diff --git a/src/common.rs b/src/common.rs index 256d9b57..d8eed44a 100644 --- a/src/common.rs +++ b/src/common.rs @@ -11,3 +11,6 @@ pub(crate) mod util; // Common serialization utils. pub(crate) mod serialization; + +/// Common interface parameters +pub(crate) mod interface; diff --git a/src/common/ciphersuite.rs b/src/common/ciphersuite.rs index b60970c0..9446f775 100644 --- a/src/common/ciphersuite.rs +++ b/src/common/ciphersuite.rs @@ -19,10 +19,10 @@ impl CipherSuiteId { pub(crate) fn as_octets(&self) -> &[u8] { match &self { CipherSuiteId::BbsBls12381G1XmdSha256 => { - b"BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_" + b"BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_" } CipherSuiteId::BbsBls12381G1XofShake256 => { - b"BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_" + b"BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_" } CipherSuiteId::BlsSigBls12381G2XmdSha256Nul => { b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_" diff --git a/src/common/hash_param/h2s.rs b/src/common/hash_param/h2s.rs index 3ac22a63..45f924bd 100644 --- a/src/common/hash_param/h2s.rs +++ b/src/common/hash_param/h2s.rs @@ -5,51 +5,19 @@ use crate::{ Error, }; -use super::{ - constant::{ - DEFAULT_DST_SUFFIX_H2S, - DEFAULT_DST_SUFFIX_MESSAGE_TO_SCALAR, - MAX_DST_SIZE, - MAX_MESSAGE_SIZE, - XOF_NO_OF_BYTES, - }, - ExpandMessageParameter, -}; +use super::{constant::XOF_NO_OF_BYTES, ExpandMessageParameter}; pub(crate) trait HashToScalarParameter: ExpandMessageParameter { - /// Default domain separation tag for `hash_to_scalar` operation. - fn default_hash_to_scalar_dst() -> Vec { - [Self::ID.as_octets(), DEFAULT_DST_SUFFIX_H2S.as_bytes()].concat() - } - - /// Default domain separation tag to be used in [MapMessageToScalarAsHash](https://identity.foundation/bbs-signature/draft-bbs-signatures.html#name-mapmessagetoscalarashash). - fn default_map_message_to_scalar_as_hash_dst() -> Vec { - [ - Self::ID.as_octets(), - DEFAULT_DST_SUFFIX_MESSAGE_TO_SCALAR.as_bytes(), - ] - .concat() - } - /// Hash arbitrary data to `n` number of scalars as specified in BBS /// specification. - fn hash_to_scalar( - msg_octets: &[u8], - dst: Option<&[u8]>, - ) -> Result { - let default_hash_to_scalar_dst = Self::default_hash_to_scalar_dst(); - let dst_octets = dst.unwrap_or(&default_hash_to_scalar_dst); - - if !dst_octets.is_ascii() { + fn hash_to_scalar(msg_octets: &[u8], dst: &[u8]) -> Result { + if !dst.is_ascii() { return Err(Error::BadParams { cause: "non-ascii dst".to_owned(), }); } - let mut expander = Self::Expander::init_expand( - msg_octets, - dst_octets, - XOF_NO_OF_BYTES, - ); + let mut expander = + Self::Expander::init_expand(msg_octets, dst, XOF_NO_OF_BYTES); let mut buf = [0u8; 64]; expander.read_into(&mut buf[16..]); @@ -57,38 +25,4 @@ pub(crate) trait HashToScalarParameter: ExpandMessageParameter { Ok(out_scalar) } - - /// Hash arbitrary data to a scalar as specified in [3.3.9.1 Hash to scalar](https://identity.foundation/bbs-signature/draft-bbs-signatures.html#name-mapmessagetoscalarashash). - fn map_message_to_scalar_as_hash( - message: &[u8], - dst: Option<&[u8]>, - ) -> Result { - let default_map_message_to_scalar_as_hash_dst = - Self::default_map_message_to_scalar_as_hash_dst(); - let dst = dst.unwrap_or(&default_map_message_to_scalar_as_hash_dst); - - if !dst.is_ascii() { - return Err(Error::BadParams { - cause: "non-ascii dst".to_owned(), - }); - } - - // If len(dst) > 2^8 - 1 or len(msg) > 2^64 - 1, abort - if message.len() as u64 > MAX_MESSAGE_SIZE { - return Err(Error::MessageIsTooLarge); - } - if dst.len() > MAX_DST_SIZE as usize { - return Err(Error::DstIsTooLarge); - } - - // hash_to_scalar(message || dst_prime, 1) - Self::hash_to_scalar(message, Some(dst)) - } - - /// Hash the input octets to scalar values representing the e component of a - /// BBS signature. - fn hash_to_e(input_octets: &[u8]) -> Result { - let e = Self::hash_to_scalar(input_octets, None)?; - Ok(e) - } } diff --git a/src/common/interface.rs b/src/common/interface.rs new file mode 100644 index 00000000..7c52edab --- /dev/null +++ b/src/common/interface.rs @@ -0,0 +1,17 @@ +use core::fmt::Debug; + +pub(crate) trait InterfaceParameter: Debug + Clone { + const ID: InterfaceId; +} + +pub(crate) enum InterfaceId { + BbsH2gHm2s, +} + +impl InterfaceId { + pub(crate) fn as_octets(&self) -> &[u8] { + match &self { + InterfaceId::BbsH2gHm2s => b"H2G_HM2S_", + } + } +} diff --git a/src/schemes/bbs.rs b/src/schemes/bbs.rs index acdbe492..779ac30d 100644 --- a/src/schemes/bbs.rs +++ b/src/schemes/bbs.rs @@ -12,3 +12,12 @@ pub(crate) mod core; /// BBS ciphersuites abstraction over core implementation. pub mod ciphersuites; + +/// BBS Interface abstraction over ciphersuites, defining how messages are +/// mapped to scalars, how generators are created and how core interfaces are +/// used. +pub mod interface; + +/// Calculating the generators, that form part of the BBS Signature +/// public parameters. +pub mod generator; diff --git a/src/schemes/bbs/api/generators.rs b/src/schemes/bbs/api/generators.rs index b5eac727..c5acd5ce 100644 --- a/src/schemes/bbs/api/generators.rs +++ b/src/schemes/bbs/api/generators.rs @@ -7,22 +7,23 @@ use crate::{ memory_cached_generator::MemoryCachedGenerators, Generators, }, + interface::BbsInterfaceParameter, }, Error, }; -pub(crate) fn create_generators( +pub(crate) fn create_generators( count: usize, private_holder_binding: Option, ) -> Result>, Error> where - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let mut result = Vec::new(); let generators = - MemoryCachedGenerators::::new(count - 2, private_holder_binding)?; + MemoryCachedGenerators::::new(count - 2, private_holder_binding)?; - result.push(C::p1()?.to_affine().to_compressed().to_vec()); + result.push(I::Ciphersuite::p1()?.to_affine().to_compressed().to_vec()); result.push(generators.Q.to_affine().to_compressed().to_vec()); result.extend( generators diff --git a/src/schemes/bbs/api/proof.rs b/src/schemes/bbs/api/proof.rs index 5e2b2ff1..6633e99d 100644 --- a/src/schemes/bbs/api/proof.rs +++ b/src/schemes/bbs/api/proof.rs @@ -4,11 +4,11 @@ use super::{ }; use crate::{ bbs::{ - ciphersuites::BbsCiphersuiteParameters, core::{ generator::memory_cached_generator::MemoryCachedGenerators, types::ProofMessage, }, + interface::BbsInterfaceParameter, }, error::Error, schemes::bbs::core::{ @@ -34,30 +34,30 @@ pub fn get_proof_size(num_undisclosed_messages: usize) -> usize { } // helper function for parsing a BBS Proof Generation Request -fn _parse_request_helper( +fn _parse_request_helper( request: &BbsProofGenRequest<'_, T>, ) -> Result< ( PublicKey, Signature, - MemoryCachedGenerators, + MemoryCachedGenerators, Vec, ), Error, > where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let pk = PublicKey::from_octets(request.public_key)?; let (digested_messages, proof_messages) = - digest_proof_messages::<_, C>(request.messages)?; + digest_proof_messages::<_, I>(request.messages)?; // Derive generators let generators = - MemoryCachedGenerators::::new(digested_messages.len(), None)?; + MemoryCachedGenerators::::new(digested_messages.len(), None)?; // Parse signature from request let signature = Signature::from_octets(request.signature)?; @@ -65,7 +65,7 @@ where let verify_signature = request.verify_signature.unwrap_or(true); if verify_signature { // Verify the signature to check the messages supplied are valid - if !(signature.verify::<_, _, _, C>( + if !(signature.verify::<_, _, _, I>( &pk, request.header.as_ref(), &generators, @@ -79,18 +79,18 @@ where } // Generate a BBS signature proof of knowledge. -pub(crate) fn proof_gen( +pub(crate) fn proof_gen( request: &BbsProofGenRequest<'_, T>, ) -> Result, Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let (pk, signature, generators, proof_messages) = - _parse_request_helper::(request)?; + _parse_request_helper::(request)?; // Generate the proof - let proof = Proof::new::<_, _, C>( + let proof = Proof::new::<_, _, I>( &pk, &signature, request.header.as_ref(), @@ -103,12 +103,12 @@ where } // Verify a BBS signature proof of knowledge. -pub(crate) fn proof_verify( +pub(crate) fn proof_verify( request: &BbsProofVerifyRequest<'_, T>, ) -> Result where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let public_key = PublicKey::from_octets(request.public_key)?; @@ -124,13 +124,13 @@ where // Digest the revealed proof messages let messages: BTreeMap = - digest_revealed_proof_messages::<_, C>(messages, total_message_count)?; + digest_revealed_proof_messages::<_, I>(messages, total_message_count)?; // Derive generators let generators = - MemoryCachedGenerators::::new(total_message_count, None)?; + MemoryCachedGenerators::::new(total_message_count, None)?; - proof.verify::<_, _, C>( + proof.verify::<_, _, I>( &public_key, request.header.as_ref(), request.presentation_header.as_ref(), @@ -141,20 +141,20 @@ where // Generate a BBS signature proof of knowledge with a given rng. #[cfg(feature = "__private_bbs_fixtures_generator_api")] -pub(crate) fn proof_gen_with_rng( +pub(crate) fn proof_gen_with_rng( request: &BbsProofGenRequest<'_, T>, rng: R, ) -> Result, Error> where T: AsRef<[u8]>, R: RngCore + CryptoRng, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let (pk, signature, generators, proof_messages) = - _parse_request_helper::(request)?; + _parse_request_helper::(request)?; // Generate the proof - let proof = Proof::new_with_rng::<_, _, _, C>( + let proof = Proof::new_with_rng::<_, _, _, I>( &pk, &signature, request.header.as_ref(), diff --git a/src/schemes/bbs/api/signature.rs b/src/schemes/bbs/api/signature.rs index 1839bb59..343c1ab3 100644 --- a/src/schemes/bbs/api/signature.rs +++ b/src/schemes/bbs/api/signature.rs @@ -4,27 +4,25 @@ use super::{ }; use crate::{ bbs::{ - ciphersuites::{ - bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, - BbsCiphersuiteParameters, - }, + ciphersuites::bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, core::{ generator::memory_cached_generator::MemoryCachedGenerators, key_pair::{PublicKey, SecretKey}, signature::Signature, types::Message, }, + interface::BbsInterfaceParameter, }, error::Error, }; // Create a BBS signature. -pub(crate) fn sign( +pub(crate) fn sign( request: &BbsSignRequest<'_, T>, ) -> Result<[u8; BBS_BLS12381G1_SIGNATURE_LENGTH], Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse the secret key let sk = SecretKey::from_bytes(request.secret_key)?; @@ -33,13 +31,13 @@ where let pk = PublicKey::from_octets(request.public_key)?; // Digest the supplied messages - let messages: Vec = digest_messages::<_, C>(request.messages)?; + let messages: Vec = digest_messages::<_, I>(request.messages)?; // Derive generators - let generators = MemoryCachedGenerators::::new(messages.len(), None)?; + let generators = MemoryCachedGenerators::::new(messages.len(), None)?; // Produce the signature and return - Signature::new::<_, _, _, C>( + Signature::new::<_, _, _, I>( &sk, &pk, request.header.as_ref(), @@ -50,26 +48,26 @@ where } // Verify a BBS signature. -pub(crate) fn verify( +pub(crate) fn verify( request: &BbsVerifyRequest<'_, T>, ) -> Result where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let pk = PublicKey::from_octets(request.public_key)?; // Digest the supplied messages - let messages: Vec = digest_messages::<_, C>(request.messages)?; + let messages: Vec = digest_messages::<_, I>(request.messages)?; // Derive generators - let generators = MemoryCachedGenerators::::new(messages.len(), None)?; + let generators = MemoryCachedGenerators::::new(messages.len(), None)?; // Parse signature from request let signature = Signature::from_octets(request.signature)?; - signature.verify::<_, _, _, C>( + signature.verify::<_, _, _, I>( &pk, request.header.as_ref(), &generators, diff --git a/src/schemes/bbs/api/utils.rs b/src/schemes/bbs/api/utils.rs index 90a5ce27..addf2297 100644 --- a/src/schemes/bbs/api/utils.rs +++ b/src/schemes/bbs/api/utils.rs @@ -22,43 +22,43 @@ use std::collections::BTreeMap; use super::dtos::BbsProofGenRevealMessageRequest; use crate::{ bbs::{ - ciphersuites::BbsCiphersuiteParameters, core::types::{Message, ProofMessage}, + interface::BbsInterfaceParameter, }, error::Error, }; /// Digests the set of input messages and returns in the form of an internal /// structure -pub(crate) fn digest_messages( +pub(crate) fn digest_messages( messages: Option<&[T]>, ) -> Result, Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { if let Some(messages) = messages { return messages .iter() - .map(|msg| Message::from_arbitrary_data::(msg.as_ref(), None)) + .map(|msg| Message::from_arbitrary_data::(msg.as_ref(), None)) .collect(); } Ok(vec![]) } /// Digests a set of supplied proof messages -pub(super) fn digest_proof_messages( +pub(super) fn digest_proof_messages( messages: Option<&[BbsProofGenRevealMessageRequest]>, ) -> Result<(Vec, Vec), Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let mut digested_messages = vec![]; let mut proof_messages = vec![]; if let Some(messages) = messages { for m in messages { - match Message::from_arbitrary_data::(m.value.as_ref(), None) { + match Message::from_arbitrary_data::(m.value.as_ref(), None) { Ok(digested_message) => { digested_messages.push(digested_message); if m.reveal { @@ -76,13 +76,13 @@ where Ok((digested_messages, proof_messages)) } -pub(crate) fn digest_revealed_proof_messages( +pub(crate) fn digest_revealed_proof_messages( messages: &[(usize, T)], total_message_count: usize, ) -> Result, Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { if messages.is_empty() { return Ok(BTreeMap::new()); @@ -106,7 +106,7 @@ where messages .iter() .map(|(i, m)| { - match Message::from_arbitrary_data::(m.as_ref(), None) { + match Message::from_arbitrary_data::(m.as_ref(), None) { Ok(m) => Ok((*i, m)), Err(e) => Err(e), } diff --git a/src/schemes/bbs/ciphersuites.rs b/src/schemes/bbs/ciphersuites.rs index 1823049c..942ab7dd 100644 --- a/src/schemes/bbs/ciphersuites.rs +++ b/src/schemes/bbs/ciphersuites.rs @@ -1,4 +1,5 @@ use crate::{ + bbs::generator::GeneratorsParameters, common::{ ciphersuite::CipherSuiteId, hash_param::{ @@ -6,7 +7,7 @@ use crate::{ h2c::HashToCurveParameter, h2s::HashToScalarParameter, }, - serialization::i2osp, + interface::InterfaceId, }, curves::bls12_381::{ hash_to_curve::{ExpandMessageState, InitExpandMessage}, @@ -15,6 +16,7 @@ use crate::{ }, Error, }; + use group::Group; /// BBS BLS12-381 ciphersuites. @@ -30,23 +32,20 @@ pub(crate) trait BbsCiphersuiteParameters: /// A seed value with global scope for `generator_seed` as defined in /// BBS signature Spec which is used by the `create_generators ` operation /// to compute the required set of message generators. - fn generator_seed() -> Vec { - [Self::ID.as_octets(), b"MESSAGE_GENERATOR_SEED"].concat() + fn bp_generator_seed() -> Vec { + [Self::ID.as_octets(), b"H2G_HM2S_BP_MESSAGE_GENERATOR_SEED"].concat() } // The G1 base point generator seed. - fn bp_generator_seed() -> Vec { - [Self::ID.as_octets(), b"BP_MESSAGE_GENERATOR_SEED"].concat() - } /// Seed DST which is used by the `create_generators ` operation. - fn generator_seed_dst() -> Vec { - [Self::ID.as_octets(), b"SIG_GENERATOR_SEED_"].concat() + fn bp_generator_seed_dst() -> Vec { + [Self::ID.as_octets(), b"H2G_HM2S_SIG_GENERATOR_SEED_"].concat() } /// Generator DST which is used by the `create_generators ` operation. - fn generator_dst() -> Vec { - [Self::ID.as_octets(), b"SIG_GENERATOR_DST_"].concat() + fn bp_generator_dst() -> Vec { + [Self::ID.as_octets(), b"H2G_HM2S_SIG_GENERATOR_DST_"].concat() } /// Point on G1 to be used in signature and proof computation and @@ -54,59 +53,39 @@ pub(crate) trait BbsCiphersuiteParameters: fn p1() -> Result { let mut n = 1; let mut v = [0u8; XOF_NO_OF_BYTES]; - Ok(Self::create_generators( - &Self::bp_generator_seed(), - 1, - &mut n, - &mut v, - true, - )?[0]) - } - - /// Point on G2 to be used during signature and proof verification. - fn p2() -> G2Projective { - G2Projective::generator() - } - - /// Create generators as specified in BBS specification. - fn create_generators( - generator_seed: &[u8], - count: usize, - n: &mut u64, - v: &mut [u8; XOF_NO_OF_BYTES], - with_fresh_state: bool, - ) -> Result, Error> { - let generator_seed_dst = Self::generator_seed_dst(); - - if with_fresh_state { - *n = 1; - // v = expand_message(generator_seed, seed_dst, seed_len) - let mut expander = Self::Expander::init_expand( - generator_seed, - &generator_seed_dst, - XOF_NO_OF_BYTES, - ); - expander.read_into(v); - } + let base_generator = GeneratorsParameters { + generator_seed: Self::bp_generator_seed(), + generator_dst: Self::bp_generator_dst(), + seed_dst: Self::bp_generator_seed_dst(), + hash_to_curve: Self::hash_to_curve, + expand_message: Self::expand_message, + }; - let mut points = Vec::with_capacity(count); + Ok(base_generator.create_generators(1, &mut n, &mut v, true)?[0]) + } - while *n <= count.try_into().unwrap() { - // v = expand_message(v || I2OSP(n, 8), seed_dst, seed_len) - let mut expander = Self::Expander::init_expand( - &[v.as_ref(), &i2osp(*n, 8)?].concat(), - &generator_seed_dst, - XOF_NO_OF_BYTES, - ); - expander.read_into(v); + /// Hash a message and a dst to an output that is XOF_NO_OF_BYTES long. + fn expand_message( + message: &[u8], + dst: &[u8], + dest: &mut [u8; XOF_NO_OF_BYTES], + ) { + let mut expander = + Self::Expander::init_expand(message, dst, XOF_NO_OF_BYTES); + expander.read_into(dest); + } - *n += 1; + /// Hash a message and a dst to a point of g1. + fn hash_to_curve( + message: &[u8], + dst: &[u8], + ) -> Result { + ::hash_to_g1(message, dst) + } - // generator_i = hash_to_curve_g1(v, generator_dst) - let generator_i = Self::hash_to_g1(v, &Self::generator_dst())?; - points.push(generator_i); - } - Ok(points) + /// Point on G2 to be used during signature and proof verification. + fn p2() -> G2Projective { + G2Projective::generator() } } diff --git a/src/schemes/bbs/ciphersuites/bls12_381_g1_sha_256.rs b/src/schemes/bbs/ciphersuites/bls12_381_g1_sha_256.rs index 5cefac9a..8e000433 100644 --- a/src/schemes/bbs/ciphersuites/bls12_381_g1_sha_256.rs +++ b/src/schemes/bbs/ciphersuites/bls12_381_g1_sha_256.rs @@ -2,9 +2,11 @@ use super::{ bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, BbsCiphersuiteParameters, CipherSuiteId, + InterfaceId, }; use crate::{ bbs::{ + interface::BbsInterfaceParameter, BbsProofGenRequest, BbsProofVerifyRequest, BbsSignRequest, @@ -17,6 +19,7 @@ use crate::{ h2s::HashToScalarParameter, ExpandMessageParameter, }, + interface::InterfaceParameter, }, curves::bls12_381::hash_to_curve::ExpandMsgXmd, Error, @@ -43,6 +46,18 @@ impl HashToCurveParameter for Bls12381Sha256CipherSuiteParameter {} impl BbsCiphersuiteParameters for Bls12381Sha256CipherSuiteParameter {} +// BBS Interface +#[derive(Debug, Clone)] +pub(crate) struct Bls12381Sha256InterfaceParameter; + +impl InterfaceParameter for Bls12381Sha256InterfaceParameter { + const ID: InterfaceId = InterfaceId::BbsH2gHm2s; +} + +impl BbsInterfaceParameter for Bls12381Sha256InterfaceParameter { + type Ciphersuite = Bls12381Sha256CipherSuiteParameter; +} + /// Create a BLS12-381-G1-Sha-256 BBS signature. /// Security Warning: `secret_key` and `public_key` in `request` must be related /// key-pair generated using `KeyPair` APIs. @@ -52,7 +67,7 @@ pub fn sign( where T: AsRef<[u8]>, { - crate::bbs::api::signature::sign::<_, Bls12381Sha256CipherSuiteParameter>( + crate::bbs::api::signature::sign::<_, Bls12381Sha256InterfaceParameter>( request, ) } @@ -62,7 +77,7 @@ pub fn verify(request: &BbsVerifyRequest<'_, T>) -> Result where T: AsRef<[u8]>, { - crate::bbs::api::signature::verify::<_, Bls12381Sha256CipherSuiteParameter>( + crate::bbs::api::signature::verify::<_, Bls12381Sha256InterfaceParameter>( request, ) } @@ -74,7 +89,7 @@ pub fn proof_gen( where T: AsRef<[u8]>, { - crate::bbs::api::proof::proof_gen::<_, Bls12381Sha256CipherSuiteParameter>( + crate::bbs::api::proof::proof_gen::<_, Bls12381Sha256InterfaceParameter>( request, ) } @@ -94,7 +109,7 @@ where crate::bbs::api::proof::proof_gen_with_rng::< _, _, - Bls12381Sha256CipherSuiteParameter, + Bls12381Sha256InterfaceParameter, >(request, rng) } @@ -105,7 +120,7 @@ pub fn proof_verify( where T: AsRef<[u8]>, { - crate::bbs::api::proof::proof_verify::<_, Bls12381Sha256CipherSuiteParameter>( + crate::bbs::api::proof::proof_verify::<_, Bls12381Sha256InterfaceParameter>( request, ) } @@ -118,7 +133,7 @@ pub fn create_generators( private_holder_binding: Option, ) -> Result>, Error> { crate::bbs::api::generators::create_generators::< - Bls12381Sha256CipherSuiteParameter, + Bls12381Sha256InterfaceParameter, >(count, private_holder_binding) } @@ -140,7 +155,7 @@ pub const SCALAR_OCTETS_LENGTH: usize = OCTET_SCALAR_LENGTH; #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn hash_to_scalar( msg_octets: &[u8], - dst: Option<&[u8]>, + dst: &[u8], ) -> Result<[u8; OCTET_SCALAR_LENGTH], Error> { let scalars = Bls12381Sha256CipherSuiteParameter::hash_to_scalar(msg_octets, dst); @@ -159,7 +174,7 @@ pub fn map_message_to_scalar_as_hash( dst: Option<&[u8]>, ) -> Result<[u8; OCTET_SCALAR_LENGTH], Error> { let scalar = - Bls12381Sha256CipherSuiteParameter::map_message_to_scalar_as_hash( + Bls12381Sha256InterfaceParameter::map_message_to_scalar_as_hash( message, dst, ); @@ -173,19 +188,20 @@ pub fn map_message_to_scalar_as_hash( #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn default_hash_to_scalar_dst() -> Vec { - Bls12381Sha256CipherSuiteParameter::default_hash_to_scalar_dst() + Bls12381Sha256InterfaceParameter::default_hash_to_scalar_dst() } /// Return the default map message to scalar as hash dst. #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn default_map_message_to_scalar_as_hash_dst() -> Vec { - Bls12381Sha256CipherSuiteParameter::default_map_message_to_scalar_as_hash_dst() + Bls12381Sha256InterfaceParameter::default_map_message_to_scalar_as_hash_dst( + ) } /// Get's ciphersuite id. #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn ciphersuite_id() -> Vec { - Bls12381Sha256CipherSuiteParameter::ID.as_octets().to_vec() + Bls12381Sha256InterfaceParameter::api_id() } diff --git a/src/schemes/bbs/ciphersuites/bls12_381_g1_shake_256.rs b/src/schemes/bbs/ciphersuites/bls12_381_g1_shake_256.rs index 0da082f7..ca62d44c 100644 --- a/src/schemes/bbs/ciphersuites/bls12_381_g1_shake_256.rs +++ b/src/schemes/bbs/ciphersuites/bls12_381_g1_shake_256.rs @@ -2,9 +2,11 @@ use super::{ bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, BbsCiphersuiteParameters, CipherSuiteId, + InterfaceId, }; use crate::{ bbs::{ + interface::BbsInterfaceParameter, BbsProofGenRequest, BbsProofVerifyRequest, BbsSignRequest, @@ -17,6 +19,7 @@ use crate::{ h2s::HashToScalarParameter, ExpandMessageParameter, }, + interface::InterfaceParameter, }, curves::bls12_381::hash_to_curve::ExpandMsgXof, Error, @@ -43,6 +46,18 @@ impl HashToCurveParameter for Bls12381Shake256CipherSuiteParameter {} impl BbsCiphersuiteParameters for Bls12381Shake256CipherSuiteParameter {} +// BBS Interface +#[derive(Debug, Clone)] +pub(crate) struct Bls12381Shake256InterfaceParameter; + +impl InterfaceParameter for Bls12381Shake256InterfaceParameter { + const ID: InterfaceId = InterfaceId::BbsH2gHm2s; +} + +impl BbsInterfaceParameter for Bls12381Shake256InterfaceParameter { + type Ciphersuite = Bls12381Shake256CipherSuiteParameter; +} + /// Create a BLS12-381-G1-Shake-256 BBS signature. /// Security Warning: `secret_key` and `public_key` in `request` must be related /// key-pair generated using `KeyPair` APIs. @@ -52,7 +67,7 @@ pub fn sign( where T: AsRef<[u8]>, { - crate::bbs::api::signature::sign::<_, Bls12381Shake256CipherSuiteParameter>( + crate::bbs::api::signature::sign::<_, Bls12381Shake256InterfaceParameter>( request, ) } @@ -62,7 +77,7 @@ pub fn verify(request: &BbsVerifyRequest<'_, T>) -> Result where T: AsRef<[u8]>, { - crate::bbs::api::signature::verify::<_, Bls12381Shake256CipherSuiteParameter>( + crate::bbs::api::signature::verify::<_, Bls12381Shake256InterfaceParameter>( request, ) } @@ -74,7 +89,7 @@ pub fn proof_gen( where T: AsRef<[u8]>, { - crate::bbs::api::proof::proof_gen::<_, Bls12381Shake256CipherSuiteParameter>( + crate::bbs::api::proof::proof_gen::<_, Bls12381Shake256InterfaceParameter>( request, ) } @@ -94,7 +109,7 @@ where crate::bbs::api::proof::proof_gen_with_rng::< _, _, - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >(request, rng) } @@ -105,10 +120,9 @@ pub fn proof_verify( where T: AsRef<[u8]>, { - crate::bbs::api::proof::proof_verify::< - _, - Bls12381Shake256CipherSuiteParameter, - >(request) + crate::bbs::api::proof::proof_verify::<_, Bls12381Shake256InterfaceParameter>( + request, + ) } /// Create generators. @@ -119,7 +133,7 @@ pub fn create_generators( private_holder_binding: Option, ) -> Result>, Error> { crate::bbs::api::generators::create_generators::< - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >(count, private_holder_binding) } @@ -141,9 +155,9 @@ pub const SCALAR_OCTETS_LENGTH: usize = OCTET_SCALAR_LENGTH; #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn hash_to_scalar( msg_octets: &[u8], - dst: Option<&[u8]>, + dst: &[u8], ) -> Result<[u8; OCTET_SCALAR_LENGTH], Error> { - let scalars = + let scalars: Result = Bls12381Shake256CipherSuiteParameter::hash_to_scalar(msg_octets, dst); match scalars { @@ -160,7 +174,7 @@ pub fn map_message_to_scalar_as_hash( dst: Option<&[u8]>, ) -> Result<[u8; OCTET_SCALAR_LENGTH], Error> { let scalar = - Bls12381Shake256CipherSuiteParameter::map_message_to_scalar_as_hash( + Bls12381Shake256InterfaceParameter::map_message_to_scalar_as_hash( message, dst, ); @@ -174,21 +188,19 @@ pub fn map_message_to_scalar_as_hash( #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn default_hash_to_scalar_dst() -> Vec { - Bls12381Shake256CipherSuiteParameter::default_hash_to_scalar_dst() + Bls12381Shake256InterfaceParameter::default_hash_to_scalar_dst() } /// Return the default map message to scalar as hash dst. #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn default_map_message_to_scalar_as_hash_dst() -> Vec { - Bls12381Shake256CipherSuiteParameter::default_map_message_to_scalar_as_hash_dst() + Bls12381Shake256InterfaceParameter::default_map_message_to_scalar_as_hash_dst() } /// Get ciphersuite id. #[cfg(feature = "__private_bbs_fixtures_generator_api")] #[cfg_attr(docsrs, doc(cfg(feature = "__private_bbs_fixtures_generator_api")))] pub fn ciphersuite_id() -> Vec { - Bls12381Shake256CipherSuiteParameter::ID - .as_octets() - .to_vec() + Bls12381Shake256InterfaceParameter::api_id() } diff --git a/src/schemes/bbs/core/generator/memory_cached_generator.rs b/src/schemes/bbs/core/generator/memory_cached_generator.rs index 4ca2cdb4..313fb7ad 100644 --- a/src/schemes/bbs/core/generator/memory_cached_generator.rs +++ b/src/schemes/bbs/core/generator/memory_cached_generator.rs @@ -1,6 +1,6 @@ use super::Generators; use crate::{ - bbs::ciphersuites::BbsCiphersuiteParameters, + bbs::interface::BbsInterfaceParameter, common::hash_param::constant::XOF_NO_OF_BYTES, curves::bls12_381::G1Projective, error::Error, @@ -16,15 +16,15 @@ use group::Group; #[allow(non_snake_case)] #[derive(Debug, Clone)] pub(crate) struct MemoryCachedGenerators< - C: BbsCiphersuiteParameters + Debug + Clone, + I: BbsInterfaceParameter + Debug + Clone, > { pub(crate) Q: G1Projective, pub(crate) H_list: Vec, - _phantom_data: PhantomData, + _phantom_data: PhantomData, } #[allow(non_snake_case)] -impl MemoryCachedGenerators { +impl MemoryCachedGenerators { /// Construct `Generators`. /// The implementation follows `CreateGenerators` section as defined in . pub fn new( @@ -32,17 +32,11 @@ impl MemoryCachedGenerators { private_holder_binding: Option, ) -> Result where - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let mut n = 1; let mut v = [0u8; XOF_NO_OF_BYTES]; - let generators = C::create_generators( - &C::generator_seed(), - count + 1, - &mut n, - &mut v, - true, - )?; + let generators = I::create_generators(count + 1, &mut n, &mut v, true)?; let mut H_list = generators[1..1 + count].to_vec(); if let Some(bound_bbs) = private_holder_binding { if bound_bbs { @@ -58,8 +52,8 @@ impl MemoryCachedGenerators { } } -impl Generators - for MemoryCachedGenerators +impl Generators + for MemoryCachedGenerators { /// Get `Q`, the generator point for the domain of the signature. fn Q(&self) -> G1Projective { diff --git a/src/schemes/bbs/core/proof.rs b/src/schemes/bbs/core/proof.rs index 456d21eb..58f3e08b 100644 --- a/src/schemes/bbs/core/proof.rs +++ b/src/schemes/bbs/core/proof.rs @@ -14,7 +14,10 @@ use super::{ utils::{compute_B, compute_challenge, compute_domain}, }; use crate::{ - bbs::ciphersuites::BbsCiphersuiteParameters, + bbs::{ + ciphersuites::BbsCiphersuiteParameters, + interface::BbsInterfaceParameter, + }, common::util::{create_random_scalar, print_byte_array}, curves::{ bls12_381::{ @@ -105,7 +108,7 @@ impl core::fmt::Display for Proof { impl Proof { /// Generates the zero-knowledge proof-of-knowledge of a signature, while /// optionally selectively disclosing from the original set of signed messages as defined in `ProofGen` API in BBS Signature specification . - pub fn new( + pub fn new( PK: &PublicKey, signature: &Signature, header: Option, @@ -116,15 +119,17 @@ impl Proof { where T: AsRef<[u8]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { - Self::new_with_rng::<_, _, _, C>( + Self::new_with_rng::<_, _, _, I>( PK, signature, header, ph, generators, messages, OsRng, ) } /// Generates the zero-knowledge proof-of-knowledge of a signature, while /// optionally selectively disclosing from the original set of signed messages as defined in `ProofGen` API in BBS Signature specification using an externally supplied random number generator. - pub fn new_with_rng( + /// TODO: Remove the following clippy warning de-activation. + #[allow(clippy::too_many_arguments)] + pub fn new_with_rng( PK: &PublicKey, signature: &Signature, header: Option, @@ -137,7 +142,7 @@ impl Proof { T: AsRef<[u8]>, R: RngCore + CryptoRng, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Input parameter checks // Error out if there is no `header` and not any `ProofMessage` @@ -190,7 +195,7 @@ impl Proof { } // initialize proof generation - let init_result: ProofInitResult = Self::proof_init::( + let init_result: ProofInitResult = Self::proof_init::( PK, signature, generators, @@ -202,7 +207,7 @@ impl Proof { // calculate the challenge let c = - compute_challenge::<_, C>(&init_result, &disclosed_messages, ph)?; + compute_challenge::<_, I>(&init_result, &disclosed_messages, ph)?; // finalize the proof Self::proof_finalize( @@ -216,7 +221,7 @@ impl Proof { /// Verify the zero-knowledge proof-of-knowledge of a signature with /// optionally selectively disclosed messages from the original set of signed messages as defined in `ProofGen` API in BBS Signature specification . - pub fn verify( + pub fn verify( &self, PK: &PublicKey, header: Option, @@ -227,7 +232,7 @@ impl Proof { where T: AsRef<[u8]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // if KeyValidate(PK) is INVALID, return INVALID // `PK` should not be an identity and should belong to subgroup G2 @@ -236,7 +241,7 @@ impl Proof { } // initialize the proof verification procedure - let init_res = self.proof_verify_init::( + let init_res = self.proof_verify_init::( PK, header, generators, @@ -248,7 +253,7 @@ impl Proof { // cv_for_hash = encode_for_hash(cv_array) // if cv_for_hash is INVALID, return INVALID // cv = hash_to_scalar(cv_for_hash, 1) - let cv = compute_challenge::<_, C>(&init_res, disclosed_messages, ph)?; + let cv = compute_challenge::<_, I>(&init_res, disclosed_messages, ph)?; // Check the selective disclosure proof // if c != cv, return INVALID @@ -265,7 +270,7 @@ impl Proof { // Check the signature proof // if e(Abar, W) * e(Abar, -P2) != 1, return INVALID // else return VALID - let P2 = C::p2().to_affine(); + let P2 = I::Ciphersuite::p2().to_affine(); Ok(Bls12::multi_miller_loop(&[ (&self.A_bar.to_affine(), &G2Prepared::from(PK.0.to_affine())), (&self.B_bar.to_affine(), &G2Prepared::from(-P2)), @@ -277,7 +282,9 @@ impl Proof { } /// Initialize the Proof Generation operation. - pub fn proof_init( + /// TODO: Remove the following clippy warning de-activation. + #[allow(clippy::too_many_arguments)] + pub fn proof_init( PK: &PublicKey, signature: &Signature, generators: &G, @@ -289,7 +296,7 @@ impl Proof { where T: AsRef<[u8]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let total_no_of_messages = message_scalars.len(); @@ -320,7 +327,7 @@ impl Proof { // domain // = hash_to_scalar((PK||L||generators||Ciphersuite_ID||header), 1) - let domain = compute_domain::<_, _, C>( + let domain = compute_domain::<_, _, I>( PK, header, message_scalars.len(), @@ -331,7 +338,7 @@ impl Proof { let A_bar = signature.A * random_scalars.r1; // B = P1 + Q * domain + H_1 * msg_1 + ... + H_L * msg_L - let B = compute_B::<_, C>(&domain, &message_scalars, generators)?; + let B = compute_B::<_, I>(&domain, &message_scalars, generators)?; // Bbar = B * r1 - Abar * e let B_bar = G1Projective::multi_exp( @@ -431,7 +438,7 @@ impl Proof { } /// Initialize the Proof Verification operation. - pub fn proof_verify_init( + pub fn proof_verify_init( &self, PK: &PublicKey, header: Option, @@ -441,7 +448,7 @@ impl Proof { where T: AsRef<[u8]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // The total number of messages equals disclosed_messages number + m_hat // number Note that this operation is necessarily repeated at @@ -486,7 +493,7 @@ impl Proof { // domain // = hash_to_scalar((PK||L||generators||Ciphersuite_ID||header), 1) - let domain = compute_domain::<_, _, C>( + let domain = compute_domain::<_, _, I>( PK, header, generators.message_generators_length(), @@ -497,7 +504,7 @@ impl Proof { let D_len = 1 + 1 + disclosed_messages.len(); let mut D_points = Vec::with_capacity(D_len); let mut D_scalars = Vec::with_capacity(D_len); - let P1 = C::p1()?; + let P1 = I::Ciphersuite::p1()?; // P1 D_points.push(P1); D_scalars.push(Scalar::one()); diff --git a/src/schemes/bbs/core/signature.rs b/src/schemes/bbs/core/signature.rs index 0dc6c795..582ab34e 100644 --- a/src/schemes/bbs/core/signature.rs +++ b/src/schemes/bbs/core/signature.rs @@ -6,7 +6,10 @@ use super::{ utils::{compute_B, compute_domain}, }; use crate::{ - bbs::ciphersuites::BbsCiphersuiteParameters, + bbs::{ + ciphersuites::BbsCiphersuiteParameters, + interface::BbsInterfaceParameter, + }, common::util::print_byte_array, curves::{ bls12_381::{ @@ -135,7 +138,7 @@ impl Signature { /// /// Security Warning: `SK` and `PK` paramters must be related key-pair /// generated using `KeyPair` APIs. - pub fn new( + pub fn new( SK: &SecretKey, PK: &PublicKey, header: Option, @@ -146,7 +149,7 @@ impl Signature { T: AsRef<[u8]>, M: AsRef<[Message]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let header = header.as_ref(); let messages = messages.as_ref(); @@ -172,7 +175,7 @@ impl Signature { // domain // = hash_to_scalar((PK||L||generators||Ciphersuite_ID||header), 1) let domain = - compute_domain::<_, _, C>(PK, header, messages.len(), generators)?; + compute_domain::<_, _, I>(PK, header, messages.len(), generators)?; // e_s_octs = serialize((SK, domain, msg_1, ..., msg_L)) let mut data_to_hash = vec![]; @@ -187,12 +190,12 @@ impl Signature { // if e_s_expand is INVALID, return INVALID // e = hash_to_scalar(e_s_expand[0..(expand_len - 1)]) // s = hash_to_scalar(e_s_expand[expand_len..(expand_len * 2 - 1)]) - let e = C::hash_to_e(&data_to_hash)?; + let e = I::hash_to_e(&data_to_hash)?; // B = P1 + Q * domain + H_1 * msg_1 + ... + H_L * msg_L let message_scalars: Vec = messages.iter().map(|m| m.0).collect(); - let B = compute_B::<_, C>(&domain, &message_scalars, generators)?; + let B = compute_B::<_, I>(&domain, &message_scalars, generators)?; let exp = (e + SK.as_scalar()).invert(); let exp = if exp.is_some().unwrap_u8() == 1u8 { exp.unwrap() @@ -209,7 +212,7 @@ impl Signature { } /// Generate a bound bbs signature. - pub fn new_bound( + pub fn new_bound( SK: &SecretKey, PK: &PublicKey, BlsPk: &BlsPublicKey, @@ -221,7 +224,7 @@ impl Signature { T: AsRef<[u8]>, M: AsRef<[Message]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let header = header.as_ref(); let messages = messages.as_ref(); @@ -245,7 +248,7 @@ impl Signature { } // domain=hash_to_scalar((PK||L||generators||BP_1||Ciphersuite_ID||header),1) - let domain = compute_domain::<_, _, C>( + let domain = compute_domain::<_, _, I>( PK, header, messages.len() + 1, @@ -261,10 +264,10 @@ impl Signature { data_to_hash.extend(m.to_bytes().as_ref()); } - let e = C::hash_to_e(&data_to_hash)?; + let e = I::hash_to_e(&data_to_hash)?; // B = P1 + Q*domain + H_1*msg_1 + ... + H_L*msg_L + BlsPk - let mut points: Vec<_> = vec![C::p1()?, generators.Q()]; + let mut points: Vec<_> = vec![I::Ciphersuite::p1()?, generators.Q()]; points.extend(generators.message_generators_iter()); points.remove(1 + generators.message_generators_length()); let mut scalars: Vec<_> = [Scalar::one(), domain] @@ -295,7 +298,7 @@ impl Signature { /// Verify a signature. /// This method follows `Verify` API as defined in BBS Signature spec /// - pub fn verify( + pub fn verify( &self, PK: &PublicKey, header: Option, @@ -306,7 +309,7 @@ impl Signature { T: AsRef<[u8]>, M: AsRef<[Message]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let messages = messages.as_ref(); @@ -335,14 +338,14 @@ impl Signature { // domain // = hash_to_scalar((PK||L||generators||Ciphersuite_ID||header), 1) let domain = - compute_domain::<_, _, C>(PK, header, messages.len(), generators)?; + compute_domain::<_, _, I>(PK, header, messages.len(), generators)?; // B = P1 + Q * domain + H_1 * msg_1 + ... + H_L * msg_L let message_scalars: Vec = messages.iter().map(|m| m.0).collect(); - let B = compute_B::<_, C>(&domain, &message_scalars, generators)?; + let B = compute_B::<_, I>(&domain, &message_scalars, generators)?; - let P2 = C::p2(); + let P2 = I::Ciphersuite::p2(); // C1 = (A, W + P2 * e) let C1 = ( &self.A.to_affine(), diff --git a/src/schemes/bbs/core/types.rs b/src/schemes/bbs/core/types.rs index da6e2d20..f3174c7a 100644 --- a/src/schemes/bbs/core/types.rs +++ b/src/schemes/bbs/core/types.rs @@ -1,5 +1,5 @@ use crate::{ - bbs::ciphersuites::BbsCiphersuiteParameters, + bbs::interface::BbsInterfaceParameter, curves::{ bls12_381::{Scalar, OCTET_SCALAR_LENGTH}, scalar_type::scalar_wrapper, @@ -34,14 +34,14 @@ impl Message { } /// Map arbitrary data to `Message`. - pub fn from_arbitrary_data( + pub fn from_arbitrary_data( message: &[u8], dst: Option<&[u8]>, ) -> Result where - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { - Ok(Self(C::map_message_to_scalar_as_hash(message, dst)?)) + Ok(Self(I::map_message_to_scalar_as_hash(message, dst)?)) } } diff --git a/src/schemes/bbs/core/utils.rs b/src/schemes/bbs/core/utils.rs index e5a0256b..9f7a5e65 100644 --- a/src/schemes/bbs/core/utils.rs +++ b/src/schemes/bbs/core/utils.rs @@ -6,9 +6,18 @@ use super::{ types::{Challenge, Message, ProofInitResult}, }; use crate::{ - bbs::ciphersuites::BbsCiphersuiteParameters, + bbs::{ + ciphersuites::BbsCiphersuiteParameters, + interface::BbsInterfaceParameter, + }, common::{ - hash_param::constant::NON_NEGATIVE_INTEGER_ENCODING_LENGTH, + hash_param::{ + constant::{ + DEFAULT_DST_SUFFIX_H2S, + NON_NEGATIVE_INTEGER_ENCODING_LENGTH, + }, + h2s::HashToScalarParameter, + }, serialization::{i2osp, i2osp_with_data}, }, curves::{ @@ -28,7 +37,7 @@ use std::collections::BTreeMap; /// Computes `domain` value. /// domain = /// hash_to_scalar((PK || L || generators || Ciphersuite_ID || header), 1) -pub(crate) fn compute_domain( +pub(crate) fn compute_domain( PK: &PublicKey, header: Option, L: usize, @@ -37,7 +46,7 @@ pub(crate) fn compute_domain( where T: AsRef<[u8]>, G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Error out if length of messages and generators are not equal if L != generators.message_generators_length() { @@ -51,7 +60,7 @@ where // header), 1) // dom_array = (L, Q, H_1, ..., H_L) - // dom_octs = serialize(dom_array) || ciphersuite_id + // dom_octs = serialize(dom_array) || api_id // dom_input = PK || dom_octs || I2OSP(length(header), 8) || header // hash_to_scalar(dom_input, 1) let mut data_to_hash = vec![]; @@ -63,7 +72,7 @@ where data_to_hash.extend(point_to_octets_g1(&generator).as_ref()); } - data_to_hash.extend(C::ID.as_octets()); + data_to_hash.extend(I::api_id()); let _header_bytes = header.as_ref().map_or(&[] as &[u8], |v| v.as_ref()); data_to_hash.extend(i2osp_with_data( @@ -71,19 +80,28 @@ where NON_NEGATIVE_INTEGER_ENCODING_LENGTH, )?); - C::hash_to_scalar(&data_to_hash, None) + let hash_to_scalar_dst = [ + I::api_id().clone(), + DEFAULT_DST_SUFFIX_H2S.as_bytes().to_vec(), + ] + .concat(); + + ::hash_to_scalar( + &data_to_hash, + &hash_to_scalar_dst, + ) } /// Computes `B` value. /// B = P1 + Q * domain + H_1 * msg_1 + ... + H_L * msg_L -pub(crate) fn compute_B( +pub(crate) fn compute_B( domain: &Scalar, messages: &[Scalar], generators: &G, ) -> Result where G: Generators, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Input params check // Error out if length of generators and messages are not equal @@ -94,7 +112,7 @@ where }); } - let mut points: Vec<_> = vec![C::p1()?, generators.Q()]; + let mut points: Vec<_> = vec![I::Ciphersuite::p1()?, generators.Q()]; points.extend(generators.message_generators_iter()); let scalars = [&[Scalar::one(), *domain], messages].concat(); @@ -103,14 +121,14 @@ where /// Compute Fiat Shamir heuristic challenge. #[allow(clippy::too_many_arguments)] -pub(crate) fn compute_challenge( +pub(crate) fn compute_challenge( proof_init_res: &ProofInitResult, disclosed_messages: &BTreeMap, ph: Option, ) -> Result where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // c_array = (A_bar, B_bar, C, R, i1, ..., iR, msg_i1, ..., msg_iR, // domain, ph) @@ -140,6 +158,12 @@ where NON_NEGATIVE_INTEGER_ENCODING_LENGTH, )?); + let challenge_dst = + [I::api_id(), DEFAULT_DST_SUFFIX_H2S.as_bytes().to_vec()].concat(); + // c = hash_to_scalar(c_for_hash, 1) - Ok(Challenge(C::hash_to_scalar(&data_to_hash, None)?)) + Ok(Challenge(I::Ciphersuite::hash_to_scalar( + &data_to_hash, + &challenge_dst, + )?)) } diff --git a/src/schemes/bbs/generator.rs b/src/schemes/bbs/generator.rs new file mode 100644 index 00000000..c623ac9d --- /dev/null +++ b/src/schemes/bbs/generator.rs @@ -0,0 +1,60 @@ +use crate::{ + common::{hash_param::constant::XOF_NO_OF_BYTES, serialization::i2osp}, + curves::bls12_381::G1Projective, + Error, +}; + +/// Parameters of the create_generators operation as defined in [BBS draft](https://www.ietf.org/archive/id/draft-irtf-cfrg-bbs-signatures-03.html#name-hash-to-generators). +pub struct GeneratorsParameters { + /// Seed from which all generators are created. + pub generator_seed: Vec, + /// A dst to domain separate the generator points. + pub generator_dst: Vec, + /// A dst to domain separate the seeds that create all the generators. + pub seed_dst: Vec, + /// The hash to curve operation that hashes a message and a dst on a + /// point of G1. + pub hash_to_curve: + fn(message: &[u8], dst: &[u8]) -> Result, + /// A operation that hashes a message and a dst and pouts the result of + /// length XOF_NO_OF_BYTES, to the destination (dest). + pub expand_message: + fn(message: &[u8], dst: &[u8], dest: &mut [u8; XOF_NO_OF_BYTES]), +} + +impl GeneratorsParameters { + /// Create `count` generators from some new or supplied state (n, v). + pub fn create_generators( + self, + count: usize, + n: &mut u64, + v: &mut [u8; XOF_NO_OF_BYTES], + with_fresh_state: bool, + ) -> Result, Error> { + let generator_dst = self.generator_dst; + let generator_seed = self.generator_seed; + let seed_dst = self.seed_dst; + + if with_fresh_state { + *n = 1; + (self.expand_message)(&generator_seed, &seed_dst, v) + } + + let mut points = Vec::with_capacity(count); + + while *n <= count.try_into().unwrap() { + (self.expand_message)( + &[v.as_ref(), &i2osp(*n, 8)?].concat(), + &seed_dst, + v, + ); + + *n += 1; + + // generator_i = hash_to_curve_g1(v, generator_dst) + let generator_i = (self.hash_to_curve)(v, &generator_dst)?; + points.push(generator_i); + } + Ok(points) + } +} diff --git a/src/schemes/bbs/interface.rs b/src/schemes/bbs/interface.rs new file mode 100644 index 00000000..562ac4a0 --- /dev/null +++ b/src/schemes/bbs/interface.rs @@ -0,0 +1,106 @@ +use super::ciphersuites::BbsCiphersuiteParameters; +use crate::{ + bbs::generator::GeneratorsParameters, + common::{ + ciphersuite::CipherSuiteParameter, + hash_param::{ + constant::{ + DEFAULT_DST_SUFFIX_H2S, + DEFAULT_DST_SUFFIX_MESSAGE_TO_SCALAR, + MAX_DST_SIZE, + MAX_MESSAGE_SIZE, + XOF_NO_OF_BYTES, + }, + h2s::HashToScalarParameter, + }, + interface::InterfaceParameter, + }, + curves::bls12_381::{G1Projective, Scalar}, + Error, +}; + +pub(crate) trait BbsInterfaceParameter: InterfaceParameter { + // Each Interface needs to be defined over a specific BBS ciphersuite. + type Ciphersuite: BbsCiphersuiteParameters; + + fn api_id() -> Vec { + [ + Self::Ciphersuite::ID.as_octets(), + ::ID.as_octets(), + ] + .concat() + } + + fn generators_parameter() -> GeneratorsParameters { + GeneratorsParameters { + generator_seed: [ + Self::api_id(), + b"MESSAGE_GENERATOR_SEED".to_vec(), + ] + .concat(), + generator_dst: [Self::api_id(), b"SIG_GENERATOR_DST_".to_vec()] + .concat(), + seed_dst: [Self::api_id(), b"SIG_GENERATOR_SEED_".to_vec()] + .concat(), + hash_to_curve: Self::Ciphersuite::hash_to_curve, + expand_message: Self::Ciphersuite::expand_message, + } + } + + fn create_generators( + count: usize, + n: &mut u64, + v: &mut [u8; XOF_NO_OF_BYTES], + with_fresh_state: bool, + ) -> Result, Error> { + let generators: GeneratorsParameters = Self::generators_parameter(); + generators.create_generators(count, n, v, with_fresh_state) + } + + /// Default domain separation tag to be used in [MapMessageToScalarAsHash](https://identity.foundation/bbs-signature/draft-bbs-signatures.html#name-mapmessagetoscalarashash). + fn default_map_message_to_scalar_as_hash_dst() -> Vec { + [ + &Self::api_id(), + DEFAULT_DST_SUFFIX_MESSAGE_TO_SCALAR.as_bytes(), + ] + .concat() + } + + /// Default domain separation tag for `hash_to_scalar` operation. + fn default_hash_to_scalar_dst() -> Vec { + [&Self::api_id(), DEFAULT_DST_SUFFIX_H2S.as_bytes()].concat() + } + + // map messages to scalars + fn map_message_to_scalar_as_hash( + message: &[u8], + dst: Option<&[u8]>, + ) -> Result { + let default_map_message_to_scalar_as_hash_dst = + Self::default_map_message_to_scalar_as_hash_dst(); + let dst = dst.unwrap_or(&default_map_message_to_scalar_as_hash_dst); + + if !dst.is_ascii() { + return Err(Error::BadParams { + cause: "non-ascii dst".to_owned(), + }); + } + + // If len(dst) > 2^8 - 1 or len(msg) > 2^64 - 1, abort + if message.len() as u64 > MAX_MESSAGE_SIZE { + return Err(Error::MessageIsTooLarge); + } + if dst.len() > MAX_DST_SIZE as usize { + return Err(Error::DstIsTooLarge); + } + + // hash_to_scalar(message || dst_prime, 1) + Self::Ciphersuite::hash_to_scalar(message, dst) + } + + fn hash_to_e(data_to_hash: &[u8]) -> Result { + let e_dst = + [&Self::api_id(), DEFAULT_DST_SUFFIX_H2S.as_bytes()].concat(); + Self::Ciphersuite::hash_to_scalar(data_to_hash, &e_dst) + } +} diff --git a/src/schemes/bbs_bound/api/proof.rs b/src/schemes/bbs_bound/api/proof.rs index 21b7567c..f7e2d7a1 100644 --- a/src/schemes/bbs_bound/api/proof.rs +++ b/src/schemes/bbs_bound/api/proof.rs @@ -5,11 +5,11 @@ use super::{ use crate::{ bbs::{ api::utils::digest_revealed_proof_messages, - ciphersuites::BbsCiphersuiteParameters, core::{ generator::memory_cached_generator::MemoryCachedGenerators, types::ProofMessage, }, + interface::BbsInterfaceParameter, }, error::Error, schemes::bbs::core::{ @@ -34,12 +34,12 @@ pub fn get_proof_size(num_undisclosed_messages: usize) -> usize { } // Generate a BBS bound signature proof of knowledge. -pub(crate) fn proof_gen( +pub(crate) fn proof_gen( request: &BbsBoundProofGenRequest<'_, T>, ) -> Result, Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let pk = PublicKey::from_octets(request.public_key)?; @@ -49,12 +49,12 @@ where let bls_sk = Message(*bls_sk.0); let (mut digested_messages, mut proof_messages) = - digest_bound_proof_messages::<_, C>(request.messages)?; + digest_bound_proof_messages::<_, I>(request.messages)?; digested_messages.push(bls_sk); proof_messages.push(ProofMessage::Hidden(bls_sk)); // Derive generators - let generators = MemoryCachedGenerators::::new( + let generators = MemoryCachedGenerators::::new( digested_messages.len() - 1, Some(true), )?; @@ -65,7 +65,7 @@ where let verify_signature = request.verify_signature.unwrap_or(true); if verify_signature { // Verify the signature to check the messages supplied are valid - if !(signature.verify::<_, _, _, C>( + if !(signature.verify::<_, _, _, I>( &pk, request.header.as_ref(), &generators, @@ -76,7 +76,7 @@ where } // Generate the proof - let proof = Proof::new::<_, _, C>( + let proof = Proof::new::<_, _, I>( &pk, &signature, request.header.as_ref(), @@ -89,12 +89,12 @@ where } // Verify a BBS bound signature proof of knowledge. -pub(crate) fn proof_verify( +pub(crate) fn proof_verify( request: &BbsBoundProofVerifyRequest<'_, T>, ) -> Result where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let public_key = PublicKey::from_octets(request.public_key)?; @@ -110,16 +110,16 @@ where // Digest the revealed proof messages let messages: BTreeMap = - digest_revealed_proof_messages::<_, C>(messages, total_message_count)?; + digest_revealed_proof_messages::<_, I>(messages, total_message_count)?; // Derive generators - let generators = MemoryCachedGenerators::::new( + let generators = MemoryCachedGenerators::::new( total_message_count - 1, /* total_message_count also includes the * prover's commitment */ Some(true), )?; - proof.verify::<_, _, C>( + proof.verify::<_, _, I>( &public_key, request.header.as_ref(), request.presentation_header.as_ref(), diff --git a/src/schemes/bbs_bound/api/signature.rs b/src/schemes/bbs_bound/api/signature.rs index bf8f2f2e..0676dfb4 100644 --- a/src/schemes/bbs_bound/api/signature.rs +++ b/src/schemes/bbs_bound/api/signature.rs @@ -2,16 +2,14 @@ use super::dtos::{BbsBoundSignRequest, BbsBoundVerifyRequest}; use crate::{ bbs::{ api::utils::digest_messages, - ciphersuites::{ - bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, - BbsCiphersuiteParameters, - }, + ciphersuites::bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, core::{ generator::memory_cached_generator::MemoryCachedGenerators, key_pair::{PublicKey, SecretKey}, signature::Signature, types::Message, }, + interface::BbsInterfaceParameter, }, error::Error, }; @@ -22,12 +20,12 @@ use crate::bls::core::key_pair::{ }; // Create a BBS Bound signature. -pub(crate) fn sign( +pub(crate) fn sign( request: &BbsBoundSignRequest<'_, T>, ) -> Result<[u8; BBS_BLS12381G1_SIGNATURE_LENGTH], Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse the secret key let sk = SecretKey::from_bytes(request.secret_key)?; @@ -44,14 +42,14 @@ where } // Digest the supplied messages - let messages: Vec = digest_messages::<_, C>(request.messages)?; + let messages: Vec = digest_messages::<_, I>(request.messages)?; // Derive generators let generators = - MemoryCachedGenerators::::new(messages.len(), Some(true))?; + MemoryCachedGenerators::::new(messages.len(), Some(true))?; // Produce the signature and return - Signature::new_bound::<_, _, _, C>( + Signature::new_bound::<_, _, _, I>( &sk, &pk, &bls_pk, @@ -63,12 +61,12 @@ where } // Verify a BBS bound signature. -pub(crate) fn verify( +pub(crate) fn verify( request: &BbsBoundVerifyRequest<'_, T>, ) -> Result where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { // Parse public key from request let pk = PublicKey::from_octets(request.public_key)?; @@ -77,17 +75,17 @@ where let bls_sk = BlsSecretKey::from_bytes(request.bls_secret_key)?; // Digest the supplied messages - let mut messages: Vec = digest_messages::<_, C>(request.messages)?; + let mut messages: Vec = digest_messages::<_, I>(request.messages)?; messages.push(Message(*bls_sk.0)); // Derive generators let generators = - MemoryCachedGenerators::::new(messages.len() - 1, Some(true))?; + MemoryCachedGenerators::::new(messages.len() - 1, Some(true))?; // Parse signature from request let signature = Signature::from_octets(request.signature)?; - signature.verify::<_, _, _, C>( + signature.verify::<_, _, _, I>( &pk, request.header.as_ref(), &generators, diff --git a/src/schemes/bbs_bound/api/utils.rs b/src/schemes/bbs_bound/api/utils.rs index 3ce1fdd0..29e9d38f 100644 --- a/src/schemes/bbs_bound/api/utils.rs +++ b/src/schemes/bbs_bound/api/utils.rs @@ -16,25 +16,25 @@ use super::dtos::BbsBoundProofGenRevealMessageRequest; use crate::{ bbs::{ - ciphersuites::BbsCiphersuiteParameters, core::types::{Message, ProofMessage}, + interface::BbsInterfaceParameter, }, error::Error, }; /// Digests a set of supplied proof messages -pub(super) fn digest_bound_proof_messages( +pub(super) fn digest_bound_proof_messages( messages: Option<&[BbsBoundProofGenRevealMessageRequest]>, ) -> Result<(Vec, Vec), Error> where T: AsRef<[u8]>, - C: BbsCiphersuiteParameters, + I: BbsInterfaceParameter, { let mut digested_messages = vec![]; let mut proof_messages = vec![]; if let Some(messages) = messages { for m in messages { - match Message::from_arbitrary_data::(m.value.as_ref(), None) { + match Message::from_arbitrary_data::(m.value.as_ref(), None) { Ok(digested_message) => { digested_messages.push(digested_message); if m.reveal { diff --git a/src/schemes/bbs_bound/ciphersuites/bls12_381_bbs_g1_bls_sig_g2_sha_256.rs b/src/schemes/bbs_bound/ciphersuites/bls12_381_bbs_g1_bls_sig_g2_sha_256.rs index 5f9dbae7..e3ec9a1a 100644 --- a/src/schemes/bbs_bound/ciphersuites/bls12_381_bbs_g1_bls_sig_g2_sha_256.rs +++ b/src/schemes/bbs_bound/ciphersuites/bls12_381_bbs_g1_bls_sig_g2_sha_256.rs @@ -1,7 +1,10 @@ use crate::{ bbs::ciphersuites::{ bls12_381::BBS_BLS12381G1_SIGNATURE_LENGTH, - bls12_381_g1_sha_256::Bls12381Sha256CipherSuiteParameter, + bls12_381_g1_sha_256::{ + Bls12381Sha256CipherSuiteParameter, + Bls12381Sha256InterfaceParameter, + }, }, bbs_bound::{ api::dtos::{ @@ -58,10 +61,9 @@ pub fn sign( where T: AsRef<[u8]>, { - crate::bbs_bound::api::signature::sign::< - _, - Bls12381Sha256CipherSuiteParameter, - >(request) + crate::bbs_bound::api::signature::sign::<_, Bls12381Sha256InterfaceParameter>( + request, + ) } /// Verify a BLS12-381-G1-Sha-256 BBS bound signature. @@ -71,7 +73,7 @@ where { crate::bbs_bound::api::signature::verify::< _, - Bls12381Sha256CipherSuiteParameter, + Bls12381Sha256InterfaceParameter, >(request) } @@ -84,10 +86,9 @@ pub fn proof_gen( where T: AsRef<[u8]>, { - crate::bbs_bound::api::proof::proof_gen::< - _, - Bls12381Sha256CipherSuiteParameter, - >(request) + crate::bbs_bound::api::proof::proof_gen::<_, Bls12381Sha256InterfaceParameter>( + request, + ) } /// Verify a BLS12-381-G1-Sha-256 BBS bound signature proof of knowledge. @@ -99,6 +100,6 @@ where { crate::bbs_bound::api::proof::proof_verify::< _, - Bls12381Sha256CipherSuiteParameter, + Bls12381Sha256InterfaceParameter, >(request) } diff --git a/src/tests/bbs/generators.rs b/src/tests/bbs/generators.rs index 1abe49b4..46811959 100644 --- a/src/tests/bbs/generators.rs +++ b/src/tests/bbs/generators.rs @@ -1,5 +1,5 @@ use crate::bbs::{ - ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, + ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256InterfaceParameter, core::generator::{ memory_cached_generator::MemoryCachedGenerators, Generators, @@ -8,10 +8,11 @@ use crate::bbs::{ #[test] fn creation_nominal() { - let generators = MemoryCachedGenerators::< - Bls12381Shake256CipherSuiteParameter, - >::new(32, None) - .expect("generators creation failed"); + let generators = + MemoryCachedGenerators::::new( + 32, None, + ) + .expect("generators creation failed"); assert_eq!(generators.message_generators_length(), 32); } @@ -19,13 +20,13 @@ fn creation_nominal() { fn equality() { const GENERATORS_COUNT: usize = 1000; let generators_1 = MemoryCachedGenerators::< - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >::new(GENERATORS_COUNT, None) .expect("generators creation failed"); assert_eq!(generators_1.message_generators_length(), GENERATORS_COUNT); let generators_2 = MemoryCachedGenerators::< - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >::new(GENERATORS_COUNT, None) .expect("generators creation failed"); assert_eq!(generators_2.message_generators_length(), GENERATORS_COUNT); @@ -41,10 +42,11 @@ fn equality() { #[test] fn get_point_out_of_bound_index() { // Create 32 message generators - let generators = MemoryCachedGenerators::< - Bls12381Shake256CipherSuiteParameter, - >::new(32, None) - .expect("generators creation failed"); + let generators = + MemoryCachedGenerators::::new( + 32, None, + ) + .expect("generators creation failed"); assert_eq!(generators.message_generators_length(), 32); // Getting any generator at index >= 32 should return None assert!(generators.get_message_generator(32).is_none()); diff --git a/src/tests/bbs/mod.rs b/src/tests/bbs/mod.rs index c702f1ce..f2343f84 100644 --- a/src/tests/bbs/mod.rs +++ b/src/tests/bbs/mod.rs @@ -1,6 +1,6 @@ use crate::{ bbs::{ - ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, + ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256InterfaceParameter, core::{ generator::memory_cached_generator::MemoryCachedGenerators, key_pair::KeyPair, @@ -8,8 +8,8 @@ use crate::{ types::Message, }, }, - common::hash_param::h2s::HashToScalarParameter, curves::bls12_381::G1Projective, + schemes::bbs::interface::BbsInterfaceParameter, }; use core::convert::TryFrom; use group::Group; @@ -73,8 +73,8 @@ const TEST_PRESENTATION_HEADER_2: &[u8; 26] = b"test_presentation-header-2"; fn create_generators_helper( num_of_messages: usize, -) -> MemoryCachedGenerators { - MemoryCachedGenerators::::new( +) -> MemoryCachedGenerators { + MemoryCachedGenerators::::new( num_of_messages, None, ) @@ -83,7 +83,7 @@ fn create_generators_helper( fn test_generators_random_q( num_of_messages: usize, -) -> MemoryCachedGenerators { +) -> MemoryCachedGenerators { let mut generators = create_generators_helper(num_of_messages); generators.Q = G1Projective::random(&mut OsRng); generators @@ -91,7 +91,7 @@ fn test_generators_random_q( fn test_generators_random_message_generators( num_of_messages: usize, -) -> MemoryCachedGenerators { +) -> MemoryCachedGenerators { let mut generators = create_generators_helper(num_of_messages); generators.H_list = vec![G1Projective::random(&mut OsRng); num_of_messages]; generators @@ -102,10 +102,10 @@ fn get_test_messages() -> Vec { .iter() .map(|b| { Message::from_arbitrary_data::< - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >( b.as_ref(), - Some(&Bls12381Shake256CipherSuiteParameter::default_map_message_to_scalar_as_hash_dst()) + Some(&Bls12381Shake256InterfaceParameter::default_map_message_to_scalar_as_hash_dst()) ) }) .collect::, _>>() diff --git a/src/tests/bbs/proof.rs b/src/tests/bbs/proof.rs index 92cfbbe2..7da20ed1 100644 --- a/src/tests/bbs/proof.rs +++ b/src/tests/bbs/proof.rs @@ -22,7 +22,7 @@ use crate::{ bbs::{ ciphersuites::{ bls12_381::{get_proof_size, PublicKey, SecretKey}, - bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, + bls12_381_g1_shake_256::Bls12381Shake256InterfaceParameter, }, core::{ generator::memory_cached_generator::MemoryCachedGenerators, @@ -50,12 +50,9 @@ use rand_core::OsRng; use std::collections::{BTreeMap, BTreeSet}; pub(crate) mod test_helper { - use crate::bbs::{ - ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, - core::{ - generator::Generators, - types::{Message, ProofMessage}, - }, + use crate::bbs::core::{ + generator::Generators, + types::{Message, ProofMessage}, }; use super::*; @@ -108,23 +105,19 @@ pub(crate) mod test_helper { let (proof_messages, revealed_messages) = to_proof_revealed_messages(messages, revealed_indices); - let proof = Proof::new_with_rng::< - T, - R, - G, - Bls12381Shake256CipherSuiteParameter, - >( - pk, - signature, - header, - ph, - generators, - proof_messages.as_slice(), - rng, - ) - .unwrap_or_else(|_| { - panic!("proof generation failed - {failure_debug_message}") - }); + let proof = + Proof::new_with_rng::( + pk, + signature, + header, + ph, + generators, + proof_messages.as_slice(), + rng, + ) + .unwrap_or_else(|_| { + panic!("proof generation failed - {failure_debug_message}") + }); (proof, revealed_messages) } @@ -164,7 +157,7 @@ fn gen_verify_serde_nominal() { &[0, NUM_MESSAGES - 1].iter().cloned().collect(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -173,7 +166,7 @@ fn gen_verify_serde_nominal() { ) .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, @@ -193,12 +186,12 @@ fn gen_verify_serde_nominal() { "proof gen failed", ); assert!(proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("proof verification failed")); @@ -211,12 +204,12 @@ fn gen_verify_serde_nominal() { ); assert!(proof_deserialized - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("roundtrip deserialized proof verification failed")); } @@ -260,11 +253,11 @@ fn gen_verify_different_key_pairs() { let signature = get_expected_signature(EXPECTED_SIGNATURES[i]); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, header, &generators, - &messages + &messages, ) .unwrap()); @@ -276,7 +269,7 @@ fn gen_verify_different_key_pairs() { _, _, _, - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >( &pk, &signature, @@ -300,12 +293,12 @@ fn gen_verify_different_key_pairs() { } assert!(proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &pk, header, ph, &mut generators, - &revealed_msgs + &revealed_msgs, ) .expect("proof verification failed")); proof_msgs[j] = ProofMessage::Revealed(messages[j]); @@ -335,11 +328,11 @@ fn no_presentation_header_proof() { let signature_with_header = get_expected_signature(EXPECTED_SIGNATURE); assert!(signature_with_header - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, Some(TEST_HEADER), &generators, - &messages + &messages, ) .unwrap()); @@ -349,11 +342,11 @@ fn no_presentation_header_proof() { let signature_no_header = get_expected_signature(EXPECTED_SIGNATURE_NO_HEADER); assert!(signature_no_header - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, None::<&[u8]>, &generators, - &messages + &messages, ) .unwrap()); @@ -363,21 +356,17 @@ fn no_presentation_header_proof() { } // Proof with header but no presentation header - let proof_with_header = Proof::new_with_rng::< - _, - _, - _, - Bls12381Shake256CipherSuiteParameter, - >( - &pk, - &signature_with_header, - Some(TEST_HEADER), - None, - &generators, - &proof_messages, - &mut rng, - ) - .expect("proof generation failed"); + let proof_with_header = + Proof::new_with_rng::<_, _, _, Bls12381Shake256InterfaceParameter>( + &pk, + &signature_with_header, + Some(TEST_HEADER), + None, + &generators, + &proof_messages, + &mut rng, + ) + .expect("proof generation failed"); assert_eq!( proof_with_header.to_octets(), @@ -385,31 +374,27 @@ fn no_presentation_header_proof() { .expect("expected proof decoding failed") ); assert!(proof_with_header - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &pk, Some(TEST_HEADER), None, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap()); // Proof with no header and no presentation header - let proof_no_header = Proof::new_with_rng::< - _, - _, - _, - Bls12381Shake256CipherSuiteParameter, - >( - &pk, - &signature_no_header, - None::<&[u8]>, - None, - &generators, - &proof_messages, - &mut rng, - ) - .expect("proof generation failed"); + let proof_no_header = + Proof::new_with_rng::<_, _, _, Bls12381Shake256InterfaceParameter>( + &pk, + &signature_no_header, + None::<&[u8]>, + None, + &generators, + &proof_messages, + &mut rng, + ) + .expect("proof generation failed"); assert_eq!( proof_no_header.to_octets(), @@ -417,12 +402,12 @@ fn no_presentation_header_proof() { .expect("expected proof decoding failed") ); assert!(proof_no_header - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &pk, None::<&[u8]>, None, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap()); @@ -487,7 +472,7 @@ fn proof_gen_verify_valid_cases() { { // Signature to be used in proof_gen let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -510,12 +495,12 @@ fn proof_gen_verify_valid_cases() { failure_debug_message, ); assert!(proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap_or_else(|_| panic!( "proof verification failed - {failure_debug_message}" @@ -539,12 +524,12 @@ fn proof_gen_verify_valid_cases() { failure_debug_message, ); assert!(proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap_or_else(|_| panic!( "proof verification failed - {failure_debug_message}, \ @@ -569,7 +554,7 @@ fn proof_gen_verify_all_revealed_shuffled_indices() { // Signature to be used in proof_gen let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -608,12 +593,12 @@ fn proof_gen_verify_all_revealed_shuffled_indices() { .collect::>(); assert!(proof_all_revealed_messages - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages_same_but_shuffled_indices + &revealed_messages_same_but_shuffled_indices, ) .expect("proof-verification should not fail")); } @@ -630,7 +615,7 @@ fn proof_gen_with_invalid_public_key() { let mut generators = create_generators_helper(messages.len()); let indices_all_hidden = BTreeSet::::new(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -655,24 +640,24 @@ fn proof_gen_with_invalid_public_key() { // Proof verification fails with original PublicKey which was used during // signing assert!(!proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap_or_else(|_| panic!("proof verification failed "))); // Proof verification also fails if same(or any) invalid PublicKey is // provided assert_eq!( - proof.verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + proof.verify::<_, _, Bls12381Shake256InterfaceParameter>( &PublicKey::default(), header, ph, &mut generators, - &revealed_messages + &revealed_messages, ), Err(Error::InvalidPublicKey) ); @@ -693,7 +678,7 @@ fn proof_gen_invalid_parameters() { &revealed_indices, ); - let result = Proof::new::<_, _, Bls12381Shake256CipherSuiteParameter>( + let result = Proof::new::<_, _, Bls12381Shake256InterfaceParameter>( &pk, &signature, header, @@ -721,12 +706,12 @@ fn proof_verify_invalid_parameters() { ) in test_data_proof_verify_invalid_parameters() { assert_eq!( - proof.verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + proof.verify::<_, _, Bls12381Shake256InterfaceParameter>( &pk, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ), Err(error), "proof-verification should return error - {}", @@ -742,7 +727,7 @@ fn verify_proof_helper( PublicKey, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, BTreeMap, ), &'static str, @@ -755,12 +740,12 @@ fn verify_proof_helper( { assert!( !proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &pk, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .unwrap_or_else(|_| panic!( "proof-verification should not return error - {}", diff --git a/src/tests/bbs/signature.rs b/src/tests/bbs/signature.rs index 45a9f473..83771b69 100644 --- a/src/tests/bbs/signature.rs +++ b/src/tests/bbs/signature.rs @@ -12,7 +12,7 @@ use crate::{ bbs::{ ciphersuites::{ bls12_381::{PublicKey, SecretKey}, - bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, + bls12_381_g1_shake_256::Bls12381Shake256InterfaceParameter, }, core::{ generator::Generators, @@ -64,7 +64,7 @@ fn sign_verify_serde_nominal() { let generators = create_generators_helper(messages.len()); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -74,11 +74,11 @@ fn sign_verify_serde_nominal() { .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification failed"),); @@ -92,11 +92,11 @@ fn sign_verify_serde_nominal() { ); assert!(signature_from_deserialization - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("signature verification failed after serde"),); } @@ -109,13 +109,15 @@ fn sign_verify_no_header() { let messages = get_test_messages(); let generators = create_generators_helper(messages.len()); - let signature = Signature::new::< - _, - _, - _, - Bls12381Shake256CipherSuiteParameter, - >(&sk, &pk, None::<&[u8]>, &generators, &messages) - .expect("signing failed"); + let signature = + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( + &sk, + &pk, + None::<&[u8]>, + &generators, + &messages, + ) + .expect("signing failed"); // println!("signature no header = {:?}", // hex::encode(signature.to_octets())); @@ -125,11 +127,11 @@ fn sign_verify_no_header() { assert_eq!(signature, expected_signature); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, None::<&[u8]>, &generators, - &messages + &messages, ) .expect("verification failed"),); } @@ -138,7 +140,7 @@ fn sign_verify_no_header() { fn sign_verify_different_key_infos() { let messages = get_test_messages(); - for i in 0..TEST_KEY_INFOS.len() { + for i in 0..[TEST_KEY_INFOS[0]].len() { let sk = SecretKey::new(TEST_KEY_GEN_IKM, TEST_KEY_INFOS[i]) .expect("secret key generation failed"); let pk = PublicKey::from(&sk); @@ -147,7 +149,7 @@ fn sign_verify_different_key_infos() { _, _, _, - Bls12381Shake256CipherSuiteParameter, + Bls12381Shake256InterfaceParameter, >( &sk, &pk, Some(&TEST_HEADER), &generators, &messages ) @@ -155,11 +157,11 @@ fn sign_verify_different_key_infos() { // println!("{:?},", hex::encode(signature.to_octets())); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, Some(&TEST_HEADER), &generators, - &messages + &messages, ) .unwrap()); let expected_signature_i = @@ -176,7 +178,7 @@ fn signature_equality() { let generators = create_generators_helper(messages.len()); let signature1 = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -186,7 +188,7 @@ fn signature_equality() { .expect("signing failed"); let signature2 = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -208,7 +210,7 @@ fn signature_equality() { assert_ne!(signature4, signature1); let signature5 = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -308,13 +310,13 @@ fn signature_uniqueness() { ) in test_data { let signature1 = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( sk1, pk1, h1, gen1, msg1, ) .expect("signature1 creation failed"); let signature2 = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( sk2, pk2, h2, gen2, msg2, ) .expect("signature2 creation failed"); @@ -361,15 +363,15 @@ fn sign_verify_valid_cases() { test_data { let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( sk, pk, header, generators, &messages, ) .unwrap_or_else(|_| { panic!("signing should pass - {failure_debug_message}") }); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( - pk, header, generators, &messages + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( + pk, header, generators, &messages, ) .unwrap_or_else(|_| panic!( "verification should pass - {failure_debug_message}" @@ -377,7 +379,7 @@ fn sign_verify_valid_cases() { } // Public key validity is not checked during signing - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &sk, &PublicKey::default(), header, @@ -391,7 +393,7 @@ fn sign_verify_valid_cases() { } #[test] -// Test `Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>(...)` +// Test `Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>(...)` // implementation's returned errors by passing invalid paramter values. fn signature_new_invalid_parameters() { let sk = SecretKey::random(&mut OsRng, TEST_KEY_INFO) @@ -401,19 +403,21 @@ fn signature_new_invalid_parameters() { let messages = get_test_messages(); let generators = create_generators_helper(messages.len()); // Just to make sure sign-verify succeeds with above valid values - let signature = Signature::new::< - _, - _, - _, - Bls12381Shake256CipherSuiteParameter, - >(&sk, &pk, header, &generators, &messages) - .expect("signing failed"); + let signature = + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( + &sk, + &pk, + header, + &generators, + &messages, + ) + .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, header, &generators, - &messages + &messages, ) .expect("verification failed"),); @@ -540,7 +544,7 @@ fn signature_new_invalid_parameters() { test_data { let result = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( sk, pk, header, generators, &messages, ); assert_eq!( @@ -562,7 +566,7 @@ fn verify_tampered_signature() { // Just to make sure sign-verify succeeds with above valid values let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -571,11 +575,11 @@ fn verify_tampered_signature() { ) .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification failed"),); @@ -583,11 +587,11 @@ fn verify_tampered_signature() { tampered_signature.A = G1Projective::random(&mut OsRng); assert!( !tampered_signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification should not fail with error"), "verification should fail with tampered `A` value" @@ -597,11 +601,11 @@ fn verify_tampered_signature() { tampered_signature.e = Scalar::random(&mut OsRng); assert!( !tampered_signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification should not fail with error"), "verification should fail with tampered `e` value" @@ -636,7 +640,7 @@ fn verify_tampered_signature_parameters_helper(messages: Vec) { // Just to make sure sign-verify succeeds with above valid values let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -645,11 +649,11 @@ fn verify_tampered_signature_parameters_helper(messages: Vec) { ) .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification failed"),); @@ -772,7 +776,7 @@ fn verify_tampered_signature_parameters_helper(messages: Vec) { for (pk, header, generators, messages, failure_debug_message) in test_data { let result = signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( pk, header, generators, &messages, ) .expect("verify should return a true/false value, not error"); @@ -817,7 +821,7 @@ fn verify_tampered_signature_parameters_helper(messages: Vec) { test_data { let result = signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( pk, header, generators, &messages, ) .expect("verify should return a true/false value, not error"); @@ -859,7 +863,7 @@ fn verify_tampered_signature_parameters_no_header_signature() { // Just to make sure sign-verify succeeds with above valid values let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -868,11 +872,11 @@ fn verify_tampered_signature_parameters_no_header_signature() { ) .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification failed"),); @@ -949,7 +953,7 @@ fn verify_tampered_signature_parameters_no_header_signature() { for (pk, header, generators, messages, failure_debug_message) in test_data { let result = signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( pk, header, generators, &messages, ) .expect("verify should return a true/false value, not error"); @@ -972,7 +976,7 @@ fn verify_tampered_signature_parameters_no_messages_signature() { // Just to make sure sign-verify succeeds with above valid values let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -981,11 +985,11 @@ fn verify_tampered_signature_parameters_no_messages_signature() { ) .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, &generators, - &messages + &messages, ) .expect("verification failed")); @@ -1021,7 +1025,7 @@ fn verify_tampered_signature_parameters_no_messages_signature() { for (pk, header, generators, messages, failure_debug_message) in test_data { let result = signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( pk, header, generators, &messages, ) .expect("verify should return a true/false value, not error"); @@ -1042,19 +1046,21 @@ fn verify_invalid_parameters() { let messages = get_test_messages(); let generators = create_generators_helper(messages.len()); // Just to make sure sign-verify succeeds with above valid values - let signature = Signature::new::< - _, - _, - _, - Bls12381Shake256CipherSuiteParameter, - >(&sk, &pk, header, &generators, &messages) - .expect("signing failed"); + let signature = + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( + &sk, + &pk, + header, + &generators, + &messages, + ) + .expect("signing failed"); assert!(signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( &pk, header, &generators, - &messages + &messages, ) .expect("verification failed")); @@ -1128,7 +1134,7 @@ fn verify_invalid_parameters() { test_data { let result = signature - .verify::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, _, Bls12381Shake256InterfaceParameter>( pk, header, generators, &messages, ); assert_eq!( @@ -1160,7 +1166,7 @@ fn to_octets() { let generators = create_generators_helper(messages.len()); let mut signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, diff --git a/src/tests/bbs/test_data/proof.rs b/src/tests/bbs/test_data/proof.rs index fa2928d1..b1729eae 100644 --- a/src/tests/bbs/test_data/proof.rs +++ b/src/tests/bbs/test_data/proof.rs @@ -1,6 +1,6 @@ use crate::{ bbs::{ - ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256CipherSuiteParameter, + ciphersuites::bls12_381_g1_shake_256::Bls12381Shake256InterfaceParameter, core::{ generator::{ memory_cached_generator::MemoryCachedGenerators, @@ -42,7 +42,7 @@ pub(crate) fn test_data_proof_gen_verify_valid_cases() -> [( KeyPair, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, Vec, ), &'static str, @@ -108,7 +108,7 @@ pub(crate) fn test_data_proof_gen_invalid_parameters() -> [( Signature, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, Vec, BTreeSet, ), @@ -123,7 +123,7 @@ pub(crate) fn test_data_proof_gen_invalid_parameters() -> [( let generators = create_generators_helper(messages.len()); let indices_all_hidden = BTreeSet::::new(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -428,7 +428,7 @@ pub(crate) fn test_data_proof_uniqueness() -> [( Signature, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, Vec, BTreeSet, ), @@ -437,7 +437,7 @@ pub(crate) fn test_data_proof_uniqueness() -> [( Signature, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, Vec, BTreeSet, ), @@ -465,7 +465,7 @@ pub(crate) fn test_data_proof_uniqueness() -> [( .cloned() .collect::>(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -474,7 +474,7 @@ pub(crate) fn test_data_proof_uniqueness() -> [( ) .expect("signing failed"); let signature_with_different_key_pair = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair2.secret_key, &key_pair2.public_key, header, @@ -684,7 +684,7 @@ pub(crate) fn test_data_proof_verify_invalid_parameters() -> [( PublicKey, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, BTreeMap, ), Error, @@ -698,7 +698,7 @@ pub(crate) fn test_data_proof_verify_invalid_parameters() -> [( let generators = create_generators_helper(messages.len()); let indices_all_hidden = BTreeSet::::new(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -906,7 +906,7 @@ pub(crate) fn test_data_verify_tampered_proof() -> [( PublicKey, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, BTreeMap, ), &'static str, @@ -919,7 +919,7 @@ pub(crate) fn test_data_verify_tampered_proof() -> [( let mut generators = create_generators_helper(messages.len()); let indices_all_hidden = BTreeSet::::new(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -945,12 +945,12 @@ pub(crate) fn test_data_verify_tampered_proof() -> [( // works assert_eq!( proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("proof verification failed"), true @@ -1098,7 +1098,7 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( PublicKey, Option<&'static [u8]>, Option<&'static [u8]>, - MemoryCachedGenerators, + MemoryCachedGenerators, BTreeMap, ), &'static str, @@ -1116,7 +1116,7 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( let indices_all_hidden = BTreeSet::::new(); let signature = - Signature::new::<_, _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<_, _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, header, @@ -1143,19 +1143,19 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( // works assert_eq!( proof_all_hidden_messages - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &no_revealed_messages + &no_revealed_messages, ) .expect("proof verification failed"), true ); let no_header_signature = - Signature::new::<&[u8], _, _, Bls12381Shake256CipherSuiteParameter>( + Signature::new::<&[u8], _, _, Bls12381Shake256InterfaceParameter>( &key_pair.secret_key, &key_pair.public_key, None, @@ -1181,12 +1181,12 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( // works assert_eq!( no_header_proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, None, ph, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("proof verification failed"), true @@ -1209,12 +1209,12 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( // works assert_eq!( no_ph_proof - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, None, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("proof verification failed"), true @@ -1238,12 +1238,12 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( // works assert_eq!( no_header_no_ph_proof - .verify::<&[u8], _, Bls12381Shake256CipherSuiteParameter>( + .verify::<&[u8], _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, None, None, &mut generators, - &revealed_messages + &revealed_messages, ) .expect("proof verification failed"), true @@ -1287,12 +1287,12 @@ pub(crate) fn test_data_verify_tampered_parameters() -> [( // works assert_eq!( proof_all_revealed_messages - .verify::<_, _, Bls12381Shake256CipherSuiteParameter>( + .verify::<_, _, Bls12381Shake256InterfaceParameter>( &key_pair.public_key, header, ph, &mut generators, - &all_revealed_messages + &all_revealed_messages, ) .expect("proof verification failed"), true diff --git a/tools/bbs-fixtures-generator/src/generators/h2s.rs b/tools/bbs-fixtures-generator/src/generators/h2s.rs index bb450d4d..78729aed 100644 --- a/tools/bbs-fixtures-generator/src/generators/h2s.rs +++ b/tools/bbs-fixtures-generator/src/generators/h2s.rs @@ -48,8 +48,7 @@ macro_rules! generate_hash_fixtures { let default_dst = $get_default_hash_to_scalar_dst_fn(); let dst_used = $dst.unwrap_or(default_dst); - let msg_scalar = - $hash_to_scalar_fn(msg, Some(&dst_used)).unwrap().to_owned(); + let msg_scalar = $hash_to_scalar_fn(msg, &dst_used).unwrap().to_owned(); let mut h2s_fixture = FixtureH2s { case_name: "Hash to scalar output".to_owned(), diff --git a/tools/bbs-fixtures-generator/src/generators/key_pair.rs b/tools/bbs-fixtures-generator/src/generators/key_pair.rs index d4a97da4..0712d8fa 100644 --- a/tools/bbs-fixtures-generator/src/generators/key_pair.rs +++ b/tools/bbs-fixtures-generator/src/generators/key_pair.rs @@ -51,8 +51,7 @@ macro_rules! bbs_kdf { [input_ikm, &(key_info.len() as u16).to_be_bytes(), key_info] .concat(); - let sk_bytes = - $hash_to_scalar(&derive_input, Some(&keygen_dst)).unwrap(); + let sk_bytes = $hash_to_scalar(&derive_input, &keygen_dst).unwrap(); let sk = SecretKey::from_bytes(&sk_bytes).unwrap(); // PK = SkToPk(SK)