Advanced Features Procedure and Test Vector Update #197
Conversation
…older Binding feature and its use of Blind BBS operations.
…y when appropriate.
…ections. Add in simple baseline test vectors.
…pointer result file.
There was a problem hiding this comment.
I've reviewed index.html up to about line 910. The rest requires more focus than I can give for most of the day. I plan to return to it later. That said, the comments I've made may be actionable (which actions might include the later lines of index.html), so I'm submitting this partial review.
Also, I'm trusting that "derived" means that file should not be reviewed, as it's an artifact/output of process (a la, "compiled program"), as opposed to a material input (a la, "source code") that should reviewed.
TestVectors/prc/addSignedSDBase.json
Outdated
| "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2P4z/DiPwAG0ALnwgz64QAAAABJRU5ErkJggg==" | ||
| }, | ||
| "name": "Permanent Resident Card", | ||
| "description": "Government of Utopia Permanent Resident Card.", |
There was a problem hiding this comment.
| "description": "Government of Utopia Permanent Resident Card.", | |
| "description": "Permanent Resident Card from Government of Utopia.", |
There was a problem hiding this comment.
@TallTed I'm rerunning all the test vectors for the Permanent resident card with the above change (as well as the employment authorization ones).
There was a problem hiding this comment.
@TallTed Thanks for the review up to line 910. This is not as urgent as the other cryptosuites.
…scription field and regenerate derived test vectors.
…tuation improvements. Co-authored-by: Ted Thibodeau Jr <[email protected]>
| This operation takes as inputs | ||
| |PK|, the original issuers public key, | ||
| |signature|, the |bbsSignature|, |header| is the |bbsHeader|, | ||
| |ph| is the |presentationHeader|, |
There was a problem hiding this comment.
I cannot clean this up, because it's indecipherable. Please try to follow the steps given here, as if you previously had no familiarity with these operations. Particularly important, look at the inputs this operation takes (lines 938-944). |PK|, the original issuers public key, |signature|, the |bbsSignature|, is one style; |header| is the |bbsHeader|, |ph| is the |presentationHeader|, is another. I cannot make these use the same styles as I did in lines 903-913.
There was a problem hiding this comment.
I'm not sure what you're asking for @TallTed, this section should be mapping the W3C VC credential related parameters in the procedure to the IETF/CFRG interface from https://www.ietf.org/archive/id/draft-kalos-bbs-per-verifier-linkability-00.html#name-detailed-proof-generation-w which currently looks like the that shown below. Are you talking about the formatting of the parameters, their meaning, etc...? Also the IETF/CFRG interface maybe updated as the document has been promoted to a CFRG WG document. Hence we may want to wait on precise formatting and parameter naming changes.
proof = ProofGenWithNym(PK,
signature,
header,
ph,
nym_secret,
context_id,
messages,
committed_messages,
disclosed_indexes,
disclosed_commitment_indexes,
secret_prover_blind)
Inputs:
- PK (REQUIRED), an octet string of the form outputted by the SkToPk
operation.
- signature (REQUIRED), an octet string of the form outputted by the
Sign operation.
- header (OPTIONAL), an octet string containing context and application
specific information. If not supplied, it defaults
to an empty string.
- ph (OPTIONAL), an octet string containing the presentation header. If
not supplied, it defaults to an empty string.
- messages (OPTIONAL), a vector of octet strings. If not supplied, it
defaults to the empty array "()".
- committed_messages (OPTIONAL), a vector of octet strings. If not
supplied, it defaults to the empty
array "()".
- disclosed_indexes (OPTIONAL), vector of unsigned integers in ascending
order. Indexes of disclosed messages. If
not supplied, it defaults to the empty
array "()".
- disclosed_commitment_indexes (OPTIONAL), vector of unsigned integers
in ascending order. Indexes
of disclosed committed
messages. If not supplied, it
defaults to the empty array
"()".
- secret_prover_blind (OPTIONAL), a scalar value. If not supplied it
defaults to zero "0".
Parameters:
- api_id, the octet string ciphersuite_id || "BLIND_H2G_HM2S_", where
ciphersuite_id is defined by the ciphersuite and
"BLIND_H2G_HM2S_"is an ASCII string composed of 15 bytes.
index.html
Outdated
| section <a href="#base-proof-serialization-bbs-2023"></a> will produce the | ||
| output shown below. This makes use of the | ||
| signature generation algorithm of [[CFRG-Pseudonym-BBS-Signature]]. Note the | ||
| inclusion of the |featureOption| as well as the |signerBlind| value, as these | ||
| inclusion of the |signer_nym_entropy| and |featureOption| values, as these |
There was a problem hiding this comment.
| inclusion of the |signer_nym_entropy| and |featureOption| values, as these | |
| inclusion of the |signer_nym_entropy| and |featureOption| values, as these |
index.html
Outdated
| recover |bbsSignature|, |bbsHeader|, |publicKey|, |hmacKey|, |mandatoryPointers|, | ||
| |signerBlind|, and |featureOption|, as shown below. | ||
| recover |bbsSignature|, |bbsHeader|, |publicKey|, |hmacKey|, | ||
| |mandatoryPointers|, |signer_nym_entropy| and |featureOption|, as shown below. |
There was a problem hiding this comment.
| |mandatoryPointers|, |signer_nym_entropy| and |featureOption|, as shown below. | |
| |mandatoryPointers|, |signer_nym_entropy|, and |featureOption|, as shown below. |
index.html
Outdated
| Next the holder uses the the "Verification and Finalization" operation from | ||
| [[CFRG-Pseudonym-BBS-Signature]] to both verify the signature and compute the | ||
| |nym_secret| value. This operation uses the |holder_secret|, |prover_nym|, | ||
| |signer_nym_entropy|, and |secret_prover_blind| values amongst others. |
There was a problem hiding this comment.
| Next the holder uses the the "Verification and Finalization" operation from | |
| [[CFRG-Pseudonym-BBS-Signature]] to both verify the signature and compute the | |
| |nym_secret| value. This operation uses the |holder_secret|, |prover_nym|, | |
| |signer_nym_entropy|, and |secret_prover_blind| values amongst others. | |
| Next, the holder uses the the "Verification and Finalization" operation from | |
| [[CFRG-Pseudonym-BBS-Signature]] to both verify the signature and compute the | |
| |nym_secret| value. This operation uses the |holder_secret|, |prover_nym|, | |
| |signer_nym_entropy|, and |secret_prover_blind| values, amongst others. |
index.html
Outdated
| title="Recovered Base Signature Data for Hidden PID" | ||
| data-include="TestVectors/PseudoHiddenPid/derivedRecoveredBaseData.json" | ||
| title="Computed Nym Secret" | ||
| data-include="TestVectors/PseudonymHB/nymSecret.json" | ||
| data-include-format="text"></pre> | ||
| <p> | ||
| Next, the holder needs to indicate what else, if anything, they wish to reveal |
There was a problem hiding this comment.
| Next, the holder needs to indicate what else, if anything, they wish to reveal | |
| Next, the holder needs to indicate what non-mandatory statements, if any, | |
| they wish to reveal |
index.html
Outdated
| @@ -3520,17 +3958,17 @@ <h5>Hidden PID Derived Proof</h5> | |||
| The final output of <a href="#createdisclosuredata"></a> is shown below. Note | |||
| the inclusion of the computed |pseudonym| and the |featureOption| value. | |||
There was a problem hiding this comment.
| the inclusion of the computed |pseudonym| and the |featureOption| value. | |
| the inclusion of the the |featureOption| and computed |pseudonym| values. |
…ating, and wording improvements. Co-authored-by: Ted Thibodeau Jr <[email protected]>
This PR updates the normative text for the advanced features only. These features are: (a) Anonymous Holder Binding, (b) Credential Bound Pseudonyms, (c) Holder Binding combined with Credential Bound Pseudonyms.
In addition informative test vectors for these advanced features have been updated and an additional "Basic Baseline" test vector set has been added.
Preview | Diff