opt,name=x,proto3" json:"x,omitempty"`
	Y                    []byte   `protobuf:"bytes,2,opt,name=y,proto3" json:"y,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ECP is an elliptic curve point specified by its coordinates ECP corresponds to an element of the first group (G1)

func EcpToProto

func EcpToProto(p *FP256BN.ECP) *ECP

EcpToProto converts a *amcl.ECP into the proto struct *ECP

func (*ECP) Descriptor

func (*ECP) Descriptor() ([]byte, []int)

func (*ECP) GetX

func (m *ECP) GetX() []byte

func (*ECP) GetY

func (m *ECP) GetY() []byte

func (*ECP) ProtoMessage

func (*ECP) ProtoMessage()

func (*ECP) Reset

func (m *ECP) Reset()

func (*ECP) String

func (m *ECP) String() string

func (*ECP) XXX_DiscardUnknown

func (m *ECP) XXX_DiscardUnknown()

func (*ECP) XXX_Marshal

func (m *ECP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ECP) XXX_Merge

func (m *ECP) XXX_Merge(src proto.Message)

func (*ECP) XXX_Size

func (m *ECP) XXX_Size() int

func (*ECP) XXX_Unmarshal

func (m *ECP) XXX_Unmarshal(b []byte) error

type ECP2

type ECP2 struct {
	Xa                   []byte   `protobuf:"bytes,1,opt,name=xa,proto3" json:"xa,omitempty"`
	Xb                   []byte   `protobuf:"bytes,2,opt,name=xb,proto3" json:"xb,omitempty"`
	Ya                   []byte   `protobuf:"bytes,3,opt,name=ya,proto3" json:"ya,omitempty"`
	Yb                   []byte   `protobuf:"bytes,4,opt,name=yb,proto3" json:"yb,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

ECP2 is an elliptic curve point specified by its coordinates ECP2 corresponds to an element of the second group (G2)

func Ecp2ToProto

func Ecp2ToProto(p *FP256BN.ECP2) *ECP2

Ecp2ToProto converts a *amcl.ECP2 into the proto struct *ECP2

func (*ECP2) Descriptor

func (*ECP2) Descriptor() ([]byte, []int)

func (*ECP2) GetXa

func (m *ECP2) GetXa() []byte

func (*ECP2) GetXb

func (m *ECP2) GetXb() []byte

func (*ECP2) GetYa

func (m *ECP2) GetYa() []byte

func (*ECP2) GetYb

func (m *ECP2) GetYb() []byte

func (*ECP2) ProtoMessage

func (*ECP2) ProtoMessage()

func (*ECP2) Reset

func (m *ECP2) Reset()

func (*ECP2) String

func (m *ECP2) String() string

func (*ECP2) XXX_DiscardUnknown

func (m *ECP2) XXX_DiscardUnknown()

func (*ECP2) XXX_Marshal

func (m *ECP2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ECP2) XXX_Merge

func (m *ECP2) XXX_Merge(src proto.Message)

func (*ECP2) XXX_Size

func (m *ECP2) XXX_Size() int

func (*ECP2) XXX_Unmarshal

func (m *ECP2) XXX_Unmarshal(b []byte) error

type IssuerKey

type IssuerKey struct {
	Isk                  []byte           `protobuf:"bytes,1,opt,name=isk,proto3" json:"isk,omitempty"`
	Ipk                  *IssuerPublicKey `protobuf:"bytes,2,opt,name=ipk,proto3" json:"ipk,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

IssuerKey specifies an issuer key pair that consists of ISk - the issuer secret key and IssuerPublicKey - the issuer public key

func NewIssuerKey

func NewIssuerKey(AttributeNames []string, rng *amcl.RAND) (*IssuerKey, error)

NewIssuerKey creates a new issuer key pair taking an array of attribute names that will be contained in credentials certified by this issuer (a credential specification) See http://eprint.iacr.org/2016/663.pdf Sec. 4.3, for references.

func (*IssuerKey) Descriptor

func (*IssuerKey) Descriptor() ([]byte, []int)

func (*IssuerKey) GetIpk

func (m *IssuerKey) GetIpk() *IssuerPublicKey

func (*IssuerKey) GetIsk

func (m *IssuerKey) GetIsk() []byte

func (*IssuerKey) ProtoMessage

func (*IssuerKey) ProtoMessage()

func (*IssuerKey) Reset

func (m *IssuerKey) Reset()

func (*IssuerKey) String

func (m *IssuerKey) String() string

func (*IssuerKey) XXX_DiscardUnknown

func (m *IssuerKey) XXX_DiscardUnknown()

func (*IssuerKey) XXX_Marshal

func (m *IssuerKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IssuerKey) XXX_Merge

func (m *IssuerKey) XXX_Merge(src proto.Message)

func (*IssuerKey) XXX_Size

func (m *IssuerKey) XXX_Size() int

func (*IssuerKey) XXX_Unmarshal

func (m *IssuerKey) XXX_Unmarshal(b []byte) error

type IssuerPublicKey

type IssuerPublicKey struct {
	AttributeNames       []string `protobuf:"bytes,1,rep,name=attribute_names,json=attributeNames,proto3" json:"attribute_names,omitempty"`
	HSk                  *ECP     `protobuf:"bytes,2,opt,name=h_sk,json=hSk,proto3" json:"h_sk,omitempty"`
	HRand                *ECP     `protobuf:"bytes,3,opt,name=h_rand,json=hRand,proto3" json:"h_rand,omitempty"`
	HAttrs               []*ECP   `protobuf:"bytes,4,rep,name=h_attrs,json=hAttrs,proto3" json:"h_attrs,omitempty"`
	W                    *ECP2    `protobuf:"bytes,5,opt,name=w,proto3" json:"w,omitempty"`
	BarG1                *ECP     `protobuf:"bytes,6,opt,name=bar_g1,json=barG1,proto3" json:"bar_g1,omitempty"`
	BarG2                *ECP     `protobuf:"bytes,7,opt,name=bar_g2,json=barG2,proto3" json:"bar_g2,omitempty"`
	ProofC               []byte   `protobuf:"bytes,8,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"`
	ProofS               []byte   `protobuf:"bytes,9,opt,name=proof_s,json=proofS,proto3" json:"proof_s,omitempty"`
	Hash                 []byte   `protobuf:"bytes,10,opt,name=hash,proto3" json:"hash,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

IssuerPublicKey specifies an issuer public key that consists of attribute_names - a list of the attribute names of a credential issued by the issuer h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key hash is a hash of the public key appended to it

func (*IssuerPublicKey) Check

func (IPk *IssuerPublicKey) Check() error

Check checks that this issuer public key is valid, i.e. that all components are present and a ZK proofs verifies

func (*IssuerPublicKey) Descriptor

func (*IssuerPublicKey) Descriptor() ([]byte, []int)

func (*IssuerPublicKey) GetAttributeNames

func (m *IssuerPublicKey) GetAttributeNames() []string

func (*IssuerPublicKey) GetBarG1

func (m *IssuerPublicKey) GetBarG1() *ECP

func (*IssuerPublicKey) GetBarG2

func (m *IssuerPublicKey) GetBarG2() *ECP

func (*IssuerPublicKey) GetHAttrs

func (m *IssuerPublicKey) GetHAttrs() []*ECP

func (*IssuerPublicKey) GetHRand

func (m *IssuerPublicKey) GetHRand() *ECP

func (*IssuerPublicKey) GetHSk

func (m *IssuerPublicKey) GetHSk() *ECP

func (*IssuerPublicKey) GetHash

func (m *IssuerPublicKey) GetHash() []byte

func (*IssuerPublicKey) GetProofC

func (m *IssuerPublicKey) GetProofC() []byte

func (*IssuerPublicKey) GetProofS

func (m *IssuerPublicKey) GetProofS() []byte

func (*IssuerPublicKey) GetW

func (m *IssuerPublicKey) GetW() *ECP2

func (*IssuerPublicKey) ProtoMessage

func (*IssuerPublicKey) ProtoMessage()

func (*IssuerPublicKey) Reset

func (m *IssuerPublicKey) Reset()

func (*IssuerPublicKey) SetHash

func (IPk *IssuerPublicKey) SetHash() error

SetHash appends a hash of a serialized public key

func (*IssuerPublicKey) String

func (m *IssuerPublicKey) String() string

func (*IssuerPublicKey) XXX_DiscardUnknown

func (m *IssuerPublicKey) XXX_DiscardUnknown()

func (*IssuerPublicKey) XXX_Marshal

func (m *IssuerPublicKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IssuerPublicKey) XXX_Merge

func (m *IssuerPublicKey) XXX_Merge(src proto.Message)

func (*IssuerPublicKey) XXX_Size

func (m *IssuerPublicKey) XXX_Size() int

func (*IssuerPublicKey) XXX_Unmarshal

func (m *IssuerPublicKey) XXX_Unmarshal(b []byte) error

type LogFunc

type LogFunc func(format string, a ...interface{})

LogFunc is a function adapter for logging.

func (LogFunc) Printf

func (l LogFunc) Printf(format string, a ...interface{})

Printf is used to create a formatted string log record.

type Logger

type Logger interface {
	Printf(format string, a ...interface{})
}

Logger defines the contract for logging. This interface is explicitly defined to be compatible with the logger in the standard library log package.

type NonRevocationProof

type NonRevocationProof struct {
	RevocationAlg        int32    `protobuf:"varint,1,opt,name=revocation_alg,json=revocationAlg,proto3" json:"revocation_alg,omitempty"`
	NonRevocationProof   []byte   `protobuf:"bytes,2,opt,name=non_revocation_proof,json=nonRevocationProof,proto3" json:"non_revocation_proof,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

NonRevocationProof contains proof that the credential is not revoked

func (*NonRevocationProof) Descriptor

func (*NonRevocationProof) Descriptor() ([]byte, []int)

func (*NonRevocationProof) GetNonRevocationProof

func (m *NonRevocationProof) GetNonRevocationProof() []byte

func (*NonRevocationProof) GetRevocationAlg

func (m *NonRevocationProof) GetRevocationAlg() int32

func (*NonRevocationProof) ProtoMessage

func (*NonRevocationProof) ProtoMessage()

func (*NonRevocationProof) Reset

func (m *NonRevocationProof) Reset()

func (*NonRevocationProof) String

func (m *NonRevocationProof) String() string

func (*NonRevocationProof) XXX_DiscardUnknown

func (m *NonRevocationProof) XXX_DiscardUnknown()

func (*NonRevocationProof) XXX_Marshal

func (m *NonRevocationProof) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NonRevocationProof) XXX_Merge

func (m *NonRevocationProof) XXX_Merge(src proto.Message)

func (*NonRevocationProof) XXX_Size

func (m *NonRevocationProof) XXX_Size() int

func (*NonRevocationProof) XXX_Unmarshal

func (m *NonRevocationProof) XXX_Unmarshal(b []byte) error

type NymSignature

type NymSignature struct {
	// proof_c is the Fiat-Shamir challenge of the ZKP
	ProofC []byte `protobuf:"bytes,1,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"`
	// proof_s_sk is the s-value proving knowledge of the user secret key
	ProofSSk []byte `protobuf:"bytes,2,opt,name=proof_s_sk,json=proofSSk,proto3" json:"proof_s_sk,omitempty"`
	//proof_s_r_nym is the s-value proving knowledge of the pseudonym secret
	ProofSRNym []byte `protobuf:"bytes,3,opt,name=proof_s_r_nym,json=proofSRNym,proto3" json:"proof_s_r_nym,omitempty"`
	// nonce is a fresh nonce used for the signature
	Nonce                []byte   `protobuf:"bytes,4,opt,name=nonce,proto3" json:"nonce,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

NymSignature specifies a signature object that signs a message with respect to a pseudonym. It differs from the standard idemix.signature in the fact that the standard signature object also proves that the pseudonym is based on a secret certified by a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym signed the message

func NewNymSignature

func NewNymSignature(sk *FP256BN.BIG, Nym *FP256BN.ECP, RNym *FP256BN.BIG, ipk *IssuerPublicKey, msg []byte, rng *amcl.RAND) (*NymSignature, error)

NewSignature creates a new idemix pseudonym signature

func (*NymSignature) Descriptor

func (*NymSignature) Descriptor() ([]byte, []int)

func (*NymSignature) GetNonce

func (m *NymSignature) GetNonce() []byte

func (*NymSignature) GetProofC

func (m *NymSignature) GetProofC() []byte

func (*NymSignature) GetProofSRNym

func (m *NymSignature) GetProofSRNym() []byte

func (*NymSignature) GetProofSSk

func (m *NymSignature) GetProofSSk() []byte

func (*NymSignature) ProtoMessage

func (*NymSignature) ProtoMessage()

func (*NymSignature) Reset

func (m *NymSignature) Reset()

func (*NymSignature) String

func (m *NymSignature) String() string

func (*NymSignature) Ver

func (sig *NymSignature) Ver(nym *FP256BN.ECP, ipk *IssuerPublicKey, msg []byte) error

Ver verifies an idemix NymSignature

func (*NymSignature) XXX_DiscardUnknown

func (m *NymSignature) XXX_DiscardUnknown()

func (*NymSignature) XXX_Marshal

func (m *NymSignature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NymSignature) XXX_Merge

func (m *NymSignature) XXX_Merge(src proto.Message)

func (*NymSignature) XXX_Size

func (m *NymSignature) XXX_Size() int

func (*NymSignature) XXX_Unmarshal

func (m *NymSignature) XXX_Unmarshal(b []byte) error

type RevocationAlgorithm

type RevocationAlgorithm int32
const (
	ALG_NO_REVOCATION RevocationAlgorithm = iota
)

type Signature

type Signature struct {
	APrime               *ECP                `protobuf:"bytes,1,opt,name=a_prime,json=aPrime,proto3" json:"a_prime,omitempty"`
	ABar                 *ECP                `protobuf:"bytes,2,opt,name=a_bar,json=aBar,proto3" json:"a_bar,omitempty"`
	BPrime               *ECP                `protobuf:"bytes,3,opt,name=b_prime,json=bPrime,proto3" json:"b_prime,omitempty"`
	ProofC               []byte              `protobuf:"bytes,4,opt,name=proof_c,json=proofC,proto3" json:"proof_c,omitempty"`
	ProofSSk             []byte              `protobuf:"bytes,5,opt,name=proof_s_sk,json=proofSSk,proto3" json:"proof_s_sk,omitempty"`
	ProofSE              []byte              `protobuf:"bytes,6,opt,name=proof_s_e,json=proofSE,proto3" json:"proof_s_e,omitempty"`
	ProofSR2             []byte              `protobuf:"bytes,7,opt,name=proof_s_r2,json=proofSR2,proto3" json:"proof_s_r2,omitempty"`
	ProofSR3             []byte              `protobuf:"bytes,8,opt,name=proof_s_r3,json=proofSR3,proto3" json:"proof_s_r3,omitempty"`
	ProofSSPrime         []byte              `protobuf:"bytes,9,opt,name=proof_s_s_prime,json=proofSSPrime,proto3" json:"proof_s_s_prime,omitempty"`
	ProofSAttrs          [][]byte            `protobuf:"bytes,10,rep,name=proof_s_attrs,json=proofSAttrs,proto3" json:"proof_s_attrs,omitempty"`
	Nonce                []byte              `protobuf:"bytes,11,opt,name=nonce,proto3" json:"nonce,omitempty"`
	Nym                  *ECP                `protobuf:"bytes,12,opt,name=nym,proto3" json:"nym,omitempty"`
	ProofSRNym           []byte              `protobuf:"bytes,13,opt,name=proof_s_r_nym,json=proofSRNym,proto3" json:"proof_s_r_nym,omitempty"`
	RevocationEpochPk    *ECP2               `protobuf:"bytes,14,opt,name=revocation_epoch_pk,json=revocationEpochPk,proto3" json:"revocation_epoch_pk,omitempty"`
	RevocationPkSig      []byte              `protobuf:"bytes,15,opt,name=revocation_pk_sig,json=revocationPkSig,proto3" json:"revocation_pk_sig,omitempty"`
	Epoch                int64               `protobuf:"varint,16,opt,name=epoch,proto3" json:"epoch,omitempty"`
	NonRevocationProof   *NonRevocationProof `protobuf:"bytes,17,opt,name=non_revocation_proof,json=nonRevocationProof,proto3" json:"non_revocation_proof,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

Signature specifies a signature object that consists of a_prime, a_bar, b_prime, proof_* - randomized credential signature values and a zero-knowledge proof of knowledge of a credential and the corresponding user secret together with the attribute values nonce - a fresh nonce used for the signature nym - a fresh pseudonym (a commitment to to the user secret)

func NewSignature

func NewSignature(cred *Credential, sk *FP256BN.BIG, Nym *FP256BN.ECP, RNym *FP256BN.BIG, ipk *IssuerPublicKey, Disclosure []byte, msg []byte, rhIndex int, cri *CredentialRevocationInformation, rng *amcl.RAND) (*Signature, error)

NewSignature creates a new idemix signature (Schnorr-type signature) The []byte Disclosure steers which attributes are disclosed: if Disclosure[i] == 0 then attribute i remains hidden and otherwise it is disclosed. We require the revocation handle to remain undisclosed (i.e., Disclosure[rhIndex] == 0). We use the zero-knowledge proof by http://eprint.iacr.org/2016/663.pdf, Sec. 4.5 to prove knowledge of a BBS+ signature

func (*Signature) Descriptor

func (*Signature) Descriptor() ([]byte, []int)

func (*Signature) GetABar

func (m *Signature) GetABar() *ECP

func (*Signature) GetAPrime

func (m *Signature) GetAPrime() *ECP

func (*Signature) GetBPrime

func (m *Signature) GetBPrime() *ECP

func (*Signature) GetEpoch

func (m *Signature) GetEpoch() int64

func (*Signature) GetNonRevocationProof

func (m *Signature) GetNonRevocationProof() *NonRevocationProof

func (*Signature) GetNonce

func (m *Signature) GetNonce() []byte

func (*Signature) GetNym

func (m *Signature) GetNym() *ECP

func (*Signature) GetProofC

func (m *Signature) GetProofC() []byte

func (*Signature) GetProofSAttrs

func (m *Signature) GetProofSAttrs() [][]byte

func (*Signature) GetProofSE

func (m *Signature) GetProofSE() []byte

func (*Signature) GetProofSR2

func (m *Signature) GetProofSR2() []byte

func (*Signature) GetProofSR3

func (m *Signature) GetProofSR3() []byte

func (*Signature) GetProofSRNym

func (m *Signature) GetProofSRNym() []byte

func (*Signature) GetProofSSPrime

func (m *Signature) GetProofSSPrime() []byte

func (*Signature) GetProofSSk

func (m *Signature) GetProofSSk() []byte

func (*Signature) GetRevocationEpochPk

func (m *Signature) GetRevocationEpochPk() *ECP2

func (*Signature) GetRevocationPkSig

func (m *Signature) GetRevocationPkSig() []byte

func (*Signature) ProtoMessage

func (*Signature) ProtoMessage()

func (*Signature) Reset

func (m *Signature) Reset()

func (*Signature) String

func (m *Signature) String() string

func (*Signature) Ver

func (sig *Signature) Ver(Disclosure []byte, ipk *IssuerPublicKey, msg []byte, attributeValues []*FP256BN.BIG, rhIndex int, revPk *ecdsa.PublicKey, epoch int) error

Ver verifies an idemix signature Disclosure steers which attributes it expects to be disclosed attributeValues contains the desired attribute values. This function will check that if attribute i is disclosed, the i-th attribute equals attributeValues[i].

func (*Signature) XXX_DiscardUnknown

func (m *Signature) XXX_DiscardUnknown()

func (*Signature) XXX_Marshal

func (m *Signature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Signature) XXX_Merge

func (m *Signature) XXX_Merge(src proto.Message)

func (*Signature) XXX_Size

func (m *Signature) XXX_Size() int

func (*Signature) XXX_Unmarshal

func (m *Signature) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL