go/sonr
go/sonr
1
1
Fork 0
mirror of https://github.com/onsonr/sonr.git synced 2025-03-10 21:09:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
sonr/crypto/signatures/bbs/pok_signature_proof.go
Prad Nukala 31bcc21c35
feature/1121 implement ucan validation (#1176) 
- **refactor: remove unused auth components**
- **refactor: improve devbox configuration and deployment process**
- **refactor: improve devnet and testnet setup**
- **fix: update templ version to v0.2.778**
- **refactor: rename pkl/net.matrix to pkl/matrix.net**
- **refactor: migrate webapp components to nebula**
- **refactor: protobuf types**
- **chore: update dependencies for improved security and stability**
- **feat: implement landing page and vault gateway servers**
- **refactor: Migrate data models to new module structure and update
related files**
- **feature/1121-implement-ucan-validation**
- **refactor: Replace hardcoded constants with model types in attns.go**
- **feature/1121-implement-ucan-validation**
- **chore: add origin Host struct and update main function to handle
multiple hosts**
- **build: remove unused static files from dwn module**
- **build: remove unused static files from dwn module**
- **refactor: Move DWN models to common package**
- **refactor: move models to pkg/common**
- **refactor: move vault web app assets to embed module**
- **refactor: update session middleware import path**
- **chore: configure port labels and auto-forwarding behavior**
- **feat: enhance devcontainer configuration**
- **feat: Add UCAN middleware for Echo with flexible token validation**
- **feat: add JWT middleware for UCAN authentication**
- **refactor: update package URI and versioning in PklProject files**
- **fix: correct sonr.pkl import path**
- **refactor: move JWT related code to auth package**
- **feat: introduce vault configuration retrieval and management**
- **refactor: Move vault components to gateway module and update file
paths**
- **refactor: remove Dexie and SQLite database implementations**
- **feat: enhance frontend with PWA features and WASM integration**
- **feat: add Devbox features and streamline Dockerfile**
- **chore: update dependencies to include TigerBeetle**
- **chore(deps): update go version to 1.23**
- **feat: enhance devnet setup with PATH environment variable and
updated PWA manifest**
- **fix: upgrade tigerbeetle-go dependency and remove indirect
dependency**
- **feat: add PostgreSQL support to devnet and testnet deployments**
- **refactor: rename keyshare cookie to token cookie**
- **feat: upgrade Go version to 1.23.3 and update dependencies**
- **refactor: update devnet and testnet configurations**
- **feat: add IPFS configuration for devnet**
- **I'll help you update the ipfs.config.pkl to include all the peers
from the shell script. Here's the updated configuration:**
- **refactor: move mpc package to crypto directory**
- **feat: add BIP32 support for various cryptocurrencies**
- **feat: enhance ATN.pkl with additional capabilities**
- **refactor: simplify smart account and vault attenuation creation**
- **feat: add new capabilities to the Attenuation type**
- **refactor: Rename MPC files for clarity and consistency**
- **feat: add DIDKey support for cryptographic operations**
- **feat: add devnet and testnet deployment configurations**
- **fix: correct key derivation in bip32 package**
- **refactor: rename crypto/bip32 package to crypto/accaddr**
- **fix: remove duplicate indirect dependency**
- **refactor: move vault package to root directory**
- **refactor: update routes for gateway and vault**
- **refactor: remove obsolete web configuration file**
- **refactor: remove unused TigerBeetle imports and update host
configuration**
- **refactor: adjust styles directory path**
- **feat: add broadcastTx and simulateTx functions to gateway**
- **feat: add PinVault handler**
2024-12-02 14:27:18 -05:00

214 lines
5.9 KiB
Go
Executable File
Raw Blame History

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//
package bbs
import (
"errors"
"fmt"
"github.com/gtank/merlin"
"github.com/onsonr/sonr/crypto/core/curves"
"github.com/onsonr/sonr/crypto/signatures/common"
)
// PokSignatureProof is the actual proof sent from a prover
// to a verifier that contains a proof of knowledge of a signature
// and the selective disclosure proof
type PokSignatureProof struct {
aPrime, aBar, d curves.PairingPoint
proof1, proof2 []curves.Scalar
}
// Init creates an empty proof to a specific curve
// which should be followed by UnmarshalBinary
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof {
pok.aPrime = curve.Scalar.Point().(curves.PairingPoint).OtherGroup()
pok.aBar = pok.aPrime
pok.d = pok.aPrime
pok.proof1 = []curves.Scalar{
curve.Scalar.Zero(),
curve.Scalar.Zero(),
}
pok.proof2 = make([]curves.Scalar, 0)
return pok
}
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error) {
data := append(pok.aPrime.ToAffineCompressed(), pok.aBar.ToAffineCompressed()...)
data = append(data, pok.d.ToAffineCompressed()...)
for _, p := range pok.proof1 {
data = append(data, p.Bytes()...)
}
for _, p := range pok.proof2 {
data = append(data, p.Bytes()...)
}
return data, nil
}
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error {
scSize := len(pok.proof1[0].Bytes())
ptSize := len(pok.aPrime.ToAffineCompressed())
minSize := scSize*4 + ptSize*3
inSize := len(in)
if inSize < minSize {
return fmt.Errorf("invalid byte sequence")
}
if (inSize-ptSize)%scSize != 0 {
return fmt.Errorf("invalid byte sequence")
}
secretCnt := ((inSize - ptSize*3) / scSize) - 2
offset := 0
end := ptSize
aPrime, err := pok.aPrime.FromAffineCompressed(in[offset:end])
if err != nil {
return err
}
offset = end
end += ptSize
aBar, err := pok.aBar.FromAffineCompressed(in[offset:end])
if err != nil {
return err
}
offset = end
end += ptSize
d, err := pok.d.FromAffineCompressed(in[offset:end])
if err != nil {
return err
}
offset = end
end += scSize
proof1i0, err := pok.proof1[0].SetBytes(in[offset:end])
if err != nil {
return err
}
offset = end
end += scSize
proof1i1, err := pok.proof1[1].SetBytes(in[offset:end])
if err != nil {
return err
}
proof2 := make([]curves.Scalar, secretCnt)
for i := 0; i < secretCnt; i++ {
offset = end
end += scSize
proof2[i], err = pok.proof1[0].SetBytes(in[offset:end])
if err != nil {
return err
}
}
var ok bool
pok.aPrime, ok = aPrime.(curves.PairingPoint)
if !ok {
return errors.New("incorrect type conversion")
}
pok.aBar, ok = aBar.(curves.PairingPoint)
if !ok {
return errors.New("incorrect type conversion")
}
pok.d, ok = d.(curves.PairingPoint)
if !ok {
return errors.New("incorrect type conversion")
}
pok.proof1[0] = proof1i0
pok.proof1[1] = proof1i1
pok.proof2 = proof2
return nil
}
// GetChallengeContribution converts the committed values to bytes
// for the Fiat-Shamir challenge
func (pok PokSignatureProof) GetChallengeContribution(
generators *MessageGenerators,
revealedMessages map[int]curves.Scalar,
challenge common.Challenge,
transcript *merlin.Transcript,
) {
transcript.AppendMessage([]byte("A'"), pok.aPrime.ToAffineCompressed())
transcript.AppendMessage([]byte("Abar"), pok.aBar.ToAffineCompressed())
transcript.AppendMessage([]byte("D"), pok.d.ToAffineCompressed())
proof1Points := []curves.Point{pok.aBar.Sub(pok.d), pok.aPrime, generators.h0}
proof1Scalars := []curves.Scalar{challenge, pok.proof1[0], pok.proof1[1]}
commitmentProof1 := pok.aPrime.SumOfProducts(proof1Points, proof1Scalars)
transcript.AppendMessage([]byte("Proof1"), commitmentProof1.ToAffineCompressed())
rPoints := make([]curves.Point, 1, len(revealedMessages)+1)
rScalars := make([]curves.Scalar, 1, len(revealedMessages)+1)
rPoints[0] = pok.aPrime.Generator()
rScalars[0] = pok.proof1[0].One()
for idx, msg := range revealedMessages {
rPoints = append(rPoints, generators.Get(idx+1))
rScalars = append(rScalars, msg)
}
r := pok.aPrime.SumOfProducts(rPoints, rScalars)
pts := 3 + generators.length - len(revealedMessages)
proof2Points := make([]curves.Point, 3, pts)
proof2Scalars := make([]curves.Scalar, 3, pts)
// R * c
proof2Points[0] = r
proof2Scalars[0] = challenge
// D * -r3Hat
proof2Points[1] = pok.d.Neg()
proof2Scalars[1] = pok.proof2[0]
// H0 * s'Hat
proof2Points[2] = generators.h0
proof2Scalars[2] = pok.proof2[1]
j := 2
for i := 0; i < generators.length; i++ {
if _, contains := revealedMessages[i]; contains {
continue
}
proof2Points = append(proof2Points, generators.Get(i+1))
proof2Scalars = append(proof2Scalars, pok.proof2[j])
j++
}
commitmentProof2 := r.SumOfProducts(proof2Points, proof2Scalars)
transcript.AppendMessage([]byte("Proof2"), commitmentProof2.ToAffineCompressed())
}
// VerifySigPok only validates the signature proof,
// the selective disclosure proof is checked by
// verifying
// pok.challenge == computedChallenge
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool {
return !pk.value.IsIdentity() &&
!pok.aPrime.IsIdentity() &&
!pok.aBar.IsIdentity() &&
pok.aPrime.MultiPairing(pok.aPrime, pk.value, pok.aBar, pk.value.Generator().Neg().(curves.PairingPoint)).IsOne()
}
// Verify checks a signature proof of knowledge and selective disclosure proof
func (pok PokSignatureProof) Verify(
revealedMsgs map[int]curves.Scalar,
pk *PublicKey,
generators *MessageGenerators,
nonce common.Nonce,
challenge common.Challenge,
transcript *merlin.Transcript,
) bool {
pok.GetChallengeContribution(generators, revealedMsgs, challenge, transcript)
transcript.AppendMessage([]byte("nonce"), nonce.Bytes())
okm := transcript.ExtractBytes([]byte("signature proof of knowledge"), 64)
vChallenge, err := pok.proof1[0].SetBytesWide(okm)
if err != nil {
return false
}
return pok.VerifySigPok(pk) && challenge.Cmp(vChallenge) == 0
}
Reference in New Issue View Git Blame Copy Permalink