├── .gitignore ├── .mocharc.json ├── .vscode └── settings.json ├── lib ├── randomBytes.js └── randomBytes-browser.js ├── .editorconfig ├── test ├── fixture_data │ ├── bls12-381-sha-256 │ │ ├── h2s.json │ │ ├── keypair.json │ │ ├── signature │ │ │ ├── signature002.json │ │ │ ├── signature001.json │ │ │ ├── signature005.json │ │ │ ├── signature003.json │ │ │ ├── signature010.json │ │ │ ├── signature004.json │ │ │ ├── signature007.json │ │ │ ├── signature008.json │ │ │ ├── signature006.json │ │ │ └── signature009.json │ │ ├── mockedRng.json │ │ ├── generators.json │ │ ├── MapMessageToScalarAsHash.json │ │ └── proof │ │ │ ├── proof001.json │ │ │ ├── proof002.json │ │ │ ├── proof015.json │ │ │ ├── proof014.json │ │ │ ├── proof003.json │ │ │ ├── proof009.json │ │ │ ├── proof012.json │ │ │ ├── proof005.json │ │ │ ├── proof010.json │ │ │ └── proof013.json │ ├── bls12-381-shake-256 │ │ ├── h2s.json │ │ ├── keypair.json │ │ ├── signature │ │ │ ├── signature001.json │ │ │ ├── signature002.json │ │ │ ├── signature005.json │ │ │ ├── signature003.json │ │ │ ├── signature010.json │ │ │ ├── signature004.json │ │ │ ├── signature007.json │ │ │ ├── signature008.json │ │ │ ├── signature006.json │ │ │ └── signature009.json │ │ ├── mockedRng.json │ │ ├── generators.json │ │ ├── MapMessageToScalarAsHash.json │ │ └── proof │ │ │ ├── proof001.json │ │ │ ├── proof002.json │ │ │ ├── proof015.json │ │ │ ├── proof014.json │ │ │ ├── proof003.json │ │ │ ├── proof009.json │ │ │ ├── proof012.json │ │ │ └── proof005.json │ └── messages.json ├── utilities.js ├── hash2scalar.js ├── generators.js ├── messages2scalars.js ├── keyGen.js ├── mockedRNG.js ├── proofVerification.js ├── proofGeneration.js ├── proofGenSeeded.js └── signatures.js ├── .eslintrc.cjs ├── examples ├── GeneratorPrepExample.js ├── KeyGenExample.js ├── MessageEncodeExample.js ├── blind │ └── CommitEx.js ├── TreeDMVExample.js ├── SignVerifyExample.js └── ProofGenVerifyExample.js ├── pseudonym_test ├── nym_context_gen.js ├── fixture_data │ ├── messages.json │ ├── bls12-381-sha-256 │ │ ├── nymCommit │ │ │ └── nym_commit001.json │ │ └── nymSignature │ │ │ └── nymSignature001.json │ └── bls12-381-shake-256 │ │ ├── nymCommit │ │ └── nym_commit001.json │ │ └── nymSignature │ │ └── nymSignature001.json ├── nymValidateCommitTest.js ├── nymCommitTest.js ├── nymSignTest.js ├── nymProofVerifyTest.js ├── nymVerifyTest.js └── nymProofGenTest.js ├── blind_test ├── fixture_data │ ├── bls12-381-sha-256 │ │ ├── commit │ │ │ ├── commit001.json │ │ │ └── commit002.json │ │ └── signature │ │ │ ├── signature001.json │ │ │ ├── signature006.json │ │ │ ├── signature003.json │ │ │ ├── signature002.json │ │ │ ├── signature004.json │ │ │ └── signature005.json │ ├── bls12-381-shake-256 │ │ ├── commit │ │ │ ├── commit001.json │ │ │ └── commit002.json │ │ └── signature │ │ │ ├── signature001.json │ │ │ ├── signature006.json │ │ │ ├── signature003.json │ │ │ ├── signature002.json │ │ │ ├── signature004.json │ │ │ └── signature005.json │ └── messages.json ├── validateCommitTest.js ├── commitTest.js ├── verifyTest.js ├── signTest.js ├── proofVerification.js └── proofGenTest.js ├── package.json ├── License.txt └── Guide └── NIST-BBS_Talk-Outline.md /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | out -------------------------------------------------------------------------------- /.mocharc.json: -------------------------------------------------------------------------------- 1 | { 2 | "timeout": 10000 3 | } -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "cSpell.words": [ 3 | "CIPHERSUITE", 4 | "digitalbazaar", 5 | "SSWU" 6 | ] 7 | } -------------------------------------------------------------------------------- /lib/randomBytes.js: -------------------------------------------------------------------------------- 1 | import crypto from 'crypto'; 2 | 3 | export function randomBytes(bytesLength = 32) { 4 | return new Uint8Array(crypto.randomBytes(bytesLength).buffer); 5 | } 6 | -------------------------------------------------------------------------------- /lib/randomBytes-browser.js: -------------------------------------------------------------------------------- 1 | const crypto = self && (self.crypto || self.msCrypto); 2 | 3 | export function randomBytes(bytesLength = 32) { 4 | return crypto.getRandomValues(new Uint8Array(bytesLength)); 5 | } -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # http://editorconfig.org 2 | 3 | root = true 4 | 5 | [*] 6 | charset = utf-8 7 | end_of_line = lf 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*.{js,json,jsonld,yaml,yml}] 12 | indent_style = space 13 | indent_size = 2 -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/h2s.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "Hash to scalar output", 3 | "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 4 | "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4832535f", 5 | "scalar": "0f90cbee27beb214e6545becb8404640d3612da5d6758dffeccd77ed7169807c" 6 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/h2s.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "Hash to scalar output", 3 | "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 4 | "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4832535f", 5 | "scalar": "0500031f786fde5326aa9370dd7ffe9535ec7a52cf2b8f432cad5d9acfb73cd3" 6 | } -------------------------------------------------------------------------------- /.eslintrc.cjs: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | env: { 3 | es2021: true 4 | }, 5 | extends: [ 6 | 'digitalbazaar', 7 | 'digitalbazaar/import', 8 | 'digitalbazaar/jsdoc', 9 | 'digitalbazaar/module' 10 | ], 11 | overrides: [ 12 | ], 13 | parserOptions: { 14 | ecmaVersion: 'latest', 15 | sourceType: 'module' 16 | }, 17 | 18 | rules: {} 19 | }; 20 | -------------------------------------------------------------------------------- /examples/GeneratorPrepExample.js: -------------------------------------------------------------------------------- 1 | /*global console*/ 2 | import {API_ID_BBS_SHAKE, prepareGenerators} from '../lib/BBS.js'; 3 | 4 | const L = 10; 5 | const gens = await prepareGenerators(L + 1, API_ID_BBS_SHAKE); 6 | const [Q1, ...H] = gens.generators; 7 | console.log(`Q1:${Q1.toHex(true)}`); // Elliptic point to compressed hex 8 | for(let i = 0; i < H.length; i++) { 9 | console.log(`H${i}:${H[i].toHex(true)}`); 10 | } 11 | -------------------------------------------------------------------------------- /pseudonym_test/nym_context_gen.js: -------------------------------------------------------------------------------- 1 | /* global console */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_PSEUDONYM_BBS_SHAKE, bytesToHex, hash_to_scalar} from '../lib/BBS.js'; 4 | import {randomBytes} from '../lib/randomBytes.js'; 5 | 6 | const prover_nym = await hash_to_scalar(randomBytes(), randomBytes(), 7 | API_ID_PSEUDONYM_BBS_SHAKE); 8 | const context_id = randomBytes(); 9 | console.log(`pid (scalar): ${prover_nym}`); 10 | console.log(`context_id (byte string): ${bytesToHex(context_id)}`); -------------------------------------------------------------------------------- /test/fixture_data/messages.json: -------------------------------------------------------------------------------- 1 | [ 2 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 3 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 4 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 5 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 6 | "496694774c5604ab1b2544eababcf0f53278ff50", 7 | "515ae153e22aae04ad16f759e07237b4", 8 | "d183ddc6e2665aa4e2f088af", 9 | "ac55fb33a75909ed", 10 | "96012096", 11 | "" 12 | ] -------------------------------------------------------------------------------- /pseudonym_test/fixture_data/messages.json: -------------------------------------------------------------------------------- 1 | [ 2 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 3 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 4 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 5 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 6 | "496694774c5604ab1b2544eababcf0f53278ff50", 7 | "515ae153e22aae04ad16f759e07237b4", 8 | "d183ddc6e2665aa4e2f088af", 9 | "ac55fb33a75909ed", 10 | "96012096", 11 | "" 12 | ] -------------------------------------------------------------------------------- /examples/KeyGenExample.js: -------------------------------------------------------------------------------- 1 | /*global TextEncoder, console*/ 2 | import {API_ID_BBS_SHAKE, bytesToHex, keyGen, publicFromPrivate} 3 | from '../lib/BBS.js'; 4 | import crypto from 'crypto'; 5 | 6 | const bytesLength = 40; // >= 32 bytes 7 | // Generate random initial key material -- Node.js 8 | const keyMaterial = new Uint8Array(crypto.randomBytes(bytesLength).buffer); 9 | const keyInfo = new TextEncoder().encode('BBS-Example Key info'); 10 | const sk_bytes = await keyGen(keyMaterial, keyInfo, API_ID_BBS_SHAKE); 11 | console.log(`Private key, length ${sk_bytes.length}, (hex):`); 12 | console.log(bytesToHex(sk_bytes)); 13 | const pub_bytes = publicFromPrivate(sk_bytes); 14 | console.log(`Public key, length ${pub_bytes.length}, (hex):`); 15 | console.log(bytesToHex(pub_bytes)); 16 | 17 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/keypair.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "key pair fixture", 3 | "keyMaterial": "746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579", 4 | "keyInfo": "746869732d49532d736f6d652d6b65792d6d657461646174612d746f2d62652d757365642d696e2d746573742d6b65792d67656e", 5 | "keyDst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4b455947454e5f4453545f", 6 | "keyPair": { 7 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 8 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 9 | } 10 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/keypair.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "key pair fixture", 3 | "keyMaterial": "746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579", 4 | "keyInfo": "746869732d49532d736f6d652d6b65792d6d657461646174612d746f2d62652d757365642d696e2d746573742d6b65792d67656e", 5 | "keyDst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4b455947454e5f4453545f", 6 | "keyPair": { 7 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 8 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 9 | } 10 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/commit/commit001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no committed messages commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | } 9 | }, 10 | "committedMessages": [], 11 | "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", 12 | "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", 13 | "result": { 14 | "valid": true 15 | } 16 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/commit/commit001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no committed messages commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | } 9 | }, 10 | "committedMessages": [], 11 | "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", 12 | "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", 13 | "result": { 14 | "valid": true 15 | } 16 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/messages.json: -------------------------------------------------------------------------------- 1 | { 2 | "messages": [ 3 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 4 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 5 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 6 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 7 | "496694774c5604ab1b2544eababcf0f53278ff50", 8 | "515ae153e22aae04ad16f759e07237b4", 9 | "d183ddc6e2665aa4e2f088af", 10 | "ac55fb33a75909ed", 11 | "96012096", 12 | "" 13 | ], 14 | "committedMessages": [ 15 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 16 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 17 | "835889a40744813a892eff9deb1edaeb", 18 | "e1ca9729410dc6ba", 19 | "" 20 | ] 21 | } -------------------------------------------------------------------------------- /examples/MessageEncodeExample.js: -------------------------------------------------------------------------------- 1 | /*global TextEncoder, console*/ 2 | import {API_ID_BBS_SHAKE, messages_to_scalars, numberToHex} 3 | from '../lib/BBS.js'; 4 | 5 | const messages = [ 6 | 'FirstName: Sequoia', 7 | 'LastName: Sempervirens', 8 | 'Address: Jedediah Smith Redwoods State Park, California', 9 | 'Date of Birth: 1200/03/21', 10 | 'Height: 296 feet', 11 | 'Eyes: None', 12 | 'Hair: Brown bark, green needles', 13 | 'Picture: Encoded photo', 14 | 'License Class: None, Trees can\'t drive' 15 | ]; 16 | 17 | const te = new TextEncoder(); // To convert strings to byte arrays 18 | const messagesOctets = messages.map(msg => te.encode(msg)); 19 | const msg_scalars = await messages_to_scalars(messagesOctets, API_ID_BBS_SHAKE); 20 | for(let i = 0; i < messages.length; i++) { 21 | console.log(`msg ${i} ${messages[i]}`); 22 | console.log(`scalar (hex): ${numberToHex(msg_scalars[i], 32)}`); 23 | } 24 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid single message signature (modified message)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "" 10 | ], 11 | "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", 12 | "result": { 13 | "valid": false, 14 | "reason": "modified message" 15 | }, 16 | "trace": { 17 | "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", 18 | "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" 19 | } 20 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid single message signature", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 10 | ], 11 | "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", 12 | "result": { 13 | "valid": true 14 | }, 15 | "trace": { 16 | "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", 17 | "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" 18 | } 19 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid single message signature", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 10 | ], 11 | "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", 12 | "result": { 13 | "valid": true 14 | }, 15 | "trace": { 16 | "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", 17 | "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" 18 | } 19 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid single message signature (modified message)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "" 10 | ], 11 | "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", 12 | "result": { 13 | "valid": false, 14 | "reason": "modified message" 15 | }, 16 | "trace": { 17 | "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", 18 | "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" 19 | } 20 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/mockedRng.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "mocked random scalars", 3 | "seed": "332e313431353932363533353839373933323338343632363433333833323739", 4 | "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4d4f434b5f52414e444f4d5f5343414c4152535f4453545f", 5 | "count": 10, 6 | "mockedScalars": [ 7 | "04f8e2518993c4383957ad14eb13a023c4ad0c67d01ec86eeb902e732ed6df3f", 8 | "5d87c1ba64c320ad601d227a1b74188a41a100325cecf00223729863966392b1", 9 | "0444607600ac70482e9c983b4b063214080b9e808300aa4cc02a91b3a92858fe", 10 | "548cd11eae4318e88cda10b4cd31ae29d41c3a0b057196ee9cf3a69d471e4e94", 11 | "2264b06a08638b69b4627756a62f08e0dc4d8240c1b974c9c7db779a769892f4", 12 | "4d99352986a9f8978b93485d21525244b21b396cf61f1d71f7c48e3fbc970a42", 13 | "5ed8be91662386243a6771fbdd2c627de31a44220e8d6f745bad5d99821a4880", 14 | "62ff1734b939ddd87beeb37a7bbcafa0a274cbc1b07384198f0e88398272208d", 15 | "05c2a0af016df58e844db8944082dcaf434de1b1e2e7136ec8a99b939b716223", 16 | "485e2adab17b76f5334c95bf36c03ccf91cef77dcfcdc6b8a69e2090b3156663" 17 | ] 18 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/mockedRng.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "mocked random scalars", 3 | "seed": "332e313431353932363533353839373933323338343632363433333833323739", 4 | "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4d4f434b5f52414e444f4d5f5343414c4152535f4453545f", 5 | "count": 10, 6 | "mockedScalars": [ 7 | "1004262112c3eaa95941b2b0d1311c09c845db0099a50e67eda628ad26b43083", 8 | "6da7f145a94c1fa7f116b2482d59e4d466fe49c955ae8726e79453065156a9a4", 9 | "05017919b3607e78c51e8ec34329955d49c8c90e4488079c43e74824e98f1306", 10 | "4d451dad519b6a226bba79e11b44c441f1a74800eecfec6a2e2d79ea65b9d32d", 11 | "5e7e4894e6dbe68023bc92ef15c410b01f3828109fc72b3b5ab159fc427b3f51", 12 | "646e3014f49accb375253d268eb6c7f3289a1510f1e9452b612dd73a06ec5dd4", 13 | "363ecc4c1f9d6d9144374de8f1f7991405e3345a3ec49dd485a39982753c11a4", 14 | "12e592fe28d91d7b92a198c29afaa9d5329a4dcfdaf8b08557807412faeb4ac6", 15 | "513325acdcdec7ea572360587b350a8b095ca19bdd8258c5c69d375e8706141a", 16 | "6474fceba35e7e17365dde1a0284170180e446ae96c82943290d7baa3a6ed429" 17 | ] 18 | } -------------------------------------------------------------------------------- /test/utilities.js: -------------------------------------------------------------------------------- 1 | /*global describe, it*/ 2 | import {bytesToHex, hexToBytes} from '../lib/BBS.js'; 3 | import {assert} from 'chai'; 4 | 5 | describe('Utilities', function() { 6 | describe('Hex to Bytes', function() { 7 | const hexString = '0432ab'; 8 | const badByteString = '0432ab1'; // odd number of hex characters 9 | it('create bytes from string', function() { 10 | const result = hexToBytes(hexString); 11 | assert.typeOf(result, 'Uint8Array', 'is byte array'); 12 | assert.lengthOf(result, hexString.length / 2); 13 | }); 14 | it('odd number of hex chars', function() { 15 | assert.throws(hexToBytes.bind(null, badByteString), Error); 16 | }); 17 | }); 18 | 19 | describe('Bytes to Hex', function() { 20 | const testByteArray = new Uint8Array([1, 2, 3, 4, 5]); 21 | it('is a string', function() { 22 | const result = bytesToHex(testByteArray); 23 | assert.isString(result, 'is string'); 24 | }); 25 | it('is double the byte array length', function() { 26 | const result = bytesToHex(testByteArray); 27 | assert.lengthOf(result, 2 * testByteArray.length); 28 | }); 29 | }); 30 | }); 31 | -------------------------------------------------------------------------------- /test/hash2scalar.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it*/ 2 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, hash_to_scalar, hexToBytes, os2ip} 3 | from '../lib/BBS.js'; 4 | import {assert} from 'chai'; 5 | import {readFile} from 'fs/promises'; 6 | 7 | const SHA_PATH = './fixture_data/bls12-381-sha-256/'; 8 | const SHAKE_PATH = './fixture_data/bls12-381-shake-256/'; 9 | 10 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 11 | let path = SHA_PATH; 12 | if(api_id.includes('SHAKE-256')) { 13 | path = SHAKE_PATH; 14 | } 15 | const h2s = JSON.parse( 16 | await readFile( 17 | new URL(path + 'h2s.json', import.meta.url) 18 | ) 19 | ); 20 | 21 | describe('Hash to Scalar ' + api_id, function() { 22 | it(h2s.caseName, async function() { 23 | // console.log(h2s); 24 | const msg_octets = hexToBytes(h2s.message); 25 | const dst = hexToBytes(h2s.dst); 26 | const result = await hash_to_scalar(msg_octets, dst, api_id); 27 | // console.log("Computed scalar:"); 28 | // console.log(result.toString(16)); 29 | const expected = os2ip(hexToBytes(h2s.scalar)); 30 | assert.equal(result, expected); 31 | }); 32 | }); 33 | } 34 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (missing messages)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" 11 | ], 12 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 13 | "result": { 14 | "valid": false, 15 | "reason": "missing messages" 16 | }, 17 | "trace": { 18 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 19 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 20 | } 21 | } -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@grottonetworking/bbs-signatures", 3 | "version": "0.1.5", 4 | "description": "JavaScript implementation of the BBS+ signature suite for node or browser", 5 | "type": "module", 6 | "scripts": { 7 | "test": "mocha" 8 | }, 9 | "author": "Dr. Greg M. Bernstein", 10 | "license": "BSD-3-Clause", 11 | "engines": { 12 | "node": ">=16" 13 | }, 14 | "browser": { 15 | "crypto": false, 16 | "./lib/randomBytes.js": "./lib/randomBytes-browser.js" 17 | }, 18 | "devDependencies": { 19 | "chai": "^4.3.7", 20 | "eslint": "^8.36.0", 21 | "eslint-config-digitalbazaar": "^4.2.0", 22 | "eslint-plugin-import": "^2.27.5", 23 | "eslint-plugin-jsdoc": "^40.1.0", 24 | "eslint-plugin-unicorn": "^46.0.0", 25 | "jsdoc-to-markdown": "^8.0.0", 26 | "mocha": "^10.2.0" 27 | }, 28 | "repository": { 29 | "type": "git", 30 | "url": "git+https://github.com/Wind4Greg/grotto-bbs-signatures.git" 31 | }, 32 | "exports": "./lib/BBS.js", 33 | "files": [ 34 | "lib/**/*.js", 35 | "examples/**/*.js" 36 | ], 37 | "dependencies": { 38 | "@noble/curves": "^1.1.0", 39 | "@noble/hashes": "^1.3.0" 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (missing messages)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" 11 | ], 12 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 13 | "result": { 14 | "valid": false, 15 | "reason": "missing messages" 16 | }, 17 | "trace": { 18 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 19 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 20 | } 21 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid single message signature (extra unsigned message)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" 11 | ], 12 | "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", 13 | "result": { 14 | "valid": false, 15 | "reason": "extra unsigned message" 16 | }, 17 | "trace": { 18 | "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", 19 | "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" 20 | } 21 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid single message signature (extra unsigned message)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" 11 | ], 12 | "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", 13 | "result": { 14 | "valid": false, 15 | "reason": "extra unsigned message" 16 | }, 17 | "trace": { 18 | "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", 19 | "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" 20 | } 21 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/commit/commit002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple committed messages commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | } 9 | }, 10 | "committedMessages": [ 11 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 12 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 13 | "835889a40744813a892eff9deb1edaeb", 14 | "e1ca9729410dc6ba", 15 | "" 16 | ], 17 | "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", 18 | "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", 19 | "result": { 20 | "valid": true 21 | } 22 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/commit/commit002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple committed messages commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | } 9 | }, 10 | "committedMessages": [ 11 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 12 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 13 | "835889a40744813a892eff9deb1edaeb", 14 | "e1ca9729410dc6ba", 15 | "" 16 | ], 17 | "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", 18 | "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", 19 | "result": { 20 | "valid": true 21 | } 22 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/generators.json: -------------------------------------------------------------------------------- 1 | { 2 | "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", 3 | "Q1": "a9ec65b70a7fbe40c874c9eb041c2cb0a7af36ccec1bea48fa2ba4c2eb67ef7f9ecb17ed27d38d27cdeddff44c8137be", 4 | "MsgGenerators": [ 5 | "98cd5313283aaf5db1b3ba8611fe6070d19e605de4078c38df36019fbaad0bd28dd090fd24ed27f7f4d22d5ff5dea7d4", 6 | "a31fbe20c5c135bcaa8d9fc4e4ac665cc6db0226f35e737507e803044093f37697a9d452490a970eea6f9ad6c3dcaa3a", 7 | "b479263445f4d2108965a9086f9d1fdc8cde77d14a91c856769521ad3344754cc5ce90d9bc4c696dffbc9ef1d6ad1b62", 8 | "ac0401766d2128d4791d922557c7b4d1ae9a9b508ce266575244a8d6f32110d7b0b7557b77604869633bb49afbe20035", 9 | "b95d2898370ebc542857746a316ce32fa5151c31f9b57915e308ee9d1de7db69127d919e984ea0747f5223821b596335", 10 | "8f19359ae6ee508157492c06765b7df09e2e5ad591115742f2de9c08572bb2845cbf03fd7e23b7f031ed9c7564e52f39", 11 | "abc914abe2926324b2c848e8a411a2b6df18cbe7758db8644145fefb0bf0a2d558a8c9946bd35e00c69d167aadf304c1", 12 | "80755b3eb0dd4249cbefd20f177cee88e0761c066b71794825c9997b551f24051c352567ba6c01e57ac75dff763eaa17", 13 | "82701eb98070728e1769525e73abff1783cedc364adb20c05c897a62f2ab2927f86f118dcb7819a7b218d8f3fee4bd7f", 14 | "a1f229540474f4d6f1134761b92b788128c7ac8dc9b0c52d59493132679673032ac7db3fb3d79b46b13c1c41ee495bca" 15 | ] 16 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/generators.json: -------------------------------------------------------------------------------- 1 | { 2 | "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", 3 | "Q1": "a9d40131066399fd41af51d883f4473b0dcd7d028d3d34ef17f3241d204e28507d7ecae032afa1d5490849b7678ec1f8", 4 | "MsgGenerators": [ 5 | "903c7ca0b7e78a2017d0baf74103bd00ca8ff9bf429f834f071c75ffe6bfdec6d6dca15417e4ac08ca4ae1e78b7adc0e", 6 | "84321f5855bfb6b001f0dfcb47ac9b5cc68f1a4edd20f0ec850e0563b27d2accee6edff1a26b357762fb24e8ddbb6fcb", 7 | "b3060dff0d12a32819e08da00e61810676cc9185fdd750e5ef82b1a9798c7d76d63de3b6225d6c9a479d6c21a7c8bf93", 8 | "8f1093d1e553cdead3c70ce55b6d664e5d1912cc9edfdd37bf1dad11ca396a0a8bb062092d391ebf8790ea5722413f68", 9 | "990824e00b48a68c3d9a308e8c52a57b1bc84d1cf5d3c0f8c6fb6b1230e4e5b8eb752fb374da0b1ef687040024868140", 10 | "b86d1c6ab8ce22bc53f625d1ce9796657f18060fcb1893ce8931156ef992fe56856199f8fa6c998e5d855a354a26b0dd", 11 | "b4cdd98c5c1e64cb324e0c57954f719d5c5f9e8d991fd8e159b31c8d079c76a67321a30311975c706578d3a0ddc313b7", 12 | "8311492d43ec9182a5fc44a75419b09547e311251fe38b6864dc1e706e29446cb3ea4d501634eb13327245fd8a574f77", 13 | "ac00b493f92d17837a28d1f5b07991ca5ab9f370ae40d4f9b9f2711749ca200110ce6517dc28400d4ea25dddc146cacc", 14 | "965a6c62451d4be6cb175dec39727dc665762673ee42bf0ac13a37a74784fbd61e84e0915277a6f59863b2bb4f5f6005" 15 | ] 16 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature010.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, no header", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "8c87e2080859a97299c148427cd2fcf390d24bea850103a9748879039262ecf4f42206f6ef767f298b6a96b424c1e86c26f8fba62212d0e05b95261c2cc0e5fdc63a32731347e810fd12e9c58355aa0d", 21 | "result": { 22 | "valid": true 23 | }, 24 | "trace": { 25 | "B": "98e38eadb6a2232cf91f41861089cda14d7e3ddef0c6eaba4d11a2732f66408f394d58301ffcc8fcfb3c89bb75136f61", 26 | "domain": "41c5fe0290d0da734ce9bba57bfe0dfc14f3f9cfef18a0d7438cf2075fd71cc7" 27 | } 28 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature010.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, no header", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "88beeb970f803160d3058eacde505207c576a8c9e4e5dc7c5249cbcf2a046c15f8df047031eef3436e04b779d92a9cdb1fe4c6cc035ba1634f1740f9dd49816d3ca745ecbe39f655ea61fb700137fded", 21 | "result": { 22 | "valid": true 23 | }, 24 | "trace": { 25 | "B": "8607ebc413b397c1e27ce591d1daa39f73da329018bda0f90bf996355cc28c3cdba19feeb81e35be9e1503a018e4086e", 26 | "domain": "333d8686761cff65a3a2ef20bfa217d37bdf19105e87c210e9ce64ea1210a157" 27 | } 28 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature004.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 21 | "result": { 22 | "valid": true 23 | }, 24 | "trace": { 25 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 26 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 27 | } 28 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature004.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 21 | "result": { 22 | "valid": true 23 | }, 24 | "trace": { 25 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 26 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 27 | } 28 | } -------------------------------------------------------------------------------- /examples/blind/CommitEx.js: -------------------------------------------------------------------------------- 1 | /* Example code to test blind commitment functionality */ 2 | /* global URL, console, TextEncoder */ 3 | import {API_ID_BLIND_BBS_SHA, hexToBytes, seeded_random_scalars} 4 | from '../../lib/BBS.js'; 5 | import {bytesToHex} from '@noble/hashes/utils'; 6 | import {commit} from '../../lib/BlindBBS.js'; 7 | import {readFile} from 'fs/promises'; 8 | const path = '../../blind_test/fixture_data/bls12-381-sha-256/commit/'; 9 | 10 | const commitFixture = JSON.parse(await readFile( 11 | new URL(path + 'commit002.json', import.meta.url)) 12 | ); 13 | 14 | console.log(commitFixture); 15 | const msgs_in_octets = commitFixture.committedMessages.map(hexMsg => 16 | hexToBytes(hexMsg)); 17 | // console.log(msgs_in_octets); 18 | const api_id = API_ID_BLIND_BBS_SHA; 19 | const seed = new TextEncoder().encode(commitFixture.mockRngParameters.SEED); 20 | console.log(seed); 21 | const rng_dst = commitFixture.mockRngParameters.commit.DST; 22 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 23 | const [commit_with_proof_octs, secret_prover_blind] = 24 | await commit(msgs_in_octets, api_id, rand_scalar_func); 25 | console.log(`commit with proof (hex): ${bytesToHex(commit_with_proof_octs)}`); 26 | console.log(`secret prover blind (hex): ${secret_prover_blind.toString(16)}`); 27 | const verified = bytesToHex(commit_with_proof_octs) == 28 | commitFixture.commitmentWithProof; 29 | console.log(`test vector verified: ${verified}`); 30 | -------------------------------------------------------------------------------- /pseudonym_test/fixture_data/bls12-381-sha-256/nymCommit/nym_commit001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "Nym commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 3 8 | } 9 | }, 10 | "committedMessages": [], 11 | "proverNym": "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418", 12 | "proverBlind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", 13 | "commitmentWithProof": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c5c2ac3247080eb71fefc7e9622ffae372425a699a298ba991a0bc5c6a3d9211347d0ce98d5c0550667269df1fb81f8fa30c07d4917c7c0786411ee5c05b00b9d501d3f8e244b860b7b11140cddc9787a3ab54ec7fd0a8950dae339f396f2641b", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "M": 1, 19 | "secret_prover_blind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", 20 | "s_tilde": "3a3b481c984f4396a13b1f65368aa393d08455fbfd351ab80f593aa5de8b4b1d", 21 | "m_tildes": [ 22 | "5e82a40ae25e65fb04d7722f36ecd62fa4f07c8815e74f0a14a7e0a6547a36ce" 23 | ], 24 | "C": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c", 25 | "Cbar": "af8152d30fc149adb48825795fc0bf51c509c584cb164a703252dd8857e6ffda60b1a82f1cd2277dff24dd002227bacf" 26 | } 27 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature007.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (wrong public key)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "b064bd8d1ba99503cbb7f9d7ea00bce877206a85b1750e5583dd9399828a4d20610cb937ea928d90404c239b2835ffb104220a9c66a4c9ed3b54c0cac9ea465d0429556b438ceefb59650ddf67e7a8f103677561b7ef7fe3c3357ec6b94d41c6" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 21 | "result": { 22 | "valid": false, 23 | "reason": "wrong public key" 24 | }, 25 | "trace": { 26 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 27 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature008.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (different header)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "ffeeddccbbaa00998877665544332211", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 21 | "result": { 22 | "valid": false, 23 | "reason": "different header" 24 | }, 25 | "trace": { 26 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 27 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature007.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (wrong public key)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "b24c723803f84e210f7a95f6265c5cbfa4ecc51488bf7acf24b921807801c0798b725b9a2dcfa29953efcdfef03328720196c78b2e613727fd6e085302a0cc2d8d7e1d820cf1d36b20e79eee78c13a1a5da51a298f1aef86f07bc33388f089d8" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 21 | "result": { 22 | "valid": false, 23 | "reason": "wrong public key" 24 | }, 25 | "trace": { 26 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 27 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature008.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (different header)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "ffeeddccbbaa00998877665544332211", 8 | "messages": [ 9 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 10 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 13 | "496694774c5604ab1b2544eababcf0f53278ff50", 14 | "515ae153e22aae04ad16f759e07237b4", 15 | "d183ddc6e2665aa4e2f088af", 16 | "ac55fb33a75909ed", 17 | "96012096", 18 | "" 19 | ], 20 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 21 | "result": { 22 | "valid": false, 23 | "reason": "different header" 24 | }, 25 | "trace": { 26 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 27 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature006.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (re-ordered messages)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "", 10 | "96012096", 11 | "ac55fb33a75909ed", 12 | "d183ddc6e2665aa4e2f088af", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "496694774c5604ab1b2544eababcf0f53278ff50", 15 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 16 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 17 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 18 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 19 | ], 20 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 21 | "result": { 22 | "valid": false, 23 | "reason": "re-ordered messages" 24 | }, 25 | "trace": { 26 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 27 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature006.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (re-ordered messages)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "", 10 | "96012096", 11 | "ac55fb33a75909ed", 12 | "d183ddc6e2665aa4e2f088af", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "496694774c5604ab1b2544eababcf0f53278ff50", 15 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 16 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 17 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 18 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 19 | ], 20 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 21 | "result": { 22 | "valid": false, 23 | "reason": "re-ordered messages" 24 | }, 25 | "trace": { 26 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 27 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 28 | } 29 | } -------------------------------------------------------------------------------- /pseudonym_test/fixture_data/bls12-381-shake-256/nymCommit/nym_commit001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "pid as committed message commitment with proof", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 3 8 | } 9 | }, 10 | "committedMessages": [], 11 | "proverNym": "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418", 12 | "proverBlind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", 13 | "commitmentWithProof": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde4753a18a8286aca2bf58e8bb9a3d77a3e0052aefc427e5e47b666255e53cfcaa7d34d36adc13da01798b8eb041652a57c3b595ace54ed5eee43370c1697eb5ce996020d88ca5d811c011cde10c6c07dc2f4acbc89bd5652414d5b8823a250ed40b", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "info": "from Blind BBS commit", 19 | "M": 1, 20 | "secret_prover_blind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", 21 | "s_tilde": "40e7b7bc3a17cbd4fa61f81728b6f1224a934a34f8cd57000c360f1b301690b8", 22 | "m_tildes": [ 23 | "43a77228890e6cf2c297292b8989751a6e0c9713caa592f39e61e23a997321cb" 24 | ], 25 | "C": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde47", 26 | "Cbar": "af2bff5e3e7c5942772258e38dd17f0350e38345b1631f992fa66f285c20df9025a99c4d796d3db248b5155e4f7200c8" 27 | } 28 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/signature/signature009.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (re-ordered(randomly shuffled) messages)", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "ac55fb33a75909ed", 10 | "", 11 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 12 | "d183ddc6e2665aa4e2f088af", 13 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 14 | "96012096", 15 | "515ae153e22aae04ad16f759e07237b4", 16 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 17 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 18 | "496694774c5604ab1b2544eababcf0f53278ff50" 19 | ], 20 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 21 | "result": { 22 | "valid": false, 23 | "reason": "re-ordered(randomly shuffled) messages" 24 | }, 25 | "trace": { 26 | "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", 27 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" 28 | } 29 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/signature/signature009.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature (re-ordered(randomly shuffled) messages)", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "header": "11223344556677889900aabbccddeeff", 8 | "messages": [ 9 | "", 10 | "96012096", 11 | "496694774c5604ab1b2544eababcf0f53278ff50", 12 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 13 | "ac55fb33a75909ed", 14 | "d183ddc6e2665aa4e2f088af", 15 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 16 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 17 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 18 | "515ae153e22aae04ad16f759e07237b4" 19 | ], 20 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 21 | "result": { 22 | "valid": false, 23 | "reason": "re-ordered(randomly shuffled) messages" 24 | }, 25 | "trace": { 26 | "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", 27 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" 28 | } 29 | } -------------------------------------------------------------------------------- /test/generators.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before */ 2 | 3 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, prepareGenerators} 4 | from '../lib/BBS.js'; 5 | import {assert} from 'chai'; 6 | import {readFile} from 'fs/promises'; 7 | 8 | const SHA_PATH = './fixture_data/bls12-381-sha-256/'; 9 | const SHAKE_PATH = './fixture_data/bls12-381-shake-256/'; 10 | 11 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 12 | let path = SHA_PATH; 13 | if(api_id.includes('SHAKE-256')) { 14 | path = SHAKE_PATH; 15 | } 16 | 17 | const generatorVector = JSON.parse( 18 | await readFile( 19 | new URL(path + 'generators.json', import.meta.url) 20 | ) 21 | ); 22 | 23 | describe('Generators ' + api_id, async function() { 24 | const L = generatorVector.MsgGenerators.length; 25 | let gens, Q1, H; 26 | before(async function() { 27 | gens = await prepareGenerators(L+1, api_id); 28 | [Q1, ...H] = gens.generators; 29 | }); 30 | it('Confirm P1', function() { 31 | assert.equal(gens.P1.toHex(true), generatorVector.P1); 32 | }); 33 | it('Confirm Q1', function() { 34 | assert.equal(Q1.toHex(true), generatorVector.Q1); 35 | // assert.equal(gens.Q2.toHex(true), generatorVector.Q2); 36 | }); 37 | it('Confirm message generators', function() { 38 | // console.log(gens); 39 | for(let i = 0; i < L; i++) { 40 | assert.equal(H[i].toHex(true), generatorVector.MsgGenerators[i]); 41 | // console.log(`H[${i}]: ${gens.H[i].toHex(true)}`); 42 | } 43 | }); 44 | }); 45 | } 46 | -------------------------------------------------------------------------------- /License.txt: -------------------------------------------------------------------------------- 1 | Copyright 2023 Grotto Networking 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are met: 5 | 6 | 1. Redistributions of source code must retain the above copyright notice, this 7 | list of conditions and the following disclaimer. 8 | 9 | 2. Redistributions in binary form must reproduce the above copyright notice, 10 | this list of conditions and the following disclaimer in the documentation 11 | and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors 14 | may be used to endorse or promote products derived from this software without 15 | specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 18 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 21 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 23 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 24 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 26 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | 28 | -------------------------------------------------------------------------------- /test/messages2scalars.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before */ 2 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, hexToBytes, messages_to_scalars} 3 | from '../lib/BBS.js'; 4 | import {assert} from 'chai'; 5 | import {readFile} from 'fs/promises'; 6 | 7 | const SHA_PATH = './fixture_data/bls12-381-sha-256/'; 8 | const SHAKE_PATH = './fixture_data/bls12-381-shake-256/'; 9 | 10 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 11 | let path = SHA_PATH; 12 | if(api_id.includes('SHAKE-256')) { 13 | path = SHAKE_PATH; 14 | } 15 | const msgs2scalarsVector = JSON.parse( 16 | await readFile( 17 | new URL(path + 'MapMessageToScalarAsHash.json', import.meta.url) 18 | ) 19 | ); 20 | 21 | describe('Messages to Scalars ' + api_id, function() { 22 | let msgs_in_octets; 23 | let test_scalars; 24 | let result_scalars; 25 | before(async function() { 26 | msgs_in_octets = msgs2scalarsVector.cases.map( 27 | tst => hexToBytes(tst.message)); 28 | test_scalars = msgs2scalarsVector.cases.map( 29 | tst => BigInt('0x' + tst.scalar)); 30 | result_scalars = await messages_to_scalars(msgs_in_octets, api_id); 31 | }); 32 | it('Confirm messages to scalars', async function() { 33 | for(let i = 0; i < test_scalars.length; i++) { 34 | assert.equal(result_scalars[i], test_scalars[i]); 35 | // console.log(`computed scalar: ${result_scalars[i]}`); 36 | // console.log(`test scalar: ${test_scalars[i]}`); 37 | // console.log(`test scalar hex: ${test_scalars[i].toString(16)}`); 38 | } 39 | }); 40 | }); 41 | } 42 | -------------------------------------------------------------------------------- /test/keyGen.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, console */ 2 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, bytesToHex, hexToBytes, keyGen, 3 | publicFromPrivate} from '../lib/BBS.js'; 4 | import {assert} from 'chai'; 5 | import {readFile} from 'fs/promises'; 6 | 7 | const SHA_PATH = './fixture_data/bls12-381-sha-256/'; 8 | const SHAKE_PATH = './fixture_data/bls12-381-shake-256/'; 9 | 10 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 11 | let path = SHA_PATH; 12 | if(api_id.includes('SHAKE-256')) { 13 | path = SHAKE_PATH; 14 | } 15 | const keyPairFixture = JSON.parse( 16 | await readFile( 17 | new URL(path + 'keypair.json', import.meta.url) 18 | ) 19 | ); 20 | 21 | describe('Key Generation', function() { 22 | // console.log(keyPairFixture); 23 | const ikm = hexToBytes(keyPairFixture.keyMaterial); 24 | const keyInfo = hexToBytes(keyPairFixture.keyInfo); 25 | const keyDST = ''; //'KEYGEN_DST_'; 26 | 27 | it('KeyGen ' + api_id, async function() { 28 | const sk = await keyGen(ikm, keyInfo, keyDST, api_id); 29 | // console.log(`sk (hex): ${bytesToHex(sk)}`); 30 | assert.equal(bytesToHex(sk), keyPairFixture.keyPair.secretKey); 31 | }); 32 | }); 33 | 34 | describe('Public from private ' + api_id, function() { 35 | const keyPairTest = keyPairFixture.keyPair; 36 | // console.log(keyPairTest); 37 | const privateBytes = hexToBytes(keyPairTest.secretKey); 38 | const publicBytes = publicFromPrivate(privateBytes); 39 | const publicHex = bytesToHex(publicBytes); 40 | it('confirm test vector', function() { 41 | assert.equal(publicHex, keyPairTest.publicKey); 42 | }); 43 | }); 44 | } 45 | -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no prover committed messages, no signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 16 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 17 | }, 18 | "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [], 21 | "committedMessages": [], 22 | "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", 23 | "signature": "ab54c35fb2af5c75d6368bc5772547e126d60a92205d011bb9ee5d1149432e91611fd376fe5b79d6ed7c2ba00a19b7434744945fd77bf02cd4628a6e5deeae50768116d55510251bb6a716a38340e184", 24 | "result": { 25 | "valid": true 26 | }, 27 | "trace": { 28 | "B": "9964a978251fcc52c918dee3d8f102d2152fa7a805df85b1e91e0c45d4d8d7c02aab78353a240176f6a33899b98b3379", 29 | "domain": "0b3a152bc770ff9e21f09ac58f59c99379ca0eeb61990ba666d994014085b332" 30 | } 31 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no prover committed messages, no signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 16 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 17 | }, 18 | "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [], 21 | "committedMessages": [], 22 | "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", 23 | "signature": "94403c30badaccf53c4d5f6a15e66c98fe021c149254a5b54b75f15fe674978897284db9fb6a8716fa17e69c80acfef45e56e7199abc42be2ba46cdfef5b30b3cc1ed12802225733183f02fc535a2127", 24 | "result": { 25 | "valid": true 26 | }, 27 | "trace": { 28 | "B": "a44e7c8b4969cb821e48fc8ce3e295ed6a47923155edc19ff783993944863cd2e8712b72005f20bf51d7395c15832fc8", 29 | "domain": "48d64a62d7dbc8d88d643f15b3c8a1eed78afe3a80bc3e41bc2f92257b25f6d8" 30 | } 31 | } -------------------------------------------------------------------------------- /pseudonym_test/nymValidateCommitTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before, TextEncoder*/ 2 | /* eslint-disable max-len */ 3 | import { 4 | API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes, 5 | prepareGenerators, 6 | seeded_random_scalars 7 | } from '../lib/BBS.js'; 8 | import {readdir, readFile} from 'fs/promises'; 9 | import {deserialize_and_validate_commit} from '../lib/BlindBBS.js'; 10 | import {assert} from 'chai'; 11 | import {bytesToHex} from '@noble/hashes/utils'; 12 | import {dirname} from 'path'; 13 | import {fileURLToPath} from 'url'; 14 | 15 | const __dirname = dirname(fileURLToPath(import.meta.url)); 16 | 17 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymCommit/'; 18 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymCommit/'; 19 | 20 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { 21 | let path = SHA_PATH; 22 | if(api_id.includes('SHAKE-256')) { 23 | path = SHAKE_PATH; 24 | } 25 | const files = await readdir(path); 26 | // get all the test vectors in the dir 27 | const testVectors = []; 28 | for(const fn of files) { 29 | testVectors.push(JSON.parse(await readFile(path + fn))); 30 | } 31 | 32 | describe('prover_nym commit validation for ' + api_id, async function() { 33 | for(const commitFixture of testVectors) { 34 | it(`case: ${commitFixture.caseName}`, async function() { 35 | const gens = await prepareGenerators(2, 'BLIND_' + api_id); 36 | const commitmentWithProof = hexToBytes(commitFixture.commitmentWithProof); 37 | const commit = await deserialize_and_validate_commit(commitmentWithProof, gens, api_id); 38 | console.log(`commitment: ${bytesToHex(commit.toRawBytes(true))}`); 39 | }); 40 | } 41 | }); 42 | } 43 | -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature006.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no commitment signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "signature": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 1 8 | } 9 | }, 10 | "signerKeyPair": { 11 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 12 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 13 | }, 14 | "commitmentWithProof": null, 15 | "header": "11223344556677889900aabbccddeeff", 16 | "messages": [ 17 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 18 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 19 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 20 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 21 | "496694774c5604ab1b2544eababcf0f53278ff50", 22 | "515ae153e22aae04ad16f759e07237b4", 23 | "d183ddc6e2665aa4e2f088af", 24 | "ac55fb33a75909ed", 25 | "96012096", 26 | "" 27 | ], 28 | "committedMessages": null, 29 | "proverBlind": null, 30 | "signature": "8aa8fdfb190987d1fe1c8e34e69eae25594701958064e4483d74580a4a0f51f058a87735d727383b864904aa7b5e4a9b3821a18319df0ccb2e351a9bf75bf1f34d8858dde57119bfafd8ff56e0c54fa4", 31 | "result": { 32 | "valid": true 33 | }, 34 | "trace": { 35 | "B": "874d657ff2b90023d18c8eb1d2fbc0beb8b9c1ae98a285db1076466edd7c0a3179bc572d4f7b0e15b39cbe298d2023cd", 36 | "domain": "1430cf0a3d8a0519a9ecf47534b6026a7671935d9854ed5e68b42fdb543d5f7a" 37 | } 38 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature006.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no commitment signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "signature": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 1 8 | } 9 | }, 10 | "signerKeyPair": { 11 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 12 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 13 | }, 14 | "commitmentWithProof": null, 15 | "header": "11223344556677889900aabbccddeeff", 16 | "messages": [ 17 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 18 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 19 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 20 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 21 | "496694774c5604ab1b2544eababcf0f53278ff50", 22 | "515ae153e22aae04ad16f759e07237b4", 23 | "d183ddc6e2665aa4e2f088af", 24 | "ac55fb33a75909ed", 25 | "96012096", 26 | "" 27 | ], 28 | "committedMessages": null, 29 | "proverBlind": null, 30 | "signature": "b80f73e22cf6c050159018539af4fd2c8ed75a7dfa247feadbdecd983e16ddb33ac5c61bfd7f17b4063a7957456ddc0b71d46e6a05b1a464df601aabf480edf17ff1d6052089c294577fcfb7b851baad", 31 | "result": { 32 | "valid": true 33 | }, 34 | "trace": { 35 | "B": "8ce18ec220f427e23eced9bc5d6a90bf242941676569b406a179e7fe8a3d1c3ba7fd0271ce37817876e55fe1fdf598e5", 36 | "domain": "62638964b2b8eb67c2635a8b87731e2f876e7e84fc4f051903022a731c5fe3b8" 37 | } 38 | } -------------------------------------------------------------------------------- /blind_test/validateCommitTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before, TextEncoder*/ 2 | /* eslint-disable max-len */ 3 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes, 4 | prepareGenerators} from '../lib/BBS.js'; 5 | import {readdir, readFile} from 'fs/promises'; 6 | import {assert} from 'chai'; 7 | import {bytesToHex} from '@noble/hashes/utils'; 8 | import {deserialize_and_validate_commit} from '../lib/BlindBBS.js'; 9 | import {dirname} from 'path'; 10 | import {fileURLToPath} from 'url'; 11 | 12 | const __dirname = dirname(fileURLToPath(import.meta.url)); 13 | 14 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/commit/'; 15 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/commit/'; 16 | 17 | for(const api_id of [API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE]) { // , API_ID_BLIND_BBS_SHAKE 18 | let path = SHA_PATH; 19 | if(api_id.includes('SHAKE-256')) { 20 | path = SHAKE_PATH; 21 | } 22 | const files = await readdir(path); 23 | // get all the test vectors in the dir 24 | const testVectors = []; 25 | for(const fn of files) { 26 | testVectors.push(JSON.parse(await readFile(path + fn))); 27 | } 28 | 29 | describe('Validate Commit generation for ' + api_id, async function() { 30 | for(const commitFixture of testVectors) { 31 | it(`case: ${commitFixture.caseName}`, async function() { 32 | const commitmentWithProof = hexToBytes(commitFixture.commitmentWithProof); 33 | const M = commitFixture.committedMessages.length; 34 | const gens = await prepareGenerators(M + 1, 'BLIND_' + api_id); 35 | const commit = 36 | await deserialize_and_validate_commit(commitmentWithProof, gens, api_id); 37 | assert.isTrue(commitFixture.commitmentWithProof.startsWith(bytesToHex(commit.toRawBytes(true)))); 38 | // console.log(`M = ${M}`); 39 | }); 40 | } 41 | }); 42 | } 43 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/MapMessageToScalarAsHash.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "MapMessageToScalar fixture", 3 | "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4d41505f4d53475f544f5f5343414c41525f41535f484153485f", 4 | "cases": [ 5 | { 6 | "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 7 | "scalar": "1cb5bb86114b34dc438a911617655a1db595abafac92f47c5001799cf624b430" 8 | }, 9 | { 10 | "message": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "scalar": "154249d503c093ac2df516d4bb88b510d54fd97e8d7121aede420a25d9521952" 12 | }, 13 | { 14 | "message": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 15 | "scalar": "0c7c4c85cdab32e6fdb0de267b16fa3212733d4e3a3f0d0f751657578b26fe22" 16 | }, 17 | { 18 | "message": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 19 | "scalar": "4a196deafee5c23f630156ae13be3e46e53b7e39094d22877b8cba7f14640888" 20 | }, 21 | { 22 | "message": "496694774c5604ab1b2544eababcf0f53278ff50", 23 | "scalar": "34c5ea4f2ba49117015a02c711bb173c11b06b3f1571b88a2952b93d0ed4cf7e" 24 | }, 25 | { 26 | "message": "515ae153e22aae04ad16f759e07237b4", 27 | "scalar": "4045b39b83055cd57a4d0203e1660800fabe434004dbdc8730c21ce3f0048b08" 28 | }, 29 | { 30 | "message": "d183ddc6e2665aa4e2f088af", 31 | "scalar": "064621da4377b6b1d05ecc37cf3b9dfc94b9498d7013dc5c4a82bf3bb1750743" 32 | }, 33 | { 34 | "message": "ac55fb33a75909ed", 35 | "scalar": "34ac9196ace0a37e147e32319ea9b3d8cc7d21870d3c3ba071246859cca49b02" 36 | }, 37 | { 38 | "message": "96012096", 39 | "scalar": "57eb93f417c43200e9784fa5ea5a59168d3dbc38df707a13bb597c871b2a5f74" 40 | }, 41 | { 42 | "message": "", 43 | "scalar": "08e3afeb2b4f2b5f907924ef42856616e6f2d5f1fb373736db1cca32707a7d16" 44 | } 45 | ] 46 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/MapMessageToScalarAsHash.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "MapMessageToScalar fixture", 3 | "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4d41505f4d53475f544f5f5343414c41525f41535f484153485f", 4 | "cases": [ 5 | { 6 | "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 7 | "scalar": "1e0dea6c9ea8543731d331a0ab5f64954c188542b33c5bbc8ae5b3a830f2d99f" 8 | }, 9 | { 10 | "message": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 11 | "scalar": "3918a40fb277b4c796805d1371931e08a314a8bf8200a92463c06054d2c56a9f" 12 | }, 13 | { 14 | "message": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 15 | "scalar": "6642b981edf862adf34214d933c5d042bfa8f7ef343165c325131e2ffa32fa94" 16 | }, 17 | { 18 | "message": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 19 | "scalar": "33c021236956a2006f547e22ff8790c9d2d40c11770c18cce6037786c6f23512" 20 | }, 21 | { 22 | "message": "496694774c5604ab1b2544eababcf0f53278ff50", 23 | "scalar": "52b249313abbe323e7d84230550f448d99edfb6529dec8c4e783dbd6dd2a8471" 24 | }, 25 | { 26 | "message": "515ae153e22aae04ad16f759e07237b4", 27 | "scalar": "2a50bdcbe7299e47e1046100aadffe35b4247bf3f059d525f921537484dd54fc" 28 | }, 29 | { 30 | "message": "d183ddc6e2665aa4e2f088af", 31 | "scalar": "0e92550915e275f8cfd6da5e08e334d8ef46797ee28fa29de40a1ebccd9d95d3" 32 | }, 33 | { 34 | "message": "ac55fb33a75909ed", 35 | "scalar": "4c28f612e6c6f82f51f95e1e4faaf597547f93f6689827a6dcda3cb94971d356" 36 | }, 37 | { 38 | "message": "96012096", 39 | "scalar": "1db51bedc825b85efe1dab3e3ab0274fa82bbd39732be3459525faf70f197650" 40 | }, 41 | { 42 | "message": "", 43 | "scalar": "27878da72f7775e709bb693d81b819dc4e9fa60711f4ea927740e40073489e78" 44 | } 45 | ] 46 | } -------------------------------------------------------------------------------- /test/mockedRNG.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, TextDecoder */ 2 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 3 | /* 4 | Checks the generation of mocked random scalars. 5 | */ 6 | import {hexToBytes, seeded_random_scalars} 7 | from '../lib/BBS.js'; 8 | import {assert} from 'chai'; 9 | import {readFile} from 'fs/promises'; 10 | 11 | // These are signature files for 10 messages 12 | const SHA_PATH = './test/fixture_data/bls12-381-sha-256/mockedRng.json'; 13 | const SHAKE_PATH = './test/fixture_data/bls12-381-shake-256/mockedRng.json'; 14 | 15 | const testScalarsSHA = JSON.parse(await readFile(SHA_PATH)); 16 | const testScalarsSHAKE = JSON.parse(await readFile(SHAKE_PATH)); 17 | 18 | // console.log(testScalarsSHA); 19 | describe('Mocked Random Scalars ', function() { 20 | let testScalars; 21 | 22 | it('SHA-256 Mocked Scalars', async function() { 23 | testScalars = testScalarsSHA; 24 | const seed = hexToBytes(testScalars.seed); 25 | const dst_bytes = hexToBytes(testScalars.dst); 26 | const utf8decoder = new TextDecoder(); 27 | const dst = utf8decoder.decode(dst_bytes); // Need dst as UTF-8 string 28 | // console.log(`DST = ${dst}`); 29 | const count = testScalars.count; 30 | const scalars = await seeded_random_scalars(seed, dst, count); 31 | // console.log(scalars.map(x => x.toString(16))); 32 | 33 | const testScalarsBig = testScalars.mockedScalars.map(tst => BigInt('0x' + tst)); 34 | assert.deepEqual(testScalarsBig, scalars); 35 | }); 36 | 37 | it('SHAKE-256 Mocked Scalars', async function() { 38 | testScalars = testScalarsSHAKE; 39 | const seed = hexToBytes(testScalars.seed); 40 | const dst_bytes = hexToBytes(testScalars.dst); 41 | const utf8decoder = new TextDecoder(); 42 | const dst = utf8decoder.decode(dst_bytes); // Need dst as UTF-8 strings 43 | const count = testScalars.count; 44 | const scalars = await seeded_random_scalars(seed, dst, count); 45 | // console.log(scalars.map(x => x.toString(16))); 46 | 47 | const testScalarsBig = testScalars.mockedScalars.map(tst => BigInt('0x' + tst)); 48 | assert.deepEqual(testScalarsBig, scalars); 49 | }); 50 | 51 | }); 52 | -------------------------------------------------------------------------------- /blind_test/commitTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before, TextEncoder*/ 2 | /* eslint-disable max-len */ 3 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes, 4 | seeded_random_scalars} from '../lib/BBS.js'; 5 | import {readdir, readFile} from 'fs/promises'; 6 | import {assert} from 'chai'; 7 | import {bytesToHex} from '@noble/hashes/utils'; 8 | import {commit} from '../lib/BlindBBS.js'; 9 | import {dirname} from 'path'; 10 | import {fileURLToPath} from 'url'; 11 | 12 | const __dirname = dirname(fileURLToPath(import.meta.url)); 13 | 14 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/commit/'; 15 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/commit/'; 16 | 17 | for(const api_id of [API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE]) { 18 | let path = SHA_PATH; 19 | if(api_id.includes('SHAKE-256')) { 20 | path = SHAKE_PATH; 21 | } 22 | const files = await readdir(path); 23 | // get all the test vectors in the dir 24 | const testVectors = []; 25 | for(const fn of files) { 26 | testVectors.push(JSON.parse(await readFile(path + fn))); 27 | } 28 | 29 | describe('Commit generation for ' + api_id, async function() { 30 | for(const commitFixture of testVectors) { 31 | it(`case: ${commitFixture.caseName}`, async function() { 32 | const msgs_in_octets = commitFixture.committedMessages.map(hexMsg => 33 | hexToBytes(hexMsg)); 34 | const seed = new TextEncoder().encode(commitFixture.mockRngParameters.SEED); 35 | const rng_dst = commitFixture.mockRngParameters.commit.DST; 36 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 37 | const [commit_with_proof_octs, secret_prover_blind] = 38 | await commit(msgs_in_octets, api_id, rand_scalar_func); 39 | // console.log(`commit with proof (hex): ${bytesToHex(commit_with_proof_octs)}`); 40 | // console.log(`secret prover blind (hex): ${secret_prover_blind.toString(16)}`); 41 | // console.log(`calcM: ${calcM(commit_with_proof_octs)}`); 42 | assert.equal(bytesToHex(commit_with_proof_octs), 43 | commitFixture.commitmentWithProof); 44 | }); 45 | } 46 | }); 47 | } 48 | -------------------------------------------------------------------------------- /blind_test/verifyTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes} from '../lib/BBS.js'; 4 | import {readdir, readFile} from 'fs/promises'; 5 | import {assert} from 'chai'; 6 | import {BlindVerify} from '../lib/BlindBBS.js'; 7 | // import {bytesToHex} from '@noble/hashes/utils'; 8 | 9 | import {dirname} from 'path'; 10 | import {fileURLToPath} from 'url'; 11 | 12 | const __dirname = dirname(fileURLToPath(import.meta.url)); 13 | 14 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/signature/'; 15 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/signature/'; 16 | 17 | for(const api_id of [API_ID_BLIND_BBS_SHA]) { // , API_ID_BLIND_BBS_SHAKE 18 | let path = SHA_PATH; 19 | if(api_id.includes('SHAKE-256')) { 20 | path = SHAKE_PATH; 21 | } 22 | const files = await readdir(path); 23 | // get all the test vectors in the dir 24 | const testVectors = []; 25 | for(const fn of files) { 26 | testVectors.push(JSON.parse(await readFile(path + fn))); 27 | } 28 | 29 | describe('Signature Verification for ' + api_id, async function() { 30 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 31 | const commitFixture = testVectors[i]; 32 | it(`case: ${commitFixture.caseName}`, async function() { 33 | const PK = hexToBytes(commitFixture.signerKeyPair.publicKey); 34 | const header = hexToBytes(commitFixture.header); 35 | const messages = commitFixture.messages.map(hexMsg => hexToBytes(hexMsg)); 36 | let committed_messages = []; 37 | if(commitFixture.committedMessages) { 38 | committed_messages = commitFixture.committedMessages.map(hexMsg => hexToBytes(hexMsg)); 39 | } 40 | const signature = hexToBytes(commitFixture.signature); 41 | let secret_prover_blind = 0n; 42 | if(commitFixture.proverBlind) { 43 | secret_prover_blind = BigInt('0x' + commitFixture.proverBlind); 44 | } 45 | const res = await BlindVerify(PK, signature, header, messages, committed_messages, 46 | secret_prover_blind, api_id) 47 | assert.isTrue(res); 48 | }); 49 | } 50 | }); 51 | } 52 | -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no prover committed messages, multiple signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 16 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 17 | }, 18 | "commitmentWithProof": "b6389b0fdf04b9c35165acb11685e02193c53c3c1bb8ef3a9404dcee1727a365a3ac6ba7fc32654101cc72cc0ee7d32b23d2018bd6dc2f932c71d4401e763d4ed9999ee6c98837aa7dbe823050697dd744b05920ad0b6393e94f9b86e92d419406945f1e79d4be58dbaf9dc95237c951", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [], 33 | "proverBlind": "30bd5c9bd2b61c44dd169c92cf28bb607830c56073f10e7a800c857cb05ec249", 34 | "signature": "a4999abd5d20fd706cabeb2a44e6dd42b76d6ccfc29ac83d947351a19807e57b0d951d4b79d03250e0e84cc1204a143336c4decbbc7417060f1fc44159192e23e437fe0aaee3971ce89e901f99405b90", 35 | "result": { 36 | "valid": true 37 | }, 38 | "trace": { 39 | "B": "8c1c6937d6c059c330f3d4c89ddea956b18c6e7a4d5b16fa85ac9a6f6f6a815008cfd3af0fc1a012728ba3ae62c4ac51", 40 | "domain": "62638964b2b8eb67c2635a8b87731e2f876e7e84fc4f051903022a731c5fe3b8" 41 | } 42 | } -------------------------------------------------------------------------------- /blind_test/signTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes} from '../lib/BBS.js'; 4 | import {readdir, readFile} from 'fs/promises'; 5 | import {assert} from 'chai'; 6 | import {BlindSign} from '../lib/BlindBBS.js'; 7 | import {bytesToHex} from '@noble/hashes/utils'; 8 | 9 | import {dirname} from 'path'; 10 | import {fileURLToPath} from 'url'; 11 | 12 | const __dirname = dirname(fileURLToPath(import.meta.url)); 13 | 14 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/signature/'; 15 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/signature/'; 16 | 17 | for(const api_id of [API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE]) { // API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE 18 | let path = SHA_PATH; 19 | if(api_id.includes('SHAKE-256')) { 20 | path = SHAKE_PATH; 21 | } 22 | const files = await readdir(path); 23 | // get all the test vectors in the dir 24 | const testVectors = []; 25 | for(const fn of files) { 26 | const vectorObj = JSON.parse(await readFile(path + fn)); 27 | vectorObj.filename = fn; 28 | testVectors.push(vectorObj); 29 | } 30 | 31 | describe('Signature generation for ' + api_id, async function() { 32 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 33 | const commitFixture = testVectors[i]; 34 | it(`file: ${commitFixture.filename}, case: ${commitFixture.caseName}`, async function() { 35 | const SK = BigInt('0x' + commitFixture.signerKeyPair.secretKey); 36 | const PK = hexToBytes(commitFixture.signerKeyPair.publicKey); 37 | let commitment_with_proof = null; 38 | if(commitFixture.commitmentWithProof) { 39 | commitment_with_proof = hexToBytes(commitFixture.commitmentWithProof); 40 | } 41 | const header = hexToBytes(commitFixture.header); 42 | const messages = commitFixture.messages.map(hexMsg => hexToBytes(hexMsg)); 43 | // BlindSign(SK, PK, commitment_with_proof, header, messages, api_id) 44 | const sig = await BlindSign(SK, PK, commitment_with_proof, header, messages, api_id); 45 | assert.equal(bytesToHex(sig), commitFixture.signature); 46 | }); 47 | } 48 | }); 49 | } 50 | -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid no prover committed messages, multiple signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 2 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 16 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 17 | }, 18 | "commitmentWithProof": "849d3cc626720202cbc1610fc01ab41ce32099af602def0c579f37dd18b485ef60719275a036bdd8120e7e938c8e1a3d4d0322587441ccc5caf186001b45dd09ee159713c3e3ea0f411f94a5d6665546562d09c093b687a129e464a57e18cdbf5306bcabf3e7cc95f5ba98cdd9bf3768", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [], 33 | "proverBlind": "1b6f406b17aaf92dc7deb911c7cae49756a6623b5c385b5ae6214d7e3d9597f7", 34 | "signature": "b869cccbe84dce890949db3393c963ead72d044863b2c75bc26c0adfbe08b5bb01db9e4db3313fc660ebb3283634772809d177d191bffde6fe7fbd8ca95d7b842e434ae973b7e458325b9eb23b6cf076", 35 | "result": { 36 | "valid": true 37 | }, 38 | "trace": { 39 | "B": "99c95be56780fa694d182ca279de80297eb93fae1c8f398c7bc155b0a3be3abc7c61813cfead8a35a89dc4d7118b266f", 40 | "domain": "a2271347c620cd43982d4f53dbdd176db8c87fbec6eb15318355bdb39da7d19933f1bbb1845e7c547f8fb2e9858d1ff9" 41 | } 42 | } -------------------------------------------------------------------------------- /examples/TreeDMVExample.js: -------------------------------------------------------------------------------- 1 | /*global TextEncoder, console*/ 2 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 3 | import {API_ID_BBS_SHAKE, bytesToHex, hexToBytes, messages_to_scalars, 4 | prepareGenerators, proofGen, proofVerify, publicFromPrivate, sign, verify} 5 | from '../lib/BBS.js'; 6 | 7 | const messages = [ 8 | 'FirstName: Sequoia', 9 | 'LastName: Sempervirens', 10 | 'Address: Jedediah Smith Redwoods State Park, California', 11 | 'Date of Birth: 1200/03/21', 12 | 'Height: 296 feet', 13 | 'Eyes: None', 14 | 'Hair: Brown bark, green needles', 15 | 'Picture: Encoded photo', 16 | 'License Class: None, Trees can\'t drive' 17 | ]; 18 | 19 | const te = new TextEncoder(); // To convert strings to byte arrays 20 | const messagesOctets = messages.map(msg => te.encode(msg)); 21 | const msg_scalars = await messages_to_scalars(messagesOctets, API_ID_BBS_SHAKE); 22 | 23 | const gens = await prepareGenerators(messages.length + 1, API_ID_BBS_SHAKE); // Generate enough for all messages 24 | 25 | // Prepare private and public keys 26 | const sk_bytes = hexToBytes('47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56'); 27 | const pk_bytes = publicFromPrivate(sk_bytes); 28 | 29 | const header = hexToBytes('11223344556677889900aabbccddeeff'); 30 | const signature = await sign(sk_bytes, pk_bytes, header, msg_scalars, gens, 31 | API_ID_BBS_SHAKE); 32 | console.log('Signature:'); 33 | console.log(bytesToHex(signature)); 34 | 35 | const verified = await verify(pk_bytes, signature, header, msg_scalars, gens, 36 | API_ID_BBS_SHAKE); 37 | console.log(`Algorithm verified: ${verified}`); 38 | 39 | const ph = new Uint8Array(); 40 | const disclosed_indexes = [3, 7]; // Selective disclosure 41 | const proof = await proofGen(pk_bytes, signature, header, ph, msg_scalars, 42 | disclosed_indexes, gens, API_ID_BBS_SHAKE); 43 | console.log(`Proof for selective disclosure of messages ${disclosed_indexes}:`); 44 | console.log(bytesToHex(proof)); 45 | 46 | const disclosedMsgs = msg_scalars.filter( 47 | (m, i) => disclosed_indexes.includes(i)); // Only the disclosed messages! 48 | const proofValid = await proofVerify(pk_bytes, proof, header, ph, disclosedMsgs, 49 | disclosed_indexes, gens, API_ID_BBS_SHAKE); 50 | console.log(`Proof verified: ${proofValid}`); 51 | -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi prover committed messages, no signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 16 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 17 | }, 18 | "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [], 21 | "committedMessages": [ 22 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 23 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 24 | "835889a40744813a892eff9deb1edaeb", 25 | "e1ca9729410dc6ba", 26 | "" 27 | ], 28 | "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", 29 | "signature": "b7446e6ae4e8b5707ac0108f3b1049e9ea01bd6b2b4a7dcf06e5ad1c62a9c0b1585829f0e30fba6c9761469ed908deca52ba5499cef2827b99527b4adf1f30522ce32366385ba87594b8d0e44d156eec", 30 | "result": { 31 | "valid": true 32 | }, 33 | "trace": { 34 | "B": "b21004683409ac48cab4ac654761afa96b90d72742c2a3d1c66343df47713737e6b2367f1dbf0bd917e6f8bc3fd1440a", 35 | "domain": "13c94073eb7dbd279f60d5907c19d83e4a9ae19f99d6b3ca020785730a3f37eb" 36 | } 37 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi prover committed messages, no signer messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 16 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 17 | }, 18 | "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [], 21 | "committedMessages": [ 22 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 23 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 24 | "835889a40744813a892eff9deb1edaeb", 25 | "e1ca9729410dc6ba", 26 | "" 27 | ], 28 | "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", 29 | "signature": "82f5137b728baea7d23bc610888e7dbabdae8b6ce404d5e591608bc0d550f246194cbab590eda33dd2a8aafc0f107f0f3158d330459681d5156d65f6dbdc7b3bfd003212a89052d668935b53895e70d2", 30 | "result": { 31 | "valid": true 32 | }, 33 | "trace": { 34 | "B": "b2f39ad3749d91fae9e6b5e7326902b970c0bc0ee85fe5c4de82702faff072c923e75e2e3af19395b8a978a80b1a887a", 35 | "domain": "3600988bb64779f01c57bfb0524521bc241aa0fdfc92e1b892ac2066edcceef1" 36 | } 37 | } -------------------------------------------------------------------------------- /pseudonym_test/nymCommitTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, URL, it, before, TextEncoder*/ 2 | /* eslint-disable max-len */ 3 | import { 4 | API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes, 5 | seeded_random_scalars 6 | } from '../lib/BBS.js'; 7 | import {readdir, readFile} from 'fs/promises'; 8 | import {NymCommit} from '../lib/PseudonymBBS.js'; 9 | 10 | import {assert} from 'chai'; 11 | import {bytesToHex} from '@noble/hashes/utils'; 12 | import {dirname} from 'path'; 13 | import {fileURLToPath} from 'url'; 14 | 15 | const __dirname = dirname(fileURLToPath(import.meta.url)); 16 | 17 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymCommit/'; 18 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymCommit/'; 19 | 20 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { //API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE 21 | let path = SHA_PATH; 22 | if(api_id.includes('SHAKE-256')) { 23 | path = SHAKE_PATH; 24 | } 25 | const files = await readdir(path); 26 | // get all the test vectors in the dir 27 | const testVectors = []; 28 | for(const fn of files) { 29 | testVectors.push(JSON.parse(await readFile(path + fn))); 30 | } 31 | 32 | describe('Prover Nym commit generation for ' + api_id, async function () { 33 | for(const commitFixture of testVectors) { 34 | it(`case: ${commitFixture.caseName}`, async function () { 35 | const msgs_in_octets = commitFixture.committedMessages.map(hexMsg => 36 | hexToBytes(hexMsg)); 37 | const prover_nym = BigInt('0x' + commitFixture.proverNym); 38 | const seed = new TextEncoder().encode(commitFixture.mockRngParameters.SEED); 39 | const rng_dst = commitFixture.mockRngParameters.commit.DST; 40 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 41 | // NymCommit(messages, prover_nym, api_id, and_scalars = calculate_random_scalars) 42 | const [commit_with_proof_octs, secret_prover_blind] = 43 | await NymCommit(msgs_in_octets, prover_nym,api_id, rand_scalar_func); 44 | // console.log(`commit with proof (hex): ${bytesToHex(commit_with_proof_octs)}`); 45 | // console.log(`secret prover blind (hex): ${secret_prover_blind.toString(16)}`); 46 | assert.equal(bytesToHex(commit_with_proof_octs), 47 | commitFixture.commitmentWithProof); 48 | }); 49 | } 50 | }); 51 | } 52 | -------------------------------------------------------------------------------- /pseudonym_test/nymSignTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes} from '../lib/BBS.js'; 4 | import {readdir, readFile} from 'fs/promises'; 5 | import {assert} from 'chai'; 6 | import {BlindSignWithNym} from '../lib/PseudonymBBS.js' 7 | import {bytesToHex} from '@noble/hashes/utils'; 8 | 9 | import {dirname} from 'path'; 10 | import {fileURLToPath} from 'url'; 11 | 12 | const __dirname = dirname(fileURLToPath(import.meta.url)); 13 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymSignature/'; 14 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymSignature/'; 15 | const message_file = __dirname + '/fixture_data/messages.json'; 16 | 17 | const messages = (JSON.parse(await readFile(message_file))).map(m_hex => hexToBytes(m_hex)); 18 | // console.log('messages:'); 19 | // console.log(messages.map(m => bytesToHex(m))); 20 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { // API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE 21 | let path = SHA_PATH; 22 | if(api_id.includes('SHAKE-256')) { 23 | path = SHAKE_PATH; 24 | } 25 | const files = await readdir(path); 26 | // get all the test vectors in the dir 27 | const testVectors = []; 28 | for(const fn of files) { 29 | testVectors.push(JSON.parse(await readFile(path + fn))); 30 | } 31 | 32 | describe('Hidden pid Pseudonym Signature generation for ' + api_id, async function() { 33 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 34 | const sigFixture = testVectors[i]; 35 | it(`case: ${sigFixture.caseName}`, async function() { 36 | const SK = BigInt('0x' + sigFixture.signerKeyPair.secretKey); 37 | const PK = hexToBytes(sigFixture.signerKeyPair.publicKey); 38 | const header = hexToBytes(sigFixture.header); 39 | const commitmentWithProof = hexToBytes(sigFixture.commitmentWithProof); 40 | const nym_entropy = BigInt('0x' + sigFixture.signer_nym_entropy); 41 | // BlindSignWithNym(SK, PK, commitment_with_proof, header, messages, signer_nym_entropy, api_id) 42 | const res = await BlindSignWithNym(SK, PK, commitmentWithProof, header, messages, nym_entropy, api_id); 43 | const [sig, back_entropy] = res; 44 | console.log(`signature: ${bytesToHex(sig)}, signer entropy: ${back_entropy.toString(16)}`); 45 | assert.equal(bytesToHex(sig), sigFixture.signature); 46 | }); 47 | } 48 | }); 49 | } 50 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid single message signature, single-message revealed proof", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 9 | ], 10 | "disclosedIndexes": [ 11 | 0 12 | ], 13 | "proof": "94916292a7a6bade28456c601d3af33fcf39278d6594b467e128a3f83686a104ef2b2fcf72df0215eeaf69262ffe8194a19fab31a82ddbe06908985abc4c9825788b8a1610942d12b7f5debbea8985296361206dbace7af0cc834c80f33e0aadaeea5597befbb651827b5eed5a66f1a959bb46cfd5ca1a817a14475960f69b32c54db7587b5ee3ab665fbd37b506830a49f21d592f5e634f47cee05a025a2f8f94e73a6c15f02301d1178a92873b6e8634bafe4983c3e15a663d64080678dbf29417519b78af042be2b3e1c4d08b8d520ffab008cbaaca5671a15b22c239b38e940cfeaa5e72104576a9ec4a6fad78c532381aeaa6fb56409cef56ee5c140d455feeb04426193c57086c9b6d397d9418", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "random_scalars": { 19 | "r1": "60ca409f6b0563f687fc471c63d2819f446f39c23bb540925d9d4254ac58f337", 20 | "r2": "2ceff4982de0c913090f75f081df5ec594c310bb48c17cfdaab5332a682ef811", 21 | "e_tilde": "6101c4404895f3dff87ab39c34cb995af07e7139e6b3847180ffdd1bc8c313cd", 22 | "r1_tilde": "0dfcffd97a6ecdebef3c9c114b99d7a030c998d938905f357df62822dee072e8", 23 | "r3_tilde": "639e3417007d38e5d34ba8c511e836768ddc2669fdd3faff5c14ad27ac2b2da1", 24 | "m_tilde_scalars": [] 25 | }, 26 | "A_bar": "94916292a7a6bade28456c601d3af33fcf39278d6594b467e128a3f83686a104ef2b2fcf72df0215eeaf69262ffe8194", 27 | "B_bar": "a19fab31a82ddbe06908985abc4c9825788b8a1610942d12b7f5debbea8985296361206dbace7af0cc834c80f33e0aad", 28 | "D": "aeea5597befbb651827b5eed5a66f1a959bb46cfd5ca1a817a14475960f69b32c54db7587b5ee3ab665fbd37b506830a", 29 | "T1": "a862fa5d3ab4c264c22b8a02636fd4030e8b14ac20dee14e08fdb6cfc445432c08abb49ec111c1eb9d90abef50134a60", 30 | "T2": "ab9543a6b04303e997621d3d5cbd85924e7e69da498a2a9e9d3a8b01f39259c9c5920bd530de1d3b0afb99eb0c549d5a", 31 | "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c", 32 | "challenge": "32381aeaa6fb56409cef56ee5c140d455feeb04426193c57086c9b6d397d9418" 33 | } 34 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid single message signature, single-message revealed proof", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" 9 | ], 10 | "disclosedIndexes": [ 11 | 0 12 | ], 13 | "proof": "89e4ab0c160880e0c2f12a754b9c051ed7f5fccfee3d5cbbb62e1239709196c737fff4303054660f8fcd08267a5de668a2e395ebe8866bdcb0dff9786d7014fa5e3c8cf7b41f8d7510e27d307f18032f6b788e200b9d6509f40ce1d2f962ceedb023d58ee44d660434e6ba60ed0da1a5d2cde031b483684cd7c5b13295a82f57e209b584e8fe894bcc964117bf3521b43d8e2eb59ce31f34d68b39f05bb2c625e4de5e61e95ff38bfd62ab07105d016414b45b01625c69965ad3c8a933e7b25d93daeb777302b966079827a99178240e6c3f13b7db2fb1f14790940e239d775ab32f539bdf9f9b582b250b05882996832652f7f5d3b6e04744c73ada1702d6791940ccbd75e719537f7ace6ee817298d", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "random_scalars": { 19 | "r1": "1308e6f945f663b96de1c76461cf7d7f88b92eb99a9034685150db443d733881", 20 | "r2": "25f81cb69a8fac6fb55d44a084557258575d1003be2bd94f1922dad2c3e447fd", 21 | "e_tilde": "5e8041a7ab02976ee50226c4b062b47d38829bbf42ee7eb899b29720377a584c", 22 | "r1_tilde": "3bbf1d5dc2904dbb7b2ba75c5dce8a5ad2d56a359c13ff0fa5fcb1339cd2fe58", 23 | "r3_tilde": "016b1460eee7707c524a86a4aedeb826ce9597b42906dccaa96c6b49a8ea7da2", 24 | "m_tilde_scalars": [] 25 | }, 26 | "A_bar": "89e4ab0c160880e0c2f12a754b9c051ed7f5fccfee3d5cbbb62e1239709196c737fff4303054660f8fcd08267a5de668", 27 | "B_bar": "a2e395ebe8866bdcb0dff9786d7014fa5e3c8cf7b41f8d7510e27d307f18032f6b788e200b9d6509f40ce1d2f962ceed", 28 | "D": "b023d58ee44d660434e6ba60ed0da1a5d2cde031b483684cd7c5b13295a82f57e209b584e8fe894bcc964117bf3521b4", 29 | "T1": "91a10e73cf4090812e8ea25f31aaa61be53fcb42ce86e9f0e5df6f6dac4c3eee62ac846b0b83a5cfcbe78315175a4961", 30 | "T2": "988f3d473186634e41478dc4527cf240e64de23a763037454d39a876862ebc617738ba6c458142e3746b01eab58ca8d7", 31 | "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9", 32 | "challenge": "2652f7f5d3b6e04744c73ada1702d6791940ccbd75e719537f7ace6ee817298d" 33 | } 34 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature004.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple signer and prover committed messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 16 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 17 | }, 18 | "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [ 33 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 34 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 35 | "835889a40744813a892eff9deb1edaeb", 36 | "e1ca9729410dc6ba", 37 | "" 38 | ], 39 | "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", 40 | "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", 41 | "result": { 42 | "valid": true 43 | }, 44 | "trace": { 45 | "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", 46 | "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936" 47 | } 48 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature004.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple signer and prover committed messages signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 16 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 17 | }, 18 | "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [ 33 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 34 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 35 | "835889a40744813a892eff9deb1edaeb", 36 | "e1ca9729410dc6ba", 37 | "" 38 | ], 39 | "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", 40 | "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", 41 | "result": { 42 | "valid": true 43 | }, 44 | "trace": { 45 | "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", 46 | "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04" 47 | } 48 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-sha-256/signature/signature005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple signer and prover committed messages, no signer blind signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 16 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 17 | }, 18 | "commitmentWithProof": "a2a3e178bcc77f98a3c07f8532134021ab5847326b5b3bfc3089ca73f1bc51cfe2c99163f4919525dd6bedc8a14ee39e30374643902017ca2e6fb8b5647c736e82d1d3c5b05de5c3021fa6f40d9f36dd22fa06e522411aa20377088ca9a15885d7a5044175f0168e927149ee71e2d257079e0100d6d96a7ddf5392dbc64267af8df7b4711cb5eeccb5e8901d0580b9e837f38337cb7260cffcf4f962154fafe5c98beaed7e4d2fc0f8e7eb1ba4eb04086f170aa4924894e2ab63054049c9ef5dfff4f90b48ef0dcf1f50699907301073270e4782d4d7628cfbe1444cea930928bb45004e41e0ad86a874ea03473845ce42f78ceb6f855ba8326a4d47732c5aed3968b396a07f079b22b5bf2139e51a03", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [ 33 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 34 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 35 | "835889a40744813a892eff9deb1edaeb", 36 | "e1ca9729410dc6ba", 37 | "" 38 | ], 39 | "proverBlind": "4fba5396baa36b2fde81d46a9b9ee89c425dbc5e1ffd65c20249afb4abd37589", 40 | "signature": "862eb2fedd0a2b76fb978035cb33952004bdd6136e107bb343cb2c5ea566eb0c3b0ba31b1d022ebf03d0abf050ab293c0afd9c96003331aa13f18a7a47e2e1ccaa8feb7f3a236e92b2da38462358c48a", 41 | "result": { 42 | "valid": true 43 | }, 44 | "trace": { 45 | "B": "8e1c3ee4b13e5936f9cb5f87342107ed9ab4417c04d6e5d712143a54bdb476aaf4240e8a4f11a67d81feb1398f889889", 46 | "domain": "1207ed090723fa7e41c07e970ebb647d1d043079cc2a38c650c32234f1823936" 47 | } 48 | } -------------------------------------------------------------------------------- /blind_test/fixture_data/bls12-381-shake-256/signature/signature005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multiple signer and prover committed messages, no signer blind signature", 3 | "mockRngParameters": { 4 | "SEED": "3.141592653589793238462643383279", 5 | "commit": { 6 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_COMMIT_MOCK_RANDOM_SCALARS_DST_", 7 | "count": 7 8 | }, 9 | "signature": { 10 | "DST": "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_H2G_HM2S_SIGNATURE_MOCK_RANDOM_SCALARS_DST_", 11 | "count": 1 12 | } 13 | }, 14 | "signerKeyPair": { 15 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 16 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 17 | }, 18 | "commitmentWithProof": "85d8034b358566ebfd26f921211b257d30def9962ddf80dc7cbdbf96da2bf598a8bbdc03bdc311ff290673ab29edf4a642be726c577a1aaeb11d00d10c5a07c824bbf8e47af13042f570b6bfc05e42783d70fb3ee76ab7c2565fda74ed6536e14105adf9ae943736a6c96c1102d1dc4424eda4ee1961f0d450736d1cc9f6b3ad2f9f1bcd3b63ef5445798b65ad04806240edee143b5c7c57f61ab7fc9fd8f0b05d984e12cee674541b6a79202931e0ef11bcfc908660861b48cfd4ce0970c9726d9359b4bd0c853da78891e9c9db41f2029195279d92f6831b37b5c6d5ac28840e97c12f7962e65adac6705ae712daa61c0c0bda85a3da6850a8dce296797beff88b1c8e8459dba0730ecace09177f79", 19 | "header": "11223344556677889900aabbccddeeff", 20 | "messages": [ 21 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 22 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 23 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 24 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 25 | "496694774c5604ab1b2544eababcf0f53278ff50", 26 | "515ae153e22aae04ad16f759e07237b4", 27 | "d183ddc6e2665aa4e2f088af", 28 | "ac55fb33a75909ed", 29 | "96012096", 30 | "" 31 | ], 32 | "committedMessages": [ 33 | "5982967821da3c5983496214df36aa5e58de6fa25314af4cf4c00400779f08c3", 34 | "a75d8b634891af92282cc81a675972d1929d3149863c1fc0", 35 | "835889a40744813a892eff9deb1edaeb", 36 | "e1ca9729410dc6ba", 37 | "" 38 | ], 39 | "proverBlind": "41fb2f74c30256398c927a262602b5ac3ebc6f84d9169476f8fcb1525c93b649", 40 | "signature": "80b1195ea9e11a639e11e2dc653ccca0461055edb4f48a6e80b676636e42dd61fae3e52c04e192d5053d60e73f3dec5048d423579dcb96cde6969f8048ce53f15ab02449b8d375f869a8df15db78eb02", 41 | "result": { 42 | "valid": true 43 | }, 44 | "trace": { 45 | "B": "95e018b5b7fe84bff803e829231870d1dec64608083a6a7b4b8f5be66ee9a6e25a6d067f528e48712528205ae9cdf340", 46 | "domain": "04ad1197bffbb54ae41c1d43c61dc29325c2dc771d5cc7dba67907b17f564a04" 47 | } 48 | } -------------------------------------------------------------------------------- /pseudonym_test/nymProofVerifyTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, TextEncoder */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes, 4 | seeded_random_scalars} from '../lib/BBS.js'; 5 | import {readdir, readFile} from 'fs/promises'; 6 | import {assert} from 'chai'; 7 | import {ProofVerifyWithNym} from '../lib/PseudonymBBS.js'; 8 | import {bytesToHex} from '@noble/hashes/utils'; 9 | 10 | import {dirname} from 'path'; 11 | import {fileURLToPath} from 'url'; 12 | 13 | const __dirname = dirname(fileURLToPath(import.meta.url)); 14 | 15 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymProof/'; 16 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymProof/'; 17 | const allMessagesFile = __dirname + '/fixture_data/messages.json'; 18 | 19 | const allMessages = JSON.parse(await readFile(allMessagesFile)); 20 | const messages = allMessages.map(hexMsg => hexToBytes(hexMsg)); 21 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { //, API_ID_PSEUDONYM_BBS_SHAKE 22 | let path = SHA_PATH; 23 | if(api_id.includes('SHAKE-256')) { 24 | path = SHAKE_PATH; 25 | } 26 | const files = await readdir(path); 27 | // get all the test vectors in the dir 28 | const testVectors = []; 29 | for(const fn of files) { 30 | testVectors.push(JSON.parse(await readFile(path + fn))); 31 | } 32 | 33 | describe('Pseudonym Proof verification for ' + api_id, async function() { 34 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 35 | const proofFixture = testVectors[i]; 36 | it(`case: ${proofFixture.caseName}`, async function() { 37 | const PK = hexToBytes(proofFixture.signerPublicKey); 38 | const proof = hexToBytes(proofFixture.proof); 39 | const header = hexToBytes(proofFixture.header); 40 | const ph = hexToBytes(proofFixture.presentationHeader); 41 | const pseudonym_bytes = hexToBytes(proofFixture.pseudonym); 42 | const context_id = hexToBytes(proofFixture.context_id); 43 | const disclosedIndexes = proofFixture.disclosedIndexes; 44 | const disclosedMessages = disclosedIndexes.map(i => messages[i]); 45 | const disComMsgs = []; // disclosed committed mesages 46 | const disComIndxs = []; // disclosed committed indexes 47 | const L = proofFixture.L; 48 | const result = await ProofVerifyWithNym(PK, proof, header, ph, pseudonym_bytes, context_id, 49 | L, disclosedMessages, disComMsgs, disclosedIndexes, disComIndxs, api_id); 50 | /* 51 | const result = await ProofVerifyWithNym(PK, proof, header, ph, pseudonym, context_id, 52 | L, disclosed_messages, disclosed_committed_messages, disclosed_indexes, 53 | disclosed_committed_indexes, api_id) 54 | */ 55 | assert.isTrue(result); 56 | }); 57 | } 58 | }); 59 | } 60 | -------------------------------------------------------------------------------- /pseudonym_test/fixture_data/bls12-381-sha-256/nymSignature/nymSignature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "hidden pid, valid all-message signature", 3 | "signerKeyPair": { 4 | "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", 5 | "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" 6 | }, 7 | "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", 8 | "header": "11223344556677889900aabbccddeeff", 9 | "proverNym": "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418", 10 | "proverBlind": "3ba0a2583bc7229fa9f2ae3a6697091032947c3a48f302b7fd2b08ca9d193041", 11 | "nym_secret": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", 12 | "commitmentWithProof": "b989fc492e2047f602504eb3e236c0acb04224c77ad0d4cbd31c887b9eb05a1f27d7acfb266fe0ae062914bfa060984c5c2ac3247080eb71fefc7e9622ffae372425a699a298ba991a0bc5c6a3d9211347d0ce98d5c0550667269df1fb81f8fa30c07d4917c7c0786411ee5c05b00b9d501d3f8e244b860b7b11140cddc9787a3ab54ec7fd0a8950dae339f396f2641b", 13 | "signature": "a8c362043de23de5331483e510aafca643d7d1ace1b50003f4cc0eb250868531d401e0d3af8a35dc596ef209f41b4f6f28f5c63f8a096e2a3072633fa624872c3f6f41fb5121b354ad7d0c0ea07e0f2f", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "info": "from CoreBlindSign", 19 | "allGenLen": 13, 20 | "domain": "1336f81ac1181906aa77be751b7be985adb49616287ef2f1e4b8ac7771bb6195", 21 | "B": "a1abe3d14bd71b236c003fc1b69930dfa1cbe4f44db047bfddb5fd5c3b5a40b15c0ad364afce854089faa407a8cf8170", 22 | "A": "a8c362043de23de5331483e510aafca643d7d1ace1b50003f4cc0eb250868531d401e0d3af8a35dc596ef209f41b4f6f", 23 | "e": "28f5c63f8a096e2a3072633fa624872c3f6f41fb5121b354ad7d0c0ea07e0f2f", 24 | "commit": "b8458613044a81e52d721fa68ba8139fe9b2d9407edaa9b8f44ecdd7acd84a0ccfb5e1c6d0ad25f8da3925ba066b7868", 25 | "Q_2": "a264ef107598f1caaeb323b65164bcea80e88814810efc61ea27412e879c7cb9344b1b513118d3cf5c79bfa81268ef36", 26 | "msg_scalars": [ 27 | "27fefb362750deb9f097dad1bbb5cfde1e3c2d151ef6809268292e9d6a7404a2", 28 | "40f817c98071d0599c396b0ddda45eb93309ba29f5ae2104a8d5a938c477e277", 29 | "17f10087d712ed4bd2fdc8397c27b77ca3e2c5b149cfa09ba4b6a8ed1257490c", 30 | "0d8495fc2e0a27289edceef1e6ba1c5921a099a1c74a16d69f926094833a3b51", 31 | "5d562b58f4fe4a08366bcd4dcb37fa48220d66ab5f94d0fbf6db77e42a9fcc9d", 32 | "2c955207bc4cd97c0f3940ba99cf3f8a7856df9892d5f53ca99f8587db006d97", 33 | "066f4f328a0b17199e984b49dc9349c2724e7f252db25e9f1d4c7deb74802996", 34 | "1d3c2573fbddde57042cc61906e7a0e789501d090ca0b86246d3f17eb930e754", 35 | "1b14e9a6b5373304a3641a0c5a7011ff56fb01e15e28f59a20d07e7009109185", 36 | "1c5479574c6e0b0f0909c55959287428a88a3964cdc502ed565f7316c3b4566d" 37 | ] 38 | } 39 | } -------------------------------------------------------------------------------- /pseudonym_test/fixture_data/bls12-381-shake-256/nymSignature/nymSignature001.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "hidden pid, valid all-message signature", 3 | "signerKeyPair": { 4 | "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", 5 | "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" 6 | }, 7 | "signer_nym_entropy": "3d40961fce6c09eec24a371322732932503b458d7a4cf7891bdaa765b30027c5", 8 | "header": "11223344556677889900aabbccddeeff", 9 | "proverNym": "6830ea571e9fca0194d9ebd5c571369d8b81655afe0bbb9c6f5efe934f699418", 10 | "proverBlind": "643a0c0bc86a50e0d8c00bfe6c8debd85373597e1aef6cc912838bf7dc376e48", 11 | "nym_secret": "3183d923c36e56a823ea4ae0de4287ca87ff06e5785a57268b39a5fa0269bbdc", 12 | "commitmentWithProof": "990c1837a8af86843213e5b12fbfc962efcaf8fd0e5812a6237b91b00a47b5a34714a60b4c365f72b47a4d9b656dde4753a18a8286aca2bf58e8bb9a3d77a3e0052aefc427e5e47b666255e53cfcaa7d34d36adc13da01798b8eb041652a57c3b595ace54ed5eee43370c1697eb5ce996020d88ca5d811c011cde10c6c07dc2f4acbc89bd5652414d5b8823a250ed40b", 13 | "signature": "a47d3c15559d8d54026edc989974057410d65a99e3172420bee8fcd1cf39f96f41662f3a5a2cc0d2394e130304eab9fe57aa3941a746616123ee492455f69e43af0a64a9bebd1d144f570d879d88fc37", 14 | "result": { 15 | "valid": true 16 | }, 17 | "trace": { 18 | "info": "from CoreBlindSign", 19 | "allGenLen": 13, 20 | "domain": "66211828cb15f26987d6c50cc4eee1be403b4c48e19f41236b717b9fdcb6b92b", 21 | "B": "ad82aaa531b34bb900f8a30ed1419978c6efa05c22a41f30f46ae4c854d991ed2ac3fa651d00a2c51abb28861f45be22", 22 | "A": "a47d3c15559d8d54026edc989974057410d65a99e3172420bee8fcd1cf39f96f41662f3a5a2cc0d2394e130304eab9fe", 23 | "e": "57aa3941a746616123ee492455f69e43af0a64a9bebd1d144f570d879d88fc37", 24 | "commit": "999db81f6fdc2c412e3e5035aa3d97818b618654bf59d9a232fa514481f23faed86d2e2ea696e47812dd31223fab0048", 25 | "Q_2": "986e83f847c8c3fe1ad9d3efd0265b66268fc80f4add90b3e96192616364016bfe73a4005d2d86f841806a3132a0f544", 26 | "msg_scalars": [ 27 | "0e7b3064dbe1af43e28ca76de4ad8060aa9b9aefc8fe04ea2658f1c21ffc890e", 28 | "23b710d9206a08ac5083b3a26ddb345c4e05a9103e9e562f837d89bccc530f3f", 29 | "3b943323f4d5314458ffb777bfcb86929c921ac45307d1701f63d045477c8a8c", 30 | "5b8f4a7d02782aabc06f70905013d82c5b87534ad411390b4561be69a5bbae5d", 31 | "35d13222801ef44de2503d2f56da42ca7f5d35e0ad561ed90678a94f3c3d1272", 32 | "2205d0b603034019d7450ebaa2676dfed1d6fd7a74f0f22ac7b7125c602dfabc", 33 | "3e7c529ca7b24c8317c2162c685b2f78743f20f1770bc4c797139e1788422413", 34 | "40bdff5b8bccd764104245741e2d0afe472fc43679246180857a0c67f9574634", 35 | "23e044f3c30f268812d70515aa266bb671254795ee50da10535d694c8b628b54", 36 | "227eae63c1b4ed3c4a9f901329100b01ee78a2cd77f2cb28653e61c5721de56a" 37 | ] 38 | } 39 | } -------------------------------------------------------------------------------- /test/proofVerification.js: -------------------------------------------------------------------------------- 1 | /* 2 | Verifies all proof test vectors, but does not test proof generation. 3 | */ 4 | /*global describe, before, it*/ 5 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, hexToBytes, messages_to_scalars, 6 | prepareGenerators, proofVerify} from '../lib/BBS.js'; 7 | import {readdir, readFile} from 'fs/promises'; 8 | import {assert} from 'chai'; 9 | 10 | const maxL = 20; // Use when precomputing the generators 11 | 12 | const SHA_PATH = './test/fixture_data/bls12-381-sha-256/'; 13 | const SHAKE_PATH = './test/fixture_data/bls12-381-shake-256/'; 14 | 15 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 16 | let path = SHA_PATH; 17 | if(api_id.includes('SHAKE-256')) { 18 | path = SHAKE_PATH; 19 | } 20 | // Read all the proof test files into JavaScript objects 21 | const vectorPath = path + 'proof/'; 22 | const testFiles = await readdir(vectorPath); 23 | // console.log(testFiles); 24 | const testVectors = []; 25 | for(const fn of testFiles) { 26 | const testVector = JSON.parse(await readFile(vectorPath + fn)); 27 | testVectors.push(testVector); 28 | // for debugging only remove 29 | // if(fn === 'proof003.json') { 30 | // break; 31 | // } 32 | // console.log(testVector); 33 | } 34 | 35 | describe('Proof Verification ' + api_id, function() { 36 | let gens; 37 | before(async function() { 38 | gens = await prepareGenerators(maxL + 1, api_id); // precompute generators 39 | }); 40 | 41 | for(const vector of testVectors) { 42 | // Create test name 43 | let testName = vector.caseName; 44 | if(vector.result.valid) { 45 | testName += ':valid'; 46 | } else { 47 | testName += ':invalid:' + vector.result.reason; 48 | } 49 | 50 | it(testName + ' ' + api_id, async function() { 51 | // From the test vector get the disclosed indices and messages 52 | const disclosedIndexes = vector.disclosedIndexes; 53 | // Test vector contains all the messages, NOT just the disclosed 54 | // messages!!! 55 | const disclosed_messages = vector.messages.filter((msg, i) => 56 | disclosedIndexes.includes(i) 57 | ); 58 | const messagesOctets = disclosed_messages.map(msg => hexToBytes(msg)); 59 | // console.log(disclosedIndexes); 60 | // console.log(messagesOctets); 61 | const disclosedMsgScalars = await messages_to_scalars(messagesOctets, 62 | api_id); 63 | const headerBytes = hexToBytes(vector.header); 64 | const publicBytes = hexToBytes(vector.signerPublicKey); 65 | const proof = hexToBytes(vector.proof); 66 | const ph = hexToBytes(vector.presentationHeader); 67 | const result = await proofVerify(publicBytes, proof, headerBytes, ph, 68 | disclosedMsgScalars, disclosedIndexes, gens, api_id); 69 | assert.equal(result, vector.result.valid); 70 | }); 71 | } 72 | }); 73 | } 74 | -------------------------------------------------------------------------------- /pseudonym_test/nymVerifyTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes} from '../lib/BBS.js'; 4 | import {readdir, readFile} from 'fs/promises'; 5 | import {assert} from 'chai'; 6 | import {BlindVerify} from '../lib/BlindBBS.js'; 7 | import {BlindVerifyWithNym} from '../lib/PseudonymBBS.js'; 8 | import {bytesToHex} from '@noble/hashes/utils'; 9 | 10 | import {dirname} from 'path'; 11 | import {fileURLToPath} from 'url'; 12 | 13 | const __dirname = dirname(fileURLToPath(import.meta.url)); 14 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymSignature/'; 15 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymSignature/'; 16 | const message_file = __dirname + '/fixture_data/messages.json'; 17 | 18 | const messages = (JSON.parse(await readFile(message_file))).map(m_hex => hexToBytes(m_hex)); 19 | // console.log('messages:'); 20 | // console.log(messages.map(m => bytesToHex(m))); 21 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { // , API_ID_PSEUDONYM_BBS_SHAKE 22 | let path = SHA_PATH; 23 | if(api_id.includes('SHAKE-256')) { 24 | path = SHAKE_PATH; 25 | } 26 | const files = await readdir(path); 27 | // get all the test vectors in the dir 28 | const testVectors = []; 29 | for(const fn of files) { 30 | testVectors.push(JSON.parse(await readFile(path + fn))); 31 | } 32 | 33 | describe('Hidden pid Pseudonym Signature generation for ' + api_id, async function() { 34 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 35 | const sigFixture = testVectors[i]; 36 | it(`case: ${sigFixture.caseName}`, async function() { 37 | const prover_nym = BigInt('0x' + sigFixture.proverNym); 38 | const proverBlind = BigInt('0x' + sigFixture.proverBlind); 39 | const signer_nym_entropy = BigInt('0x' + sigFixture.signer_nym_entropy); 40 | const PK = hexToBytes(sigFixture.signerKeyPair.publicKey); 41 | const header = hexToBytes(sigFixture.header); 42 | const signature = hexToBytes(sigFixture.signature); 43 | // BlindVerifyWithNym(PK, signature, header, messages, committed_messages, prover_nym, signer_nym_entropy, secret_prover_blind, api_id) 44 | // const result = await BlindVerify(PK, signature, header, messages, [pid], 45 | // proverBlind, 0n, api_id); 46 | const committed_messages = []; 47 | // BlindVerifyWithNym(PK, signature, header, messages, committed_messages, prover_nym, signer_nym_entropy, secret_prover_blind, api_id) 48 | const result = await BlindVerifyWithNym(PK, signature, header, messages, committed_messages, 49 | prover_nym, signer_nym_entropy, proverBlind, api_id); 50 | const [valid, nym_secret] = result; 51 | assert.isTrue(valid); 52 | console.log(`nym_secret: ${nym_secret.toString(16)}`); 53 | }); 54 | } 55 | }); 56 | } 57 | -------------------------------------------------------------------------------- /test/proofGeneration.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, before */ 2 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 3 | /* 4 | Checks the generation of proofs and their subsequent algorithmic verification. 5 | This checks various different subsets of disclosed indices. Since during 6 | development we had some funky issues that arose with edge cases. 7 | Does NOT check generated proofs against test vectors. See proofGenSeeded.js 8 | for that. 9 | */ 10 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, hexToBytes, messages_to_scalars, 11 | prepareGenerators, proofGen, proofVerify} from '../lib/BBS.js'; 12 | import {assert} from 'chai'; 13 | import {readFile} from 'fs/promises'; 14 | 15 | // These are signature files for 10 messages 16 | const SHA_PATH = './test/fixture_data/bls12-381-sha-256/signature/signature004.json'; 17 | const SHAKE_PATH = './test/fixture_data/bls12-381-shake-256/signature/signature004.json'; 18 | 19 | const sigBundleSHA = JSON.parse(await readFile(SHA_PATH)); 20 | // console.log(testFiles); 21 | 22 | const sigBundleSHAKE = JSON.parse(await readFile(SHAKE_PATH)); 23 | 24 | const ph = hexToBytes('bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501'); 25 | 26 | // A selection of different choices of disclosed messages 27 | const disclosureTests = [ 28 | [0, 1, 2, 3, 4, 5, 6, 7, 8, 9], 29 | [0], 30 | [9], 31 | [0, 1, 2], 32 | [7, 8, 9], 33 | [0, 2, 4, 6, 8], 34 | [1, 3, 5, 7, 9], 35 | [0, 1, 8, 9] 36 | ]; 37 | 38 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 39 | let sigBundle = sigBundleSHA; 40 | if(api_id.includes('SHAKE-256')) { 41 | sigBundle = sigBundleSHAKE; 42 | } 43 | const L = sigBundle.messages.length; 44 | describe('Proof Generation/Verification Random Scalars ' + api_id, function() { 45 | let gens; let msg_scalars; let headerBytes; let publicBytes; let signature; 46 | before(async function() { 47 | gens = await prepareGenerators(L + 1, api_id); // precompute generators 48 | const messagesOctets = sigBundle.messages.map(msg => hexToBytes(msg)); 49 | msg_scalars = await messages_to_scalars(messagesOctets, api_id); 50 | headerBytes = hexToBytes(sigBundle.header); 51 | publicBytes = hexToBytes(sigBundle.signerKeyPair.publicKey); 52 | signature = hexToBytes(sigBundle.signature); 53 | }); 54 | 55 | for(const disclosed of disclosureTests) { 56 | it(`Messages disclosed: ${disclosed}`, async function() { 57 | const proof = await proofGen(publicBytes, signature, headerBytes, 58 | ph, msg_scalars, disclosed, gens, api_id); 59 | const disclosedMsgScalars = msg_scalars.filter( 60 | (msg, i) => disclosed.includes(i)); 61 | // console.log(`proof: ${bytesToHex(proof)}`); 62 | const result = await proofVerify(publicBytes, proof, headerBytes, 63 | ph, disclosedMsgScalars, disclosed, gens, api_id); 64 | assert.isTrue(result); 65 | }); 66 | } 67 | }); 68 | } 69 | -------------------------------------------------------------------------------- /examples/SignVerifyExample.js: -------------------------------------------------------------------------------- 1 | /*global console*/ 2 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 3 | import {API_ID_BBS_SHAKE, bytesToHex, hexToBytes, messages_to_scalars, 4 | prepareGenerators, publicFromPrivate, sign, verify} from '../lib/BBS.js'; 5 | 6 | const hex_msgs = [ 7 | '9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02', 8 | 'c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80', 9 | '7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73', 10 | '77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c', 11 | '496694774c5604ab1b2544eababcf0f53278ff50', 12 | '515ae153e22aae04ad16f759e07237b4', 13 | 'd183ddc6e2665aa4e2f088af', 14 | 'ac55fb33a75909ed', 15 | '96012096', 16 | '' 17 | ]; 18 | 19 | const test_msgs = hex_msgs.map(hex => hexToBytes(hex)); // Convert to byte array 20 | 21 | const msg_scalars = await messages_to_scalars(test_msgs, API_ID_BBS_SHAKE); 22 | 23 | const gens = await prepareGenerators(test_msgs.length + 1, API_ID_BBS_SHAKE); // Generate enough for all messages 24 | 25 | // Prepare private and public keys 26 | const sk_bytes = hexToBytes('2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079'); 27 | const pk_bytes = publicFromPrivate(sk_bytes); 28 | 29 | const header = hexToBytes('11223344556677889900aabbccddeeff'); 30 | 31 | // Try signing with a single message 32 | let L = 1; 33 | let signature = await sign(sk_bytes, pk_bytes, header, msg_scalars.slice(0, L), 34 | gens, API_ID_BBS_SHAKE); 35 | console.log('Complete signature single message:'); 36 | let resultString = bytesToHex(signature); 37 | console.log(resultString); 38 | // From https://github.com/decentralized-identity/bbs-signature/blob/main/tooling/fixtures/fixture_data/bls12-381-shake-256/signature/signature001.json 39 | let expected = 'b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef'; 40 | console.log(`Test vector verified: ${resultString === expected}`); 41 | let verified = await verify(pk_bytes, signature, header, 42 | msg_scalars.slice(0, L), gens, API_ID_BBS_SHAKE); 43 | console.log(`Algorithm verified: ${verified}`); 44 | 45 | L = 10; // Try with all 10 messages 46 | signature = await sign(sk_bytes, pk_bytes, header, msg_scalars.slice(0, L), 47 | gens, API_ID_BBS_SHAKE); 48 | console.log('Complete signature 10 messages:'); 49 | resultString = bytesToHex(signature); 50 | console.log(resultString); 51 | // From https://github.com/decentralized-identity/bbs-signature/blob/main/tooling/fixtures/fixture_data/bls12-381-shake-256/signature/signature004.json 52 | expected = '956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e'; 53 | console.log(`Test vector verified: ${resultString === expected}`); 54 | verified = await verify(pk_bytes, signature, header, msg_scalars.slice(0, L), 55 | gens, API_ID_BBS_SHAKE); 56 | console.log(`Algorithm verified: ${verified}`); 57 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, all messages revealed proof", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 1, 22 | 2, 23 | 3, 24 | 4, 25 | 5, 26 | 6, 27 | 7, 28 | 8, 29 | 9 30 | ], 31 | "proof": "b1f468aec2001c4f54cb56f707c6222a43e5803a25b2253e67b2210ab2ef9eab52db2d4b379935c4823281eaf767fd37b08ce80dc65de8f9769d27099ae649ad4c9b4bd2cc23edcba52073a298087d2495e6d57aaae051ef741adf1cbce65c64a73c8c97264177a76c4a03341956d2ae45ed3438ce598d5cda4f1bf9507fecef47855480b7b30b5e4052c92a4360110c67327365763f5aa9fb85ddcbc2975449b8c03db1216ca66b310f07d0ccf12ab460cdc6003b677fed36d0a23d0818a9d4d098d44f749e91008cf50e8567ef936704c8277b7710f41ab7e6e16408ab520edc290f9801349aee7b7b4e318e6a76e028e1dea911e2e7baec6a6a174da1a22362717fbae1cd961d7bf4adce1d31c2ab", 32 | "result": { 33 | "valid": true 34 | }, 35 | "trace": { 36 | "random_scalars": { 37 | "r1": "60ca409f6b0563f687fc471c63d2819f446f39c23bb540925d9d4254ac58f337", 38 | "r2": "2ceff4982de0c913090f75f081df5ec594c310bb48c17cfdaab5332a682ef811", 39 | "e_tilde": "6101c4404895f3dff87ab39c34cb995af07e7139e6b3847180ffdd1bc8c313cd", 40 | "r1_tilde": "0dfcffd97a6ecdebef3c9c114b99d7a030c998d938905f357df62822dee072e8", 41 | "r3_tilde": "639e3417007d38e5d34ba8c511e836768ddc2669fdd3faff5c14ad27ac2b2da1", 42 | "m_tilde_scalars": [] 43 | }, 44 | "A_bar": "b1f468aec2001c4f54cb56f707c6222a43e5803a25b2253e67b2210ab2ef9eab52db2d4b379935c4823281eaf767fd37", 45 | "B_bar": "b08ce80dc65de8f9769d27099ae649ad4c9b4bd2cc23edcba52073a298087d2495e6d57aaae051ef741adf1cbce65c64", 46 | "D": "a73c8c97264177a76c4a03341956d2ae45ed3438ce598d5cda4f1bf9507fecef47855480b7b30b5e4052c92a4360110c", 47 | "T1": "9881efa96b2411626d490e399eb1c06badf23c2c0760bd403f50f45a6b470c5a9dbeef53a27916f2f165085a3878f1f4", 48 | "T2": "b9f8cf9271d10a04ae7116ad021f4b69c435d20a5af10ddd8f5b1ec6b9b8b91605aca76a140241784b7f161e21dfc3e7", 49 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 50 | "challenge": "28e1dea911e2e7baec6a6a174da1a22362717fbae1cd961d7bf4adce1d31c2ab" 51 | } 52 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof002.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, all messages revealed proof", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 1, 22 | 2, 23 | 3, 24 | 4, 25 | 5, 26 | 6, 27 | 7, 28 | 8, 29 | 9 30 | ], 31 | "proof": "91b0f598268c57b67bc9e55327c3c2b9b1654be89a0cf963ab392fa9e1637c565241d71fd6d7bbd7dfe243de85a9bac8b7461575c1e13b5055fed0b51fd0ec1433096607755b2f2f9ba6dc614dfa456916ca0d7fc6482b39c679cfb747a50ea1b3dd7ed57aaadc348361e2501a17317352e555a333e014e8e7d71eef808ae4f8fbdf45cd19fde45038bb310d5135f5205fc550b077e381fb3a3543dca31a0d8bba97bc0b660a5aa239eb74921e184aa3035fa01eaba32f52029319ec3df4fa4a4f716edb31a6ce19a19dbb971380099345070bd0fdeecf7c4774a33e0a116e069d5e215992fb637984802066dee6919146ae50b70ea52332dfe57f6e05c66e99f1764d8b890d121d65bfcc2984886ee0", 32 | "result": { 33 | "valid": true 34 | }, 35 | "trace": { 36 | "random_scalars": { 37 | "r1": "1308e6f945f663b96de1c76461cf7d7f88b92eb99a9034685150db443d733881", 38 | "r2": "25f81cb69a8fac6fb55d44a084557258575d1003be2bd94f1922dad2c3e447fd", 39 | "e_tilde": "5e8041a7ab02976ee50226c4b062b47d38829bbf42ee7eb899b29720377a584c", 40 | "r1_tilde": "3bbf1d5dc2904dbb7b2ba75c5dce8a5ad2d56a359c13ff0fa5fcb1339cd2fe58", 41 | "r3_tilde": "016b1460eee7707c524a86a4aedeb826ce9597b42906dccaa96c6b49a8ea7da2", 42 | "m_tilde_scalars": [] 43 | }, 44 | "A_bar": "91b0f598268c57b67bc9e55327c3c2b9b1654be89a0cf963ab392fa9e1637c565241d71fd6d7bbd7dfe243de85a9bac8", 45 | "B_bar": "b7461575c1e13b5055fed0b51fd0ec1433096607755b2f2f9ba6dc614dfa456916ca0d7fc6482b39c679cfb747a50ea1", 46 | "D": "b3dd7ed57aaadc348361e2501a17317352e555a333e014e8e7d71eef808ae4f8fbdf45cd19fde45038bb310d5135f520", 47 | "T1": "8890adfc78da24768d59dbfdb3f380e2793e9018b20c23e9ba05baa60f1b21456bc047a5d27049dab5dc6a94696ce711", 48 | "T2": "a49f953636d3651a3ae6fe45a99a2e4fec079eef3be8b8a6a4ba70885d7e028642f7224e9f451529915c88a7edc59fbe", 49 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 50 | "challenge": "46ae50b70ea52332dfe57f6e05c66e99f1764d8b890d121d65bfcc2984886ee0" 51 | } 52 | } -------------------------------------------------------------------------------- /examples/ProofGenVerifyExample.js: -------------------------------------------------------------------------------- 1 | /*global console*/ 2 | import {API_ID_BBS_SHAKE, bytesToHex, hexToBytes, messages_to_scalars, 3 | prepareGenerators, proofGen, proofVerify, publicFromPrivate} 4 | from '../lib/BBS.js'; 5 | // Some test messages in hex string format from draft 6 | const hex_msgs = [ 7 | '9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02', 8 | 'c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80', 9 | '7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73', 10 | '77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c', 11 | '496694774c5604ab1b2544eababcf0f53278ff50', 12 | '515ae153e22aae04ad16f759e07237b4', 13 | 'd183ddc6e2665aa4e2f088af', 14 | 'ac55fb33a75909ed', 15 | '96012096', 16 | '' 17 | ]; 18 | 19 | const test_msgs = hex_msgs.map(hex => hexToBytes(hex)); // Convert to byte array 20 | const msg_scalars = await messages_to_scalars(test_msgs, API_ID_BBS_SHAKE); // hash to scalars 21 | const gens = await prepareGenerators(test_msgs.length + 1, API_ID_BBS_SHAKE); // Enough for all msgs 22 | 23 | const sk_bytes = hexToBytes( 24 | '2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079'); 25 | const pk_bytes = publicFromPrivate(sk_bytes); 26 | const header = hexToBytes('11223344556677889900aabbccddeeff'); 27 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 28 | // From https://github.com/decentralized-identity/bbs-signature/blob/main/tooling/fixtures/fixture_data/bls12-381-shake-256/signature/signature004.json 29 | const signature = hexToBytes('956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e'); 30 | const ph = new Uint8Array(); 31 | const disclosed_indexes = [0, 1, 2, 3, 6, 7, 8, 9]; 32 | let result = await proofGen(pk_bytes, signature, header, ph, msg_scalars, 33 | disclosed_indexes, gens, API_ID_BBS_SHAKE); 34 | // console.log(`result length: ${result.length}`); 35 | // console.log(`expected length: ${3*48 + 5*32 + 32*(msg_scalars.length - disclosed_indexes.length)}`); 36 | console.log('Proof'); 37 | console.log(bytesToHex(result)); 38 | // Create proof bundle: pk_bytes, header, ph, disclosed msgs, disclosed indexes, proof, total messages 39 | const disclosedMsgs = hex_msgs.filter( 40 | (msg, i) => disclosed_indexes.includes(i) 41 | ); 42 | const proofBundle = { 43 | pk: bytesToHex(pk_bytes), 44 | header: bytesToHex(header), 45 | ph: bytesToHex(ph), 46 | disclosedIndexes: disclosed_indexes, 47 | disclosedMsgs, 48 | proof: bytesToHex(result) 49 | }; 50 | 51 | console.log(proofBundle); 52 | 53 | // Verify proof 54 | const pk = hexToBytes(proofBundle.pk); 55 | const proof = hexToBytes(proofBundle.proof); 56 | const headerV = hexToBytes(proofBundle.header); 57 | const phV = hexToBytes(proofBundle.ph); 58 | 59 | // In the proof bundle messages are hex strings, need scalars 60 | const dis_msg_octets = proofBundle.disclosedMsgs.map(hex => hexToBytes(hex)); 61 | const disclosed_msgs = await messages_to_scalars(dis_msg_octets, 62 | API_ID_BBS_SHAKE); 63 | const disclosed_indexesV = proofBundle.disclosedIndexes; 64 | result = await proofVerify(pk, proof, headerV, phV, disclosed_msgs, 65 | disclosed_indexesV, gens, API_ID_BBS_SHAKE); 66 | console.log(`Proof verified: ${result}`); 67 | -------------------------------------------------------------------------------- /blind_test/proofVerification.js: -------------------------------------------------------------------------------- 1 | /* 2 | Verifies all Blind proof test vectors, but does not test proof generation. 3 | */ 4 | /*global describe, before, it*/ 5 | /* eslint-disable max-len */ 6 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes, messages_to_scalars, 7 | prepareGenerators} from '../lib/BBS.js'; 8 | import {readdir, readFile} from 'fs/promises'; 9 | import {assert} from 'chai'; 10 | import { BlindProofVerify } from '../lib/BlindBBS.js'; 11 | import {dirname} from 'path'; 12 | import {fileURLToPath} from 'url'; 13 | 14 | const maxL = 20; // Use when precomputing the generators 15 | const __dirname = dirname(fileURLToPath(import.meta.url)); 16 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/proof/'; 17 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/proof/'; 18 | 19 | for(const api_id of [API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE]) { // , API_ID_BLIND_BBS_SHAKE 20 | let path = SHA_PATH; 21 | if(api_id.includes('SHAKE-256')) { 22 | path = SHAKE_PATH; 23 | } 24 | // Read all the proof test files into JavaScript objects 25 | const vectorPath = path; 26 | const testFiles = await readdir(vectorPath); 27 | // console.log(testFiles); 28 | const testVectors = []; 29 | for(const fn of testFiles) { 30 | const testVector = JSON.parse(await readFile(vectorPath + fn)); 31 | testVectors.push(testVector); // Uncomment for regular testing 32 | } 33 | 34 | describe('Proof Verification ' + api_id, function() { 35 | for(const vector of testVectors) { 36 | // Create test name 37 | let testName = vector.caseName; 38 | if(vector.result.valid) { 39 | testName += ':valid'; 40 | } else { 41 | testName += ':invalid:' + vector.result.reason; 42 | } 43 | 44 | it(testName + ' ' + api_id, async function() { 45 | // From the test vector get the disclosed indices and messages 46 | const revealedMessages = vector.revealedMessages; 47 | const disclosedIndexes = Object.keys(revealedMessages).map(s => parseInt(s)); 48 | const messagesOctets = Object.values(revealedMessages).map(msg => hexToBytes(msg)); 49 | // Get the disclosed committed messages and indexes 50 | let revealedCommittedMessages = []; 51 | let disclosedCommittedIndexes = []; 52 | let committedMessageOctets = []; 53 | if(vector.revealedCommittedMessages) { 54 | revealedCommittedMessages = vector.revealedCommittedMessages; 55 | disclosedCommittedIndexes = Object.keys(revealedCommittedMessages).map(s => parseInt(s)); 56 | committedMessageOctets = Object.values(revealedCommittedMessages).map(msg => hexToBytes(msg)); 57 | } 58 | // console.log(disclosedIndexes); 59 | // console.log(messagesOctets); 60 | const headerBytes = hexToBytes(vector.header); 61 | const publicBytes = hexToBytes(vector.signerPublicKey); 62 | const proof = hexToBytes(vector.proof); 63 | const ph = hexToBytes(vector.presentationHeader); 64 | const result = await BlindProofVerify(publicBytes, proof, headerBytes, 65 | ph, vector.L, messagesOctets, committedMessageOctets, disclosedIndexes, 66 | disclosedCommittedIndexes, api_id); 67 | assert.equal(result, vector.result.valid); 68 | }); 69 | } 70 | }); 71 | } 72 | -------------------------------------------------------------------------------- /pseudonym_test/nymProofGenTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, TextEncoder */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE, hexToBytes, 4 | seeded_random_scalars} from '../lib/BBS.js'; 5 | import {readdir, readFile} from 'fs/promises'; 6 | import {assert} from 'chai'; 7 | import {ProofGenWithNym} from '../lib/PseudonymBBS.js'; 8 | import {bytesToHex} from '@noble/hashes/utils'; 9 | 10 | import {dirname} from 'path'; 11 | import {fileURLToPath} from 'url'; 12 | 13 | const __dirname = dirname(fileURLToPath(import.meta.url)); 14 | 15 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/nymProof/'; 16 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/nymProof/'; 17 | const allMessagesFile = __dirname + '/fixture_data/messages.json'; 18 | 19 | const allMessages = JSON.parse(await readFile(allMessagesFile)); 20 | const messages = allMessages.map(hexMsg => hexToBytes(hexMsg)); 21 | for(const api_id of [API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE]) { // API_ID_PSEUDONYM_BBS_SHA, API_ID_PSEUDONYM_BBS_SHAKE 22 | let path = SHA_PATH; 23 | if(api_id.includes('SHAKE-256')) { 24 | path = SHAKE_PATH; 25 | } 26 | const files = await readdir(path); 27 | // get all the test vectors in the dir 28 | const testVectors = []; 29 | for(const fn of files) { 30 | testVectors.push(JSON.parse(await readFile(path + fn))); 31 | } 32 | 33 | describe('Pseudonym Proof generation for ' + api_id, async function() { 34 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 35 | const proofFixture = testVectors[i]; 36 | it(`case: ${proofFixture.caseName}`, async function() { 37 | const PK = hexToBytes(proofFixture.signerPublicKey); 38 | const signature = hexToBytes(proofFixture.signature); 39 | const header = hexToBytes(proofFixture.header); 40 | const ph = hexToBytes(proofFixture.presentationHeader); 41 | // const pseudonym_bytes = hexToBytes(proofFixture.pseudonym); 42 | const context_id = hexToBytes(proofFixture.context_id); 43 | const nym_secret = BigInt('0x' + proofFixture.nym_secret); 44 | const disclosedIndexes = proofFixture.disclosedIndexes; 45 | const disclosed_commitment_indexes = proofFixture.disclosedComIndexes; 46 | const proverBlind = BigInt('0x' + proofFixture.proverBlind); 47 | // Pseudo random (deterministic) scalar generation seed and function 48 | const rngParams = proofFixture.mockRngParameters; 49 | const te = new TextEncoder(); 50 | const seed = te.encode(rngParams.SEED); 51 | const rng_dst = rngParams.proof.DST; 52 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 53 | // const proof = await HiddenPidProofGen(PK, signature, pseudonym_bytes, verifier_id, 54 | // pid, header, ph, messages, disclosedIndexes, proverBlind, 55 | // 0n, api_id, rand_scalar_func); 56 | const committed_messages = []; 57 | const [proof, pseudonym] = await ProofGenWithNym(PK, signature, header, ph, nym_secret, context_id, 58 | messages, committed_messages, disclosedIndexes, disclosed_commitment_indexes, 59 | proverBlind, api_id, rand_scalar_func); 60 | console.log(`proof: ${bytesToHex(proof)}`); 61 | assert.equal(bytesToHex(proof), proofFixture.proof); 62 | assert.equal(bytesToHex(pseudonym.toRawBytes(true)), proofFixture.pseudonym); 63 | }); 64 | } 65 | }); 66 | } 67 | -------------------------------------------------------------------------------- /test/proofGenSeeded.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, before */ 2 | /*eslint max-len: ["error", { "ignoreStrings": true, "ignoreComments": true }]*/ 3 | /* 4 | Uses seeded random pseudo random generator in proof generation to check 5 | against generated proof test vectors. 6 | */ 7 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, bytesToHex, hexToBytes, 8 | messages_to_scalars, prepareGenerators, proofGen, seeded_random_scalars} 9 | from '../lib/BBS.js'; 10 | import {assert} from 'chai'; 11 | import {readFile} from 'fs/promises'; 12 | 13 | const maxL = 20; // Use when precomputing the generators 14 | 15 | // Need the signatures that go with the proofs. 16 | const testFiles = ['proof001.json', 'proof002.json', 'proof003.json', 17 | 'proof014.json', 'proof015.json']; 18 | 19 | const SHA_PATH = './test/fixture_data/bls12-381-sha-256/'; 20 | const SHAKE_PATH = './test/fixture_data/bls12-381-shake-256/'; 21 | 22 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 23 | let path = SHA_PATH; 24 | if(api_id.includes('SHAKE-256')) { 25 | path = SHAKE_PATH; 26 | } 27 | // Pseudo random (deterministic) scalar generation seed and function 28 | const seed = hexToBytes('332e313431353932363533353839373933323338343632363433333833323739'); 29 | const rng_dst = api_id + 'MOCK_RANDOM_SCALARS_DST_'; 30 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 31 | // Read all the proof test files into JavaScript objects 32 | const proofPath = path + 'proof/'; 33 | // console.log(testFiles); 34 | const testVectors = []; 35 | for(const filename of testFiles) { 36 | const proofBundle = JSON.parse(await readFile(proofPath + filename)); 37 | testVectors.push(proofBundle); 38 | } 39 | // console.log(testVectors); 40 | 41 | describe('Proof Generation Seeded Validation ' + api_id, function() { 42 | let gens; 43 | before(async function() { 44 | gens = await prepareGenerators(maxL + 1, api_id); // precompute generators 45 | }); 46 | 47 | for(const proofBundle of testVectors) { 48 | // Create test name 49 | const testName = proofBundle.caseName; 50 | 51 | it(testName + ' ' + api_id, async function() { 52 | // Get all the signature related stuff 53 | const messagesOctets = proofBundle.messages.map(msg => hexToBytes(msg)); 54 | const msg_scalars = await messages_to_scalars(messagesOctets, api_id); 55 | const headerBytes = hexToBytes(proofBundle.header); 56 | const publicBytes = hexToBytes(proofBundle.signerPublicKey); 57 | const signature = hexToBytes(proofBundle.signature); 58 | 59 | // From the test vector get the disclosed indices and messages 60 | 61 | const disclosedIndexes = proofBundle.disclosedIndexes; 62 | 63 | const ph = hexToBytes(proofBundle.presentationHeader); 64 | const proof = await proofGen(publicBytes, signature, headerBytes, ph, 65 | msg_scalars, disclosedIndexes, gens, api_id, rand_scalar_func); 66 | // console.log("Computed Proof:"); 67 | // console.log(bytesToHex(proof)); 68 | // console.log("Test vector Proof:"); 69 | // console.log(proofBundle.proof); 70 | // console.log(`is equal?: ${bytesToHex(proof) === proofBundle.proof}`); 71 | // console.log('Computed proof raw values:'); 72 | // console.log(octets_to_proof(proof)); 73 | // console.log('Test Vector proof raw values:'); 74 | // console.log(octets_to_proof(hexToBytes(proofBundle.proof))); 75 | assert.equal(bytesToHex(proof), proofBundle.proof); 76 | }); 77 | } 78 | }); 79 | } 80 | -------------------------------------------------------------------------------- /Guide/NIST-BBS_Talk-Outline.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: BBS NIST Talk Outline 3 | author: Dr. Greg M. Bernstein 4 | date: 2023-10-05 5 | --- 6 | 7 | # NIST BBS Talk Outline 8 | 9 | Tentative Title: BBS+ Signatures: Applications, Standardizations, and a bit of Theory 10 | 11 | Presenters: Dr. Greg M. Bernstein, Dr. Vasilis Kalos 12 | 13 | Abstract: In this talk we present an overview of BBS+ signatures from an applications and standardization perspective. In addition we will review its cryptographic/ZKP underpinnings. Verifiable credentials are currently undergoing standardization at the W3C as an electronic substitute/adjunct to many traditional types of credentials such as passports, educational transcripts, etc... BBS+ signatures can provide the key features of selective disclosure and unlinkability to verifiable credentials. However the road from academic papers to multi-vendor interoperable deployment requires working through multiple standards development organizations. We describe this process for BBS+ via our work at the IETF, DIF, and W3C. 14 | 15 | 1. Application Scenarios and Benefits (Greg) 16 | 1. Intro: 17 | 1. Who am I 18 | 2. BBS+ Draft Standard and fundamental Papers 19 | 2. Verifiable Credentials (W3C) and AnonCreds (HyperLedger) 20 | 1. Three party model: Issuer, Holder, Verifier 21 | 2. VC and Cryptography: current specifications in progress 22 | 3. BBS in Browser Demo 23 | 3. Selective Disclosure 24 | 1. What is it? Example 25 | 2. Quick comparison to other high level selective disclosure approaches 26 | 3. Size characteristics of general selective disclosure approaches 27 | 4. Unlinkable Signatures 28 | 1. Tracking/Linking Threat Model: Verifier-Verifier collusion, Issuer-Verifier collusion 29 | 2. What is he problem? Example with BBS 30 | 3. Not just a signature problem. Uniqueness of information and artifacts 31 | 4. Other signature schemes that provide unlinkability (omit) 32 | 2. Standardization and a bit of Theory (Vasilis) 33 | 1. Theoretical Basis for BBS+ signatures 34 | 2. From theory to standards 35 | 36 | Extra Ideas: 37 | 38 | 1. Quick History 39 | 1. Security Models: Plain, Random Oracle, AGM... 40 | 2. BBS2004 *Short group signatures* 41 | 3. CL2004 *Signature Schemes and Anonymous Credentials from Bilinear Maps* 42 | 4. ASM2006 *Constant-size dynamic k-TAA* 43 | 5. CDL2016 *Anonymous attestation using the strong Diffie-Hellman assumption revisited* 44 | 6. TZ2023 *Revisiting BBS Signatures* 45 | 2. Key Supplemental Techniques 46 | 1. ZKP via Sigma Protocols for general linear relations (simplest to most general) 47 | 1. [Schnorr Non-interactive Zero-Knowledge Proof (RFC8235)](https://www.rfc-editor.org/rfc/rfc8235.html), 2017. Provides full details. 48 | 2. CS1997 *Efficient group signature schemes for large groups* 49 | 3. CKY2009 *On the portability of generalized Schnorr proofs* 50 | 2. Fiat-Shamir heuristic: FS1987 *How to prove yourself: Practical solution to identification and signature problems* 51 | 3. Pedersen Commitments: Ped1992 *Non-interactive and information-theoretic secure verifiable secret sharing* 52 | 53 | Cut from Greg: 54 | 55 | 2. Standardization Part I (Greg -- cut) 56 | 1. Standards Development Organizations and Others. So many to choose from 57 | 2. Goal interoperability: Proof multiple independent implementations 58 | 3. How Open? Costs? Participant Pool (just vendors, just customers) 59 | 4. History and Expertise, Process (frequency of meeting) 60 | 5. DIF and IETF recent history Elliptic Curves, Pairings, Hash to Curve -------------------------------------------------------------------------------- /test/signatures.js: -------------------------------------------------------------------------------- 1 | /*global before, describe, it */ 2 | import {API_ID_BBS_SHA, API_ID_BBS_SHAKE, bytesToHex, hexToBytes, 3 | messages_to_scalars, prepareGenerators, sign, verify} from '../lib/BBS.js'; 4 | import {readdir, readFile} from 'fs/promises'; 5 | import {assert} from 'chai'; 6 | 7 | const maxL = 20; // Use when precomputing the generators 8 | 9 | const SHA_PATH = './test/fixture_data/bls12-381-sha-256/'; 10 | const SHAKE_PATH = './test/fixture_data/bls12-381-shake-256/'; 11 | 12 | for(const api_id of [API_ID_BBS_SHA, API_ID_BBS_SHAKE]) { 13 | let path = SHA_PATH; 14 | if(api_id.includes('SHAKE-256')) { 15 | path = SHAKE_PATH; 16 | } 17 | 18 | // Read all the signature test files into JavaScript objects 19 | const vectorPath = path + 'signature/'; 20 | const testFiles = await readdir(vectorPath); 21 | // console.log(testFiles); 22 | const testVectors = []; 23 | for(const fn of testFiles) { 24 | const testVector = JSON.parse(await readFile(vectorPath + fn)); 25 | testVectors.push(testVector); 26 | // console.log(testVector); 27 | } 28 | 29 | describe('Signatures ' + api_id, function() { 30 | let gens; 31 | before(async function() { 32 | gens = await prepareGenerators(maxL + 1, api_id); // precompute generators 33 | }); 34 | 35 | for(const vector of testVectors) { 36 | // Create test name 37 | let testName = vector.caseName; 38 | if(vector.result.valid) { 39 | testName += ':valid'; 40 | } else { 41 | testName += ':invalid:' + vector.result.reason; 42 | } 43 | 44 | // We only check signature generation for "valid" test signatures 45 | if(vector.result.valid) { 46 | it('signature ' + api_id + ': ' + testName, async function() { 47 | const messagesOctets = vector.messages.map(msg => hexToBytes(msg)); 48 | const msg_scalars = await messages_to_scalars(messagesOctets, api_id); 49 | const headerBytes = hexToBytes(vector.header); 50 | const secretScalar = BigInt('0x' + vector.signerKeyPair.secretKey); 51 | const publicBytes = hexToBytes(vector.signerKeyPair.publicKey); 52 | const result = await sign(secretScalar, publicBytes, headerBytes, 53 | msg_scalars, gens, api_id); 54 | // let computeSig = octets_to_sig(result); 55 | // console.log('Computed raw signature:'); 56 | // console.log(computeSig); 57 | // console.log('Computed e value in hex:'); 58 | // console.log(computeSig.e.toString(16)); 59 | // let testVectSigBytes = hexToBytes(vector.signature); 60 | // let testVectSig = octets_to_sig(testVectSigBytes); 61 | // console.log('Raw test vector signature:'); 62 | // console.log(testVectSig); 63 | assert.equal(bytesToHex(result), vector.signature, 64 | 'signatures should match'); 65 | 66 | }); 67 | } 68 | // We verify against all signatures whether valid or invalid 69 | it('verify ' + api_id + ': ' + testName, async function() { 70 | const messagesOctets = vector.messages.map(msg => hexToBytes(msg)); 71 | const msg_scalars = await messages_to_scalars(messagesOctets, api_id); 72 | const gens = await prepareGenerators(vector.messages.length + 1, 73 | api_id); 74 | const headerBytes = hexToBytes(vector.header); 75 | const publicBytes = hexToBytes(vector.signerKeyPair.publicKey); 76 | const signature = hexToBytes(vector.signature); 77 | const verified = await verify(publicBytes, signature, headerBytes, 78 | msg_scalars, gens, api_id); 79 | assert.equal(verified, vector.result.valid); 80 | }); 81 | } 82 | }); 83 | } 84 | -------------------------------------------------------------------------------- /blind_test/proofGenTest.js: -------------------------------------------------------------------------------- 1 | /* global describe, it, TextEncoder */ 2 | /* eslint-disable max-len */ 3 | import {API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE, hexToBytes, 4 | seeded_random_scalars} from '../lib/BBS.js'; 5 | import {readdir, readFile} from 'fs/promises'; 6 | import {assert} from 'chai'; 7 | import {BlindProofGen} from '../lib/BlindBBS.js'; 8 | import {bytesToHex} from '@noble/hashes/utils'; 9 | 10 | import {dirname} from 'path'; 11 | import {fileURLToPath} from 'url'; 12 | 13 | const __dirname = dirname(fileURLToPath(import.meta.url)); 14 | 15 | const SHA_PATH = __dirname + '/fixture_data/bls12-381-sha-256/proof/'; 16 | const SHAKE_PATH = __dirname + '/fixture_data/bls12-381-shake-256/proof/'; 17 | const allMessagesFile = __dirname + '/fixture_data/messages.json'; 18 | 19 | const allMessages = JSON.parse(await readFile(allMessagesFile)); 20 | const messages = allMessages.messages.map(hexMsg => hexToBytes(hexMsg)); 21 | const committedMessages = allMessages.committedMessages.map(hexMsg => hexToBytes(hexMsg)); 22 | for(const api_id of [API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE]) { // API_ID_BLIND_BBS_SHA, API_ID_BLIND_BBS_SHAKE 23 | let path = SHA_PATH; 24 | if(api_id.includes('SHAKE-256')) { 25 | path = SHAKE_PATH; 26 | } 27 | const files = await readdir(path); 28 | // get all the test vectors in the dir 29 | const testVectors = []; 30 | 31 | for(const fn of files) { 32 | let vectorObj = JSON.parse(await readFile(path + fn)); 33 | vectorObj.filename = fn; 34 | testVectors.push(vectorObj); 35 | } 36 | 37 | describe('Proof generation for ' + api_id, async function() { 38 | for(let i = 0; i < testVectors.length; i++) { // testVectors.length 39 | const proofFixture = testVectors[i]; 40 | it(`file: ${proofFixture.filename}, case: ${proofFixture.caseName}`, async function() { 41 | const PK = hexToBytes(proofFixture.signerPublicKey); 42 | const signature = hexToBytes(proofFixture.signature); 43 | const header = hexToBytes(proofFixture.header); 44 | let proverBlind = 0n; 45 | if(proofFixture.proverBlind) { 46 | proverBlind = BigInt('0x' + proofFixture.proverBlind); 47 | } 48 | const ph = hexToBytes(proofFixture.presentationHeader); 49 | // Get indexes from objects 50 | const revealedCommittedMessages = proofFixture.revealedCommittedMessages; 51 | const revealedMessages = proofFixture.revealedMessages; 52 | const disclosedIndexes = Object.keys(revealedMessages).map(s => parseInt(s)); 53 | let disclosedCommittedIndexes = []; 54 | let usedCommittedMessages = []; 55 | if(revealedCommittedMessages) { 56 | disclosedCommittedIndexes = Object.keys(revealedCommittedMessages).map(s => parseInt(s)); 57 | usedCommittedMessages = committedMessages; 58 | } 59 | // Pseudo random (deterministic) scalar generation seed and function 60 | const rngParams = proofFixture.mockRngParameters; 61 | const te = new TextEncoder(); 62 | const seed = te.encode(rngParams.SEED); 63 | const rng_dst = rngParams.proof.DST; 64 | const rand_scalar_func = seeded_random_scalars.bind(null, seed, rng_dst); 65 | // console.log(`disclosed idxs: ${disclosedIndexes}`); 66 | // console.log(`disclosed committed idxs: ${disclosedCommittedIndexes}`); 67 | const proof = await BlindProofGen(PK, signature, header, ph, messages, 68 | usedCommittedMessages, disclosedIndexes, disclosedCommittedIndexes, 69 | proverBlind, api_id, 70 | rand_scalar_func); 71 | // console.log(`proof: ${bytesToHex(proof)}`); 72 | // console.log(`indexes: ${disclosed_idxs}`); 73 | // console.log('disclosed_msgs:'); 74 | // console.log(disclosed_msgs.map(bs => bytesToHex(bs))); 75 | assert.equal(bytesToHex(proof), proofFixture.proof); 76 | }); 77 | } 78 | }); 79 | } 80 | -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof015.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof, no presentation header", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135672556358e78b5398f1a547a2a98dfe16230f244ba742dea737e4f810b4d94e03ac068ef840aaadf12b2ed51d3fb774c2a0a620019fd1f39c52c6f89a0e6067e3039413a91129791b2af215a82ad2356b6bc305c1d7a828fe519619dd026eaaf07ea81cee52b21aab3e8320519bf37c2bb228a8b580f899d84327bdc5e84a66000e8bac17d2fa039bb2246c8eacc623ccd9eb26e184a96a9e3a6702e1dbafe194772394b05251f72bcd2d20f542b15b2406f899791f6f285c7b469e7c7b9624147f305c38c903273a949f6e85b9774aeeccfafa432e2cdd7c8f97d1687741ed30d725444428dd87d9884711d9a46baaf0c04b03a2a228b7033be0841880134b03b15f698756eca5f37503a0411a9586d3027a8b8b9118e95a9949b2719e85e4a669d9e4b7bb6d4544c8cc558c30d79f9c85a87e1a95611400b7c7dac5673d800", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 32 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 33 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 34 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 35 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 36 | "m_tilde_scalars": [ 37 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 38 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 39 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 40 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 41 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 42 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 43 | ] 44 | }, 45 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 46 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 47 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 48 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 49 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 50 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 51 | "challenge": "669d9e4b7bb6d4544c8cc558c30d79f9c85a87e1a95611400b7c7dac5673d800" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof015.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof, no presentation header", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af33fda9e14ba4cc0fcad8015bce3fecc4704799bef9924ab19688fc04f760c4da35017072a3e295788eff1b0dc2311bb199c186f86ea0540379d5a2ac8b7bd02d22487f2acc0e299115e16097b970badea802752a6fcb56cfbbcc2569916a8d3fe6d2d0fb1ae801cfc5ce056699adf23e3cd16b1fdf197deac099ab093da049a5b4451d038c71b7cc69e8390967594f6777a855c7f5d301f0f0573211ac85e2e165ea196f78c33f54092645a51341b777f0f5342301991f3da276c04b0224f7308090ae0b290d428a0570a71605a27977e7daf01d42dfbdcec252686c3060a73d81f6e151e23e3df2473b322da389f15a55cb2cd8a2bf29ef0d83d4876117735465fae956d8df56ec9eb0e4748ad3ef5587797368c51a0ccd67eb6da38602a1c2d4fd411214efc6932334ba0bcbf562626e7c0e1ae0db912c28d99f194fa3cd3a2", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 32 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 33 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 34 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 35 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 36 | "m_tilde_scalars": [ 37 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 38 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 39 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 40 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 41 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 42 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 43 | ] 44 | }, 45 | "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", 46 | "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", 47 | "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", 48 | "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", 49 | "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", 50 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 51 | "challenge": "4fd411214efc6932334ba0bcbf562626e7c0e1ae0db912c28d99f194fa3cd3a2" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof014.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof, no header", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8c87e2080859a97299c148427cd2fcf390d24bea850103a9748879039262ecf4f42206f6ef767f298b6a96b424c1e86c26f8fba62212d0e05b95261c2cc0e5fdc63a32731347e810fd12e9c58355aa0d", 5 | "header": "", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "81925c2e525d9fbb0ba95b438b5a13fff5874c7c0515c193628d7d143ddc3bb487771ad73658895997a88dd5b254ed29abc019bfca62c09b8dafb37e5f09b1d380e084ec3623d071ec38d6b8602af93aa0ddbada307c9309cca86be16db53dc7ac310574f509c712bb1a181d64ea3c1ee075c018a2bc773e2480b5c033ccb9bfea5af347a88ab83746c9342ba76db3675ff70ce9006d166fd813a81b448a632216521c864594f3f92965974914992f8d1845230915b11680cf44b25886c5670904ac2d88255c8c31aea7b072e9c4eb7e4c3fdd38836ae9d2e9fa271c8d9fd42f669a9938aeeba9d8ae613bf11f489ce947616f5cbaee95511dfaa5c73d85e4ddd2f29340f821dc2fb40db3eae5f5bc08467eb195e38d7d436b63e556ea653168282a23b53d5792a107f85b1203f82aab46f6940650760e5b320261ffc0ca5f15917b51e7d2ad4bcbec94de792e229db663abff23af392a5e73ce115c27e8492ec24a0815091c69874dbd9dae2d2eed000810c748a798a78a804a39034c6e745cee455812cc982eea7105948b2cb55b82278a77237fcbec4748e2d2255af0994dd09dba8ac60515a39b24632a2c1c840c4a70506add5b2eb0be9ff66e3ea8deae666f198edfbb1391c6834e6df4f1026d", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 32 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 33 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 34 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 35 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 36 | "m_tilde_scalars": [ 37 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 38 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 39 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 40 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 41 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 42 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 43 | ] 44 | }, 45 | "A_bar": "81925c2e525d9fbb0ba95b438b5a13fff5874c7c0515c193628d7d143ddc3bb487771ad73658895997a88dd5b254ed29", 46 | "B_bar": "abc019bfca62c09b8dafb37e5f09b1d380e084ec3623d071ec38d6b8602af93aa0ddbada307c9309cca86be16db53dc7", 47 | "D": "ac310574f509c712bb1a181d64ea3c1ee075c018a2bc773e2480b5c033ccb9bfea5af347a88ab83746c9342ba76db367", 48 | "T1": "ada552bd7ee0d6914b89eaa0e9426b3bdbdfa7ecac26b3c118aefefc577095e894c1b4a828c184e091a563e09763f3a9", 49 | "T2": "818dd907bf0321cf982648f91d7201b357358d3b2f6f7678afa722d89bbe5eba4415e4a65567a03292d9c7859da20cad", 50 | "domain": "41c5fe0290d0da734ce9bba57bfe0dfc14f3f9cfef18a0d7438cf2075fd71cc7", 51 | "challenge": "4a70506add5b2eb0be9ff66e3ea8deae666f198edfbb1391c6834e6df4f1026d" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof014.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof, no header", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "88beeb970f803160d3058eacde505207c576a8c9e4e5dc7c5249cbcf2a046c15f8df047031eef3436e04b779d92a9cdb1fe4c6cc035ba1634f1740f9dd49816d3ca745ecbe39f655ea61fb700137fded", 5 | "header": "", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "8ac336eea1d278656372d9914483c3d3b3069dfa4a7862293ac021dfeeebca93cadd7eb2b818f7b89719cdeffa5aa85989a7d691be11b1929a2bf089bfe9f2adc2c06788edc30585546efb74877f34ad91f0d6923b4ed7a53c49051dda8d056a95644ee738810772d90c1033f1dfe45c0b1b453d131170aafa8a99f812f3b90a5d1d9e6bd05a4dee6a50dd277ffc646f2429372f3ad9d5946ffeb53f24d41ffcc83c32cbb68afc9b6e0b64eebd24c69c6a7bd3bca8a6394ed8ae315abd555a6996f34d9da7680447947b3f35f54c38b562e990ee4d17a21569af4fc02f2991e6db78cc32d3ef9f6069fc5c2d47c8d8ff116dfb8a59641641961b854427f67649df14ab6e63f2d0d2a0cba2b2e1e835d20cd45e41f274532e9d50f31a690e5fef1c1456b65c668b80d8ec17b09bd5fb3b2c4edd6d6f5f790a5d6da22eb9a1aa2196d1a607f3c753813ba2bc6ece15d35263218fc7667c5f0fabfffe74745a8000e0415c8dafd5654ce6850ac2c6485d02433fdaebd9993f8b86a2eebb3beb10b4cc7735330384a3f4dfd4d5b21998ad0227b37e736cf9c144a0386f28cccf27a01e50aab45dda8275eb877728e77d2055309dba8c6604e7cff0d2c46ce6026b8e232c192955f909da6e47c2130c7e3f4f", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 32 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 33 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 34 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 35 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 36 | "m_tilde_scalars": [ 37 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 38 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 39 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 40 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 41 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 42 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 43 | ] 44 | }, 45 | "A_bar": "8ac336eea1d278656372d9914483c3d3b3069dfa4a7862293ac021dfeeebca93cadd7eb2b818f7b89719cdeffa5aa859", 46 | "B_bar": "89a7d691be11b1929a2bf089bfe9f2adc2c06788edc30585546efb74877f34ad91f0d6923b4ed7a53c49051dda8d056a", 47 | "D": "95644ee738810772d90c1033f1dfe45c0b1b453d131170aafa8a99f812f3b90a5d1d9e6bd05a4dee6a50dd277ffc646f", 48 | "T1": "a5405cc2c5965dda18714ab35f4d4a7ae4024f388fa7a5ba71202d4455b50b316ec37b360659e3012234562fa8989980", 49 | "T2": "9827a40454cdc90a70e9c927f097019dbdd84768babb10ebcb460c2d918e1ce1c0512bf2cc49ed7ec476dfcde7a6a10c", 50 | "domain": "333d8686761cff65a3a2ef20bfa217d37bdf19105e87c210e9ce64ea1210a157", 51 | "challenge": "309dba8c6604e7cff0d2c46ce6026b8e232c192955f909da6e47c2130c7e3f4f" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 32 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 33 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 34 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 35 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 36 | "m_tilde_scalars": [ 37 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 38 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 39 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 40 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 41 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 42 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 43 | ] 44 | }, 45 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 46 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 47 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 48 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 49 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 50 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 51 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof003.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "valid multi-message signature, multiple messages revealed proof", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", 26 | "result": { 27 | "valid": true 28 | }, 29 | "trace": { 30 | "random_scalars": { 31 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 32 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 33 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 34 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 35 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 36 | "m_tilde_scalars": [ 37 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 38 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 39 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 40 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 41 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 42 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 43 | ] 44 | }, 45 | "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", 46 | "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", 47 | "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", 48 | "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", 49 | "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", 50 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 51 | "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" 52 | } 53 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof009.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (missing message revealed in proof)", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 11 | "496694774c5604ab1b2544eababcf0f53278ff50", 12 | "515ae153e22aae04ad16f759e07237b4", 13 | "d183ddc6e2665aa4e2f088af", 14 | "ac55fb33a75909ed", 15 | "96012096", 16 | "" 17 | ], 18 | "disclosedIndexes": [ 19 | 0, 20 | 2, 21 | 6 22 | ], 23 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", 24 | "result": { 25 | "valid": false, 26 | "reason": "missing message revealed in proof" 27 | }, 28 | "trace": { 29 | "random_scalars": { 30 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 31 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 32 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 33 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 34 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 35 | "m_tilde_scalars": [ 36 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 37 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 38 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 39 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 40 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 41 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 42 | ] 43 | }, 44 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 45 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 46 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 47 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 48 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 49 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 50 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 51 | } 52 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof009.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (missing message revealed in proof)", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 11 | "496694774c5604ab1b2544eababcf0f53278ff50", 12 | "515ae153e22aae04ad16f759e07237b4", 13 | "d183ddc6e2665aa4e2f088af", 14 | "ac55fb33a75909ed", 15 | "96012096", 16 | "" 17 | ], 18 | "disclosedIndexes": [ 19 | 0, 20 | 2, 21 | 6 22 | ], 23 | "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", 24 | "result": { 25 | "valid": false, 26 | "reason": "missing message revealed in proof" 27 | }, 28 | "trace": { 29 | "random_scalars": { 30 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 31 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 32 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 33 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 34 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 35 | "m_tilde_scalars": [ 36 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 37 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 38 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 39 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 40 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 41 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 42 | ] 43 | }, 44 | "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", 45 | "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", 46 | "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", 47 | "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", 48 | "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", 49 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 50 | "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" 51 | } 52 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof012.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (truncated proof, one less undisclosed message)", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870", 26 | "result": { 27 | "valid": false, 28 | "reason": "truncated proof, one less undisclosed message" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 33 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 34 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 35 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 36 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 37 | "m_tilde_scalars": [ 38 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 39 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 40 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 41 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 42 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 43 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 44 | ] 45 | }, 46 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 47 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 48 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 49 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 50 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 51 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 52 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 53 | } 54 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof012.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (truncated proof, one less undisclosed message)", 3 | "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d1", 26 | "result": { 27 | "valid": false, 28 | "reason": "truncated proof, one less undisclosed message" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 33 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 34 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 35 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 36 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 37 | "m_tilde_scalars": [ 38 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 39 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 40 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 41 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 42 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 43 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 44 | ] 45 | }, 46 | "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", 47 | "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", 48 | "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", 49 | "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", 50 | "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", 51 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 52 | "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" 53 | } 54 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (wrong public key)", 3 | "signerPublicKey": "b064bd8d1ba99503cbb7f9d7ea00bce877206a85b1750e5583dd9399828a4d20610cb937ea928d90404c239b2835ffb104220a9c66a4c9ed3b54c0cac9ea465d0429556b438ceefb59650ddf67e7a8f103677561b7ef7fe3c3357ec6b94d41c6", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", 26 | "result": { 27 | "valid": false, 28 | "reason": "wrong public key" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 33 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 34 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 35 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 36 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 37 | "m_tilde_scalars": [ 38 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 39 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 40 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 41 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 42 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 43 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 44 | ] 45 | }, 46 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 47 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 48 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 49 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 50 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 51 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 52 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 53 | } 54 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof010.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (re-ordered messages)", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 4, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", 26 | "result": { 27 | "valid": false, 28 | "reason": "re-ordered messages" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 33 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 34 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 35 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 36 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 37 | "m_tilde_scalars": [ 38 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 39 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 40 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 41 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 42 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 43 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 44 | ] 45 | }, 46 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 47 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 48 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 49 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 50 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 51 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 52 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 53 | } 54 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-sha-256/proof/proof013.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (different header)", 3 | "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", 4 | "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", 5 | "header": "ffeeddccbbaa00998877665544332211", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", 26 | "result": { 27 | "valid": false, 28 | "reason": "different header" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", 33 | "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", 34 | "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", 35 | "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", 36 | "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", 37 | "m_tilde_scalars": [ 38 | "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", 39 | "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", 40 | "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", 41 | "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", 42 | "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", 43 | "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" 44 | ] 45 | }, 46 | "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", 47 | "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", 48 | "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", 49 | "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", 50 | "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", 51 | "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", 52 | "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" 53 | } 54 | } -------------------------------------------------------------------------------- /test/fixture_data/bls12-381-shake-256/proof/proof005.json: -------------------------------------------------------------------------------- 1 | { 2 | "caseName": "invalid multi-message signature, all messages revealed proof (wrong public key)", 3 | "signerPublicKey": "b24c723803f84e210f7a95f6265c5cbfa4ecc51488bf7acf24b921807801c0798b725b9a2dcfa29953efcdfef03328720196c78b2e613727fd6e085302a0cc2d8d7e1d820cf1d36b20e79eee78c13a1a5da51a298f1aef86f07bc33388f089d8", 4 | "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", 5 | "header": "11223344556677889900aabbccddeeff", 6 | "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", 7 | "messages": [ 8 | "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", 9 | "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", 10 | "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", 11 | "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", 12 | "496694774c5604ab1b2544eababcf0f53278ff50", 13 | "515ae153e22aae04ad16f759e07237b4", 14 | "d183ddc6e2665aa4e2f088af", 15 | "ac55fb33a75909ed", 16 | "96012096", 17 | "" 18 | ], 19 | "disclosedIndexes": [ 20 | 0, 21 | 2, 22 | 4, 23 | 6 24 | ], 25 | "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", 26 | "result": { 27 | "valid": false, 28 | "reason": "wrong public key" 29 | }, 30 | "trace": { 31 | "random_scalars": { 32 | "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", 33 | "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", 34 | "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", 35 | "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", 36 | "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", 37 | "m_tilde_scalars": [ 38 | "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", 39 | "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", 40 | "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", 41 | "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", 42 | "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", 43 | "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" 44 | ] 45 | }, 46 | "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", 47 | "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", 48 | "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", 49 | "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", 50 | "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", 51 | "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", 52 | "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" 53 | } 54 | } --------------------------------------------------------------------------------