Crate short_group_sig

source ·
Expand description

§Short group signatures

  1. BB and Weak-BB signatures and proof of knowledge of weak-BB signature as described in the paper Short Signatures Without Random Oracles
  2. Proof of knowledge of BB signature adapted from the paper Proof-of-Knowledge of Representation of Committed Value and Its Applications
  3. An optimized implementation of proof of knowledge of weak-BB signature taken from the paper Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs. This does not require the prover to do pairings
  4. Similar to weak-BB, proof of knowledge of BB signature that does not require the prover to do pairings.
  5. A keyed-verification protocol for proving knowledge of weak-BB signature. Here the verifier is assumed to have the secret key and the protocol does not require pairings.

Modules§

  • bb_sig
    BB signature
  • bb_sig_pok
    Proof of knowledge of BB signature. Adapted from the construction in section 4.2 of the paper Proof-of-Knowledge of Representation of Committed Value and Its Applications Specifically the adaptation is of SPK_1 of construction pi_m in section 4.2 as following: For BB signature, secret key = (x, y), public key = (w1=g2*x, w2=g2*y), message = m and signature = (A = g*{1/{m + x + e*y}}, e) As part of setup params, generators u, v and h og group G1 exist.
  • bb_sig_pok_cdh
    Proof of knowledge of BB signature. This is not published in any paper but is an adaptation of similar protocol for proving knowledge of weak-BB signature. The advantage of this variation is that the prover does not need to compute any pairings. Following is a description For BB signature, secret key = (x, y), public key = (w1=g2*x, w2=g2*y), message = m and signature = (A = g*{1/{m + x + e*y}}, e) As part of setup params, generators u, v and h og group G1 exist.
  • common
  • error
  • weak_bb_sig
    Weak BB signature
  • weak_bb_sig_pok
    Proof of knowledge of weak-BB signature. Implements the protocol described in section 4 of the paper Short Group Signatures
  • weak_bb_sig_pok_cdh
    Proof of knowledge of weak-BB signature as described in the paper Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs The advantage of this variation is that the prover does not need to compute any pairings
  • weak_bb_sig_pok_kv
    Proofs of knowledge of weak-BB signature with keyed-verification, i.e. the verifier needs to know the secret key to verify the proof. g1 is generator of group G1, secret key = x, message = m, signature = A = g1 * 1/(x + m)