|
@@ -105,7 +105,7 @@ pub struct Credential5 {
|
|
|
|
|
|
// A submodule for issuing credentials with 5 attributes, none of which
|
|
|
// are blinded to the issuer.
|
|
|
-pub mod nonblind_5 {
|
|
|
+pub mod issue_nonblind_5 {
|
|
|
use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
use curve25519_dalek::scalar::Scalar;
|
|
|
use curve25519_dalek::traits::IsIdentity;
|
|
@@ -116,6 +116,30 @@ pub mod nonblind_5 {
|
|
|
|
|
|
use super::{CMZ_A,CMZ_B,Issuer,IssuerPubKey,Credential5};
|
|
|
|
|
|
+ #[derive(Debug)]
|
|
|
+ pub struct CredentialRequest {
|
|
|
+ m1: Scalar,
|
|
|
+ m2: Scalar,
|
|
|
+ m3: Scalar,
|
|
|
+ m4: Scalar,
|
|
|
+ m5: Scalar,
|
|
|
+ }
|
|
|
+
|
|
|
+ #[derive(Debug)]
|
|
|
+ pub struct CredentialRequestState {
|
|
|
+ m1: Scalar,
|
|
|
+ m2: Scalar,
|
|
|
+ m3: Scalar,
|
|
|
+ m4: Scalar,
|
|
|
+ m5: Scalar,
|
|
|
+ }
|
|
|
+
|
|
|
+ pub struct CredentialResponse {
|
|
|
+ P: RistrettoPoint,
|
|
|
+ Q: RistrettoPoint,
|
|
|
+ piNonblindIssue: CompactProof,
|
|
|
+ }
|
|
|
+
|
|
|
define_proof! {
|
|
|
issue,
|
|
|
"Nonblind 5 issuing proof",
|
|
@@ -131,10 +155,32 @@ pub mod nonblind_5 {
|
|
|
Q = (x0*P + x1*P1 + x2*P2 + x3*P3 + x4*P4 + x5*P5)
|
|
|
}
|
|
|
|
|
|
+ pub fn request(m1: &Scalar, m2: &Scalar, m3: &Scalar,
|
|
|
+ m4: &Scalar, m5: &Scalar) -> (CredentialRequest,
|
|
|
+ CredentialRequestState) {
|
|
|
+ // For nonblind requests, just send the attributes in the clear
|
|
|
+ (
|
|
|
+ CredentialRequest {
|
|
|
+ m1: *m1,
|
|
|
+ m2: *m2,
|
|
|
+ m3: *m3,
|
|
|
+ m4: *m4,
|
|
|
+ m5: *m5
|
|
|
+ },
|
|
|
+ CredentialRequestState {
|
|
|
+ m1: *m1,
|
|
|
+ m2: *m2,
|
|
|
+ m3: *m3,
|
|
|
+ m4: *m4,
|
|
|
+ m5: *m5
|
|
|
+ }
|
|
|
+ )
|
|
|
+ }
|
|
|
+
|
|
|
impl Issuer {
|
|
|
// Issue a credential with (for example) 5 given attributes. In
|
|
|
// this (nonblinded) version, the issuer sees all of the attributes.
|
|
|
- pub fn nonblind_5_issue(&self, req: &CredentialRequest)
|
|
|
+ pub fn issue_nonblind_5(&self, req: &CredentialRequest)
|
|
|
-> CredentialResponse {
|
|
|
let A : &RistrettoPoint = &CMZ_A;
|
|
|
let B : &RistrettoPoint = &CMZ_B;
|
|
@@ -153,7 +199,7 @@ pub mod nonblind_5 {
|
|
|
self.privkey.x[5] * req.m5)) * P;
|
|
|
|
|
|
let mut transcript = Transcript::new(b"Nonblind 5 issuing proof");
|
|
|
- let pi: CompactProof = issue::prove_compact(
|
|
|
+ let piNonblindIssue: CompactProof = issue::prove_compact(
|
|
|
&mut transcript,
|
|
|
issue::ProveAssignments {
|
|
|
A: &A,
|
|
@@ -180,38 +226,11 @@ pub mod nonblind_5 {
|
|
|
x0tilde: &self.privkey.x0tilde
|
|
|
}).0;
|
|
|
|
|
|
- CredentialResponse { P, Q, pi }
|
|
|
+ CredentialResponse { P, Q, piNonblindIssue }
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- #[derive(Debug)]
|
|
|
- pub struct CredentialRequest {
|
|
|
- m1: Scalar,
|
|
|
- m2: Scalar,
|
|
|
- m3: Scalar,
|
|
|
- m4: Scalar,
|
|
|
- m5: Scalar,
|
|
|
- }
|
|
|
-
|
|
|
- pub struct CredentialResponse {
|
|
|
- P: RistrettoPoint,
|
|
|
- Q: RistrettoPoint,
|
|
|
- pi: CompactProof,
|
|
|
- }
|
|
|
-
|
|
|
- pub fn request(m1: &Scalar, m2: &Scalar, m3: &Scalar,
|
|
|
- m4: &Scalar, m5: &Scalar) -> CredentialRequest {
|
|
|
- // For nonblind requests, just send the attributes in the clear
|
|
|
- CredentialRequest {
|
|
|
- m1: *m1,
|
|
|
- m2: *m2,
|
|
|
- m3: *m3,
|
|
|
- m4: *m4,
|
|
|
- m5: *m5
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- pub fn verify(req: &CredentialRequest,
|
|
|
+ pub fn verify(state: CredentialRequestState,
|
|
|
resp: CredentialResponse, pubkey: &IssuerPubKey)
|
|
|
-> Result<Credential5, ProofError> {
|
|
|
let A : &RistrettoPoint = &CMZ_A;
|
|
@@ -222,7 +241,7 @@ pub mod nonblind_5 {
|
|
|
}
|
|
|
let mut transcript = Transcript::new(b"Nonblind 5 issuing proof");
|
|
|
issue::verify_compact(
|
|
|
- &resp.pi,
|
|
|
+ &resp.piNonblindIssue,
|
|
|
&mut transcript,
|
|
|
issue::VerifyAssignments {
|
|
|
A: &A.compress(),
|
|
@@ -235,21 +254,21 @@ pub mod nonblind_5 {
|
|
|
X3: &pubkey.X[3].compress(),
|
|
|
X4: &pubkey.X[4].compress(),
|
|
|
X5: &pubkey.X[5].compress(),
|
|
|
- P1: &(&req.m1 * &resp.P).compress(),
|
|
|
- P2: &(&req.m2 * &resp.P).compress(),
|
|
|
- P3: &(&req.m3 * &resp.P).compress(),
|
|
|
- P4: &(&req.m4 * &resp.P).compress(),
|
|
|
- P5: &(&req.m5 * &resp.P).compress(),
|
|
|
+ P1: &(&state.m1 * &resp.P).compress(),
|
|
|
+ P2: &(&state.m2 * &resp.P).compress(),
|
|
|
+ P3: &(&state.m3 * &resp.P).compress(),
|
|
|
+ P4: &(&state.m4 * &resp.P).compress(),
|
|
|
+ P5: &(&state.m5 * &resp.P).compress(),
|
|
|
}
|
|
|
)?;
|
|
|
Ok(Credential5 {
|
|
|
P: resp.P,
|
|
|
Q: resp.Q,
|
|
|
- m1: req.m1,
|
|
|
- m2: req.m2,
|
|
|
- m3: req.m3,
|
|
|
- m4: req.m4,
|
|
|
- m5: req.m5,
|
|
|
+ m1: state.m1,
|
|
|
+ m2: state.m2,
|
|
|
+ m3: state.m3,
|
|
|
+ m4: state.m4,
|
|
|
+ m5: state.m5,
|
|
|
})
|
|
|
}
|
|
|
}
|
|
@@ -264,7 +283,7 @@ pub mod nonblind_5 {
|
|
|
// proof macros. This shouldn't be a problem in practice, as one
|
|
|
// generally knows the set of statements one will require at compile,
|
|
|
// and not at run, time.
|
|
|
-pub mod blind124_5 {
|
|
|
+pub mod issue_blind124_5 {
|
|
|
use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
use curve25519_dalek::ristretto::RistrettoBasepointTable;
|
|
|
use curve25519_dalek::scalar::Scalar;
|
|
@@ -416,7 +435,7 @@ pub mod blind124_5 {
|
|
|
impl Issuer {
|
|
|
// Issue a credential with 5 attributes, of which attributes 1, 2,
|
|
|
// and 4 are blinded from the issuer, and 3 and 5 are visible.
|
|
|
- pub fn blind124_5_issue(&self, req: &CredentialRequest)
|
|
|
+ pub fn issue_blind124_5(&self, req: &CredentialRequest)
|
|
|
-> Result<CredentialResponse, ProofError> {
|
|
|
let A : &RistrettoPoint = &CMZ_A;
|
|
|
let B : &RistrettoPoint = &CMZ_B;
|