Skip to content

Commit

Permalink
misc changes
Browse files Browse the repository at this point in the history
Signed-off-by: lovesh <[email protected]>
  • Loading branch information
lovesh committed Sep 23, 2019
1 parent 4c2f8ed commit 6041b41
Show file tree
Hide file tree
Showing 11 changed files with 205 additions and 93 deletions.
2 changes: 1 addition & 1 deletion delg_cred_cdd/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ serde = "1.0"
serde_derive = "1.0"

[dependencies.amcl_wrapper]
version = "0.1.5"
version = "0.1.6"
default-features = false
features = ["bls381"]
6 changes: 3 additions & 3 deletions delg_cred_cdd/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@

### Brief description of the API
1. [Groth1 and Groth2 signatures](src/groth_sig.rs).
- Parameters can be generated by calling `GrothS1::setup` or `GrothS2::setup`. `setup` takes the maximum number of attributes that need to be supported. Keep it one more than the number you want to support to accomodate the public key.
- Parameters can be generated by calling `GrothS1::setup` or `GrothS2::setup`. `setup` takes the maximum number of attributes that need to be supported. Keep it one more than the number you want to support to accommodate the public key.
- Signing keys can be generated by calling `GrothS1::keygen` or `GrothS2::keygen`. Takes the corresponding setup parameters.
- A new signature can be created by calling `Groth1Sig:new` or `Groth2Sig:new`. An existing signature can be randomized by calling `randomize` on the siganture.
- 2 methods for signature verification, `verify` and `verify_fast`, both with the same API. `verify` computes several pairings to verify the signature whereas `verify_fast` does only 1 big multi-pairing. Applies this observation to pairings: if it needs to be cheched that a == b and c == d and e == f, then choose a random number `r` and check whether (a-b) + (c-d)*r + (e-f)*r<sup>2</sup> == 0. Refer the docs for the method for more details
2. [Issuers and delegation](src/issuer.rs).
- Issuers are instantiated by calling `EvenLevelIssuer::new` or `OddLevelIssuer::new` by passing their level to the `new` function. Root issuers is at level 0 so always instantiated by `EvenLevelIssuer::new(0)`.
- Issuers generate their keys with `EvenLevelIssuer::keygen` or `OddLevelIssuer::keygen`.
- Issuers can delegate by calling `delegate` method that takes the attributes to sign, who to delegate to etc resulting in a credential.
- A credential is a called a link and there credentials issued by `EvenLevelIssuer`s are called `CredLinkOdd` and credentials issued by `OddLevelIssuer`s are called `CredLinkEven`.
- A credential is a called a link and the credentials issued by `EvenLevelIssuer`s are called `CredLinkOdd` and credentials issued by `OddLevelIssuer`s are called `CredLinkEven`.
- A link stores its associated `level`, `attributes` and `signature`. The last element of `attributes` is the verification key of the delegatee and the signature is on `attributes`.
- To verify the correctness of link, call `verify` on it with delegator public key, delegatee public key ans setup params.
- To verify the correctness of link, call `verify` on it with delegator public key, delegatee public key and setup params.
- The chain of credentials is kept in `CredChain` which internally has 2 lists, 1 for odd level links and 1 for even. Even or odd level links can be added by calling `extend_with_even` or `extend_with_odd` on the chain.
- To verify that all delegations are valid in the chain, call `verify_delegations` on the chain.
3. [Attribute tokens](src/attribute_token.rs)
Expand Down
63 changes: 34 additions & 29 deletions delg_cred_cdd/src/attribute_token.rs
Original file line number Diff line number Diff line change
Expand Up @@ -363,11 +363,15 @@ impl<'a> AttributeToken<'a> {
})
}

// XXX: Add other instance data
pub fn gen_challenge(at: &AttributeTokenComm, ipk: &Groth1Verkey) -> FieldElement {
pub fn gen_challenge(
at: &AttributeTokenComm,
ipk: &Groth1Verkey,
mut extra: Vec<u8>,
) -> FieldElement {
let mut bytes = Vec::<u8>::new();
bytes.extend_from_slice(&ipk.0.to_bytes());
bytes.extend_from_slice(&at.to_bytes());
bytes.append(&mut extra);
FieldElement::from_msg_hash(&bytes)
}

Expand Down Expand Up @@ -1398,7 +1402,7 @@ mod tests {

assert!(com_1.odd_level_revealed_attributes[0].is_empty());

let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_1 = at_1
Expand All @@ -1421,7 +1425,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk);
let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk, vec![]);
assert_eq!(c_1, recon_c_1);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1449,7 +1453,7 @@ mod tests {
assert!(com_2.odd_level_revealed_attributes[0].is_empty());
assert!(com_2.even_level_revealed_attributes[0].is_empty());

let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk);
let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_2 = at_2
Expand Down Expand Up @@ -1478,7 +1482,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk);
let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk, vec![]);
assert_eq!(c_2, recon_c_2);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1508,7 +1512,7 @@ mod tests {
assert!(com_3.odd_level_revealed_attributes[1].is_empty());
assert!(com_3.even_level_revealed_attributes[0].is_empty());

let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk);
let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_3 = at_3
Expand Down Expand Up @@ -1536,7 +1540,7 @@ mod tests {
)
.unwrap();
let recon_duration = start_recon.elapsed();
let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk);
let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk, vec![]);
assert_eq!(c_3, recon_c_3);

println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
Expand Down Expand Up @@ -1568,7 +1572,7 @@ mod tests {
assert!(com_4.even_level_revealed_attributes[0].is_empty());
assert!(com_4.even_level_revealed_attributes[1].is_empty());

let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk);
let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_4 = at_4
Expand Down Expand Up @@ -1597,7 +1601,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk);
let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk, vec![]);
assert_eq!(c_4, recon_c_4);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1629,7 +1633,7 @@ mod tests {
assert!(com_5.even_level_revealed_attributes[0].is_empty());
assert!(com_5.even_level_revealed_attributes[1].is_empty());

let c_5 = AttributeToken::gen_challenge(&com_5, &l_0_issuer_vk);
let c_5 = AttributeToken::gen_challenge(&com_5, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_5 = at_5
Expand Down Expand Up @@ -1658,7 +1662,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_5 = AttributeToken::gen_challenge(&recon_com_5, &l_0_issuer_vk);
let recon_c_5 = AttributeToken::gen_challenge(&recon_com_5, &l_0_issuer_vk, vec![]);
assert_eq!(c_5, recon_c_5);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1691,7 +1695,7 @@ mod tests {
assert!(com_6.even_level_revealed_attributes[1].is_empty());
assert!(com_6.even_level_revealed_attributes[2].is_empty());

let c_6 = AttributeToken::gen_challenge(&com_6, &l_0_issuer_vk);
let c_6 = AttributeToken::gen_challenge(&com_6, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_6 = at_6
Expand Down Expand Up @@ -1720,7 +1724,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_6 = AttributeToken::gen_challenge(&recon_com_6, &l_0_issuer_vk);
let recon_c_6 = AttributeToken::gen_challenge(&recon_com_6, &l_0_issuer_vk, vec![]);
assert_eq!(c_6, recon_c_6);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1780,7 +1784,7 @@ mod tests {
assert_eq!(com_1.odd_level_revealed_attributes[0][&1], attributes_1[1]);
assert_eq!(com_1.odd_level_revealed_attributes[0][&3], attributes_1[3]);

let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_1 = at_1
Expand All @@ -1803,7 +1807,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk);
let recon_c_1 = AttributeToken::gen_challenge(&recon_com_1, &l_0_issuer_vk, vec![]);
assert_eq!(c_1, recon_c_1);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1849,7 +1853,7 @@ mod tests {
assert_eq!(com_2.even_level_revealed_attributes[0][&3], attributes_2[3]);
assert_eq!(com_2.even_level_revealed_attributes[0][&4], attributes_2[4]);

let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk);
let c_2 = AttributeToken::gen_challenge(&com_2, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_2 = at_2
Expand Down Expand Up @@ -1881,7 +1885,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk);
let recon_c_2 = AttributeToken::gen_challenge(&recon_com_2, &l_0_issuer_vk, vec![]);
assert_eq!(c_2, recon_c_2);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -1930,7 +1934,7 @@ mod tests {
assert_eq!(com_3.even_level_revealed_attributes[0][&4], attributes_2[4]);
assert_eq!(com_3.odd_level_revealed_attributes[1][&1], attributes_3[1]);

let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk);
let c_3 = AttributeToken::gen_challenge(&com_3, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_3 = at_3
Expand Down Expand Up @@ -1962,7 +1966,7 @@ mod tests {
)
.unwrap();
let recon_duration = start_recon.elapsed();
let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk);
let recon_c_3 = AttributeToken::gen_challenge(&recon_com_3, &l_0_issuer_vk, vec![]);
assert_eq!(c_3, recon_c_3);

println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
Expand Down Expand Up @@ -2019,7 +2023,7 @@ mod tests {
assert_eq!(com_4.even_level_revealed_attributes[1][&1], attributes_4[1]);
assert_eq!(com_4.even_level_revealed_attributes[1][&4], attributes_4[4]);

let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk);
let c_4 = AttributeToken::gen_challenge(&com_4, &l_0_issuer_vk, vec![]);

let start_resp = Instant::now();
let resp_4 = at_4
Expand Down Expand Up @@ -2053,7 +2057,7 @@ mod tests {
.unwrap();
let recon_duration = start_recon.elapsed();

let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk);
let recon_c_4 = AttributeToken::gen_challenge(&recon_com_4, &l_0_issuer_vk, vec![]);
assert_eq!(c_4, recon_c_4);
println!("For delegation chain of length {}, commitment takes {:?}, response takes {:?}, commitment reconstitution takes {:?}. Total time taken by commitment and response is {:?}", L,
com_duration, resp_duration, recon_duration, com_duration + resp_duration);
Expand Down Expand Up @@ -2191,9 +2195,10 @@ mod tests {
.unwrap();
let com_precomp_duration = start.elapsed();

let c = AttributeToken::gen_challenge(&com, &l_0_issuer_vk);
let c_precomp_setup = AttributeToken::gen_challenge(&com_precomp_setup, &l_0_issuer_vk);
let c_precomp = AttributeToken::gen_challenge(&com_precomp, &l_0_issuer_vk);
let c = AttributeToken::gen_challenge(&com, &l_0_issuer_vk, vec![]);
let c_precomp_setup =
AttributeToken::gen_challenge(&com_precomp_setup, &l_0_issuer_vk, vec![]);
let c_precomp = AttributeToken::gen_challenge(&com_precomp, &l_0_issuer_vk, vec![]);

let sk = if i % 2 == 1 {
let sk = &odd_level_issuer_keys[i / 2].0;
Expand Down Expand Up @@ -2243,7 +2248,7 @@ mod tests {
.unwrap();
let recon_duration = start.elapsed();

let recon_c = AttributeToken::gen_challenge(&recon_com, &l_0_issuer_vk);
let recon_c = AttributeToken::gen_challenge(&recon_com, &l_0_issuer_vk, vec![]);
assert_eq!(c, recon_c);

let start = Instant::now();
Expand All @@ -2263,7 +2268,7 @@ mod tests {
let recon_precomp_duration = start.elapsed();

let recon_c_precomp_setup_com =
AttributeToken::gen_challenge(&recon_precomp_setup_com, &l_0_issuer_vk);
AttributeToken::gen_challenge(&recon_precomp_setup_com, &l_0_issuer_vk, vec![]);
assert_eq!(c_precomp_setup, recon_c_precomp_setup_com);

let recon_precomp_com = AttributeToken::reconstruct_commitment_with_precomputed_vals(
Expand All @@ -2280,7 +2285,7 @@ mod tests {
.unwrap();

let recon_c_precomp_com =
AttributeToken::gen_challenge(&recon_precomp_com, &l_0_issuer_vk);
AttributeToken::gen_challenge(&recon_precomp_com, &l_0_issuer_vk, vec![]);
assert_eq!(c_precomp, recon_c_precomp_com);

println!("For delegation chain of length {}", L);
Expand Down Expand Up @@ -2351,7 +2356,7 @@ mod tests {
// Supplying same number of collections of revealed attributes as the chain size
let com_1 = at_1.commitment(vec![HashSet::<usize>::new(); 1]).unwrap();

let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk);
let c_1 = AttributeToken::gen_challenge(&com_1, &l_0_issuer_vk, vec![]);

let mut morphed_commitment = com_1.clone();
// Adding an element of comms_s to increase its size
Expand Down
71 changes: 71 additions & 0 deletions delg_cred_cdd/src/issuer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ pub struct OddLevelIssuer {
pub level: usize,
}

pub struct RootIssuer {}

pub type RootIssuerVerkey = EvenLevelVerkey;

impl CredLinkOdd {
pub fn attribute_count(&self) -> usize {
self.attributes.len()
Expand Down Expand Up @@ -375,6 +379,22 @@ impl OddLevelIssuer {
}
}

impl RootIssuer {
pub fn keygen(setup_params: &Groth1SetupParams) -> (Sigkey, RootIssuerVerkey) {
GrothS1::keygen(setup_params)
}

pub fn delegate(
mut delegatee_attributes: G1Vector,
delegatee_vk: OddLevelVerkey,
sk: &Sigkey,
setup_params: &Groth1SetupParams,
) -> DelgResult<CredLinkOdd> {
let issuer = EvenLevelIssuer::new(0)?;
issuer.delegate(delegatee_attributes, delegatee_vk, sk, setup_params)
}
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down Expand Up @@ -452,6 +472,57 @@ mod tests {
.unwrap());
}

#[test]
fn test_root_issuer() {
let max_attributes = 5;
let label = "test".as_bytes();
let params1 = GrothS1::setup(max_attributes, label);
let params2 = GrothS2::setup(max_attributes, label);

let l_1_issuer = OddLevelIssuer::new(1).unwrap();
let l_2_issuer = EvenLevelIssuer::new(2).unwrap();

let (root_issuer_sk, root_issuer_vk) = RootIssuer::keygen(&params1);
let (l_1_issuer_sk, l_1_issuer_vk) = OddLevelIssuer::keygen(&params2);
let (l_2_issuer_sk, l_2_issuer_vk) = EvenLevelIssuer::keygen(&params1);

let attributes_1: G1Vector = (0..max_attributes - 1)
.map(|_| G1::random())
.collect::<Vec<G1>>()
.into();
let cred_link_1 = RootIssuer::delegate(
attributes_1.clone(),
l_1_issuer_vk.clone(),
&root_issuer_sk,
&params1,
)
.unwrap();

assert!(cred_link_1
.verify(&l_1_issuer_vk, &root_issuer_vk, &params1)
.unwrap());

let mut chain_1 = CredChain::new();
chain_1.extend_with_odd(cred_link_1).unwrap();

let attributes_2: G2Vector = (0..max_attributes - 1)
.map(|_| G2::random())
.collect::<Vec<G2>>()
.into();
let cred_link_2 = l_1_issuer
.delegate(
attributes_2.clone(),
l_2_issuer_vk.clone(),
&l_1_issuer_sk,
&params2,
)
.unwrap();

assert!(cred_link_2
.verify(&l_2_issuer_vk, &l_1_issuer_vk, &params2)
.unwrap());
}

#[test]
fn test_delegation_chain_verification() {
let max_attributes = 3;
Expand Down
9 changes: 4 additions & 5 deletions ps/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,20 +1,19 @@
[package]
name = "ps"
name = "ps_sig"
version = "0.1.0"
authors = ["lovesh <[email protected]>"]
edition = "2018"
description = "Pointcheval Sanders signatures"
license = "Apache-2.0"

[dependencies]
rand = "0.6"
lazy_static = "1.3.0"
log = "*"
merlin = "1.2.0"
failure = "0.1.5"
serde = "1.0"
serde_derive = "1.0"

[dependencies.amcl_wrapper]
version = "0.1.1"
version = "0.1.6"
default-features = false
features = ["bls381"]

Expand Down
Loading

0 comments on commit 6041b41

Please sign in to comment.