Implements the BBS+ signature as defined in https://eprint.iacr.org/2016/663.pdf in Section 4.3. Also included is ability to do zero-knowledge proofs as described in Section 4.4 and 4.5.
The BBS+ signature is a pairing-based ECC signature that signs multiple messages instead of just one. The signature and messages can be used to create signature proofs of knowledge in zero-knowledge proofs in which the signature is not revealed and messages can be selectively disclosed––some are revealed and some remain hidden.
The signature also supports separating the signer and signature holder where the holder creates commitments to messages which are hidden from the signer and a signature blinding factor which is retained. The holder sends the commitment to the signer who completes the signing process and sends the blinded signature back. The holder can then un-blind the signature finishing a 2-PC computation
BBS+ signatures can be used for TPM DAA attestations or Verifiable Credentials.
The errors that BBS+ throws
Represents steps taken by the issuer to create a BBS+ signature whether its 2PC or all in one
BBS+ key classes
Methods and structs for creating signature proofs of knowledge
Macros and classes used for creating proofs of knowledge Proof of knowledge of committed values in a vector Pedersen commitment––Commit and Prove scheme.
Represents steps taken by the prover to receive a BBS+ signature and generate ZKPs
Methods and structs for creating signatures
Represents steps taken by the verifier to request signature proofs of knowledge and selective disclosure proofs
Creates a proof message that is hidden based on the number of parameters One means hidden and only used in this proof Two means hidden but can be used in other proofs
Wrap a raw message in its respective hidden
Creates a proof message to be revealed
Wrap a raw message in a revealed enum
Creates the BTreeMap used for blind signing
Contains the data used for computing a blind signature and verifying proof of hidden messages from a prover
The type for creating commitments to messages that are hidden during issuance.
Convenience wrapper for creating commitments
Wrapper for G1
Wrapper for G2
The Fiat-Shamir Challenge in proofs
The type for nonces
Contains the data from a verifier to a prover
The type for blinding factors
The type for messages
Contains the data from a prover to a verifier
Number of bytes in scalar compressed form
Number of bytes in scalar uncompressed form
Number of bytes in G1 X coordinate
Number of bytes in G1 X and Y coordinates
Number of bytes in G2 X (a, b) coordinate
Number of bytes in G2 X(a, b) and Y(a, b) coordinates
Struct can be generated from hashing
Struct can be generated randomly
Trait for structs that have variable length bytes but use compressed Bls12 elements