Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bound BBS signatures #262

Open
BasileiosKal opened this issue Apr 30, 2023 · 13 comments
Open

Bound BBS signatures #262

BasileiosKal opened this issue Apr 30, 2023 · 13 comments

Comments

@BasileiosKal
Copy link
Contributor

BasileiosKal commented Apr 30, 2023

Hey all!

Posting a first draft of bound BBS signatures, using BLS key pairs: https://basileioskal.github.io/bbs-bound-signatures/draft-bound-bbs-signatures.html

You can find the repo here

(for context see also #28 and #37)

@OR13
Copy link
Contributor

OR13 commented May 1, 2023

Can you make the html link show up in the github page fro the repo?

@tplooker
Copy link
Member

tplooker commented May 1, 2023

Discussed on WG call 1st of May, In order to better support this draft we have identified a couple of places that the core draft could be better, @BasileiosKal will raise some issues to capture these concepts.

Copy link
Contributor

Hi Vasilis, I did an initial read. I think the curve BLS12-381 curve library I use has a pretty good BLS signature implementation. Let us know if/when you've got some test vectors and I can try a JavaScript implementation. Cheers Greg

@BasileiosKal
Copy link
Contributor Author

@OR13 made the link available. You can find it here or from the README. Thank you for the recommendation!

@BasileiosKal
Copy link
Contributor Author

@Wind4Greg That's awesome!! We have an implementation of the draft so we will be able to post some test vectors soon. Thank you!

@tplooker tplooker mentioned this issue May 8, 2023
@andrewwhitehead
Copy link
Contributor

It seems like the verification is missing a way to pass in the BP_1 generator point to BbsVerify. We might need to add a CoreProofVerify operation which is called by ProofVerify and accepts the list of generators as input.

I'm a little unsure about just adding BBS_BOUND to the header instead of defining a new ciphersuite, since signing is not the same operation.

For our applications I think I would also prefer a zero-knowledge proof of key possession and blind signing similar to the old implementation, but that would lose the benefit of delegating to the BLS draft.

@BasileiosKal
Copy link
Contributor Author

Thanks for the feedback @andrewwhitehead 🙏

It seems like the verification is missing a way to pass in the BP_1 generator point to BbsVerify.

BbsVerify should be using this create_generators. Wouldn't this be enough??

I'm a little unsure about just adding BBS_BOUND to the header instead of defining a new ciphersuite,

I agree. This was a temporally solution until we define a new ciphersuite. The structure of a bound ciphersuite will depend on the flexibility of the core draft, so waiting for that discussion there to move on a bit first.

For our applications I think I would also prefer a zero-knowledge proof of key possession and blind signing similar to the old implementation, but that would lose the benefit of delegating to the BLS draft.

As an alternative, we could also make one document that encapsulates both generic Schnorr-like commitments and BLS signatures. The flow is the same, so we could define commitmentGen in a commitmentVerify in a generic way.

@andrewwhitehead
Copy link
Contributor

BbsVerify should be using this create_generators. Wouldn't this be enough??

I missed that create_generators is redefined, I think that does simplify things.

@matsutakk
Copy link

Hi, I'm interested in this, any updates??

@matthiasgeihs
Copy link

hey, does there exist a prototype implementation of this?

@matthiasgeihs
Copy link

@Wind4Greg have you found the time to code up a prototype?

@Wind4Greg
Copy link
Contributor

Hi @matthiasgeihs we are using Blind BBS Signatures to implement a form of holder binding for verifiable credentials VC-DI=BBS: anonymous holder binding. My implementation of Blind BBS can be found at https://github.com/Wind4Greg/grotto-bbs-signatures. Cheers Greg

@matthiasgeihs
Copy link

Hi @Wind4Greg, thank you for your reply.

Can the holder secret be used to create signatures on other documents as well?

Use case: A credential holder wants to sign a different document using the holder secret. The holder also wants to prove that the signature was created by someone who fulfills certain properties certified in the holder credential. The holder doesn't want to reveal anything else about its identity (i.e., signature and proofs should be zero-knowledge).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants