From 8398e1d84e25bad45a5ecf05feb9a1c44af0a00a Mon Sep 17 00:00:00 2001 From: Greg Bernstein Date: Mon, 5 Feb 2024 08:59:06 -0800 Subject: [PATCH] Enhance base proof with bbsHeader and PK (#131) * Update "Base Proof Serialization" to pass in bbsHeader and PK. * Update serialization and parsing of base proof to add bbsHeader and PK. * Update createDisclosureData to use passed in values of bbsHeader and publicKey. * Enhance base proof with bbsHeader and PK: Update element number. Co-authored-by: Ted Thibodeau Jr * Enhance base proof with bbsHeader and PK: Update element number, fix copy error. Co-authored-by: Dave Longley * Enhance base proof with bbsHeader and PK: Update element number. Co-authored-by: Ted Thibodeau Jr * Enhance base proof with bbsHeader and PK: grammar/punctuation fixes. Co-authored-by: Ted Thibodeau Jr --------- Co-authored-by: Ted Thibodeau Jr Co-authored-by: Dave Longley --- index.html | 49 ++++++++++++------------------------------------- 1 file changed, 12 insertions(+), 37 deletions(-) diff --git a/index.html b/index.html index 79eb758..51b8e77 100644 --- a/index.html +++ b/index.html @@ -567,8 +567,8 @@

serializeBaseProofValue

header bytes `0xd9`, `0x5d`, and `0x02`.
  • -Initialize `components` to an array with three elements containing the values of: -`bbsSignature`, `hmacKey`, and `mandatoryPointers`. +Initialize `components` to an array with five elements containing the values of: +`bbsSignature`, `bbsHeader`, `publicKey`, `hmacKey`, and `mandatoryPointers`.
  • CBOR-encode `components` and append it to `proofValue`. @@ -591,8 +591,8 @@

    parseBaseProofValue

    The following algorithm parses the components of a `bbs-2023` selective disclosure base proof value. The required input is a proof value (proofValue). A single object, parsed base proof, containing -three elements, using the names "bbsSignature", "hmacKey", -and "mandatoryPointers", is produced as output. +five elements, using the names "bbsSignature", "bbsHeader", "publicKey", +"hmacKey", and "mandatoryPointers", is produced as output.

      @@ -619,8 +619,8 @@

      parseBaseProofValue

      is an array of three elements.
    1. -Return an object with properties set to the three elements, using the names -"bbsSignature", "hmacKey", and "mandatoryPointers", +Return an object with properties set to the five elements, using the names +"bbsSignature", "bbsHeader", "publicKey", "hmacKey", and "mandatoryPointers", respectively.
    @@ -642,7 +642,7 @@

    createDisclosureData

    1. -Initialize `bbsSignature`, `hmacKey`, and +Initialize `bbsSignature`, `bbsHeader`, `publicKey`, `hmacKey`, and `mandatoryPointers` to the values of the associated properties in the object returned when calling the algorithm in Section , passing the `proofValue` from `proof`. @@ -717,37 +717,11 @@

      createDisclosureData

      Initialize `bbsMessages` to an array of byte arrays containing the values in the `nonMandatory` array of strings encoded using the UTF-8 character encoding.
      2. -
    2. -Recompute the `bbsHeader` using the following steps: - -
        -
      1. -Initialize `proofHash` to the result of calling the RDF Dataset Canonicalization -algorithm [[RDF-CANON]] on `proof` with the `proofValue` removed and then -cryptographically -hashing the result using the same hash that is used by the signature algorithm, -i.e., SHAKE-256. Note: This step can be performed in parallel; -it only needs to be completed before this algorithm terminates, as the result is -part of the return value. -
        2. -
      2. -Initialize `mandatoryHash` to the result of calling the algorithm in -Section 3.3.17 -hashMandatoryNQuads of the [[DI-ECDSA]] specification, passing the values -from the map -groups.mandatory.matching and utilizing the SHAKE-256 algorithm. -
        3. -
      3. -Set `bbsHeader` to the concatenation of `proofHash` and `mandatoryHash` in that -order. -
        4. -
      -
    3. Set `bbsProof` to the value computed by the `ProofGen` procedure from [[CFRG-BBS-SIGNATURE]], i.e. `ProofGen(PK, signature, header, ph, messages, disclosed_indexes)`, -where `PK` is the original issuers public key, `signature` is the +where `PK` is the original issuer's public key `publicKey`, `signature` is the `bbsSignature`, `header` is the `bbsHeader`, `ph` is an empty byte array, `messages` is `bbsMessages`, and `disclosed_indexes` is `selectiveIndexes`.
      4. @@ -1254,9 +1228,10 @@

      Base Proof Serialization (bbs-2023)

    4. Initialize `proofValue to the result of calling the algorithm in Section -, passing `bbsSignature`, -`hmacKey`, and `mandatoryPointers` as parameters -to the algorithm. +, passing `bbsSignature`, `bbsHeader`, +`publicKey`, `hmacKey`, and `mandatoryPointers` as parameters +to the algorithm. Where `publicKey` is a byte array of the public key encoded +according to [[CFRG-BBS-SIGNATURE]].
    5. Return `proofValue` as digital proof.