# [−][src]Crate bbs

Implements the BBS+ signature as defined in https://eprint.iacr.org/2016/663.pdf in Section 4.3. Also included is ability to do zero-knowledge proofs as described in Section 4.4 and 4.5.

The BBS+ signature is a pairing-based ECC signature that signs multiple messages instead of just one. The signature and messages can be used to create signature proofs of knowledge in zero-knowledge proofs in which the signature is not revealed and messages can be selectively disclosed––some are revealed and some remain hidden.

The signature also supports separating the signer and signature holder where the holder creates commitments to messages which are hidden from the signer and a signature blinding factor which is retained. The holder sends the commitment to the signer who completes the signing process and sends the blinded signature back. The holder can then un-blind the signature finishing a 2-PC computation

BBS+ signatures can be used for TPM DAA attestations or Verifiable Credentials.

## Modules

errors | The errors that BBS+ throws |

issuer | Represents steps taken by the issuer to create a BBS+ signature whether its 2PC or all in one |

keys | BBS+ key classes |

messages | Proof messages |

pok_sig | Methods and structs for creating signature proofs of knowledge |

pok_vc | Macros and classes used for creating proofs of knowledge Proof of knowledge of committed values in a vector Pedersen commitment––Commit and Prove scheme. |

prelude | Convenience importer |

prover | Represents steps taken by the prover to receive a BBS+ signature and generate ZKPs |

signature | Methods and structs for creating signatures |

verifier | Represents steps taken by the verifier to request signature proofs of knowledge and selective disclosure proofs |

## Macros

pm_hidden | Creates a proof message that is hidden based on the number of parameters One means hidden and only used in this proof Two means hidden but can be used in other proofs |

pm_hidden_raw | Wrap a raw message in its respective hidden |

pm_revealed | Creates a proof message to be revealed |

pm_revealed_raw | Wrap a raw message in a revealed enum |

sm_map | Creates the BTreeMap used for blind signing |

## Structs

BlindSignatureContext | Contains the data used for computing a blind signature and verifying proof of hidden messages from a prover |

Commitment | The type for creating commitments to messages that are hidden during issuance. |

CommitmentBuilder | Convenience wrapper for creating commitments |

GeneratorG1 | Wrapper for G1 |

GeneratorG2 | Wrapper for G2 |

ProofChallenge | The Fiat-Shamir Challenge in proofs |

ProofNonce | The type for nonces |

ProofRequest | Contains the data from a verifier to a prover |

SignatureBlinding | The type for blinding factors |

SignatureMessage | The type for messages |

SignatureProof | Contains the data from a prover to a verifier |

## Constants

FR_COMPRESSED_SIZE | Number of bytes in scalar compressed form |

FR_UNCOMPRESSED_SIZE | Number of bytes in scalar uncompressed form |

G1_COMPRESSED_SIZE | Number of bytes in G1 X coordinate |

G1_UNCOMPRESSED_SIZE | Number of bytes in G1 X and Y coordinates |

G2_COMPRESSED_SIZE | Number of bytes in G2 X (a, b) coordinate |

G2_UNCOMPRESSED_SIZE | Number of bytes in G2 X(a, b) and Y(a, b) coordinates |

## Traits

HashElem | Struct can be generated from hashing |

RandomElem | Struct can be generated randomly |

ToVariableLengthBytes | Trait for structs that have variable length bytes but use compressed Bls12 elements |