Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Pass Through of BBS Presentation header #129

Merged
merged 7 commits into from
Feb 9, 2024
Merged

Enable Pass Through of BBS Presentation header #129

Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2e9f725
Add presentation header as input to derived proof processing.
Wind4Greg Jan 12, 2024
2b55545
Add text for recovering and using BBS presentation header in verify p…
Wind4Greg Jan 13, 2024
91b8838
Added full function signature for BBS ProofVerify(.).
Wind4Greg Jan 13, 2024
c4fc58c
Enable Pass Through of BBS PH: put in wording for default to empty by…
Wind4Greg Jan 15, 2024
8316f2c
Enable Pass Through of BBS PH: formatting improvements for variable n…
Wind4Greg Feb 5, 2024
f722fb8
Merge branch 'main' into presentationHeader
Wind4Greg Feb 5, 2024
0ddfda0
Enable Pass Through of BBS PH: punctuation, editorial corrections, an…
Wind4Greg Feb 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 37 additions & 28 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -632,10 +632,13 @@ <h4>createDisclosureData</h4>
The following algorithm creates data to be used to generate a derived proof. The
inputs include a JSON-LD document (<var>document</var>), a BBS base proof
(<var>proof</var>), an array of JSON pointers to use to selectively disclose
statements (<var>selectivePointers</var>), and any custom JSON-LD API options
statements (<var>selectivePointers</var>), an OPTIONAL BBS
<var>presentationHeader</var> (byte array that defaults to an empty byte array if
not present), and any custom JSON-LD API options
(such as a document loader). A single object, <em>disclosure data</em>, is
produced as output, which contains the "bbsProof", "labelMap",
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
"mandatoryIndexes", "selectiveIndexes", and "revealDocument" fields.
"mandatoryIndexes", "selectiveIndexes", "presentationHeader", and
"revealDocument" fields.
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
</p>

<ol class="algorithm">
Expand Down Expand Up @@ -745,9 +748,10 @@ <h4>createDisclosureData</h4>

<li>
Set `bbsProof` to the value computed by the `ProofGen` procedure from
[[CFRG-BBS-SIGNATURE]], i.e. `ProofGen(PK, signature, header, ph, messages, disclosed_indexes)`,
[[CFRG-BBS-SIGNATURE]], i.e.
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
`ProofGen(PK, signature, header, ph, messages, disclosed_indexes)`,
where `PK` is the original issuers public key, `signature` is the
`bbsSignature`, `header` is the `bbsHeader`, `ph` is an empty byte array,
`bbsSignature`, `header` is the `bbsHeader`, `ph` is the `presentationHeader`
`messages` is `bbsMessages`, and `disclosed_indexes` is `selectiveIndexes`.
</li>

Expand Down Expand Up @@ -848,9 +852,10 @@ <h4>serializeDerivedProofValue</h4>

<p>
The following algorithm serializes a derived proof value. The required inputs
are a BBS proof (<var>bbsProof</var>), a label map (<var>labelMap</var>), an
array of mandatory indexes (<var>mandatoryIndexes</var>), and an array of
selective indexes (<var>selectiveIndexes</var>). A single <em>derived proof</em>
are a BBS proof (<var>bbsProof</var>), a label map (<var>labelMap</var>), an
array of mandatory indexes (<var>mandatoryIndexes</var>), an array of
selective indexes (<var>selectiveIndexes</var>), and a BBS presentation header
(<var>presentationHeader</var>). A single <em>derived proof</em>
value, serialized as a byte string, is produced as output.
</p>

Expand All @@ -864,8 +869,9 @@ <h4>serializeDerivedProofValue</h4>
proof header bytes `0xd9`, `0x5d`, and `0x03`.
</li>
<li>
Initialize `components` to an array with four elements containing the values of
`bbsProof`, `compressedLabelMap`, `mandatoryIndexes`, and `selectiveIndexes`.
Initialize `components` to an array with five elements containing the values of
`bbsProof`, `compressedLabelMap`, `mandatoryIndexes`, `selectiveIndexes`, and
`presentationHeader`.
</li>
<li>
CBOR-encode `components` and append it to `proofValue`.
Expand All @@ -888,7 +894,7 @@ <h4>parseDerivedProofValue</h4>
The required input is a derived proof value (<var>proofValue</var>). A
A single <em>derived proof value</em> value object is produced as output, which
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
contains a set of five elements, using the names "bbsProof", "labelMap",
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
"mandatoryIndexes", and "selectiveIndexes".
"mandatoryIndexes", "selectiveIndexes", and "presentationHeader".
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
</p>

<ol class="algorithm">
Expand All @@ -904,13 +910,13 @@ <h4>parseDerivedProofValue</h4>
Ensure that the `decodedProofValue` starts with the ECDSA-SD disclosure proof
header bytes `0xd9`, `0x5d`, and `0x03`, and throw an error if it does not.
</li>
<!-- [bbsProof, labelMapCompressed, mandatoryIndexes, adjSelectedIndexes] -->
<li>
Initialize `components` to an array that is the result of CBOR-decoding the
bytes that follow the three-byte BBS disclosure proof header. Ensure the result
is an array of four elements —
is an array of five elements —
a byte array, a map of integers to integers, an
array of integers, and another array of integers; otherwise, throw an error.
array of integers, another array of integers and a byte array; otherwise, throw
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
an error.
</li>
<li>
Replace the second element in `components` using the result of calling the
Expand All @@ -919,8 +925,8 @@ <h4>parseDerivedProofValue</h4>
</li>
<li>
Return <em>derived proof value</em> as an object with properties set to the five
elements, using the names "`bbsProof`", "`labelMap`", "`mandatoryIndexes`", and
"`selectiveIndexes`" respectively.
elements, using the names "`bbsProof`", "`labelMap`", "`mandatoryIndexes`",
"`selectiveIndexes`", and "`presentationHeader`" respectively.
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
</li>
</ol>

Expand All @@ -935,8 +941,8 @@ <h4>createVerifyData</h4>
document (<var>document</var>), a BBS disclosure proof (<var>proof</var>),
and any custom JSON-LD API options (such as a document loader). A single
<em>verify data</em> object value is produced as output containing the following
fields: "`bbsProof`", "`proofHash`", "`mandatoryHash`", "`selectedIndexes`", and
"`nonMandatory`".
fields: "`bbsProof`", "`proofHash`", "`mandatoryHash`", "`selectedIndexes`",
"`presentationHeader`", and "`nonMandatory`".
Wind4Greg marked this conversation as resolved.
Show resolved Hide resolved
</p>

<ol class="algorithm">
Expand All @@ -949,9 +955,9 @@ <h4>createVerifyData</h4>
to use the `proofHash` value.
</li>
<li>
Initialize `bbsProof`, `labelMap`, `mandatoryIndexes`, and `selectiveIndexes` to
the values associated with their property names in the object returned when
calling the algorithm in Section
Initialize `bbsProof`, `labelMap`, `mandatoryIndexes`, `selectiveIndexes`, and
`presentationHeader` to the values associated with their property names in the
object returned when calling the algorithm in Section
<a href="#parsederivedproofvalue"></a>, passing `proofValue` from `proof`.
</li>
<li>
Expand Down Expand Up @@ -1268,7 +1274,8 @@ <h4>Add Derived Proof (bbs-2023)</h4>
The derived proof is to be given to the <a>verifier</a>. The inputs include a
JSON-LD document (<var>document</var>), a BBS base proof
(<var>proof</var>), an array of JSON pointers to use to selectively disclose
statements (<var>selectivePointers</var>), and any custom JSON-LD API options,
statements (<var>selectivePointers</var>), an OPTIONAL BBS
<var>presentationHeader</var> (a byte array), and any custom JSON-LD API options,
such as a document loader. A single <em>selectively revealed document</em>
value, represented as an object, is produced as output.
</p>
Expand All @@ -1279,8 +1286,8 @@ <h4>Add Derived Proof (bbs-2023)</h4>
`revealDocument` to the values associated with their
property names in the object returned when calling the algorithm in
Section <a href="#createdisclosuredata"></a>, passing the `document`, `proof`,
`selectivePointers`, and any custom JSON-LD API options, such as a document
loader.
`selectivePointers`, `presentationHeader`, and any custom JSON-LD API options,
such as a document loader.
</li>
<li>
Initialize `newProof` to a shallow copy of `proof`.
Expand Down Expand Up @@ -1316,9 +1323,9 @@ <h4>Verify Derived Proof (bbs-2023)</h4>
<ol class="algorithm">
<!-- [bbsProof, labelMapCompressed, mandatoryIndexes, adjSelectedIndexes] -->
<li>
Initialize `bbsProof`, `proofHash`, `mandatoryHash`, `selectedIndexes`, and
`nonMandatory` to the values associated with their property
names in the object returned when calling the algorithm in Section
Initialize `bbsProof`, `proofHash`, `mandatoryHash`, `selectedIndexes`,
`presentationHeader` and `nonMandatory` to the values associated with their
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we need a note that says that implementations can surface the presentationHeader for external use if desired (perhaps to compare a challenge or something like that in a protocol that uses the VCDM). Nothing in the spec text prevents them from doing so, but it might be helpful to have a note like this:

Note: Implementations are free to expose any component parsed from the proof data for external use or to compare them internally against externally provided values based on protocol needs. For example, an implementation might expose presentationHeader for comparison against an expected pseudo-random challenge value used in a presentation protocol.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dlongley I'm thinking we put this as an informational note at the end of section 3.3.7 Verify Derived Proof (bbs-2023). Other ideas?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Wind4Greg, that sounds good.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normative, multiple reviews, changes requested and made, no objections, merging.

property names in the object returned when calling the algorithm in Section
<a href="#createverifydata"></a>, passing the `document`, `proof`, and any
custom JSON-LD API options (such as a document loader).
</li>
Expand All @@ -1330,10 +1337,12 @@ <h4>Verify Derived Proof (bbs-2023)</h4>
<!-- result = ProofVerify(PK, proof, header, ph, disclosed_messages, disclosed_indexes) -->
<li>
Initialize `verificationResult` to the result of applying the verification
algorithm `ProofVerify` of [[CFRG-BBS-SIGNATURE]]
algorithm
`ProofVerify(PK, proof, header, ph, disclosed_messages, disclosed_indexes)` of
[[CFRG-BBS-SIGNATURE]]
with `PK` set as the public key of the original issuer, `proof` set as `bbsProof`,
`header` set as `bbsHeader`, `disclosed_messages` set as `disclosedMessages`,
`ph` set as an empty byte array, and `disclosed_indexes` set as
`ph` set as `presentationHeader`, and `disclosed_indexes` set as
`selectiveIndexes`. Return `verificationResult` as <em>verification result</em>.
</li>
</ol>
Expand Down