Documentation
¶
Overview ¶
Package bbs provides implementations of BBS+ key management and primitives.
The functionality of BBS+ signatures/proofs is represented as a pair of primitives (interfaces):
Signer for signing a list of messages with a private key
Verifier for verifying a signature against a list of messages, deriving a proof from a signature for a given set of sub messages and verifying such derived proof.
Example:
package main
import (
"bytes"
"github.com/google/tink/go/keyset"
"github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto/primitive/bbs"
)
func main() {
// create signer keyset handle
kh, err := keyset.NewHandle(bbs.BLS12381G2KeyTemplate())
if err != nil {
//handle error
}
// extract signer public keyset handle and key for signature verification and proof derivation/verification
verKH, err := kh.Public()
if err != nil {
//handle error
}
// finally get the BBS+ signing primitive from the private key handle created above
s:= bbs.NewSigner(kh)
// create a message to be signed
messages := [][]byte{[]byte("message 1"), []byte("message 2"), []byte("message 3"), []byte("message 4")}
// and now sign using s
sig, err = s.Sign(messages)
if err != nil {
// handle error
}
// to verify, get the BBS+ verification primitive from the public key handle created earlier above
v := bbs.NewVerifier(verKH)
// and verify signature
err = v.Verify(messages, sig)
if err != nil {
// handle error
}
// to derive a proof from the bbs signature, create the indices of the messages to be revealed by the proof
revealedIndexes := []int{0, 2}
// and a nonce
nonce := make([]byte, 10)
_, err = rand.Read(nonce)
if err != nil {
// handle error
}
// then derive a proof for messages at index 0 and 2 as follows
proof, err := verifier.DeriveProof(messages, sig, nonce, revealedIndexes)
if err != nil {
// handle error
}
// create a copy of the revealed messages to the party that should only access messages at index 0 and 2
revealedMsgs := [][]byte{messages[0], messages[2]}
// finally to verify the proof's authenticity for revealedMsgs, do the following
err = verifier.VerifyProof(revealedMsgs, proof, nonce)
if err != nil {
// handle error
}
}
Index ¶
- func BLS12381G2KeyTemplate() *tinkpb.KeyTemplate
- func NewSigner(h *keyset.Handle) (bbsapi.Signer, error)
- func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (bbsapi.Signer, error)
- func NewVerifier(h *keyset.Handle) (bbsapi.Verifier, error)
- func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (bbsapi.Verifier, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BLS12381G2KeyTemplate ¶
func BLS12381G2KeyTemplate() *tinkpb.KeyTemplate
BLS12381G2KeyTemplate creates a Tink key template for BBS+ on BLS12-381 curve with G2 group.
func NewSignerWithKeyManager ¶
NewSignerWithKeyManager returns a BBS Signer primitive from the given keyset handle and custom key manager.
func NewVerifier ¶
NewVerifier returns a Verifier primitive from the given keyset handle.
func NewVerifierWithKeyManager ¶
NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.
Types ¶
This section is empty.
Source Files
Directories