diff --git a/ecc/bls12381/ff/scalar.go b/ecc/bls12381/ff/scalar.go index 4ed3c45af..9a687c1f9 100644 --- a/ecc/bls12381/ff/scalar.go +++ b/ecc/bls12381/ff/scalar.go @@ -4,6 +4,7 @@ import ( "io" "github.com/cloudflare/circl/internal/conv" + "golang.org/x/crypto/cryptobyte" ) // ScalarSize is the length in bytes of a Scalar. @@ -64,6 +65,31 @@ func (z *Scalar) SetBytes(data []byte) { z.toMont(s) } +func (z *Scalar) Marshal(b *cryptobyte.Builder) error { + x := z.fromMont() + for i := len(x) - 1; i >= 0; i-- { + b.AddUint64(x[i]) + } + + return nil +} + +func (z *Scalar) Unmarshal(s *cryptobyte.String) bool { + var b [ScalarSize]byte + ok := s.CopyBytes(b[:]) + if !ok { + return false + } + + in64, err := setBytesBounded(b[:], scOrder[:]) + if err != nil { + return false + } + + z.toMont((*scRaw)(in64[:ScalarSize/8])) + return true +} + // MarshalBinary returns a slice of ScalarSize bytes that contains the minimal // residue of z such that 0 <= z < ScalarOrder (in big-endian order). func (z *Scalar) MarshalBinary() ([]byte, error) { diff --git a/ecc/bls12381/g1.go b/ecc/bls12381/g1.go index 08e2ef96e..a9ccaf455 100644 --- a/ecc/bls12381/g1.go +++ b/ecc/bls12381/g1.go @@ -371,8 +371,14 @@ func (g *G1) Encode(input, dst []byte) { // an optional domain separation tag. This function is safe to use when a // random oracle returning points in G1 be required. func (g *G1) Hash(input, dst []byte) { + g.HashWithExpander(expander.NewExpanderMD(crypto.SHA256, dst), input) +} + +// HashWithExpander is similar to [G1.Hash] but allows to specify an +// expander created from a hash function or an extendable-output function. +func (g *G1) HashWithExpander(exp expander.Expander, input []byte) { const L = 64 - pseudo := expander.NewExpanderMD(crypto.SHA256, dst).Expand(input, 2*L) + pseudo := exp.Expand(input, 2*L) var u0, u1 ff.Fp u0.SetBytes(pseudo[0*L : 1*L]) diff --git a/sign/bbs/bbs.go b/sign/bbs/bbs.go new file mode 100644 index 000000000..b87d647dc --- /dev/null +++ b/sign/bbs/bbs.go @@ -0,0 +1,84 @@ +package bbs + +import ( + "errors" + "slices" +) + +const ( + PublicKeySize = 96 // Size in bytes of public keys. + PrivateKeySize = 32 // Size in bytes of private keys. + SignatureSize = 80 // Size in bytes of signatures. + KeyMaterialMinSize = 32 // Minimum size in bytes of private key material. +) + +// [Msg] is a byte slice marked either as [Disclosed] or [Concealed]. +type Msg interface{ get() []byte } + +// Disclosed marks a message as disclosed. Implements the [Msg] interface. +type Disclosed []byte + +func (b Disclosed) get() []byte { return b } + +// Concealed marks a message as concealed. Implements the [Msg] interface. +type Concealed []byte + +func (b Concealed) get() []byte { return b } + +// Disclose returns a list of messages specifying the messages to be disclosed, +// and the others are concealed. +// Indexes must be unique and lesser than len(messages), +// otherwise returns an error. +func Disclose(messages [][]byte, disclosed []uint) ([]Msg, error) { + return choose[Disclosed, Concealed](messages, disclosed) +} + +// Conceal returns a list of messages specifying the messages to be concealed, +// and the others are disclosed. +// Indexes must be unique and lesser than len(messages), +// otherwise returns an error. +func Conceal(messages [][]byte, concealed []uint) ([]Msg, error) { + return choose[Concealed, Disclosed](messages, concealed) +} + +func choose[ + This, Other interface { + ~[]byte + Msg + }, +](msgs [][]byte, indexes []uint) ([]Msg, error) { + indexesNoDup := slices.Clone(indexes) + slices.Sort(indexesNoDup) + indexesNoDup = slices.Compact(indexesNoDup) + l := len(indexesNoDup) + // check for duplicates. + if l != len(indexes) { + return nil, ErrIndexes + } + + // check for out-of-range indexes. + if l > 0 && indexesNoDup[l-1] >= uint(len(msgs)) { + return nil, ErrIndexes + } + + choices := make([]Msg, len(msgs)) + for i := range msgs { + choices[i] = Other(msgs[i]) + } + + for _, idx := range indexesNoDup { + choices[idx] = This(msgs[idx]) + } + + return choices, nil +} + +var ( + ErrInvalidSuiteID = errors.New("bbs: invalid suite identifier") + ErrKeyMaterial = errors.New("bbs: invalid keyMaterial size") + ErrKeyInfo = errors.New("bbs: invalid keyGen keyInfo") + ErrInvalidOpts = errors.New("bbs: invalid options") + ErrIndexes = errors.New("bbs: invalid indexes") + ErrSignature = errors.New("bbs: invalid signature") + ErrGenerators = errors.New("bbs: invalid generators") +) diff --git a/sign/bbs/bbs_test.go b/sign/bbs/bbs_test.go new file mode 100644 index 000000000..9eb6950c8 --- /dev/null +++ b/sign/bbs/bbs_test.go @@ -0,0 +1,136 @@ +package bbs_test + +import ( + "crypto/rand" + "testing" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/internal/test" + "github.com/cloudflare/circl/sign/bbs" +) + +func TestConstants(t *testing.T) { + test.CheckOk( + bbs.PublicKeySize == bls12381.G2SizeCompressed, + "wrong PublicKeySize", t) + test.CheckOk( + bbs.PrivateKeySize == bls12381.ScalarSize, + "wrong PrivateKeySize", t) + test.CheckOk( + bbs.SignatureSize == bls12381.G1SizeCompressed+bls12381.ScalarSize, + "wrong SignatureSize", t) +} + +func TestBBS(t *testing.T) { + t.Run("BLS12381Shake256", func(t *testing.T) { testBBS(t, bbs.SuiteBLS12381Shake256) }) + t.Run("BLS12381Sha256", func(t *testing.T) { testBBS(t, bbs.SuiteBLS12381Sha256) }) +} + +func testBBS(t *testing.T, suite bbs.SuiteID) { + var ikm [32]byte + _, err := rand.Read(ikm[:]) + test.CheckNoErr(t, err, "failed rand.Read") + + keyInfo := []byte("Key Information") + keyDst := []byte("Domain separation Tag") + + key, err := bbs.KeyGen(suite, ikm[:], keyInfo, keyDst) + test.CheckNoErr(t, err, "failed KeyGen") + + pub := key.PublicKey() + messages := [][]byte{ + []byte("hero: Spider-Man"), + []byte("name: Peter Parker"), + []byte("age: 19"), + []byte("city: New York"), + []byte("lemma: with great power comes great responsibility"), + } + + sOpts := bbs.SignOptions{ID: suite, Header: []byte("signature header")} + sig := bbs.Sign(key, messages, sOpts) + valid := bbs.Verify(pub, &sig, messages, sOpts) + test.CheckOk(valid, "failed Verify", t) + + choices, err := bbs.Disclose(messages, []uint{0, 3, 4}) + test.CheckNoErr(t, err, "failed Disclose") + + pOpts := bbs.ProveOptions{[]byte("presentation header"), sOpts} + proof, disclosed, err := bbs.Prove(rand.Reader, pub, &sig, choices, pOpts) + test.CheckNoErr(t, err, "failed Prove") + + valid = bbs.VerifyProof(pub, proof, disclosed, pOpts) + test.CheckOk(valid, "failed VerifyProof", t) + + test.CheckMarshal(t, key, new(bbs.PrivateKey)) + test.CheckMarshal(t, pub, new(bbs.PublicKey)) + test.CheckMarshal(t, &sig, new(bbs.Signature)) + test.CheckMarshal(t, proof, new(bbs.Proof)) +} + +func BenchmarkBBS(b *testing.B) { + b.Run("BLS12381Shake256", func(b *testing.B) { benchmarkBBS(b, bbs.SuiteBLS12381Shake256) }) + b.Run("BLS12381Sha256", func(b *testing.B) { benchmarkBBS(b, bbs.SuiteBLS12381Sha256) }) +} + +func benchmarkBBS(b *testing.B, suite bbs.SuiteID) { + var ikm [32]byte + _, err := rand.Read(ikm[:]) + test.CheckNoErr(b, err, "failed rand Read") + + keyInfo := []byte("Key Information") + keyDst := []byte("Domain separation Tag") + + key, err := bbs.KeyGen(suite, ikm[:], keyInfo, keyDst) + test.CheckNoErr(b, err, "failed KeyGen") + + pub := key.PublicKey() + messages := [][]byte{ + []byte("hero: Spider-Man"), + []byte("name: Peter Parker"), + []byte("age: 19"), + []byte("city: New York"), + []byte("lemma: with great power comes great responsibility"), + } + + sOpts := bbs.SignOptions{ID: suite, Header: []byte("signature header")} + sig := bbs.Sign(key, messages, sOpts) + valid := bbs.Verify(pub, &sig, messages, sOpts) + test.CheckOk(valid, "failed Verify", b) + + choices, err := bbs.Disclose(messages, []uint{0, 3, 4}) + test.CheckNoErr(b, err, "failed Disclose") + + pOpts := bbs.ProveOptions{[]byte("presentation header"), sOpts} + proof, disclosed, err := bbs.Prove(rand.Reader, pub, &sig, choices, pOpts) + test.CheckNoErr(b, err, "failed Prove") + + valid = bbs.VerifyProof(pub, proof, disclosed, pOpts) + test.CheckOk(valid, "failed VerifyProof", b) + + b.Run("KeyGen", func(b *testing.B) { + for range b.N { + key, _ = bbs.KeyGen(suite, ikm[:], keyInfo, keyDst) + _ = key.Public() + } + }) + b.Run("Sign", func(b *testing.B) { + for range b.N { + _ = bbs.Sign(key, messages, sOpts) + } + }) + b.Run("Verify", func(b *testing.B) { + for range b.N { + _ = bbs.Verify(pub, &sig, messages, sOpts) + } + }) + b.Run("Prove", func(b *testing.B) { + for range b.N { + _, _, _ = bbs.Prove(rand.Reader, pub, &sig, choices, pOpts) + } + }) + b.Run("VerifyProof", func(b *testing.B) { + for range b.N { + _ = bbs.VerifyProof(pub, proof, disclosed, pOpts) + } + }) +} diff --git a/sign/bbs/doc.go b/sign/bbs/doc.go new file mode 100644 index 000000000..2fea4588c --- /dev/null +++ b/sign/bbs/doc.go @@ -0,0 +1,27 @@ +// Package bbs provides an implementation of the BBS signature scheme. +// +// # Signing +// +// Unlike other signature schemes, BBS allows to sign multiple messages at once. +// Verification works as usual but it is sensitive to the order in which +// the messages are signed. +// +// # Proof of Knowledge of a Signature +// +// Anyone with a valid signature (over a set of messages) can generate a proof +// that attests knowledge of the signature. +// Proof verification works as usual but it is sensitive to the order in which +// the messages are processed. +// +// # Message Disclosure +// +// The prover can conceal some of the messages, while disclosing the others. +// For verification, only the disclosed messages are necessary to validate +// the proof. +// +// # Specification +// +// This package is compliant with draft-irtf-cfrg-bbs-signatures [v08]. +// +// [v08] https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bbs-signatures-08 +package bbs diff --git a/sign/bbs/doc_test.go b/sign/bbs/doc_test.go new file mode 100644 index 000000000..fb1689bc3 --- /dev/null +++ b/sign/bbs/doc_test.go @@ -0,0 +1,83 @@ +package bbs_test + +import ( + "crypto/rand" + "fmt" + + "github.com/cloudflare/circl/sign/bbs" +) + +const Suite = bbs.SuiteBLS12381Shake256 + +var ( + sOpts = bbs.SignOptions{ID: Suite} + pOpts = bbs.ProveOptions{SignOptions: sOpts} +) + +func ExampleSign() { + var keyMaterial [bbs.KeyMaterialMinSize]byte + _, _ = rand.Read(keyMaterial[:]) + key, _ := bbs.KeyGen(Suite, keyMaterial[:], nil, nil) + pub := key.PublicKey() + + msg0 := []byte("Document") + msg1 := []byte("Picture") + msg2 := []byte("Table") + sig := bbs.Sign(key, [][]byte{msg0, msg1, msg2}, sOpts) + + valid := bbs.Verify(pub, &sig, [][]byte{msg0, msg1, msg2}, sOpts) + fmt.Println(valid) + + // Fails because messages are in a wrong order. + invalid := bbs.Verify(pub, &sig, [][]byte{msg1, msg2, msg0}, sOpts) + fmt.Println(invalid) + // Output: true + // false +} + +func ExampleProve() { + var keyMaterial [bbs.KeyMaterialMinSize]byte + _, _ = rand.Read(keyMaterial[:]) + key, _ := bbs.KeyGen(Suite, keyMaterial[:], nil, nil) + pub := key.PublicKey() + + allMsgs := [][]byte{[]byte("Document"), []byte("Picture"), []byte("Table")} + sig := bbs.Sign(key, allMsgs, sOpts) + + // Disclose the second and third messages. + // Equivalently: + // msgsProve, _ := bbs.Disclose(allMsgs, []uint{1, 2}) + // or + // msgsProve, _ := bbs.Conceal(allMsgs, []uint{0}) + msgsProve := []bbs.Msg{ + bbs.Concealed(allMsgs[0]), + bbs.Disclosed(allMsgs[1]), + bbs.Disclosed(allMsgs[2]), + } + + for i, m := range msgsProve { + fmt.Printf("[%v] %T: %s\n", i, m, m) + } + + proof, disclosed, _ := bbs.Prove(rand.Reader, pub, &sig, msgsProve, pOpts) + + // Only disclosed messages. + for _, m := range disclosed { + fmt.Printf("[%v] %T: %s\n", m.Index, m.Message, m.Message) + } + + valid := bbs.VerifyProof(pub, proof, disclosed, pOpts) + fmt.Println(valid) + + // Fails because the disclosed messages are incomplete. + invalid := bbs.VerifyProof(pub, proof, disclosed[1:], pOpts) + fmt.Println(invalid) + // Output: + // [0] bbs.Concealed: Document + // [1] bbs.Disclosed: Picture + // [2] bbs.Disclosed: Table + // [1] bbs.Disclosed: Picture + // [2] bbs.Disclosed: Table + // true + // false +} diff --git a/sign/bbs/keys.go b/sign/bbs/keys.go new file mode 100644 index 000000000..2f8ad5bcb --- /dev/null +++ b/sign/bbs/keys.go @@ -0,0 +1,97 @@ +package bbs + +import ( + "crypto" + "math" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/internal/conv" + "golang.org/x/crypto/cryptobyte" +) + +// PrivateKey represents a private key for signing. +type PrivateKey struct { + pub *PublicKey + key bufScalar +} + +func (k *PrivateKey) Public() crypto.PublicKey { return k.PublicKey() } + +func (k *PrivateKey) PublicKey() *PublicKey { + k.calcPublicKey() + pubCopy := *k.pub + return &pubCopy +} + +func (k *PrivateKey) calcPublicKey() { + if k.pub == nil { + k.pub = new(PublicKey) + k.pub.key.ScalarMult(&k.key.scalar, bls12381.G2Generator()) + k.pub.encoded = [g2Size]byte(k.pub.key.BytesCompressed()) + } +} + +func (k *PrivateKey) Equal(x crypto.PrivateKey) bool { + kx, ok := x.(*PrivateKey) + return ok && k.key.scalar.IsEqual(&kx.key.scalar) == 1 +} + +func (k *PrivateKey) MarshalBinary() ([]byte, error) { return conv.MarshalBinaryLen(k, PrivateKeySize) } +func (k *PrivateKey) UnmarshalBinary(b []byte) error { return conv.UnmarshalBinary(k, b) } +func (k *PrivateKey) Marshal(b *cryptobyte.Builder) error { b.AddValue(&k.key); return nil } +func (k *PrivateKey) Unmarshal(s *cryptobyte.String) bool { return k.key.Unmarshal(s) } + +// PublicKey represents a public key for verification of signatures and proofs. +type PublicKey struct { + key g2 + encoded [PublicKeySize]byte +} + +func (k *PublicKey) Equal(x crypto.PublicKey) bool { + kx, ok := x.(*PublicKey) + return ok && k.key.IsEqual(&kx.key) +} +func (k *PublicKey) MarshalBinary() ([]byte, error) { return conv.MarshalBinaryLen(k, PublicKeySize) } +func (k *PublicKey) UnmarshalBinary(b []byte) error { return conv.UnmarshalBinary(k, b) } +func (k *PublicKey) Marshal(b *cryptobyte.Builder) error { b.AddBytes(k.encoded[:]); return nil } +func (k *PublicKey) Unmarshal(s *cryptobyte.String) bool { + var b [PublicKeySize]byte + ok := s.CopyBytes(b[:]) && k.key.SetBytes(b[:]) == nil + if ok { + k.encoded = b + } + return ok +} + +// KeyGen returns a [PrivateKey] derived from random key material of at least +// [KeyMaterialMinSize] bytes. +// Key information is used to derive multiple keys from the same key material. +// Optionally, a domain separation tag can be provided. +// Returns an error if keyMaterial is shorter than [KeyMaterialMinSize] bytes, +// or if the length of info is larger than [math.MaxUint16]. +func KeyGen(id SuiteID, keyMaterial, info, dst []byte) (*PrivateKey, error) { + if len(keyMaterial) < KeyMaterialMinSize { + return nil, ErrKeyMaterial + } + + if len(info) > math.MaxUint16 { + return nil, ErrKeyInfo + } + + s := id.new() + if dst == nil { + dst = s.keyDST() + } + + bLen := len(keyMaterial) + 2 + len(info) + b := cryptobyte.NewFixedBuilder(make([]byte, 0, bLen)) + b.AddBytes(keyMaterial) + b.AddUint16(uint16(len(info))) + b.AddBytes(info) + input, err := b.Bytes() + if err != nil { + return nil, err + } + + return &PrivateKey{key: s.hashToScalar(input, dst), pub: nil}, nil +} diff --git a/sign/bbs/proof.go b/sign/bbs/proof.go new file mode 100644 index 000000000..1b6f46551 --- /dev/null +++ b/sign/bbs/proof.go @@ -0,0 +1,344 @@ +package bbs + +import ( + "io" + "slices" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/internal/conv" + "golang.org/x/crypto/cryptobyte" +) + +// Proof of knowledge of a BBS signature. +type Proof struct { + mHat []scalar + abar, bbar, d g1 + eHat, r1Hat, r3Hat, chal scalar +} + +// Size in bytes of a [Proof]. +func (p *Proof) Size() uint { return 3*g1Size + (4+uint(len(p.mHat)))*scalarSize } +func (p *Proof) MarshalBinary() ([]byte, error) { return conv.MarshalBinaryLen(p, p.Size()) } +func (p *Proof) UnmarshalBinary(b []byte) error { return conv.UnmarshalBinary(p, b) } +func (p *Proof) Marshal(b *cryptobyte.Builder) (e error) { + b.AddBytes(p.abar.BytesCompressed()) + b.AddBytes(p.bbar.BytesCompressed()) + b.AddBytes(p.d.BytesCompressed()) + b.AddValue(&p.eHat) + b.AddValue(&p.r1Hat) + b.AddValue(&p.r3Hat) + for i := uint(0); i < uint(len(p.mHat)); i++ { + b.AddValue(&p.mHat[i]) + } + b.AddValue(&p.chal) + return nil +} + +func (p *Proof) Unmarshal(s *cryptobyte.String) bool { + var b [g1Size]byte + ok := s.CopyBytes(b[:]) && p.abar.SetBytes(b[:]) == nil && + s.CopyBytes(b[:]) && p.bbar.SetBytes(b[:]) == nil && + s.CopyBytes(b[:]) && p.d.SetBytes(b[:]) == nil && + p.eHat.Unmarshal(s) && + p.r1Hat.Unmarshal(s) && + p.r3Hat.Unmarshal(s) + if !ok { + return false + } + + var l []scalar + var sc scalar + for !s.Empty() { + ok := sc.Unmarshal(s) + if !ok { + return false + } + l = append(l, sc) + } + + if len(l) == 0 { + return false + } + + p.mHat = l[:len(l)-1] + p.chal = l[len(l)-1] + return true +} + +type indexedScalar struct { + bufScalar + Index uint64 +} + +func proofInit( + s suite, + pub *PublicKey, + sig *Signature, + rndScalar []scalar, + header []byte, + messages []indexedScalar, + concealed []indexedScalar, +) (res [5]g1, domain bufScalar) { + Q1Gens := make([]g1, 1+len(messages)) + s.getQ1Gens(Q1Gens) + domain = calcDomain(s, pub, Q1Gens, header) + + var B, t g1 + P1 := s.getP1() + B.ScalarMult(&domain.scalar, &Q1Gens[0]) + B.Add(&B, &P1) + generators := Q1Gens[1 : 1+len(messages)] + for i := range messages { + t.ScalarMult( + &messages[i].bufScalar.scalar, + &generators[messages[i].Index], + ) + B.Add(&B, &t) + } + + r3Tilde := &rndScalar[4] + r1Tilde := &rndScalar[3] + eTilde := &rndScalar[2] + r2 := &rndScalar[1] + r1 := &rndScalar[0] + + Abar := &res[0] + Bbar := &res[1] + D := &res[2] + T1 := &res[3] + T2 := &res[4] + + D.ScalarMult(r2, &B) + + var r scalar + r.Mul(r1, r2) + Abar.ScalarMult(&r, &sig.a) + + t.ScalarMult(&sig.e, Abar) + t.Neg() + Bbar.ScalarMult(r1, D) + Bbar.Add(Bbar, &t) + + t.ScalarMult(r1Tilde, D) + T1.ScalarMult(eTilde, Abar) + T1.Add(T1, &t) + + T2.ScalarMult(r3Tilde, D) + rndSc := rndScalar[5 : 5+len(concealed)] + for i := range concealed { + t.ScalarMult(&rndSc[i], &generators[concealed[i].Index]) + T2.Add(T2, &t) + } + + return res, domain +} + +func proofVerifyInit( + s suite, + pub *PublicKey, + p *Proof, + numGens uint64, + header []byte, + disclosed []indexedScalar, +) (res [5]g1, domain bufScalar) { + Q1Gens := make([]g1, 1+numGens) + s.getQ1Gens(Q1Gens) + domain = calcDomain(s, pub, Q1Gens, header) + + res[0] = p.abar + res[1] = p.bbar + res[2] = p.d + T1 := &res[3] + T2 := &res[4] + + var t g1 + t.ScalarMult(&p.eHat, &p.abar) + T1.ScalarMult(&p.chal, &p.bbar) + T1.Add(T1, &t) + t.ScalarMult(&p.r1Hat, &p.d) + T1.Add(T1, &t) + + var Bv g1 + P1 := s.getP1() + Bv.ScalarMult(&domain.scalar, &Q1Gens[0]) + Bv.Add(&Bv, &P1) + + T2.ScalarMult(&p.r3Hat, &p.d) + + var j, k uint + maxJ := uint(len(disclosed)) + mHat := p.mHat + maxK := uint(len(mHat)) + generators := Q1Gens[1:] + for i := range generators { + if j < maxJ && disclosed[j].Index == uint64(i) { + t.ScalarMult(&disclosed[j].scalar, &generators[i]) + Bv.Add(&Bv, &t) + j++ + } else if k < maxK { + t.ScalarMult(&mHat[k], &generators[i]) + T2.Add(T2, &t) + k++ + } + } + + t.ScalarMult(&p.chal, &Bv) + T2.Add(T2, &t) + + return res, domain +} + +func proofFinalize( + values *[5]g1, + chal *scalar, + eValue *scalar, + rndScalar []scalar, + concealed []indexedScalar, +) (p Proof) { + p.abar = values[0] + p.bbar = values[1] + p.d = values[2] + p.chal = *chal + + r3Tilde := &rndScalar[4] + r1Tilde := &rndScalar[3] + eTilde := &rndScalar[2] + r2 := &rndScalar[1] + r1 := &rndScalar[0] + + p.eHat.Mul(eValue, chal) + p.eHat.Add(&p.eHat, eTilde) + + p.r1Hat.Mul(r1, chal) + p.r1Hat.Sub(r1Tilde, &p.r1Hat) + + p.r3Hat.Inv(r2) + p.r3Hat.Mul(&p.r3Hat, chal) + p.r3Hat.Sub(r3Tilde, &p.r3Hat) + + mHat := make([]scalar, len(concealed)) + rndSc := rndScalar[5 : 5+len(concealed)] + for i := range mHat { + mHat[i].Mul(&concealed[i].scalar, chal) + mHat[i].Add(&mHat[i], &rndSc[i]) + } + + p.mHat = mHat + return p +} + +// ProveOptions allows to specify a presentation header for proof generation. +type ProveOptions struct { + PresentationHeader []byte + SignOptions +} + +type DisclosedMessage struct { + Message Disclosed + Index uint64 +} + +// Prove creates a proof of knowledge of the signature, while disclosing a +// subset of messages. +// Messages must be in the same order as during signing. +// [ProveOptions] allows to specify a presentation header, the signature header, +// and the suite identifier. +func Prove( + rnd io.Reader, + pub *PublicKey, + sig *Signature, + messages []Msg, + options ProveOptions, +) (*Proof, []DisclosedMessage, error) { + s := options.ID.new() + var numDisclosed, numConcealed uint + for i := range messages { + switch messages[i].(type) { + case Disclosed: + numDisclosed++ + case Concealed: + numConcealed++ + } + } + + rndScalars := make([]scalar, 5+numConcealed) + err := randomScalars(rnd, rndScalars) + if err != nil { + return nil, nil, err + } + + allMessages := make([]indexedScalar, numConcealed+numDisclosed) + concealed := allMessages[0:numConcealed] + disclosed := allMessages[numConcealed : numConcealed+numDisclosed] + disclosedMessages := make([]DisclosedMessage, numDisclosed) + + h := s.newHasherScalar(s.MapDST()) + var j, k uint + for i := range messages { + scalar := indexedScalar{h.Hash(messages[i].get()), uint64(i)} + switch mi := messages[i].(type) { + case Disclosed: + disclosedMessages[j] = DisclosedMessage{mi, uint64(i)} + disclosed[j] = scalar + j++ + case Concealed: + concealed[k] = scalar + k++ + } + } + + res, domain := proofInit(s, pub, sig, rndScalars, options.Header, + allMessages, concealed) + ch := challenge(s, &res, &domain, disclosed, options.PresentationHeader) + proof := proofFinalize(&res, &ch.scalar, &sig.e, rndScalars, concealed) + return &proof, disclosedMessages, nil +} + +// VerifyProof checks whether a proof of the signature and disclosed messages +// is valid. +// ProveOptions allows to specify a presentation header used during proof +// generation. +func VerifyProof( + pub *PublicKey, + proof *Proof, + disclosedMessages []DisclosedMessage, + options ProveOptions, +) bool { + slices.SortFunc(disclosedMessages, func(a, b DisclosedMessage) int { + if a.Index < b.Index { + return -1 + } else if a.Index > b.Index { + return 1 + } + return 0 + }) + disclosedMsgsNoDup := slices.CompactFunc(disclosedMessages, + func(a, b DisclosedMessage) bool { return a.Index == b.Index }, + ) + R := len(disclosedMsgsNoDup) + // check for duplicates. + if R != len(disclosedMessages) { + return false + } + + N := uint64(len(proof.mHat) + R) + // check for out-of-range indexes. + if R > 0 && disclosedMsgsNoDup[R-1].Index >= N { + return false + } + + s := options.ID.new() + h := s.newHasherScalar(s.MapDST()) + disclosed := make([]indexedScalar, len(disclosedMsgsNoDup)) + for i := range disclosedMsgsNoDup { + disclosed[i].Index = disclosedMsgsNoDup[i].Index + disclosed[i].bufScalar = h.Hash(disclosedMsgsNoDup[i].Message) + } + + res, domain := proofVerifyInit(s, pub, proof, N, options.Header, disclosed) + ch := challenge(s, &res, &domain, disclosed, options.PresentationHeader) + return ch.IsEqual(&proof.chal) == 1 && bls12381.ProdPairFrac( + []*g1{&proof.abar, &proof.bbar}, + []*g2{&pub.key, bls12381.G2Generator()}, + []int{1, -1}).IsIdentity() +} diff --git a/sign/bbs/sign.go b/sign/bbs/sign.go new file mode 100644 index 000000000..3cf766c54 --- /dev/null +++ b/sign/bbs/sign.go @@ -0,0 +1,149 @@ +package bbs + +import ( + "crypto" + "io" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/internal/conv" + "golang.org/x/crypto/cryptobyte" +) + +type Signature struct { + a g1 + e scalar +} + +func (s *Signature) MarshalBinary() ([]byte, error) { + return conv.MarshalBinaryLen(s, SignatureSize) +} + +func (s *Signature) UnmarshalBinary(b []byte) error { + return conv.UnmarshalBinary(s, b) +} + +func (s *Signature) Marshal(b *cryptobyte.Builder) (e error) { + b.AddBytes(s.a.BytesCompressed()) + b.AddValue(&s.e) + return +} + +func (s *Signature) Unmarshal(st *cryptobyte.String) bool { + var b [g1Size]byte + return st.CopyBytes(b[:]) && s.a.SetBytes(b[:]) == nil && s.e.Unmarshal(st) +} + +// SignOptions used for configuration of signing. +type SignOptions struct { + Header []byte // Header used to bind public information to the signature. + ID SuiteID // ID determines the suite of algorithms. +} + +// HashFunc always returns the zero value. +func (SignOptions) HashFunc() (h crypto.Hash) { return } + +// Sign produces a signature over one message. +// Use the [Sign] function for signing multiple messages. +// +// The io.Reader is ignored because signatures are deterministic. +// Passing a [SignOptions] struct allows to specify a signature header and +// the suite identifier. +// When nil is passed as options, the zero value of [SignOptions] is used. +// If successful, it returns the serialization of the signature. +func (k *PrivateKey) Sign( + rnd io.Reader, message []byte, options crypto.SignerOpts, +) ([]byte, error) { + var op SignOptions + if options != nil { + cOpts, ok := options.(SignOptions) + if ok { + op = cOpts + } else { + return nil, ErrInvalidOpts + } + } + + s := Sign(k, [][]byte{message}, op) + return s.MarshalBinary() +} + +// Sign produces a signature over multiple messages. +// +// Sign is sensitive to the order of input messages. +// [SignOptions] allows to specify a signature header and the suite identifier. +func Sign( + key *PrivateKey, messages [][]byte, options SignOptions, +) (sig Signature) { + s := options.ID.new() + key.calcPublicKey() + bLen := scalarSize * (2 + len(messages)) + b := cryptobyte.NewFixedBuilder(make([]byte, 0, bLen)) + b.AddValue(key) + B := calculateB(s, key.pub, messages, options.Header, b) + e := s.hashToScalar(b.BytesOrPanic(), s.HashToScalarDST()) + if e.scalar.IsEqual(&key.key.scalar) == 1 { + panic(ErrSignature) + } + + var skE scalar + skE.Add(&key.key.scalar, &e.scalar) + skE.Inv(&skE) + sig.a.ScalarMult(&skE, &B) + sig.e = e.scalar + return sig +} + +// Verify checks whether the signature over the messages is valid. +// Messages must be in the same order as during signing. +// [SignOptions] allows to specify a signature header and the suite identifier. +func Verify( + pub *PublicKey, sig *Signature, messages [][]byte, options SignOptions, +) bool { + var t g1 + B := calculateB(options.ID.new(), pub, messages, options.Header, nil) + B.Neg() + t.ScalarMult(&sig.e, &sig.a) + t.Add(&t, &B) + + // (A,W)*(eA-B,BP2) + return bls12381.ProdPairFrac( + []*g1{&sig.a, &t}, + []*g2{&pub.key, bls12381.G2Generator()}, + []int{1, 1}, + ).IsIdentity() +} + +func calculateB( + s suite, + pub *PublicKey, + messages [][]byte, + header []byte, + b *cryptobyte.Builder, +) (B g1) { + Q1Gens := make([]g1, 1+len(messages)) + s.getQ1Gens(Q1Gens) + domain := calcDomain(s, pub, Q1Gens, header) + + P1 := s.getP1() + B.ScalarMult(&domain.scalar, &Q1Gens[0]) + B.Add(&B, &P1) + + generators := Q1Gens[1 : 1+len(messages)] + H := s.newHasherScalar(s.MapDST()) + var t g1 + for i := range messages { + mi := H.Hash(messages[i]) + t.ScalarMult(&mi.scalar, &generators[i]) + B.Add(&B, &t) + + if b != nil { + b.AddValue(&mi) + } + } + + if b != nil { + b.AddValue(&domain) + } + + return B +} diff --git a/sign/bbs/suite.go b/sign/bbs/suite.go new file mode 100644 index 000000000..f0595dc3e --- /dev/null +++ b/sign/bbs/suite.go @@ -0,0 +1,183 @@ +package bbs + +import ( + "crypto" + "encoding/binary" + "encoding/hex" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/expander" + "github.com/cloudflare/circl/xof" +) + +// SuiteID identifies the suite of algorithms supported. +type SuiteID uint + +const ( + // Corresponds to the "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_" suite. + SuiteBLS12381Shake256 SuiteID = iota + // Corresponds to the "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_" suite. + SuiteBLS12381Sha256 + + maxSuiteID +) + +func (id SuiteID) String() string { id.check(); return suiteIDName[id] } + +func (id SuiteID) check() { + if id >= maxSuiteID { + panic(ErrInvalidSuiteID) + } +} + +func (id SuiteID) new() suite { + id.check() + var b [50]byte + return suite{ + SuiteID: id, + gens: &suiteGenerators[id], + prefix: append(append(b[:0], suiteIDName[id]...), labelAPIID...), + } +} + +type suite struct { + gens *precmpGens + prefix []byte + SuiteID +} + +func (s suite) apiID() []byte { return s.prefix } +func (s suite) keyDST() []byte { return []byte(s.String() + labelKeyDST) } +func (s suite) HashToScalarDST() []byte { return append(s.prefix, labelHashToScalarDST...) } +func (s suite) SeedDST() []byte { return append(s.prefix, labelSeedDST...) } +func (s suite) GeneratorDST() []byte { return append(s.prefix, labelGeneratorDST...) } +func (s suite) GeneratorSeed() []byte { return append(s.prefix, labelGeneratorSeed...) } +func (s suite) BpGeneratorSeed() []byte { return append(s.prefix, labelBpGeneratorSeed...) } +func (s suite) MapDST() []byte { return append(s.prefix, labelMapDST...) } +func (s suite) getP1() (g g1) { return fetchG1FromString(s.gens.P1) } +func (s suite) newHasherScalar(dst []byte) (h hasherScalar) { + switch s.SuiteID { + case SuiteBLS12381Sha256: + h.exp = expander.NewExpanderMD(crypto.SHA256, dst) + case SuiteBLS12381Shake256: + const SecLevel = 128 + h.exp = expander.NewExpanderXOF(xof.SHAKE256, SecLevel, dst) + } + h.r.SetBytes(bls12381.Order()) + return h +} + +func (s suite) hashToScalar(msg, dst []byte) bufScalar { + h := s.newHasherScalar(dst) + return h.Hash(msg) +} + +func (s suite) hashToGenerators(gens []g1, generatorSeed []byte, start uint) { + var expBytes, expHashG1 expander.Expander + switch s.SuiteID { + case SuiteBLS12381Sha256: + const h = crypto.SHA256 + expBytes = expander.NewExpanderMD(h, s.SeedDST()) + expHashG1 = expander.NewExpanderMD(h, s.GeneratorDST()) + case SuiteBLS12381Shake256: + const SecLevel = 128 + const f = xof.SHAKE256 + expBytes = expander.NewExpanderXOF(f, SecLevel, s.SeedDST()) + expHashG1 = expander.NewExpanderXOF(f, SecLevel, s.GeneratorDST()) + } + + v := expBytes.Expand(generatorSeed, expandLen) + for i := range gens { + v = expBytes.Expand( + binary.BigEndian.AppendUint64(v, uint64(i+1)), expandLen) + if uint(i) >= start { + gens[i].HashWithExpander(expHashG1, v) + } + } +} + +func (s suite) getQ1Gens(g []g1) { + numGen := len(g) + numPrecmp := len(s.gens.Q1Gens) + n := min(numGen, numPrecmp) + for i := range n { + g[i] = fetchG1FromString(s.gens.Q1Gens[i]) + } + + if numGen > numPrecmp { + s.hashToGenerators(g, s.GeneratorSeed(), uint(numPrecmp)) + } +} + +func fetchG1FromString(str string) (g g1) { + var b [g1Size]byte + _, err := hex.Decode(b[:], []byte(str)) + if err != nil { + panic(ErrGenerators) + } + + err = g.SetBytes(b[:]) + if err != nil { + panic(err) + } + + return g +} + +type ( + g1 = bls12381.G1 + g2 = bls12381.G2 + scalar = bls12381.Scalar + precmpGens struct { + P1 string + Q1Gens [numPrecmpGens]string // First is Q1, others are H_i. + } +) + +const ( + g1Size = bls12381.G1SizeCompressed + g2Size = bls12381.G2SizeCompressed + scalarSize = bls12381.ScalarSize + suiteBLS12381Sha256 = "BBS_BLS12381G1_XMD:SHA-256_SSWU_RO_" + suiteBLS12381Shake256 = "BBS_BLS12381G1_XOF:SHAKE-256_SSWU_RO_" + labelKeyDST = "KEYGEN_DST_" + labelAPIID = "H2G_HM2S_" + labelHashToScalarDST = "H2S_" + labelSeedDST = "SIG_GENERATOR_SEED_" + labelGeneratorDST = "SIG_GENERATOR_DST_" + labelGeneratorSeed = "MESSAGE_GENERATOR_SEED" + labelBpGeneratorSeed = "BP_MESSAGE_GENERATOR_SEED" + labelMapDST = "MAP_MSG_TO_SCALAR_AS_HASH_" + expandLen = 48 + numPrecmpGens = 5 +) + +var ( + suiteIDName = [...]string{ + SuiteBLS12381Shake256: suiteBLS12381Shake256, + SuiteBLS12381Sha256: suiteBLS12381Sha256, + } + + suiteGenerators = [...]precmpGens{ + SuiteBLS12381Shake256: { + P1: "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + Q1Gens: [numPrecmpGens]string{ + "a9d40131066399fd41af51d883f4473b0dcd7d028d3d34ef17f3241d204e28507d7ecae032afa1d5490849b7678ec1f8", + "903c7ca0b7e78a2017d0baf74103bd00ca8ff9bf429f834f071c75ffe6bfdec6d6dca15417e4ac08ca4ae1e78b7adc0e", + "84321f5855bfb6b001f0dfcb47ac9b5cc68f1a4edd20f0ec850e0563b27d2accee6edff1a26b357762fb24e8ddbb6fcb", + "b3060dff0d12a32819e08da00e61810676cc9185fdd750e5ef82b1a9798c7d76d63de3b6225d6c9a479d6c21a7c8bf93", + "8f1093d1e553cdead3c70ce55b6d664e5d1912cc9edfdd37bf1dad11ca396a0a8bb062092d391ebf8790ea5722413f68", + }, + }, + SuiteBLS12381Sha256: { + P1: "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + Q1Gens: [numPrecmpGens]string{ + "a9ec65b70a7fbe40c874c9eb041c2cb0a7af36ccec1bea48fa2ba4c2eb67ef7f9ecb17ed27d38d27cdeddff44c8137be", + "98cd5313283aaf5db1b3ba8611fe6070d19e605de4078c38df36019fbaad0bd28dd090fd24ed27f7f4d22d5ff5dea7d4", + "a31fbe20c5c135bcaa8d9fc4e4ac665cc6db0226f35e737507e803044093f37697a9d452490a970eea6f9ad6c3dcaa3a", + "b479263445f4d2108965a9086f9d1fdc8cde77d14a91c856769521ad3344754cc5ce90d9bc4c696dffbc9ef1d6ad1b62", + "ac0401766d2128d4791d922557c7b4d1ae9a9b508ce266575244a8d6f32110d7b0b7557b77604869633bb49afbe20035", + }, + }, + } +) diff --git a/sign/bbs/testdata/BLS12381SHA256/MapMessageToScalarAsHash.json b/sign/bbs/testdata/BLS12381SHA256/MapMessageToScalarAsHash.json new file mode 100644 index 000000000..cfa7413a6 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/MapMessageToScalarAsHash.json @@ -0,0 +1,46 @@ +{ + "caseName": "MapMessageToScalar fixture", + "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4d41505f4d53475f544f5f5343414c41525f41535f484153485f", + "cases": [ + { + "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "scalar": "1cb5bb86114b34dc438a911617655a1db595abafac92f47c5001799cf624b430" + }, + { + "message": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "scalar": "154249d503c093ac2df516d4bb88b510d54fd97e8d7121aede420a25d9521952" + }, + { + "message": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "scalar": "0c7c4c85cdab32e6fdb0de267b16fa3212733d4e3a3f0d0f751657578b26fe22" + }, + { + "message": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "scalar": "4a196deafee5c23f630156ae13be3e46e53b7e39094d22877b8cba7f14640888" + }, + { + "message": "496694774c5604ab1b2544eababcf0f53278ff50", + "scalar": "34c5ea4f2ba49117015a02c711bb173c11b06b3f1571b88a2952b93d0ed4cf7e" + }, + { + "message": "515ae153e22aae04ad16f759e07237b4", + "scalar": "4045b39b83055cd57a4d0203e1660800fabe434004dbdc8730c21ce3f0048b08" + }, + { + "message": "d183ddc6e2665aa4e2f088af", + "scalar": "064621da4377b6b1d05ecc37cf3b9dfc94b9498d7013dc5c4a82bf3bb1750743" + }, + { + "message": "ac55fb33a75909ed", + "scalar": "34ac9196ace0a37e147e32319ea9b3d8cc7d21870d3c3ba071246859cca49b02" + }, + { + "message": "96012096", + "scalar": "57eb93f417c43200e9784fa5ea5a59168d3dbc38df707a13bb597c871b2a5f74" + }, + { + "message": "", + "scalar": "08e3afeb2b4f2b5f907924ef42856616e6f2d5f1fb373736db1cca32707a7d16" + } + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/generators.json b/sign/bbs/testdata/BLS12381SHA256/generators.json new file mode 100644 index 000000000..967b6f255 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/generators.json @@ -0,0 +1,16 @@ +{ + "P1": "a8ce256102840821a3e94ea9025e4662b205762f9776b3a766c872b948f1fd225e7c59698588e70d11406d161b4e28c9", + "Q1": "a9ec65b70a7fbe40c874c9eb041c2cb0a7af36ccec1bea48fa2ba4c2eb67ef7f9ecb17ed27d38d27cdeddff44c8137be", + "MsgGenerators": [ + "98cd5313283aaf5db1b3ba8611fe6070d19e605de4078c38df36019fbaad0bd28dd090fd24ed27f7f4d22d5ff5dea7d4", + "a31fbe20c5c135bcaa8d9fc4e4ac665cc6db0226f35e737507e803044093f37697a9d452490a970eea6f9ad6c3dcaa3a", + "b479263445f4d2108965a9086f9d1fdc8cde77d14a91c856769521ad3344754cc5ce90d9bc4c696dffbc9ef1d6ad1b62", + "ac0401766d2128d4791d922557c7b4d1ae9a9b508ce266575244a8d6f32110d7b0b7557b77604869633bb49afbe20035", + "b95d2898370ebc542857746a316ce32fa5151c31f9b57915e308ee9d1de7db69127d919e984ea0747f5223821b596335", + "8f19359ae6ee508157492c06765b7df09e2e5ad591115742f2de9c08572bb2845cbf03fd7e23b7f031ed9c7564e52f39", + "abc914abe2926324b2c848e8a411a2b6df18cbe7758db8644145fefb0bf0a2d558a8c9946bd35e00c69d167aadf304c1", + "80755b3eb0dd4249cbefd20f177cee88e0761c066b71794825c9997b551f24051c352567ba6c01e57ac75dff763eaa17", + "82701eb98070728e1769525e73abff1783cedc364adb20c05c897a62f2ab2927f86f118dcb7819a7b218d8f3fee4bd7f", + "a1f229540474f4d6f1134761b92b788128c7ac8dc9b0c52d59493132679673032ac7db3fb3d79b46b13c1c41ee495bca" + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/h2s.json b/sign/bbs/testdata/BLS12381SHA256/h2s.json new file mode 100644 index 000000000..c116f76e1 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/h2s.json @@ -0,0 +1,6 @@ +{ + "caseName": "Hash to scalar output", + "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4832535f", + "scalar": "0f90cbee27beb214e6545becb8404640d3612da5d6758dffeccd77ed7169807c" +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/keypair.json b/sign/bbs/testdata/BLS12381SHA256/keypair.json new file mode 100644 index 000000000..4b203c753 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/keypair.json @@ -0,0 +1,10 @@ +{ + "caseName": "key pair fixture", + "keyMaterial": "746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579", + "keyInfo": "746869732d49532d736f6d652d6b65792d6d657461646174612d746f2d62652d757365642d696e2d746573742d6b65792d67656e", + "keyDst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4b455947454e5f4453545f", + "keyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/mockedRng.json b/sign/bbs/testdata/BLS12381SHA256/mockedRng.json new file mode 100644 index 000000000..b12218c7b --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/mockedRng.json @@ -0,0 +1,18 @@ +{ + "caseName": "mocked random scalars", + "seed": "332e313431353932363533353839373933323338343632363433333833323739", + "dst": "4242535f424c53313233383147315f584d443a5348412d3235365f535357555f524f5f4832475f484d32535f4d4f434b5f52414e444f4d5f5343414c4152535f4453545f", + "count": 10, + "mockedScalars": [ + "04f8e2518993c4383957ad14eb13a023c4ad0c67d01ec86eeb902e732ed6df3f", + "5d87c1ba64c320ad601d227a1b74188a41a100325cecf00223729863966392b1", + "0444607600ac70482e9c983b4b063214080b9e808300aa4cc02a91b3a92858fe", + "548cd11eae4318e88cda10b4cd31ae29d41c3a0b057196ee9cf3a69d471e4e94", + "2264b06a08638b69b4627756a62f08e0dc4d8240c1b974c9c7db779a769892f4", + "4d99352986a9f8978b93485d21525244b21b396cf61f1d71f7c48e3fbc970a42", + "5ed8be91662386243a6771fbdd2c627de31a44220e8d6f745bad5d99821a4880", + "62ff1734b939ddd87beeb37a7bbcafa0a274cbc1b07384198f0e88398272208d", + "05c2a0af016df58e844db8944082dcaf434de1b1e2e7136ec8a99b939b716223", + "485e2adab17b76f5334c95bf36c03ccf91cef77dcfcdc6b8a69e2090b3156663" + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof001.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof001.json new file mode 100644 index 000000000..a5816bbde --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof001.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid single message signature, single-message revealed proof", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "disclosedIndexes": [ + 0 + ], + "proof": "94916292a7a6bade28456c601d3af33fcf39278d6594b467e128a3f83686a104ef2b2fcf72df0215eeaf69262ffe8194a19fab31a82ddbe06908985abc4c9825788b8a1610942d12b7f5debbea8985296361206dbace7af0cc834c80f33e0aadaeea5597befbb651827b5eed5a66f1a959bb46cfd5ca1a817a14475960f69b32c54db7587b5ee3ab665fbd37b506830a49f21d592f5e634f47cee05a025a2f8f94e73a6c15f02301d1178a92873b6e8634bafe4983c3e15a663d64080678dbf29417519b78af042be2b3e1c4d08b8d520ffab008cbaaca5671a15b22c239b38e940cfeaa5e72104576a9ec4a6fad78c532381aeaa6fb56409cef56ee5c140d455feeb04426193c57086c9b6d397d9418", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "60ca409f6b0563f687fc471c63d2819f446f39c23bb540925d9d4254ac58f337", + "r2": "2ceff4982de0c913090f75f081df5ec594c310bb48c17cfdaab5332a682ef811", + "e_tilde": "6101c4404895f3dff87ab39c34cb995af07e7139e6b3847180ffdd1bc8c313cd", + "r1_tilde": "0dfcffd97a6ecdebef3c9c114b99d7a030c998d938905f357df62822dee072e8", + "r3_tilde": "639e3417007d38e5d34ba8c511e836768ddc2669fdd3faff5c14ad27ac2b2da1", + "m_tilde_scalars": [] + }, + "A_bar": "94916292a7a6bade28456c601d3af33fcf39278d6594b467e128a3f83686a104ef2b2fcf72df0215eeaf69262ffe8194", + "B_bar": "a19fab31a82ddbe06908985abc4c9825788b8a1610942d12b7f5debbea8985296361206dbace7af0cc834c80f33e0aad", + "D": "aeea5597befbb651827b5eed5a66f1a959bb46cfd5ca1a817a14475960f69b32c54db7587b5ee3ab665fbd37b506830a", + "T1": "a862fa5d3ab4c264c22b8a02636fd4030e8b14ac20dee14e08fdb6cfc445432c08abb49ec111c1eb9d90abef50134a60", + "T2": "ab9543a6b04303e997621d3d5cbd85924e7e69da498a2a9e9d3a8b01f39259c9c5920bd530de1d3b0afb99eb0c549d5a", + "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c", + "challenge": "32381aeaa6fb56409cef56ee5c140d455feeb04426193c57086c9b6d397d9418" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof002.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof002.json new file mode 100644 index 000000000..d0b868be2 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof002.json @@ -0,0 +1,52 @@ +{ + "caseName": "valid multi-message signature, all messages revealed proof", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9 + ], + "proof": "b1f468aec2001c4f54cb56f707c6222a43e5803a25b2253e67b2210ab2ef9eab52db2d4b379935c4823281eaf767fd37b08ce80dc65de8f9769d27099ae649ad4c9b4bd2cc23edcba52073a298087d2495e6d57aaae051ef741adf1cbce65c64a73c8c97264177a76c4a03341956d2ae45ed3438ce598d5cda4f1bf9507fecef47855480b7b30b5e4052c92a4360110c67327365763f5aa9fb85ddcbc2975449b8c03db1216ca66b310f07d0ccf12ab460cdc6003b677fed36d0a23d0818a9d4d098d44f749e91008cf50e8567ef936704c8277b7710f41ab7e6e16408ab520edc290f9801349aee7b7b4e318e6a76e028e1dea911e2e7baec6a6a174da1a22362717fbae1cd961d7bf4adce1d31c2ab", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "60ca409f6b0563f687fc471c63d2819f446f39c23bb540925d9d4254ac58f337", + "r2": "2ceff4982de0c913090f75f081df5ec594c310bb48c17cfdaab5332a682ef811", + "e_tilde": "6101c4404895f3dff87ab39c34cb995af07e7139e6b3847180ffdd1bc8c313cd", + "r1_tilde": "0dfcffd97a6ecdebef3c9c114b99d7a030c998d938905f357df62822dee072e8", + "r3_tilde": "639e3417007d38e5d34ba8c511e836768ddc2669fdd3faff5c14ad27ac2b2da1", + "m_tilde_scalars": [] + }, + "A_bar": "b1f468aec2001c4f54cb56f707c6222a43e5803a25b2253e67b2210ab2ef9eab52db2d4b379935c4823281eaf767fd37", + "B_bar": "b08ce80dc65de8f9769d27099ae649ad4c9b4bd2cc23edcba52073a298087d2495e6d57aaae051ef741adf1cbce65c64", + "D": "a73c8c97264177a76c4a03341956d2ae45ed3438ce598d5cda4f1bf9507fecef47855480b7b30b5e4052c92a4360110c", + "T1": "9881efa96b2411626d490e399eb1c06badf23c2c0760bd403f50f45a6b470c5a9dbeef53a27916f2f165085a3878f1f4", + "T2": "b9f8cf9271d10a04ae7116ad021f4b69c435d20a5af10ddd8f5b1ec6b9b8b91605aca76a140241784b7f161e21dfc3e7", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "28e1dea911e2e7baec6a6a174da1a22362717fbae1cd961d7bf4adce1d31c2ab" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof003.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof003.json new file mode 100644 index 000000000..9e66110c9 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof003.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof004.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof004.json new file mode 100644 index 000000000..5e8514bb6 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof004.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (different presentation header)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "011594ba7f95b3b470ea4102dd5899de3a042e5104d3ea01d15e6780d831d2be", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "different presentation header" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof005.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof005.json new file mode 100644 index 000000000..ec3f77d40 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof005.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (wrong public key)", + "signerPublicKey": "b064bd8d1ba99503cbb7f9d7ea00bce877206a85b1750e5583dd9399828a4d20610cb937ea928d90404c239b2835ffb104220a9c66a4c9ed3b54c0cac9ea465d0429556b438ceefb59650ddf67e7a8f103677561b7ef7fe3c3357ec6b94d41c6", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "wrong public key" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof006.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof006.json new file mode 100644 index 000000000..7d523a1a1 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof006.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (modified messages)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "7385ee1a722e00e173b4cdb1c1e0c3fb379403a31b337d3778c447d9da664ac876b0f7c5587d9e994c51f9e2b6de09c0f1d0f3b39b275a96da4926c22e55166998b8c4e90372820c007ceb27bd34ec4ebfab63fea4dcc88d95f58b25ffd35b041f3fe994", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "modified messages" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof007.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof007.json new file mode 100644 index 000000000..943dae163 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof007.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra message un-revealed in proof)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "extra message un-revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof008.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof008.json new file mode 100644 index 000000000..242d3c164 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof008.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra message invalid message un-revealed in proof)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "96012096" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "extra message invalid message un-revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof009.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof009.json new file mode 100644 index 000000000..949159059 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof009.json @@ -0,0 +1,52 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (missing message revealed in proof)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "missing message revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof010.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof010.json new file mode 100644 index 000000000..2d12ffa31 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof010.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (re-ordered messages)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "re-ordered messages" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof011.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof011.json new file mode 100644 index 000000000..786efb288 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof011.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra valid message, modified total message count)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "extra valid message, modified total message count" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof012.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof012.json new file mode 100644 index 000000000..6d325279c --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof012.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (truncated proof, one less undisclosed message)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870", + "result": { + "valid": false, + "reason": "truncated proof, one less undisclosed message" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof013.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof013.json new file mode 100644 index 000000000..53b0ba2f5 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof013.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (different header)", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "ffeeddccbbaa00998877665544332211", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac481356918cd38025d86b28650e909defe9604a7259f44386b861608be742af7775a2e71a6070e5836f5f54dc43c60096834a5b6da295bf8f081f72b7cdf7f3b4347fb3ff19edaa9e74055c8ba46dbcb7594fb2b06633bb5324192eb9be91be0d33e453b4d3127459de59a5e2193c900816f049a02cb9127dac894418105fa1641d5a206ec9c42177af9316f433417441478276ca0303da8f941bf2e0222a43251cf5c2bf6eac1961890aa740534e519c1767e1223392a3a286b0f4d91f7f25217a7862b8fcc1810cdcfddde2a01c80fcc90b632585fec12dc4ae8fea1918e9ddeb9414623a457e88f53f545841f9d5dcb1f8e160d1560770aa79d65e2eca8edeaecb73fb7e995608b820c4a64de6313a370ba05dc25ed7c1d185192084963652f2870341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a", + "result": { + "valid": false, + "reason": "different header" + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "341bdaa4b1a37f8c06348f38a4f80c5a2650a21d59f09e8305dcd3fc3ac30e2a" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof014.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof014.json new file mode 100644 index 000000000..a23c728b0 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof014.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof, no header", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8c87e2080859a97299c148427cd2fcf390d24bea850103a9748879039262ecf4f42206f6ef767f298b6a96b424c1e86c26f8fba62212d0e05b95261c2cc0e5fdc63a32731347e810fd12e9c58355aa0d", + "header": "", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "81925c2e525d9fbb0ba95b438b5a13fff5874c7c0515c193628d7d143ddc3bb487771ad73658895997a88dd5b254ed29abc019bfca62c09b8dafb37e5f09b1d380e084ec3623d071ec38d6b8602af93aa0ddbada307c9309cca86be16db53dc7ac310574f509c712bb1a181d64ea3c1ee075c018a2bc773e2480b5c033ccb9bfea5af347a88ab83746c9342ba76db3675ff70ce9006d166fd813a81b448a632216521c864594f3f92965974914992f8d1845230915b11680cf44b25886c5670904ac2d88255c8c31aea7b072e9c4eb7e4c3fdd38836ae9d2e9fa271c8d9fd42f669a9938aeeba9d8ae613bf11f489ce947616f5cbaee95511dfaa5c73d85e4ddd2f29340f821dc2fb40db3eae5f5bc08467eb195e38d7d436b63e556ea653168282a23b53d5792a107f85b1203f82aab46f6940650760e5b320261ffc0ca5f15917b51e7d2ad4bcbec94de792e229db663abff23af392a5e73ce115c27e8492ec24a0815091c69874dbd9dae2d2eed000810c748a798a78a804a39034c6e745cee455812cc982eea7105948b2cb55b82278a77237fcbec4748e2d2255af0994dd09dba8ac60515a39b24632a2c1c840c4a70506add5b2eb0be9ff66e3ea8deae666f198edfbb1391c6834e6df4f1026d", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "81925c2e525d9fbb0ba95b438b5a13fff5874c7c0515c193628d7d143ddc3bb487771ad73658895997a88dd5b254ed29", + "B_bar": "abc019bfca62c09b8dafb37e5f09b1d380e084ec3623d071ec38d6b8602af93aa0ddbada307c9309cca86be16db53dc7", + "D": "ac310574f509c712bb1a181d64ea3c1ee075c018a2bc773e2480b5c033ccb9bfea5af347a88ab83746c9342ba76db367", + "T1": "ada552bd7ee0d6914b89eaa0e9426b3bdbdfa7ecac26b3c118aefefc577095e894c1b4a828c184e091a563e09763f3a9", + "T2": "818dd907bf0321cf982648f91d7201b357358d3b2f6f7678afa722d89bbe5eba4415e4a65567a03292d9c7859da20cad", + "domain": "41c5fe0290d0da734ce9bba57bfe0dfc14f3f9cfef18a0d7438cf2075fd71cc7", + "challenge": "4a70506add5b2eb0be9ff66e3ea8deae666f198edfbb1391c6834e6df4f1026d" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/proof/proof015.json b/sign/bbs/testdata/BLS12381SHA256/proof/proof015.json new file mode 100644 index 000000000..f61fbe6e5 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/proof/proof015.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof, no presentation header", + "signerPublicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c", + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc415199462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135672556358e78b5398f1a547a2a98dfe16230f244ba742dea737e4f810b4d94e03ac068ef840aaadf12b2ed51d3fb774c2a0a620019fd1f39c52c6f89a0e6067e3039413a91129791b2af215a82ad2356b6bc305c1d7a828fe519619dd026eaaf07ea81cee52b21aab3e8320519bf37c2bb228a8b580f899d84327bdc5e84a66000e8bac17d2fa039bb2246c8eacc623ccd9eb26e184a96a9e3a6702e1dbafe194772394b05251f72bcd2d20f542b15b2406f899791f6f285c7b469e7c7b9624147f305c38c903273a949f6e85b9774aeeccfafa432e2cdd7c8f97d1687741ed30d725444428dd87d9884711d9a46baaf0c04b03a2a228b7033be0841880134b03b15f698756eca5f37503a0411a9586d3027a8b8b9118e95a9949b2719e85e4a669d9e4b7bb6d4544c8cc558c30d79f9c85a87e1a95611400b7c7dac5673d800", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "44679831fe60eca50938ef0e812e2a9284ad7971b6932a38c7303538b712e457", + "r2": "6481692f89086cce11779e847ff884db8eebb85a13e81b2d0c79d6c1062069d8", + "e_tilde": "721ce4c4c148a1d5826f326af6fd6ac2844f29533ba4127c3a43d222d51b7081", + "r1_tilde": "1ecfaf5a079b0504b00a1f0d6fe8857291dd798291d7ad7454b398114393f37f", + "r3_tilde": "0a4b3d59b34707bb9999bc6e2a6d382a2d2e214bff36ecd88639a14124b1622e", + "m_tilde_scalars": [ + "7217411a9e329c7a5705e8db552274646e2949d62c288d7537dd62bc284715e4", + "67d4d43660746759f598caac106a2b5f58ccd1c3eefaec31841a4f77d2548870", + "715d965b1c3912d20505b381470ff1a528700b673e50ba89fd287e13171cc137", + "4d3281a149674e58c9040fc7a10dd92cb9c7f76f6f0815a1afc3b09d74b92fe4", + "438feebaa5894ca0da49992df2c97d872bf153eab07e08ff73b28131c46ff415", + "602b723c8bbaec1b057d70f18269ae5e6de6197a5884967b03b933fa80006121" + ] + }, + "A_bar": "a2ed608e8e12ed21abc2bf154e462d744a367c7f1f969bdbf784a2a134c7db2d340394223a5397a3011b1c340ebc4151", + "B_bar": "99462ba6f31106d8a6da8b513b37a47afe93c9b3474d0d7a354b2edc1b88818b063332df774c141f7a07c48fe50d452f", + "D": "897739228c88afc797916dca01e8f03bd9c5375c7a7c59996e514bb952a436afd24457658acbaba5ddac2e693ac48135", + "T1": "84719c2b5bb275ee74913dbf95fb9054f690c8e4035f1259e184e9024544bc4bbea9c244e7897f9db7c82b7b14b27d28", + "T2": "8f5f191c956aefd5c960e57d2dfbab6761eb0ebc5efdba1aca1403dcc19e05296b16c9feb7636cb4ef2a360c5a148483", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47", + "challenge": "669d9e4b7bb6d4544c8cc558c30d79f9c85a87e1a95611400b7c7dac5673d800" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature001.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature001.json new file mode 100644 index 000000000..5c2254df4 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature001.json @@ -0,0 +1,19 @@ +{ + "caseName": "valid single message signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", + "result": { + "valid": true + }, + "trace": { + "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", + "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature002.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature002.json new file mode 100644 index 000000000..ca9ce3b7a --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature002.json @@ -0,0 +1,20 @@ +{ + "caseName": "invalid single message signature (modified message)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "" + ], + "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", + "result": { + "valid": false, + "reason": "modified message" + }, + "trace": { + "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", + "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature003.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature003.json new file mode 100644 index 000000000..4642e8cca --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature003.json @@ -0,0 +1,21 @@ +{ + "caseName": "invalid single message signature (extra unsigned message)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" + ], + "signature": "84773160b824e194073a57493dac1a20b667af70cd2352d8af241c77658da5253aa8458317cca0eae615690d55b1f27164657dcafee1d5c1973947aa70e2cfbb4c892340be5969920d0916067b4565a0", + "result": { + "valid": false, + "reason": "extra unsigned message" + }, + "trace": { + "B": "92d264aed02bf23de022ebe778c4f929fddf829f504e451d011ed89a313b8167ac947332e1648157ceffc6e6e41ab255", + "domain": "25d57fab92a8274c68fde5c3f16d4b275e4a156f211ae34b3ab32fbaf506ed5c" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature004.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature004.json new file mode 100644 index 000000000..d603b0037 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature004.json @@ -0,0 +1,28 @@ +{ + "caseName": "valid multi-message signature", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": true + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature005.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature005.json new file mode 100644 index 000000000..17adc7874 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature005.json @@ -0,0 +1,21 @@ +{ + "caseName": "invalid multi-message signature (missing messages)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": false, + "reason": "missing messages" + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature006.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature006.json new file mode 100644 index 000000000..236b35a68 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature006.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (re-ordered messages)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "", + "96012096", + "ac55fb33a75909ed", + "d183ddc6e2665aa4e2f088af", + "515ae153e22aae04ad16f759e07237b4", + "496694774c5604ab1b2544eababcf0f53278ff50", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": false, + "reason": "re-ordered messages" + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature007.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature007.json new file mode 100644 index 000000000..abeee40f7 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature007.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (wrong public key)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "b064bd8d1ba99503cbb7f9d7ea00bce877206a85b1750e5583dd9399828a4d20610cb937ea928d90404c239b2835ffb104220a9c66a4c9ed3b54c0cac9ea465d0429556b438ceefb59650ddf67e7a8f103677561b7ef7fe3c3357ec6b94d41c6" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": false, + "reason": "wrong public key" + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature008.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature008.json new file mode 100644 index 000000000..a8e7c082a --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature008.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (different header)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "ffeeddccbbaa00998877665544332211", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": false, + "reason": "different header" + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature009.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature009.json new file mode 100644 index 000000000..e9778b2b7 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature009.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (re-ordered(randomly shuffled) messages)", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "ac55fb33a75909ed", + "", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "d183ddc6e2665aa4e2f088af", + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "96012096", + "515ae153e22aae04ad16f759e07237b4", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50" + ], + "signature": "8339b285a4acd89dec7777c09543a43e3cc60684b0a6f8ab335da4825c96e1463e28f8c5f4fd0641d19cec5920d3a8ff4bedb6c9691454597bbd298288abed3632078557b2ace7d44caed846e1a0a1e8", + "result": { + "valid": false, + "reason": "re-ordered(randomly shuffled) messages" + }, + "trace": { + "B": "84f48376f7df6af40bc329cf484cdbfd0b19d0b326fccab4e9d8f00d1dbcf48139d498b19667f203cf8a1d1f8340c522", + "domain": "6272832582a0ac96e6fe53e879422f24c51680b25fbf17bad22a35ea93ce5b47" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHA256/signature/signature010.json b/sign/bbs/testdata/BLS12381SHA256/signature/signature010.json new file mode 100644 index 000000000..49b5124de --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHA256/signature/signature010.json @@ -0,0 +1,28 @@ +{ + "caseName": "valid multi-message signature, no header", + "signerKeyPair": { + "secretKey": "60e55110f76883a13d030b2f6bd11883422d5abde717569fc0731f51237169fc", + "publicKey": "a820f230f6ae38503b86c70dc50b61c58a77e45c39ab25c0652bbaa8fa136f2851bd4781c9dcde39fc9d1d52c9e60268061e7d7632171d91aa8d460acee0e96f1e7c4cfb12d3ff9ab5d5dc91c277db75c845d649ef3c4f63aebc364cd55ded0c" + }, + "header": "", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "8c87e2080859a97299c148427cd2fcf390d24bea850103a9748879039262ecf4f42206f6ef767f298b6a96b424c1e86c26f8fba62212d0e05b95261c2cc0e5fdc63a32731347e810fd12e9c58355aa0d", + "result": { + "valid": true + }, + "trace": { + "B": "98e38eadb6a2232cf91f41861089cda14d7e3ddef0c6eaba4d11a2732f66408f394d58301ffcc8fcfb3c89bb75136f61", + "domain": "41c5fe0290d0da734ce9bba57bfe0dfc14f3f9cfef18a0d7438cf2075fd71cc7" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/MapMessageToScalarAsHash.json b/sign/bbs/testdata/BLS12381SHAKE256/MapMessageToScalarAsHash.json new file mode 100644 index 000000000..da81b8c37 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/MapMessageToScalarAsHash.json @@ -0,0 +1,46 @@ +{ + "caseName": "MapMessageToScalar fixture", + "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4d41505f4d53475f544f5f5343414c41525f41535f484153485f", + "cases": [ + { + "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "scalar": "1e0dea6c9ea8543731d331a0ab5f64954c188542b33c5bbc8ae5b3a830f2d99f" + }, + { + "message": "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "scalar": "3918a40fb277b4c796805d1371931e08a314a8bf8200a92463c06054d2c56a9f" + }, + { + "message": "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "scalar": "6642b981edf862adf34214d933c5d042bfa8f7ef343165c325131e2ffa32fa94" + }, + { + "message": "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "scalar": "33c021236956a2006f547e22ff8790c9d2d40c11770c18cce6037786c6f23512" + }, + { + "message": "496694774c5604ab1b2544eababcf0f53278ff50", + "scalar": "52b249313abbe323e7d84230550f448d99edfb6529dec8c4e783dbd6dd2a8471" + }, + { + "message": "515ae153e22aae04ad16f759e07237b4", + "scalar": "2a50bdcbe7299e47e1046100aadffe35b4247bf3f059d525f921537484dd54fc" + }, + { + "message": "d183ddc6e2665aa4e2f088af", + "scalar": "0e92550915e275f8cfd6da5e08e334d8ef46797ee28fa29de40a1ebccd9d95d3" + }, + { + "message": "ac55fb33a75909ed", + "scalar": "4c28f612e6c6f82f51f95e1e4faaf597547f93f6689827a6dcda3cb94971d356" + }, + { + "message": "96012096", + "scalar": "1db51bedc825b85efe1dab3e3ab0274fa82bbd39732be3459525faf70f197650" + }, + { + "message": "", + "scalar": "27878da72f7775e709bb693d81b819dc4e9fa60711f4ea927740e40073489e78" + } + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/generators.json b/sign/bbs/testdata/BLS12381SHAKE256/generators.json new file mode 100644 index 000000000..06559620f --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/generators.json @@ -0,0 +1,16 @@ +{ + "P1": "8929dfbc7e6642c4ed9cba0856e493f8b9d7d5fcb0c31ef8fdcd34d50648a56c795e106e9eada6e0bda386b414150755", + "Q1": "a9d40131066399fd41af51d883f4473b0dcd7d028d3d34ef17f3241d204e28507d7ecae032afa1d5490849b7678ec1f8", + "MsgGenerators": [ + "903c7ca0b7e78a2017d0baf74103bd00ca8ff9bf429f834f071c75ffe6bfdec6d6dca15417e4ac08ca4ae1e78b7adc0e", + "84321f5855bfb6b001f0dfcb47ac9b5cc68f1a4edd20f0ec850e0563b27d2accee6edff1a26b357762fb24e8ddbb6fcb", + "b3060dff0d12a32819e08da00e61810676cc9185fdd750e5ef82b1a9798c7d76d63de3b6225d6c9a479d6c21a7c8bf93", + "8f1093d1e553cdead3c70ce55b6d664e5d1912cc9edfdd37bf1dad11ca396a0a8bb062092d391ebf8790ea5722413f68", + "990824e00b48a68c3d9a308e8c52a57b1bc84d1cf5d3c0f8c6fb6b1230e4e5b8eb752fb374da0b1ef687040024868140", + "b86d1c6ab8ce22bc53f625d1ce9796657f18060fcb1893ce8931156ef992fe56856199f8fa6c998e5d855a354a26b0dd", + "b4cdd98c5c1e64cb324e0c57954f719d5c5f9e8d991fd8e159b31c8d079c76a67321a30311975c706578d3a0ddc313b7", + "8311492d43ec9182a5fc44a75419b09547e311251fe38b6864dc1e706e29446cb3ea4d501634eb13327245fd8a574f77", + "ac00b493f92d17837a28d1f5b07991ca5ab9f370ae40d4f9b9f2711749ca200110ce6517dc28400d4ea25dddc146cacc", + "965a6c62451d4be6cb175dec39727dc665762673ee42bf0ac13a37a74784fbd61e84e0915277a6f59863b2bb4f5f6005" + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/h2s.json b/sign/bbs/testdata/BLS12381SHAKE256/h2s.json new file mode 100644 index 000000000..c21054f62 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/h2s.json @@ -0,0 +1,6 @@ +{ + "caseName": "Hash to scalar output", + "message": "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4832535f", + "scalar": "0500031f786fde5326aa9370dd7ffe9535ec7a52cf2b8f432cad5d9acfb73cd3" +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/keypair.json b/sign/bbs/testdata/BLS12381SHAKE256/keypair.json new file mode 100644 index 000000000..50165247b --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/keypair.json @@ -0,0 +1,10 @@ +{ + "caseName": "key pair fixture", + "keyMaterial": "746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579", + "keyInfo": "746869732d49532d736f6d652d6b65792d6d657461646174612d746f2d62652d757365642d696e2d746573742d6b65792d67656e", + "keyDst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4b455947454e5f4453545f", + "keyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/mockedRng.json b/sign/bbs/testdata/BLS12381SHAKE256/mockedRng.json new file mode 100644 index 000000000..ebb2305dd --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/mockedRng.json @@ -0,0 +1,18 @@ +{ + "caseName": "mocked random scalars", + "seed": "332e313431353932363533353839373933323338343632363433333833323739", + "dst": "4242535f424c53313233383147315f584f463a5348414b452d3235365f535357555f524f5f4832475f484d32535f4d4f434b5f52414e444f4d5f5343414c4152535f4453545f", + "count": 10, + "mockedScalars": [ + "1004262112c3eaa95941b2b0d1311c09c845db0099a50e67eda628ad26b43083", + "6da7f145a94c1fa7f116b2482d59e4d466fe49c955ae8726e79453065156a9a4", + "05017919b3607e78c51e8ec34329955d49c8c90e4488079c43e74824e98f1306", + "4d451dad519b6a226bba79e11b44c441f1a74800eecfec6a2e2d79ea65b9d32d", + "5e7e4894e6dbe68023bc92ef15c410b01f3828109fc72b3b5ab159fc427b3f51", + "646e3014f49accb375253d268eb6c7f3289a1510f1e9452b612dd73a06ec5dd4", + "363ecc4c1f9d6d9144374de8f1f7991405e3345a3ec49dd485a39982753c11a4", + "12e592fe28d91d7b92a198c29afaa9d5329a4dcfdaf8b08557807412faeb4ac6", + "513325acdcdec7ea572360587b350a8b095ca19bdd8258c5c69d375e8706141a", + "6474fceba35e7e17365dde1a0284170180e446ae96c82943290d7baa3a6ed429" + ] +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof001.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof001.json new file mode 100644 index 000000000..66366322b --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof001.json @@ -0,0 +1,34 @@ +{ + "caseName": "valid single message signature, single-message revealed proof", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "disclosedIndexes": [ + 0 + ], + "proof": "89e4ab0c160880e0c2f12a754b9c051ed7f5fccfee3d5cbbb62e1239709196c737fff4303054660f8fcd08267a5de668a2e395ebe8866bdcb0dff9786d7014fa5e3c8cf7b41f8d7510e27d307f18032f6b788e200b9d6509f40ce1d2f962ceedb023d58ee44d660434e6ba60ed0da1a5d2cde031b483684cd7c5b13295a82f57e209b584e8fe894bcc964117bf3521b43d8e2eb59ce31f34d68b39f05bb2c625e4de5e61e95ff38bfd62ab07105d016414b45b01625c69965ad3c8a933e7b25d93daeb777302b966079827a99178240e6c3f13b7db2fb1f14790940e239d775ab32f539bdf9f9b582b250b05882996832652f7f5d3b6e04744c73ada1702d6791940ccbd75e719537f7ace6ee817298d", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "1308e6f945f663b96de1c76461cf7d7f88b92eb99a9034685150db443d733881", + "r2": "25f81cb69a8fac6fb55d44a084557258575d1003be2bd94f1922dad2c3e447fd", + "e_tilde": "5e8041a7ab02976ee50226c4b062b47d38829bbf42ee7eb899b29720377a584c", + "r1_tilde": "3bbf1d5dc2904dbb7b2ba75c5dce8a5ad2d56a359c13ff0fa5fcb1339cd2fe58", + "r3_tilde": "016b1460eee7707c524a86a4aedeb826ce9597b42906dccaa96c6b49a8ea7da2", + "m_tilde_scalars": [] + }, + "A_bar": "89e4ab0c160880e0c2f12a754b9c051ed7f5fccfee3d5cbbb62e1239709196c737fff4303054660f8fcd08267a5de668", + "B_bar": "a2e395ebe8866bdcb0dff9786d7014fa5e3c8cf7b41f8d7510e27d307f18032f6b788e200b9d6509f40ce1d2f962ceed", + "D": "b023d58ee44d660434e6ba60ed0da1a5d2cde031b483684cd7c5b13295a82f57e209b584e8fe894bcc964117bf3521b4", + "T1": "91a10e73cf4090812e8ea25f31aaa61be53fcb42ce86e9f0e5df6f6dac4c3eee62ac846b0b83a5cfcbe78315175a4961", + "T2": "988f3d473186634e41478dc4527cf240e64de23a763037454d39a876862ebc617738ba6c458142e3746b01eab58ca8d7", + "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9", + "challenge": "2652f7f5d3b6e04744c73ada1702d6791940ccbd75e719537f7ace6ee817298d" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof002.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof002.json new file mode 100644 index 000000000..30270cd88 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof002.json @@ -0,0 +1,52 @@ +{ + "caseName": "valid multi-message signature, all messages revealed proof", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9 + ], + "proof": "91b0f598268c57b67bc9e55327c3c2b9b1654be89a0cf963ab392fa9e1637c565241d71fd6d7bbd7dfe243de85a9bac8b7461575c1e13b5055fed0b51fd0ec1433096607755b2f2f9ba6dc614dfa456916ca0d7fc6482b39c679cfb747a50ea1b3dd7ed57aaadc348361e2501a17317352e555a333e014e8e7d71eef808ae4f8fbdf45cd19fde45038bb310d5135f5205fc550b077e381fb3a3543dca31a0d8bba97bc0b660a5aa239eb74921e184aa3035fa01eaba32f52029319ec3df4fa4a4f716edb31a6ce19a19dbb971380099345070bd0fdeecf7c4774a33e0a116e069d5e215992fb637984802066dee6919146ae50b70ea52332dfe57f6e05c66e99f1764d8b890d121d65bfcc2984886ee0", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "1308e6f945f663b96de1c76461cf7d7f88b92eb99a9034685150db443d733881", + "r2": "25f81cb69a8fac6fb55d44a084557258575d1003be2bd94f1922dad2c3e447fd", + "e_tilde": "5e8041a7ab02976ee50226c4b062b47d38829bbf42ee7eb899b29720377a584c", + "r1_tilde": "3bbf1d5dc2904dbb7b2ba75c5dce8a5ad2d56a359c13ff0fa5fcb1339cd2fe58", + "r3_tilde": "016b1460eee7707c524a86a4aedeb826ce9597b42906dccaa96c6b49a8ea7da2", + "m_tilde_scalars": [] + }, + "A_bar": "91b0f598268c57b67bc9e55327c3c2b9b1654be89a0cf963ab392fa9e1637c565241d71fd6d7bbd7dfe243de85a9bac8", + "B_bar": "b7461575c1e13b5055fed0b51fd0ec1433096607755b2f2f9ba6dc614dfa456916ca0d7fc6482b39c679cfb747a50ea1", + "D": "b3dd7ed57aaadc348361e2501a17317352e555a333e014e8e7d71eef808ae4f8fbdf45cd19fde45038bb310d5135f520", + "T1": "8890adfc78da24768d59dbfdb3f380e2793e9018b20c23e9ba05baa60f1b21456bc047a5d27049dab5dc6a94696ce711", + "T2": "a49f953636d3651a3ae6fe45a99a2e4fec079eef3be8b8a6a4ba70885d7e028642f7224e9f451529915c88a7edc59fbe", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "46ae50b70ea52332dfe57f6e05c66e99f1764d8b890d121d65bfcc2984886ee0" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof003.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof003.json new file mode 100644 index 000000000..99384c397 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof003.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof004.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof004.json new file mode 100644 index 000000000..d664696ba --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof004.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (different presentation header)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "011594ba7f95b3b470ea4102dd5899de3a042e5104d3ea01d15e6780d831d2be", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "different presentation header" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof005.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof005.json new file mode 100644 index 000000000..43ddedba4 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof005.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (wrong public key)", + "signerPublicKey": "b24c723803f84e210f7a95f6265c5cbfa4ecc51488bf7acf24b921807801c0798b725b9a2dcfa29953efcdfef03328720196c78b2e613727fd6e085302a0cc2d8d7e1d820cf1d36b20e79eee78c13a1a5da51a298f1aef86f07bc33388f089d8", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "wrong public key" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof006.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof006.json new file mode 100644 index 000000000..68c03b540 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof006.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (modified messages)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "b3e4043a1e148028b85dfbf39d1e44d7bfc8277fd310aeda5deb4a6eb7b3d1293c86788288e86b1819caa0b11a4f2c6330abda72b1bcb082d660dc78b5271f6a047bb96c250f2ca877cc72464d363c3bd0bfc4d4b4de7233419234e94f16ec24359e13b6", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "modified messages" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof007.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof007.json new file mode 100644 index 000000000..60ed2e08e --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof007.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra message un-revealed in proof)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "extra message un-revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof008.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof008.json new file mode 100644 index 000000000..af4916af5 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof008.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra message invalid message un-revealed in proof)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "96012096" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "extra message invalid message un-revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof009.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof009.json new file mode 100644 index 000000000..3e33a9591 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof009.json @@ -0,0 +1,52 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (missing message revealed in proof)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "missing message revealed in proof" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof010.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof010.json new file mode 100644 index 000000000..4e084a539 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof010.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (re-ordered messages)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "re-ordered messages" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof011.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof011.json new file mode 100644 index 000000000..dc3623eee --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof011.json @@ -0,0 +1,56 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (extra valid message, modified total message count)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6, + 9 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "extra valid message, modified total message count" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof012.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof012.json new file mode 100644 index 000000000..996f597d6 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof012.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (truncated proof, one less undisclosed message)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d1", + "result": { + "valid": false, + "reason": "truncated proof, one less undisclosed message" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof013.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof013.json new file mode 100644 index 000000000..4e310e623 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof013.json @@ -0,0 +1,54 @@ +{ + "caseName": "invalid multi-message signature, all messages revealed proof (different header)", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "ffeeddccbbaa00998877665544332211", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af356dd39bf8bcbfd41bf95d913f4c9b2979e1ed2ca10ac7e881bb6a271722549681e398d29e9ba4eac8848b168eddd5e4acec7df4103e2ed165e6e32edc80f0a3b28c36fb39ca19b4b8acee570deadba2da9ec20d1f236b571e0d4c2ea3b826fe924175ed4dfffbf18a9cfa98546c241efb9164c444d970e8c89849bc8601e96cf228fdefe38ab3b7e289cac859e68d9cbb0e648faf692b27df5ff6539c30da17e5444a65143de02ca64cee7b0823be65865cdc310be038ec6b594b99280072ae067bad1117b0ff3201a5506a8533b925c7ffae9cdb64558857db0ac5f5e0f18e750ae77ec9cf35263474fef3f78138c7a1ef5cfbc878975458239824fad3ce05326ba3969b1f5451bd82bd1f8075f3d32ece2d61d89a064ab4804c3c892d651d11bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558", + "result": { + "valid": false, + "reason": "different header" + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "1bc325464a71cd7aacc2d956a811aaff13ea4c35cef7842b656e8ba4758e7558" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof014.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof014.json new file mode 100644 index 000000000..8a636f9ef --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof014.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof, no header", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "88beeb970f803160d3058eacde505207c576a8c9e4e5dc7c5249cbcf2a046c15f8df047031eef3436e04b779d92a9cdb1fe4c6cc035ba1634f1740f9dd49816d3ca745ecbe39f655ea61fb700137fded", + "header": "", + "presentationHeader": "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "8ac336eea1d278656372d9914483c3d3b3069dfa4a7862293ac021dfeeebca93cadd7eb2b818f7b89719cdeffa5aa85989a7d691be11b1929a2bf089bfe9f2adc2c06788edc30585546efb74877f34ad91f0d6923b4ed7a53c49051dda8d056a95644ee738810772d90c1033f1dfe45c0b1b453d131170aafa8a99f812f3b90a5d1d9e6bd05a4dee6a50dd277ffc646f2429372f3ad9d5946ffeb53f24d41ffcc83c32cbb68afc9b6e0b64eebd24c69c6a7bd3bca8a6394ed8ae315abd555a6996f34d9da7680447947b3f35f54c38b562e990ee4d17a21569af4fc02f2991e6db78cc32d3ef9f6069fc5c2d47c8d8ff116dfb8a59641641961b854427f67649df14ab6e63f2d0d2a0cba2b2e1e835d20cd45e41f274532e9d50f31a690e5fef1c1456b65c668b80d8ec17b09bd5fb3b2c4edd6d6f5f790a5d6da22eb9a1aa2196d1a607f3c753813ba2bc6ece15d35263218fc7667c5f0fabfffe74745a8000e0415c8dafd5654ce6850ac2c6485d02433fdaebd9993f8b86a2eebb3beb10b4cc7735330384a3f4dfd4d5b21998ad0227b37e736cf9c144a0386f28cccf27a01e50aab45dda8275eb877728e77d2055309dba8c6604e7cff0d2c46ce6026b8e232c192955f909da6e47c2130c7e3f4f", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "8ac336eea1d278656372d9914483c3d3b3069dfa4a7862293ac021dfeeebca93cadd7eb2b818f7b89719cdeffa5aa859", + "B_bar": "89a7d691be11b1929a2bf089bfe9f2adc2c06788edc30585546efb74877f34ad91f0d6923b4ed7a53c49051dda8d056a", + "D": "95644ee738810772d90c1033f1dfe45c0b1b453d131170aafa8a99f812f3b90a5d1d9e6bd05a4dee6a50dd277ffc646f", + "T1": "a5405cc2c5965dda18714ab35f4d4a7ae4024f388fa7a5ba71202d4455b50b316ec37b360659e3012234562fa8989980", + "T2": "9827a40454cdc90a70e9c927f097019dbdd84768babb10ebcb460c2d918e1ce1c0512bf2cc49ed7ec476dfcde7a6a10c", + "domain": "333d8686761cff65a3a2ef20bfa217d37bdf19105e87c210e9ce64ea1210a157", + "challenge": "309dba8c6604e7cff0d2c46ce6026b8e232c192955f909da6e47c2130c7e3f4f" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/proof/proof015.json b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof015.json new file mode 100644 index 000000000..73e5a662d --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/proof/proof015.json @@ -0,0 +1,53 @@ +{ + "caseName": "valid multi-message signature, multiple messages revealed proof, no presentation header", + "signerPublicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5", + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "header": "11223344556677889900aabbccddeeff", + "presentationHeader": "", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "disclosedIndexes": [ + 0, + 2, + 4, + 6 + ], + "proof": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af33fda9e14ba4cc0fcad8015bce3fecc4704799bef9924ab19688fc04f760c4da35017072a3e295788eff1b0dc2311bb199c186f86ea0540379d5a2ac8b7bd02d22487f2acc0e299115e16097b970badea802752a6fcb56cfbbcc2569916a8d3fe6d2d0fb1ae801cfc5ce056699adf23e3cd16b1fdf197deac099ab093da049a5b4451d038c71b7cc69e8390967594f6777a855c7f5d301f0f0573211ac85e2e165ea196f78c33f54092645a51341b777f0f5342301991f3da276c04b0224f7308090ae0b290d428a0570a71605a27977e7daf01d42dfbdcec252686c3060a73d81f6e151e23e3df2473b322da389f15a55cb2cd8a2bf29ef0d83d4876117735465fae956d8df56ec9eb0e4748ad3ef5587797368c51a0ccd67eb6da38602a1c2d4fd411214efc6932334ba0bcbf562626e7c0e1ae0db912c28d99f194fa3cd3a2", + "result": { + "valid": true + }, + "trace": { + "random_scalars": { + "r1": "5ee9426ae206e3a127eb53c79044bc9ed1b71354f8354b01bf410a02220be7d0", + "r2": "280d4fcc38376193ffc777b68459ed7ba897e2857f938581acf95ae5a68988f3", + "e_tilde": "39966b00042fc43906297d692ebb41de08e36aada8d9504d4e0ae02ad59e9230", + "r1_tilde": "61f5c273999b0b50be8f84d2380eb9220fc5a88afe144efc4007545f0ab9c089", + "r3_tilde": "63af117e0c8b7d2f1f3e375fcf5d9430e136ff0f7e879423e49dadc401a50089", + "m_tilde_scalars": [ + "020b83ca2ab319cba0744d6d58da75ac3dfb6ba682bfce2587c5a6d86a4e4e7b", + "5bf565343611c08f83e4420e8b1577ace8cc4df5d5303aeb3c4e425f1080f836", + "049d77949af1192534da28975f76d4f211315dce1e36f93ffcf2a555de516b28", + "407e5a952f145de7da53533de8366bbd2e0c854721a204f03906dc82fde10f48", + "1c925d9052849edddcf04d5f1f0d4ff183a66b66eb820f59b675aee121cfc63c", + "07d7c41b02158a9c5eac212ed6d7c2cddeb8e38baea6e93e1a00b2e83e2a0995" + ] + }, + "A_bar": "b1f8bf99a11c39f04e2a032183c1ead12956ad322dd06799c50f20fb8cf6b0ac279210ef5a2920a7be3ec2aa0911ace7", + "B_bar": "b96811a98f3c1cceba4a2147ae763b3ba036f47bc21c39179f2b395e0ab1ac49017ea5b27848547bedd27be481c1dfc0", + "D": "b73372346feb94ab16189d4c525652b8d3361bab43463700720ecfb0ee75e595ea1b13330615011050a0dfcffdb21af3", + "T1": "8b497dd4dcdcf7eb58c9b43e57e06bcea3468a223ae2fc015d7a86506a952d68055e73f5a5847e58f133ea154256d0da", + "T2": "8655584d3da1313f881f48c239384a5623d2d292f08dae7ac1d8129c19a02a89b82fa45de3f6c2c439510fce5919656f", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b", + "challenge": "4fd411214efc6932334ba0bcbf562626e7c0e1ae0db912c28d99f194fa3cd3a2" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature001.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature001.json new file mode 100644 index 000000000..77ace19ba --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature001.json @@ -0,0 +1,19 @@ +{ + "caseName": "valid single message signature", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", + "result": { + "valid": true + }, + "trace": { + "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", + "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature002.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature002.json new file mode 100644 index 000000000..948574f11 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature002.json @@ -0,0 +1,20 @@ +{ + "caseName": "invalid single message signature (modified message)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "" + ], + "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", + "result": { + "valid": false, + "reason": "modified message" + }, + "trace": { + "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", + "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature003.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature003.json new file mode 100644 index 000000000..1bb7d60d2 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature003.json @@ -0,0 +1,21 @@ +{ + "caseName": "invalid single message signature (extra unsigned message)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" + ], + "signature": "b9a622a4b404e6ca4c85c15739d2124a1deb16df750be202e2430e169bc27fb71c44d98e6d40792033e1c452145ada95030832c5dc778334f2f1b528eced21b0b97a12025a283d78b7136bb9825d04ef", + "result": { + "valid": false, + "reason": "extra unsigned message" + }, + "trace": { + "B": "8bbc8c123d3f128f206dd0d2dae490e82af08b84e8d70af3dc291d32a6e98f635beefcc4533b2599804a164aabe68d7c", + "domain": "2f18dd269c11c512256a9d1d57e61a7d2de6ebcf41cac3053f37afedc4e650a9" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature004.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature004.json new file mode 100644 index 000000000..e3b3be5e0 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature004.json @@ -0,0 +1,28 @@ +{ + "caseName": "valid multi-message signature", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": true + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature005.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature005.json new file mode 100644 index 000000000..f29df890c --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature005.json @@ -0,0 +1,21 @@ +{ + "caseName": "invalid multi-message signature (missing messages)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": false, + "reason": "missing messages" + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature006.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature006.json new file mode 100644 index 000000000..02e02db02 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature006.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (re-ordered messages)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "", + "96012096", + "ac55fb33a75909ed", + "d183ddc6e2665aa4e2f088af", + "515ae153e22aae04ad16f759e07237b4", + "496694774c5604ab1b2544eababcf0f53278ff50", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": false, + "reason": "re-ordered messages" + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature007.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature007.json new file mode 100644 index 000000000..dbb55c3bc --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature007.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (wrong public key)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "b24c723803f84e210f7a95f6265c5cbfa4ecc51488bf7acf24b921807801c0798b725b9a2dcfa29953efcdfef03328720196c78b2e613727fd6e085302a0cc2d8d7e1d820cf1d36b20e79eee78c13a1a5da51a298f1aef86f07bc33388f089d8" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": false, + "reason": "wrong public key" + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature008.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature008.json new file mode 100644 index 000000000..b409db4f1 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature008.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (different header)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "ffeeddccbbaa00998877665544332211", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": false, + "reason": "different header" + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature009.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature009.json new file mode 100644 index 000000000..fc43ec5ba --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature009.json @@ -0,0 +1,29 @@ +{ + "caseName": "invalid multi-message signature (re-ordered(randomly shuffled) messages)", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "11223344556677889900aabbccddeeff", + "messages": [ + "", + "96012096", + "496694774c5604ab1b2544eababcf0f53278ff50", + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "ac55fb33a75909ed", + "d183ddc6e2665aa4e2f088af", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "515ae153e22aae04ad16f759e07237b4" + ], + "signature": "956a3427b1b8e3642e60e6a7990b67626811adeec7a0a6cb4f770cdd7c20cf08faabb913ac94d18e1e92832e924cb6e202912b624261fc6c59b0fea801547f67fb7d3253e1e2acbcf90ef59a6911931e", + "result": { + "valid": false, + "reason": "re-ordered(randomly shuffled) messages" + }, + "trace": { + "B": "ae8d4ebe248b9ad9c933d5661bfb46c56721fba2a1182ddda7e8fb443bda3c0a571ad018ad31d0b6d1f4e8b985e6c58d", + "domain": "6f7ee8de30835599bb540d2cb4dd02fd0c6cf8246f14c9ee9a8463f7fd400f7b" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/BLS12381SHAKE256/signature/signature010.json b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature010.json new file mode 100644 index 000000000..c09975763 --- /dev/null +++ b/sign/bbs/testdata/BLS12381SHAKE256/signature/signature010.json @@ -0,0 +1,28 @@ +{ + "caseName": "valid multi-message signature, no header", + "signerKeyPair": { + "secretKey": "2eee0f60a8a3a8bec0ee942bfd46cbdae9a0738ee68f5a64e7238311cf09a079", + "publicKey": "92d37d1d6cd38fea3a873953333eab23a4c0377e3e049974eb62bd45949cdeb18fb0490edcd4429adff56e65cbce42cf188b31bddbd619e419b99c2c41b38179eb001963bc3decaae0d9f702c7a8c004f207f46c734a5eae2e8e82833f3e7ea5" + }, + "header": "", + "messages": [ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" + ], + "signature": "88beeb970f803160d3058eacde505207c576a8c9e4e5dc7c5249cbcf2a046c15f8df047031eef3436e04b779d92a9cdb1fe4c6cc035ba1634f1740f9dd49816d3ca745ecbe39f655ea61fb700137fded", + "result": { + "valid": true + }, + "trace": { + "B": "8607ebc413b397c1e27ce591d1daa39f73da329018bda0f90bf996355cc28c3cdba19feeb81e35be9e1503a018e4086e", + "domain": "333d8686761cff65a3a2ef20bfa217d37bdf19105e87c210e9ce64ea1210a157" + } +} \ No newline at end of file diff --git a/sign/bbs/testdata/messages.json b/sign/bbs/testdata/messages.json new file mode 100644 index 000000000..b674216c6 --- /dev/null +++ b/sign/bbs/testdata/messages.json @@ -0,0 +1,12 @@ +[ + "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02", + "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80", + "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b73", + "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c", + "496694774c5604ab1b2544eababcf0f53278ff50", + "515ae153e22aae04ad16f759e07237b4", + "d183ddc6e2665aa4e2f088af", + "ac55fb33a75909ed", + "96012096", + "" +] \ No newline at end of file diff --git a/sign/bbs/util.go b/sign/bbs/util.go new file mode 100644 index 000000000..703c25bbc --- /dev/null +++ b/sign/bbs/util.go @@ -0,0 +1,103 @@ +package bbs + +import ( + "io" + "math/big" + + "github.com/cloudflare/circl/expander" + "golang.org/x/crypto/cryptobyte" +) + +func calcDomain( + s suite, + pub *PublicKey, + Q1Gens []g1, + header []byte, +) bufScalar { + apiID := s.apiID() + bLen := PublicKeySize + 16 + len(Q1Gens)*g1Size + len(apiID) + len(header) + b := cryptobyte.NewFixedBuilder(make([]byte, 0, bLen)) + b.AddValue(pub) + b.AddUint64(uint64(len(Q1Gens) - 1)) + for i := range Q1Gens { + b.AddBytes(Q1Gens[i].BytesCompressed()) + } + + b.AddBytes(apiID) + b.AddUint64(uint64(len(header))) + b.AddBytes(header) + return s.hashToScalar(b.BytesOrPanic(), s.HashToScalarDST()) +} + +func challenge( + s suite, + values *[5]g1, + domain *bufScalar, + disclosed []indexedScalar, + presentationHeader []byte, +) bufScalar { + bLen := 8 + len(disclosed)*(8+scalarSize) + len(values)*g1Size + + scalarSize + 8 + len(presentationHeader) + b := cryptobyte.NewFixedBuilder(make([]byte, 0, bLen)) + b.AddUint64(uint64(len(disclosed))) + for i := range disclosed { + b.AddUint64(disclosed[i].Index) + b.AddValue(&disclosed[i]) + } + + for i := range values { + b.AddBytes(values[i].BytesCompressed()) + } + + b.AddValue(domain) + b.AddUint64(uint64(len(presentationHeader))) + b.AddBytes(presentationHeader) + return s.hashToScalar(b.BytesOrPanic(), s.HashToScalarDST()) +} + +func randomScalars(rnd io.Reader, out []scalar) error { + for i := range out { + err := out[i].Random(rnd) + if err != nil { + return err + } + } + return nil +} + +type hasherScalar struct { + exp expander.Expander + r, u big.Int +} + +func (h *hasherScalar) Hash(msg []byte) (s bufScalar) { + bytes := h.exp.Expand(msg, expandLen) + h.u.SetBytes(bytes) + h.u.Mod(&h.u, &h.r) + h.u.FillBytes(s.encoded[:]) + err := s.scalar.UnmarshalBinary(s.encoded[:]) + if err != nil { + panic(err) + } + + return s +} + +type bufScalar struct { + scalar + encoded [scalarSize]byte +} + +func (s *bufScalar) Marshal(b *cryptobyte.Builder) error { + b.AddBytes(s.encoded[:]) + return nil +} + +func (s *bufScalar) Unmarshal(str *cryptobyte.String) bool { + var b [scalarSize]byte + ok := str.CopyBytes(b[:]) && s.scalar.UnmarshalBinary(b[:]) == nil + if ok { + s.encoded = b + } + return ok +} diff --git a/sign/bbs/vectors_test.go b/sign/bbs/vectors_test.go new file mode 100644 index 000000000..9e2001e5b --- /dev/null +++ b/sign/bbs/vectors_test.go @@ -0,0 +1,394 @@ +package bbs + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "io" + "math/big" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/cloudflare/circl/ecc/bls12381" + "github.com/cloudflare/circl/internal/test" +) + +func (id SuiteID) Name() string { + return [...]string{ + SuiteBLS12381Shake256: "BLS12381SHAKE256", + SuiteBLS12381Sha256: "BLS12381SHA256", + }[id] +} + +// Test vectors taken from: +// https://github.com/decentralized-identity/bbs-signature/tree/main/tooling/fixtures/fixture_data +func TestVectors(t *testing.T) { + for _, id := range []SuiteID{SuiteBLS12381Shake256, SuiteBLS12381Sha256} { + t.Run(id.Name(), func(t *testing.T) { + t.Run("Keygen", id.testKeygen) + t.Run("MsgToScalar", id.testMsgToScalar) + t.Run("HashToScalar", id.testHashToScalar) + t.Run("Generators", id.testGenerators) + t.Run("testSignature", id.testSignature) + t.Run("Proof", id.testProof) + }) + } +} + +func (id SuiteID) testKeygen(t *testing.T) { + v := new(struct { + CaseName string `json:"caseName"` + KeyMaterial Hex `json:"keyMaterial"` + KeyInfo Hex `json:"keyInfo"` + KeyDst Hex `json:"keyDst"` + KeyPair struct { + SecretKey Hex `json:"secretKey"` + PublicKey Hex `json:"publicKey"` + } `json:"keyPair"` + }) + readVector(t, "testdata/"+id.Name()+"/keypair.json", v) + + key, err := KeyGen(id, v.KeyMaterial, v.KeyInfo, v.KeyDst) + test.CheckNoErr(t, err, "KeyGen failed") + + keyBytesWant := v.KeyPair.SecretKey + keyBytesGot, err := key.MarshalBinary() + test.CheckNoErr(t, err, "PrivateKey.MarshalBinary failed") + if !bytes.Equal(keyBytesGot, keyBytesWant) { + test.ReportError(t, keyBytesGot, keyBytesWant) + } + + keyWant := new(PrivateKey) + err = keyWant.UnmarshalBinary(v.KeyPair.SecretKey) + test.CheckNoErr(t, err, "PrivateKey.UnmarshalBinary failed") + if !key.Equal(keyWant) { + test.ReportError(t, key, keyWant) + } + + pub := key.Public().(*PublicKey) + pubBytesWant := v.KeyPair.PublicKey + pubBytesGot, err := pub.MarshalBinary() + test.CheckNoErr(t, err, "PublicKey.MarshalBinary failed") + if !bytes.Equal(pubBytesGot, pubBytesWant) { + test.ReportError(t, pubBytesGot, pubBytesWant) + } + + pubWant := new(PublicKey) + err = pubWant.UnmarshalBinary(v.KeyPair.PublicKey) + test.CheckNoErr(t, err, "PublicKey.UnmarshalBinary failed") + if !pub.Equal(pubWant) { + test.ReportError(t, pub, pubWant) + } +} + +func (id SuiteID) testHashToScalar(t *testing.T) { + v := new(struct { + CaseName string `json:"caseName"` + Message Hex `json:"message"` + Dst Hex `json:"dst"` + Scalar Hex `json:"scalar"` + }) + + readVector(t, "testdata/"+id.Name()+"/h2s.json", v) + + s := id.new().hashToScalar(v.Message, v.Dst) + got, err := s.MarshalBinary() + test.CheckNoErr(t, err, "failed scalar.UnmarshalBinary") + want := v.Scalar + if !bytes.Equal(got, want) { + test.ReportError(t, got, want) + } +} + +func (id SuiteID) testMsgToScalar(t *testing.T) { + v := new(struct { + CaseName string `json:"caseName"` + Dst Hex `json:"dst"` + Cases []struct { + Message Hex `json:"message"` + Scalar Hex `json:"scalar"` + } `json:"cases"` + }) + readVector(t, "testdata/"+id.Name()+"/MapMessageToScalarAsHash.json", v) + + suite := id.new() + for i := range v.Cases { + s := suite.hashToScalar(v.Cases[i].Message, suite.MapDST()) + got, err := s.MarshalBinary() + test.CheckNoErr(t, err, "failed scalar.UnmarshalBinary") + want := v.Cases[i].Scalar + if !bytes.Equal(got, want) { + test.ReportError(t, got, want, i) + } + } +} + +func (id SuiteID) testGenerators(t *testing.T) { + v := new(struct { + P1 Hex `json:"P1"` + Q1 Hex `json:"Q1"` + MsgGenerators []Hex `json:"MsgGenerators"` + }) + readVector(t, "testdata/"+id.Name()+"/generators.json", v) + + t.Run("p1", func(t *testing.T) { + s := id.new() + for i, doP1 := range []func() g1{ + func() g1 { + var p1 [1]g1 + s.hashToGenerators(p1[:], s.BpGeneratorSeed(), 0) + return p1[0] + }, + s.getP1, + } { + p1 := doP1() + got := p1.BytesCompressed() + want := v.P1 + if !bytes.Equal(got, want) { + test.ReportError(t, got, want, i) + } + } + }) + + t.Run("q1_gens", func(t *testing.T) { + s := id.new() + for fi, doGens := range []func([]g1){ + func(p []g1) { s.hashToGenerators(p, s.GeneratorSeed(), 0) }, + func(p []g1) { s.getQ1Gens(p) }, + } { + Q1Gens := make([]g1, 1+len(v.MsgGenerators)) + doGens(Q1Gens) + q1, gens := Q1Gens[0], Q1Gens[1:] + got := q1.BytesCompressed() + want := v.Q1 + if !bytes.Equal(got, want) { + test.ReportError(t, got, want) + } + + for i, want := range v.MsgGenerators { + got := gens[i].BytesCompressed() + if !bytes.Equal(got, want) { + test.ReportError(t, got, want, fi, i) + } + } + } + }) +} + +func (id SuiteID) testSignature(t *testing.T) { + type vector struct { + CaseName string `json:"caseName"` + SignerKeyPair struct { + SecretKey Hex `json:"secretKey"` + PublicKey Hex `json:"publicKey"` + } `json:"signerKeyPair"` + Header Hex `json:"header"` + Messages []Hex `json:"messages"` + Signature Hex `json:"signature"` + Result struct { + Valid bool `json:"valid"` + } `json:"result"` + Trace struct { + B Hex `json:"B"` + Domain Hex `json:"domain"` + } `json:"trace"` + } + + files, err := filepath.Glob("./testdata/" + id.Name() + "/signature/*.json") + if err != nil { + t.Fatal(err) + } + + for _, file := range files { + testName := strings.TrimSuffix(filepath.Base(file), ".json") + + t.Run(testName, func(t *testing.T) { + v := new(vector) + readVector(t, file, v) + + key := new(PrivateKey) + err := key.UnmarshalBinary(v.SignerKeyPair.SecretKey) + test.CheckNoErr(t, err, "failed PrivateKey.UnmarshalBinary") + + pubWant := new(PublicKey) + err = pubWant.UnmarshalBinary(v.SignerKeyPair.PublicKey) + test.CheckNoErr(t, err, "failed PublicKey.UnmarshalBinary") + + pubGot := key.PublicKey() + if !pubGot.Equal(pubWant) && v.Result.Valid { + test.ReportError(t, pubGot, pubWant) + } + + messages := cvt(v.Messages) + opts := SignOptions{ID: id, Header: v.Header} + + if v.Result.Valid { + sig := Sign(key, messages, opts) + sigBytesWant := v.Signature + sigBytesGot, err := sig.MarshalBinary() + test.CheckNoErr(t, err, "failed Signature.MarshalBinary") + + if !bytes.Equal(sigBytesGot, sigBytesWant) { + test.ReportError(t, sigBytesGot, sigBytesWant) + } + + valid := Verify(pubWant, &sig, messages, opts) + test.CheckOk(valid, "verification should pass", t) + } else { + invalidSig := new(Signature) + err := invalidSig.UnmarshalBinary(v.Signature) + test.CheckNoErr(t, err, "failed Signature.UnmarshalBinary") + + invalid := Verify(pubWant, invalidSig, messages, opts) + test.CheckOk(!invalid, "verification should fail", t) + } + }) + } +} + +func (id SuiteID) testProof(t *testing.T) { + type vector struct { + CaseName string `json:"caseName"` + SignerPublicKey Hex `json:"signerPublicKey"` + Signature Hex `json:"signature"` + Header Hex `json:"header"` + PresentationHeader Hex `json:"presentationHeader"` + Messages []Hex `json:"messages"` + DisclosedIndexes []uint `json:"disclosedIndexes"` + Proof Hex `json:"proof"` + Result struct { + Valid bool `json:"valid"` + } `json:"result"` + Trace struct { + RandomScalars struct { + R1 Hex `json:"r1"` + R2 Hex `json:"r2"` + ETilde Hex `json:"e_tilde"` + R1Tilde Hex `json:"r1_tilde"` + R3Tilde Hex `json:"r3_tilde"` + MTildeScalars []Hex `json:"m_tilde_scalars"` + } `json:"random_scalars"` + ABar string `json:"A_bar"` + BBar string `json:"B_bar"` + D string `json:"D"` + T1 string `json:"T1"` + T2 string `json:"T2"` + Domain string `json:"domain"` + Challenge string `json:"challenge"` + } `json:"trace"` + } + + mockRandom := func(v *vector) (m MockRandom) { + r := &v.Trace.RandomScalars + m.order.SetBytes(bls12381.Order()) + m.s = append([]Hex{ + r.R1, r.R2, r.ETilde, r.R1Tilde, r.R3Tilde, + }, r.MTildeScalars...) + return + } + + files, err := filepath.Glob("./testdata/" + id.Name() + "/proof/*.json") + if err != nil { + t.Fatal(err) + } + + for _, file := range files { + testName := strings.TrimSuffix(filepath.Base(file), ".json") + + t.Run(testName, func(t *testing.T) { + v := new(vector) + readVector(t, file, v) + + pub := new(PublicKey) + err = pub.UnmarshalBinary(v.SignerPublicKey) + test.CheckNoErr(t, err, "failed PublicKey.UnmarshalBinary") + + sig := new(Signature) + err := sig.UnmarshalBinary(v.Signature) + test.CheckNoErr(t, err, "failed Signature.MarshalBinary") + + choices, err := Disclose(cvt(v.Messages), v.DisclosedIndexes) + test.CheckNoErr(t, err, "failed Disclose") + + opts := ProveOptions{ + v.PresentationHeader, SignOptions{ID: id, Header: v.Header}, + } + reader := mockRandom(v) + proof, disclosed, err := Prove(&reader, pub, sig, choices, opts) + test.CheckNoErr(t, err, "failed Prove") + + if v.Result.Valid { + want := v.Proof + got, err := proof.MarshalBinary() + test.CheckNoErr(t, err, "failed Proof.MarshalBinary") + + if !bytes.Equal(got, want) { + test.ReportError(t, got, want) + } + + valid := VerifyProof(pub, proof, disclosed, opts) + test.CheckOk(valid, "VerifyProof should pass", t) + } else { + invalidProof := new(Proof) + err := invalidProof.UnmarshalBinary(v.Proof) + test.CheckNoErr(t, err, "failed Proof.UnmarshalBinary") + + invalid := VerifyProof(pub, invalidProof, disclosed, opts) + test.CheckOk(!invalid, "VerifyProof should fail", t) + } + }) + } +} + +type MockRandom struct { + s []Hex + i int + v, order big.Int +} + +func (r *MockRandom) Read(b []byte) (int, error) { + if len(b) != scalarSize { + return 0, io.ErrShortBuffer + } + if r.i >= len(r.s) { + return 0, io.EOF + } + + // Convert to Montgomery representation. + // v' = vR mod order, where R=2^256. + r.v.SetBytes(r.s[r.i]).Lsh(&r.v, 256).Mod(&r.v, &r.order).FillBytes(b) + r.i++ + return scalarSize, nil +} + +type Hex []byte + +func (b *Hex) UnmarshalJSON(data []byte) (err error) { + var s string + err = json.Unmarshal(data, &s) + if err == nil { + *b, err = hex.DecodeString(s) + } + return +} + +func readVector(t *testing.T, fileName string, vector interface{}) { + file, err := os.Open(fileName) + test.CheckNoErr(t, err, "error opening file") + defer file.Close() + + bytes, err := io.ReadAll(file) + test.CheckNoErr(t, err, "error reading bytes") + + err = json.Unmarshal(bytes, &vector) + test.CheckNoErr(t, err, "error unmarshalling JSON file") +} + +func cvt(x []Hex) (y [][]byte) { + for i := range x { + y = append(y, x[i]) + } + return +}