diff --git a/index.html b/index.html index d2fa4f2..88b5388 100644 --- a/index.html +++ b/index.html @@ -487,6 +487,45 @@

Algorithms

by default, and abort processing upon detection.

+
+

Instantiate Cryptosuite

+ +

+This algorithm is used to configure a cryptographic suite to be used by the +Add Proof and +Verify Proof +functions in [[[VC-DATA-INTEGRITY]]]. The algorithm takes an options object +([=map=] |options|) as input and returns a [=data integrity cryptographic suite +instance|cryptosuite instance=] ([=struct=] |cryptosuite|). +

+ +
    +
  1. +Initialize |cryptosuite| to an empty [=struct=]. +
    2. +
  2. +If |options|.|type| does not equal `DataIntegrityProof`, return |cryptosuite|. +
    3. +
  3. +If |options|.|cryptosuite| is `bbs-2023` then: +
      +
    1. +Set |cryptosuite|.|createProof| to the algorithm in Section +[[[#create-base-proof-bbs-2023]]]. +
      2. +
    2. +Set |cryptosuite|.|verifyProof| to the algorithm in Section +[[[#verify-derived-proof-bbs-2023]]]. +
      3. +
    +
    4. +
  4. +Return |cryptosuite|. +
    5. +
+ +
+

Selective Disclosure Functions

@@ -1052,24 +1091,49 @@

bbs-2023

-

Add Base Proof (bbs-2023)

+

Create Base Proof (bbs-2023)

-To generate a base proof, the algorithm in - -Section 4.1: Add Proof of the Data Integrity -[[VC-DATA-INTEGRITY]] specification MUST be executed. -For that algorithm, the cryptographic suite specific - -transformation algorithm is defined in Section -, the - -hashing algorithm is defined in Section , -and the - -proof serialization algorithm is defined in Section -. +The following algorithm specifies how to create a [=data integrity proof=] given +an unsecured data document. Required inputs are an +unsecured data document ([=map=] |unsecuredDocument|), and a set of proof +options ([=map=] |options|). A [=data integrity proof=] ([=map=]), or an error, +is produced as output.

+ +
    +
  1. +Let |proof| be a clone of the proof options, |options|. +
    2. +
  2. +Let |proofConfig| be the result of running the algorithm in +Section [[[#base-proof-configuration-bbs-2023]]] with +|options| passed as a parameter. +
    3. +
  3. +Let |transformedData| be the result of running the algorithm in Section +[[[#base-proof-transformation-bbs-2023]]] with |unsecuredDocument|, +|proofConfig|, and |options| passed as parameters. +
    4. +
  4. +Let |hashData| be the result of running the algorithm in Section +[[[#base-proof-hashing-bbs-2023]]] with |transformedData| and |proofConfig| +passed as a parameters. +
    5. +
  5. +Let |proofBytes| be the result of running the algorithm in Section +[[[#base-proof-serialization-bbs-2023]]] with |hashData| and +|options| passed as parameters. +
    6. +
  6. +Let |proof|.|proofValue| be a +base64url-encoded Multibase value of the |proofBytes|. +
    7. +
  7. +Return |proof| as the [=data integrity proof=]. +
    8. +
+
@@ -1371,27 +1435,49 @@

Add Derived Proof (bbs-2023)

-

Verify Derived Proof (bbs-2023)

-The following algorithm attempts verification of a `bbs-2023` derived -proof. This algorithm is called by a verifier of an BBS-protected -verifiable credential. The inputs include a JSON-LD document -(document), a BBS disclosure proof (proof), and any -custom JSON-LD API options (such as a document loader). A single boolean -verification result value is produced as output. +The following algorithm specifies how to verify a [=data integrity proof=] given +an secured data document. Required inputs are a +secured data document ([=map=] |securedDocument|). This algorithm returns +a verification result, which is a [=struct=] whose +[=struct/items=] are: +

+ +
+
verified
+
`true` or `false`
+
verifiedDocument
+
+Null, if [=verification result/verified=] is +`false`; otherwise, an [=unsecured data document=] +
+
+ +

+To verify a derived proof, perform the following steps:

    - +
  1. +Let |unsecuredDocument| be a copy of |securedDocument| with +the `proof` value removed. +
    2. +
  2. +Let |proofConfig| be a copy of |securedDocument|.|proof| with `proofValue` +removed. +
    3. +
  3. +Let |proof| be the value of |securedDocument|.|proof|. +
  4. Initialize `bbsProof`, `proofHash`, `mandatoryHash`, `selectedIndexes`, -`presentationHeader`, `pseudonym`, and `nonMandatory` to the values associated with their -property names in the object returned when calling the algorithm in Section -, passing the `document`, `proof`, and any -custom JSON-LD API options (such as a document loader). +`presentationHeader`, `pseudonym`, and `nonMandatory` to the values associated +with their property names in the object returned when calling the algorithm in +Section , passing the |unsecuredDocument|, +|proof|, and any custom JSON-LD API options (such as a document loader).
  5. Initialize `bbsHeader` to the concatenation of `proofHash` and `mandatoryHash` @@ -1399,46 +1485,48 @@

    Verify Derived Proof (bbs-2023)

    obtained from the UTF-8 encoding of the elements of the `nonMandatory` array.
  6. -Initialize `verificationResult` to the result of applying the verification +Initialize |verified| to the result of applying the verification algorithm below, depending on whether the |pseudonym| value is empty.
    1. -If the |pseudonym| value is empty, -initialize `verificationResult` to the result of applying the verification -algorithm -`ProofVerify(PK, proof, header, ph, disclosed_messages, disclosed_indexes)` of -[[CFRG-BBS-SIGNATURE]] -with `PK` set as the public key of the original issuer, `proof` set as `bbsProof`, -`header` set as `bbsHeader`, `disclosed_messages` set as `disclosedMessages`, -`ph` set as `presentationHeader`, and `disclosed_indexes` set as -`selectiveIndexes`. Return `verificationResult` as verification result. -This applies to the regular BBS proof case as well as "anonymous holder binding" +If the |pseudonym| value is empty, initialize |verified| to the result of +applying the verification algorithm `ProofVerify(PK, proof, header, ph, +disclosed_messages, disclosed_indexes)` of [[CFRG-BBS-SIGNATURE]] with `PK` set +as the public key of the original issuer, `proof` set as `bbsProof`, `header` +set as `bbsHeader`, `disclosed_messages` set as `disclosedMessages`, `ph` set as +`presentationHeader`, and `disclosed_indexes` set as `selectiveIndexes`. This +applies to the regular BBS proof case as well as "anonymous holder binding" case.
    2. -If the |pseudonym| value is not empty, -initialize `verificationResult` to the result of applying the verification -algorithm -`PseudonymProofVerify(PK, proof, header, ph, disclosed_messages, disclosed_indexes, pseudonym)` -of -[[CFRG-Pseudonym-BBS-Signature]], -with `PK` set as the public key of the original issuer, `proof` set as `bbsProof`, -`header` set as `bbsHeader`, `disclosed_messages` set as `disclosedMessages`, -`ph` set as `presentationHeader`, `disclosed_indexes` set as -`selectiveIndexes`, and `pseudonym`. Return `verificationResult` as -verification result. -This applies to the "pseudonym with issuer known pid" and "pseudonym with -hidden pid" cases. +If the |pseudonym| value is not empty, initialize |verified| to the result of +applying the verification algorithm `PseudonymProofVerify(PK, proof, header, ph, +disclosed_messages, disclosed_indexes, pseudonym)` of +[[CFRG-Pseudonym-BBS-Signature]], with `PK` set as the public key of the +original issuer, `proof` set as `bbsProof`, `header` set as `bbsHeader`, +`disclosed_messages` set as `disclosedMessages`, `ph` set as +`presentationHeader`, `disclosed_indexes` set as `selectiveIndexes`, and +`pseudonym`. This applies to the "pseudonym with issuer known pid" and +"pseudonym with hidden pid" cases.
    - +
    7. +
  7. +Return a [=verification result=] with [=struct/items=]: +
    +
    [=verified=]
    +
    |verified|
    +
    [=verifiedDocument=]
    +
    +|unsecuredDocument| if |verified| is `true`, otherwise +Null +
    +
-
-

Optional Features