signature_bbs_plus
Ockam is a library for building devices that communicate securely, privately and trustfully with cloud services and other devices.
In order to support a variety of proving protocols, this crate implements the BBS+ signature scheme which can be used to generate zero-knowledge proofs about signed attributes and the signatures themselves.
The main Ockam has optional dependency on this crate.
Usage
Add this to your Cargo.toml
:
[dependencies]
signature_bbs_plus = "0.6.0"
Crate Features
[dependencies]
signature_bbs_plus = { version = "0.6.0" , default-features = false }
Please note that Cargo features are unioned across the entire dependency
graph of a project. If any other crate you depend on has not opted out of
signature_bbs_plus
default features, Cargo will build signature_bbs_plus
with the std
feature enabled whether or not your direct dependency on signature_bbs_plus
has default-features = false
.
API
Generating Keys
The BBS+ scheme allows the Signer and Holder to be two separate parties. This is often the case, particularly in the case of verifiable credentials.
To generate a new key pair for signing, call the Issuer::new_keys
API. A Short Group Signature allows a set of messages
to be signed with a single key. BBS+ can sign any number of messages at the expense of a bigger public key. This implementation
uses curve BLS12-381 and Blake2b-512 as a hash.
let = new_keys?;
Message Generators
Message Generators are per-message cryptographic information input into the BBS+ algorithm. They are derived from the public key, and the number of messages the key will be used to sign.
Signing
To sign messages, call the Issuer::sign
API.
let = new_keys?;
let num_messages = 4;
let generators = from_public_key;
let messages = ;
let signature = sign?;
Blinding Signatures
To create blind signatures, we first need to establish a blind signature context. This is done with the Prover::new_blind_signature_context
API. This function takes an optional slice of pre-committed messages. In this example, an empty slice is used, indicating
no pre-committed messages. The generators, a random nonce, and the RNG are also used.
With the context and secret key, the blind signature is created by calling Issuer::blind_sign
.
let nonce = random;
let =
new_blind_signature_context?;
let mut messages = ;
let blind_signature =
blind_sign?;
Unblinding Signatures
Unblinding the signature uses the blinding
information provided by the blinding signature context. The function to_unblinded
takes the blinding
and returns a Signature
.
let signature = blind_signature.to_unblinded;
Verification
Once the signature has been unblinded, it can be used to verify the messages, using the public key. This is done by calling
the Signature::verify
function. Calling Choice::unwrap_u8
on the result of verify
returns 1 when verification succeeds.
let signature = blind_signature.to_unblinded;
let messages = ;
let res = signature.verify;
assert_eq!;
Full Example - Blinding, Unblinding, Verifying
use ;
use ;
License
This code is licensed under the terms of the Apache License 2.0.