Expand description
Implements the BBS+ signature as defined in https://eprint.iacr.org/2016/663.pdf in Section 4.3. Also included is ability to do zero-knowledge proofs as described in Section 4.4 and 4.5.
The BBS+ signature is a pairing-based ECC signature that signs multiple messages instead of just one. The signature and messages can be used to create signature proofs of knowledge in zero-knowledge proofs in which the signature is not revealed and messages can be selectively disclosed––some are revealed and some remain hidden.
The signature also supports separating the signer and signature holder where the holder creates commitments to messages which are hidden from the signer and a signature blinding factor which is retained. The holder sends the commitment to the signer who completes the signing process and sends the blinded signature back. The holder can then un-blind the signature finishing a 2-PC computation
BBS+ signatures can be used for TPM DAA attestations or Verifiable Credentials.
Modules§
- errors
- The errors that BBS+ throws
- issuer
- Represents steps taken by the issuer to create a BBS+ signature whether its 2PC or all in one
- keys
- BBS+ key classes
- messages
- Proof messages
- pok_sig
- Methods and structs for creating signature proofs of knowledge
- pok_vc
- Macros and classes used for creating proofs of knowledge Proof of knowledge of committed values in a vector Pedersen commitment––Commit and Prove scheme.
- prelude
- Convenience importer
- prover
- Represents steps taken by the prover to receive a BBS+ signature and generate ZKPs
- signature
- Methods and structs for creating signatures
- verifier
- Represents steps taken by the verifier to request signature proofs of knowledge and selective disclosure proofs
Macros§
- pm_
hidden - Creates a proof message that is hidden based on the number of parameters One means hidden and only used in this proof Two means hidden but can be used in other proofs
- pm_
hidden_ raw - Wrap a raw message in its respective hidden
- pm_
revealed - Creates a proof message to be revealed
- pm_
revealed_ raw - Wrap a raw message in a revealed enum
- sm_map
- Creates the BTreeMap used for blind signing
Structs§
- Blind
Signature Context - Contains the data used for computing a blind signature and verifying proof of hidden messages from a prover
- Commitment
- The type for creating commitments to messages that are hidden during issuance.
- Commitment
Builder - Convenience wrapper for creating commitments
- Generator
G1 - Wrapper for G1
- Generator
G2 - Wrapper for G2
- Proof
Challenge - The Fiat-Shamir Challenge in proofs
- Proof
Nonce - The type for nonces
- Proof
Request - Contains the data from a verifier to a prover
- Signature
Blinding - The type for blinding factors
- Signature
Message - The type for messages
- Signature
Proof - Contains the data from a prover to a verifier
Constants§
- FR_
COMPRESSED_ SIZE - Number of bytes in scalar compressed form
- FR_
UNCOMPRESSED_ SIZE - Number of bytes in scalar uncompressed form
- G1_
COMPRESSED_ SIZE - Number of bytes in G1 X coordinate
- G1_
UNCOMPRESSED_ SIZE - Number of bytes in G1 X and Y coordinates
- G2_
COMPRESSED_ SIZE - Number of bytes in G2 X (a, b) coordinate
- G2_
UNCOMPRESSED_ SIZE - Number of bytes in G2 X(a, b) and Y(a, b) coordinates
Traits§
- Hash
Elem - Struct can be generated from hashing
- Random
Elem - Struct can be generated randomly
- ToVariable
Length Bytes - Trait for structs that have variable length bytes but use compressed Bls12 elements