diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go index 4f00b1d30d..b28b3c0e2b 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go +++ b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go @@ -166,7 +166,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { pkBytes, err := privateKey.PublicKey().Marshal() require.NoError(t, err) - proofBytes := hexStringToBytesTest(t, "000a000589bb7f2662f787a87e205fd2f0b6b130e26040cf709359e5cb734b545f461c7fdd8cc35ef85ade32efa449d8c6712a7690f205b468dac30eae9e28da3cea5372520fac0f2a80c16aec7e420ed3c04ec5cca8cb32bfa91083fc106129a9035c3088cc8cdbe6ed083962e7e34562928734d9cec9bcb0ad9355116709f844402cbfe8ad0b542199b5b3adf5132cc96d594700000074943803ea10df094657ac0277aa9ae8738bade0898163c22bce7fd9d986ec07ae58920888026df450dfe2fe46f65ef290000000026e3bdf3df40df5885b9962cacacae6c7687f04c2c673a1f23cb73b067461ca9d646c1616afde5cd0911a752e4dc45dd493b7b0faa695688c3cf387edd3d9d48891e949783029b20e4c5a4480f64238a680f5e48dffcffd61dcd08a2e354634ac73cdc7612c2adfabfaef736f7288da1e0000000a5ed77af0675487ebbdaaa73ebc0d2235804928dd603326878aedd9714be745bb187d6188b10a42ea38da50a76d0c3308e8f101c0ea71f5caa99d0ddca929252328904bd2c92bd1ca9fdff5197c8fb66ff3323aae22180ccd672bb92086bc8b57496d36667bf9ed67a63763d75d3e71fcda6ff5e15399dda6432558238090cfea4da5c52986a874d4da93c231b78365ccb0370c3fb8cf10de36726fc283151d8954e8594209733e772226424b619d3f692236b65f244c121d8e11415d7f9e245015341d76585f3e3257304b0b894ac6fa3357c500da7c8aa15dfa3c1b7cca1da0375e63c9f6b062b02fdce1860e216b5fbd86bd5a3c5838a8cb87467b06f07c1360ba28286e40bdf07c954685c6dd2f64b9ae986fd3079834148eea0a44869b8d71421ae35157f0641db09bf7728606e7d7e6f6cf133a3e2db80940638f39be61") //nolint:lll + proofBytes := hexStringToBytesTest(t, "000a0005820930990a3481f389a845ee9f81d0d32988308206fb855b8cdbc325e03b2e2d01fdd774ea83542dec75e9474b8dc4678b983f06aa58d00e88abd7bed4378eb6a909ae79f4f2ddb798a20e6467b11e1ba516fc388acb6b88462dc8311807a56b87a76929a331e2fc996d750657d2a1bfcb3df60e53775d5656d1ee62e526eb7cb6386aecd7a87d3d546f1843094ee0db00000074a9b7e161a2b32bcc48ae6ee263967cfc60980b7f18e88d2216ccebb52f2656b02de12bc0045f667b6ea50f3a58f2b895000000023392d8b8958f20d88345f666538794bcf688d3ddf9bcb53a3e7ff2b592bc2a8810fa643a1e262db5747f754687312aada9c62f86472aeab858aff948462d80b0b5a8878c9245ed2873b68f70a60a9c7d8fea9518b2a975a5cc4179a1619cdebf75c549e0a00cf1c4e38d415f46b01c250000000a23d535e387835f8550a588159608729ab8b407684eb6791bf80d0816fe14e0e62fd86bc7fd472656b18e59a4fa6db45d4e92d99753f8bdaefee58be8d8ad6e03494a77ed190b1bb31924a7e9aa1033203caa8e04df000ebd2c5cf64eeeb1a10e698e1acb9a451f7479a48d84fb7baa8338bae18aa91613ebbf9482c0346787e4521962006a1cdd032fafedcb32ff7aa697f694a903033adbedcdee0baec8953f644b3b8780623501cc7ba52ace8dc8d967be4c0e78b7d767f0b1bb9ffa8b4be16264ac5ad8d82c3500cc3bc4471ba981e7bbcab089bbe63d19a72fd28168f3d9595729254b9367435a594d4d6b750f2306f2d8dc9a8264fb8c12d8bd8eba0acb4429de451f1b53278fa312e5145783d80eaf64db2e302d935e3052fa38844259445f710a875885f184f9305f878b045384e12dda0f28cadec8912b1daec9a121") //nolint:lll // TODO "header": "11223344556677889900aabbccddeeff" nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501") @@ -201,7 +201,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) { proofBytesCopy := make([]byte, len(proofBytes)) copy(proofBytesCopy, proofBytes) - proofBytesCopy[21] = 255 - proofBytesCopy[21] + proofBytesCopy[22] = 255 - proofBytesCopy[22] err = bls.VerifyProof(revealedMessagesBytes, proofBytesCopy, nonce, pkBytes) require.Error(t, err) diff --git a/pkg/crypto/primitive/bbs12381g2pub/proof_of_knowledge.go b/pkg/crypto/primitive/bbs12381g2pub/proof_of_knowledge.go index b164ed5207..42afe5ac2a 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/proof_of_knowledge.go +++ b/pkg/crypto/primitive/bbs12381g2pub/proof_of_knowledge.go @@ -53,6 +53,7 @@ func NewPoKOfSignature(signature *Signature, messages []*SignatureMessage, revea cbD.add(b, r1) cbD.add(pubKey.q1, r2) d := cbD.build() + g1.Neg(d, d) sPrime := bls12381.NewFr() sPrime.Mul(r2, r3) @@ -131,7 +132,7 @@ func newVC2Signature(d *bls12381.PointG1, r3 *bls12381.Fr, pubKey *PublicKeyWith secrets2 = append(secrets2, hiddenFRCopy) } - pokVC2 := committing2.FinishNegFirst() + pokVC2 := committing2.Finish() return pokVC2, secrets2 } @@ -215,24 +216,3 @@ func (pc *ProverCommittingG1) Finish() *ProverCommittedG1 { commitment: commitment, } } - -// FinishNegFirst is modified Finish() for case where first element should be neg while calc -// TODO: this is a hack to align the current impl and a draft update of BBS spec. -// As soon as the spec would be stable enough, this should be removed -// and probably some re-design of helpers and/or structures will be required. -func (pc *ProverCommittingG1) FinishNegFirst() *ProverCommittedG1 { - blindings := make([]*bls12381.Fr, len(pc.blindingFactors)) - copy(blindings, pc.blindingFactors) - - negFirst := bls12381.NewFr() - - negFirst.Neg(blindings[0]) - blindings[0] = negFirst - commitment := sumOfG1Products(pc.bases, blindings) - - return &ProverCommittedG1{ - bases: pc.bases, - blindingFactors: pc.blindingFactors, - commitment: commitment, - } -} diff --git a/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go b/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go index 60c06be884..221f9f266b 100644 --- a/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go +++ b/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go @@ -56,7 +56,7 @@ func (sp *PoKOfSignatureProof) Verify(challenge *bls12381.Fr, pubKey *PublicKeyW func (sp *PoKOfSignatureProof) verifyVC1Proof(challenge *bls12381.Fr, pubKey *PublicKeyWithGenerators) error { basesVC1 := []*bls12381.PointG1{sp.aPrime, pubKey.q1} aBarD := new(bls12381.PointG1) - g1.Sub(aBarD, sp.aBar, sp.d) + g1.Add(aBarD, sp.aBar, sp.d) err := sp.proofVC1.Verify(basesVC1, aBarD, challenge) if err != nil { @@ -70,14 +70,11 @@ func (sp *PoKOfSignatureProof) verifyVC2Proof(challenge *bls12381.Fr, pubKey *Pu revealedMessages map[int]*SignatureMessage, messages []*SignatureMessage) error { revealedMessagesCount := len(revealedMessages) - negD := g1.New() - g1.Neg(negD, sp.d) - bindingBasis := g1.One() bindingExp := bls12381.NewFr().One() basesVC2 := make([]*bls12381.PointG1, 0, 2+pubKey.messagesCount-revealedMessagesCount) - basesVC2 = append(basesVC2, negD, pubKey.q1) + basesVC2 = append(basesVC2, sp.d, pubKey.q1) disclousedElementsCnt := 1 /* binding */ + 1 /* domain */ + revealedMessagesCount basesDisclosed := make([]*bls12381.PointG1, 0, disclousedElementsCnt)