From a9eac810984aaba0f5e1cce0bd4988fd20bf9b29 Mon Sep 17 00:00:00 2001 From: lovesh Date: Fri, 21 Jun 2024 19:13:37 +0530 Subject: [PATCH] Updates as per new changes in Rust lib, add constant-time message encoding and new BBS PoK protocol Signed-off-by: lovesh --- Cargo.lock | 58 +- Cargo.toml | 26 +- package.json | 2 +- src/bbs.rs | 452 +++++++++--- src/bbs_plus.rs | 666 ++++++++++++++---- src/bddt16_kvac.rs | 189 +++-- src/common.rs | 81 ++- src/composite_proof_system/mod.rs | 129 +++- .../statements/pok_sig.rs | 528 ++++++++++++-- src/js/bbs_plus_wasm.js | 128 ++++ src/js/bbs_wasm.js | 137 ++++ src/js/bdd16_kvac_wasm.js | 42 ++ src/js/composite_proof_system_wasm.js | 110 +++ src/js/keyed_proof_wasm.js | 20 + src/js/ps_wasm.js | 35 +- src/js/type_declarations/bbs.d.ts | 98 +++ src/js/type_declarations/bbs_plus.d.ts | 93 +++ src/js/type_declarations/bdd16_kvac.d.ts | 31 + .../composite_proof_system.d.ts | 139 ++++ src/js/type_declarations/keyed_proof.d.ts | 10 +- src/js/type_declarations/ps.d.ts | 1 + src/js/type_declarations/util.d.ts | 9 + src/js/util_wasm.js | 10 + src/keyed_proof.rs | 128 +++- src/lib.rs | 2 +- src/ps.rs | 14 +- src/threshold_sig/base_ot.rs | 24 +- src/threshold_sig/signing.rs | 16 +- src/utils.rs | 130 ++-- tests/js/bbs.spec.ts | 111 ++- tests/js/bbsPlus.spec.ts | 152 ++-- tests/js/bddt16Kvac.spec.ts | 31 +- tests/js/general.spec.ts | 20 +- tests/js/proofSystem.spec.ts | 279 +++++--- tests/js/ps.spec.ts | 2 +- tests/js/thresholdBbsPlusAndBbs.spec.ts | 4 +- 36 files changed, 3144 insertions(+), 763 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f1a367d..e3fb137 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -275,9 +275,9 @@ dependencies = [ [[package]] name = "bbs_plus" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0986a5358fafe6ea8d9a33a259ba6f4cec7d243a0b72552823387bbb096ebef2" +checksum = "e009f7c07f8ffdd8d74155ede79f787ef87515af05ee3667d829b4345a159f26" dependencies = [ "ark-ec", "ark-ff", @@ -333,9 +333,9 @@ dependencies = [ [[package]] name = "bulletproofs_plus_plus" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee56cd7d0b32a94d104108c170d0d7dc69ab85741335318f8b4ddfcd676876d" +checksum = "840c2ddb23818d95c62636c53beebd5381bec4d7bf0c42b6bc3ebb67cfa470cb" dependencies = [ "ark-ec", "ark-ff", @@ -438,9 +438,9 @@ dependencies = [ [[package]] name = "coconut-crypto" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05a3a387dfcae87bd694ae9ad4495456b36dc1c27538753af8fa2f07ec00c5c9" +checksum = "a4011720ddaaa52f8dc263f61fed14383a4588cdcb4981df7ee39b9d696dc30a" dependencies = [ "ark-ec", "ark-ff", @@ -616,9 +616,9 @@ dependencies = [ [[package]] name = "dock_crypto_utils" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b9f2e01550ada8f013c1f76b7b0427bd8281d83690594a2f630e561d2a89bb4" +checksum = "6fb365b0d007719e7e9a134f2cf729af3a168c01dcd863809b0b64e4e2a9c3d1" dependencies = [ "aead", "ark-ec", @@ -908,9 +908,9 @@ dependencies = [ [[package]] name = "kvac" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "192053f6367764b65fd8130de364bf205e69e485caf6665fe2df7586be67c898" +checksum = "a768649489e19d6dcae3be46af7823bdb19cbd273fd32ab47746cb21b83f16ba" dependencies = [ "ark-ec", "ark-ff", @@ -939,9 +939,9 @@ checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67" [[package]] name = "legogroth16" -version = "0.13.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c750963cb872d147793e4700efd9f9d267d24e65a8ea2033f89ed011d4c0676" +checksum = "8302243e7a61712dfb98f8edc7eb61194b68ce963070a1a40809eba1450fced8" dependencies = [ "ark-ec", "ark-ff", @@ -1121,9 +1121,9 @@ dependencies = [ [[package]] name = "oblivious_transfer_protocols" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e84d1f87aeea23677231e450f682849ebb9af70b03db7b739ca8c1c9e436a7ab" +checksum = "52cf8d003bd733f2fdde922ee1110d074daa26b7d20079eed34950dc1e6af120" dependencies = [ "aes", "ark-ec", @@ -1238,9 +1238,9 @@ dependencies = [ [[package]] name = "proof_system" -version = "0.29.0" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7dca9f04d211b66a7abbfc4a9cf112ee12af0440c345efc65efdd1275a46401" +checksum = "3e5bdfe5c268d3d4a8996c337d8f29f2b841b4a03b105756d52bc2ae438d8250" dependencies = [ "aead", "ark-ec", @@ -1414,9 +1414,9 @@ checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" [[package]] name = "saver" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ccb5e2a651a3cdef6996c2f622d4470e1f8a5dda9ebb5ba40430aec08f74d12c" +checksum = "34dea4733c80f8cf45deedae2f616d4e0df47866d60bc5e9a9ae65a37a536a9d" dependencies = [ "ark-ec", "ark-ff", @@ -1436,9 +1436,9 @@ dependencies = [ [[package]] name = "schnorr_pok" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19bf7ef558ffa6523dfc14a6d8f60e69cbf150048d488d3691d97cad8f112a8e" +checksum = "5f907855160d7c7583a91ecd43e7872a73753518964b66c8685c21654ca485dd" dependencies = [ "ark-ec", "ark-ff", @@ -1471,9 +1471,9 @@ checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" [[package]] name = "secret_sharing_and_dkg" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46c0f4d30ac684d0a7bf2e33956f0e76d09e94920ae63efadde35c22f96ff33b" +checksum = "0d0cdbeb74d20446a13f46ed723ec10f555e27dfc2261ffe3747301c2dd94e92" dependencies = [ "ark-ec", "ark-ff", @@ -1592,9 +1592,9 @@ dependencies = [ [[package]] name = "short_group_sig" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "947f16eea39b08477d2090a49fde370dd679a264792e05a7d21ee3b395691235" +checksum = "c8f234d66867c9ea058eaaa9f8eba4dddbbde2f6e9467646d7a9e85af6924831" dependencies = [ "ark-ec", "ark-ff", @@ -1623,9 +1623,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "smc_range_proof" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf1541eb521b28112ab996572b8467d8168c082bb55fcc9a5f53235f008ce5eb" +checksum = "ce460db99abe9d1303eccbb27de064e334cdc0f208f1327f4869a21d5e4bbcd8" dependencies = [ "ark-ec", "ark-ff", @@ -1803,9 +1803,9 @@ checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" [[package]] name = "vb_accumulator" -version = "0.24.0" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8030d0846e72cd37ac45a6ffd3724f85016107d4467c32e5dee5d39529f71fd7" +checksum = "e564a5ec86283346ded857d98c40404c10b1b534005677699d8ca1bd79adbc04" dependencies = [ "ark-ec", "ark-ff", @@ -1815,7 +1815,9 @@ dependencies = [ "digest", "dock_crypto_utils", "kvac", + "oblivious_transfer_protocols", "schnorr_pok", + "secret_sharing_and_dkg", "serde", "serde_with", "short_group_sig", diff --git a/Cargo.toml b/Cargo.toml index ffc1fd5..eb01e2a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,19 +24,19 @@ wasm-bindgen = "= 0.2.86" dlmalloc = { version = "0.2.6", features = ["global"], optional = true } serde_with = { version = "1.10.0", default-features = false, features = ["macros"] } -bbs_plus = { version = "0.20.0", default-features = false } -vb_accumulator = { version = "0.24.0", default-features = false } -schnorr_pok = { version = "0.18.0", default-features = false } -proof_system = { version = "0.29.0", default-features = false } -coconut-crypto = { version = "0.9.0", default-features = false } -dock_crypto_utils = { version = "0.18.0", default-features = false } -saver = { version = "0.16.0", default-features = false } -legogroth16 = { version = "0.13.0", default-features = false, features = ["circom", "wasmer-js"] } -secret_sharing_and_dkg = { version = "0.11.0", default-features = false } -oblivious_transfer_protocols = { version = "0.7.0", default-features = false} -bulletproofs_plus_plus = { version = "0.4.0", default-features = false} -smc_range_proof = { version = "0.4.0", default-features = false} -kvac = { version = "0.3.0", default-features = false} +bbs_plus = { version = "0.21.0", default-features = false } +vb_accumulator = { version = "0.25.0", default-features = false } +schnorr_pok = { version = "0.19.0", default-features = false } +proof_system = { version = "0.30.0", default-features = false } +coconut-crypto = { version = "0.10.0", default-features = false } +dock_crypto_utils = { version = "0.19.0", default-features = false } +saver = { version = "0.17.0", default-features = false } +legogroth16 = { version = "0.14.0", default-features = false, features = ["circom", "wasmer-js"] } +secret_sharing_and_dkg = { version = "0.12.0", default-features = false } +oblivious_transfer_protocols = { version = "0.8.0", default-features = false} +bulletproofs_plus_plus = { version = "0.5.0", default-features = false} +smc_range_proof = { version = "0.5.0", default-features = false} +kvac = { version = "0.4.0", default-features = false} ark-ec = { version = "^0.4.0", default-features = false } ark-ff = { version = "^0.4.0", default-features = false } diff --git a/package.json b/package.json index d6e12b7..f0ed1c5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@docknetwork/crypto-wasm", - "version": "0.30.0", + "version": "0.31.0", "author": "Dock.io", "license": "Apache-2.0", "private": false, diff --git a/src/bbs.rs b/src/bbs.rs index 67a6055..9c53a7e 100644 --- a/src/bbs.rs +++ b/src/bbs.rs @@ -1,15 +1,18 @@ use crate::utils::{ - fr_from_uint8_array, g1_affine_from_uint8_array, g1_affine_to_jsvalue, - g1_affine_to_uint8_array, get_seeded_rng, js_set_to_btree_set, random_bytes, set_panic_hook, + encode_messages_as_js_array_to_fr_vec_in_constant_time, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, fr_from_uint8_array, + g1_affine_from_uint8_array, g1_affine_to_jsvalue, g1_affine_to_uint8_array, get_seeded_rng, + js_set_to_btree_set, random_bytes, set_panic_hook, }; use wasm_bindgen::prelude::*; use crate::{ + blind_sign, challenge_contribution_from_proof, challenge_contribution_from_protocol, common::VerifyResponse, - to_verify_response, + init_pok, sign, to_verify_response, utils::{encode_messages_as_js_array_to_fr_vec, encode_messages_as_js_map_to_fr_btreemap}, - Fr, G1Affine, + verify, verify_pok, Fr, G1Affine, }; use ark_bls12_381::Bls12_381; use ark_std::collections::BTreeMap; @@ -32,6 +35,10 @@ pub(crate) type BBSSignature = Signature23G1; pub(crate) type BBSPoKOfSigProtocol = PoKOfSignature23G1Protocol; pub(crate) type BBSPoKOfSigProof = PoKOfSignature23G1Proof; +pub(crate) type BBSPoKOfSigProtocolNew = + bbs_plus::proof_23_ietf::PoKOfSignature23G1Protocol; +pub(crate) type BBSPoKOfSigProofNew = bbs_plus::proof_23_ietf::PoKOfSignature23G1Proof; + #[wasm_bindgen(js_name = bbsGenerateSignatureParams)] pub fn bbs_generate_params(message_count: u32, label: Option>) -> Result { set_panic_hook(); @@ -146,6 +153,29 @@ pub fn bbs_commit_to_message( } } +#[wasm_bindgen(js_name = bbsCommitMsgsConstantTime)] +pub fn bbs_commit_to_message_constant_time( + messages_to_commit: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + set_panic_hook(); + let msgs = encode_messages_as_js_map_to_fr_btreemap_in_constant_time( + &messages_to_commit, + encode_messages, + )?; + let msgs_ref = msgs + .iter() + .map(|(i, m)| (*i, m)) + .collect::>(); + + let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; + match params.commit_to_messages(msgs_ref) { + Ok(comm) => g1_affine_to_uint8_array(&comm), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } +} + #[wasm_bindgen(js_name = bbsSign)] pub fn bbs_sign( messages: js_sys::Array, @@ -153,16 +183,39 @@ pub fn bbs_sign( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let sk = obj_from_uint8array!(BBSSecretKey, secret_key, true, "BBSSecretKey"); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; + sign!( + messages, + secret_key, + params, + encode_messages, + BBSSecretKey, + "BBSSecretKey", + BBSSigParams, + BBSSignature, + "BBSSignature", + encode_messages_as_js_array_to_fr_vec + ) +} - let mut rng = get_seeded_rng(); - match BBSSignature::new(&mut rng, &messages, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSSignature")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsSignConstantTime)] +pub fn bbs_sign_constant_time( + messages: js_sys::Array, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + sign!( + messages, + secret_key, + params, + encode_messages, + BBSSecretKey, + "BBSSecretKey", + BBSSigParams, + BBSSignature, + "BBSSignature", + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsBlindSign)] @@ -173,21 +226,44 @@ pub fn bbs_blind_sign( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let commitment = g1_affine_from_uint8_array(commitment)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&uncommitted_messages, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); - let sk = obj_from_uint8array!(BBSSecretKey, secret_key, true, "BBSSecretKey"); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSSecretKey, + "BBSSecretKey", + BBSSigParams, + BBSSignature, + "BBSSignature", + encode_messages_as_js_map_to_fr_btreemap, + g1_affine_from_uint8_array + ) +} - let mut rng = get_seeded_rng(); - match BBSSignature::new_with_committed_messages(&mut rng, &commitment, msgs_ref, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSSignature")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsBlindSignConstantTime)] +pub fn bbs_blind_sign_constant_time( + commitment: js_sys::Uint8Array, + uncommitted_messages: js_sys::Map, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSSecretKey, + "BBSSecretKey", + BBSSigParams, + BBSSignature, + "BBSSignature", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g1_affine_from_uint8_array + ) } #[wasm_bindgen(js_name = bbsVerify)] @@ -198,12 +274,42 @@ pub fn bbs_verify( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let signature = obj_from_uint8array!(BBSSignature, signature, true); - let pk = obj_from_uint8array!(BBSPublicKey, public_key, false, "BBSPublicKey"); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; - to_verify_response!(signature.verify(messages.as_slice(), pk, params)) + verify!( + messages, + signature, + public_key, + params, + encode_messages, + BBSSignature, + "BBSSignature", + BBSPublicKey, + "BBSPublicKey", + BBSSigParams, + encode_messages_as_js_array_to_fr_vec + ) +} + +#[wasm_bindgen(js_name = bbsVerifyConstantTime)] +pub fn bbs_verify_constant_time( + messages: js_sys::Array, + signature: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify!( + messages, + signature, + public_key, + params, + encode_messages, + BBSSignature, + "BBSSignature", + BBSPublicKey, + "BBSPublicKey", + BBSSigParams, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsInitializeProofOfKnowledgeOfSignature)] @@ -215,31 +321,64 @@ pub fn bbs_initialize_proof_of_knowledge_of_signature( revealed_indices: js_sys::Set, encode_messages: bool, ) -> Result { - set_panic_hook(); + init_pok!( + signature, + params, + messages, + blindings, + revealed_indices, + encode_messages, + BBSSignature, + BBSSigParams, + BBSPoKOfSigProtocol, + encode_messages_as_js_array_to_fr_vec + ) +} - let signature = obj_from_uint8array!(BBSSignature, signature, true); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - // TODO: Avoid this hack of passing false, create separate method to parse - let mut blindings = encode_messages_as_js_map_to_fr_btreemap(&blindings, false)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; - let revealed_indices = js_set_to_btree_set::(&revealed_indices); - let msg_iter = messages.iter().enumerate().map(|(idx, message)| { - if revealed_indices.contains(&idx) { - MessageOrBlinding::RevealMessage(message) - } else if let Some(blinding) = blindings.remove(&idx) { - MessageOrBlinding::BlindMessageWithConcreteBlinding { message, blinding } - } else { - MessageOrBlinding::BlindMessageRandomly(message) - } - }); +#[wasm_bindgen(js_name = bbsInitializeProofOfKnowledgeOfSignatureNew)] +pub fn bbs_initialize_proof_of_knowledge_of_signature_new( + signature: js_sys::Uint8Array, + params: JsValue, + messages: js_sys::Array, + blindings: js_sys::Map, + revealed_indices: js_sys::Set, + encode_messages: bool, +) -> Result { + init_pok!( + signature, + params, + messages, + blindings, + revealed_indices, + encode_messages, + BBSSignature, + BBSSigParams, + BBSPoKOfSigProtocolNew, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) +} - let mut rng = get_seeded_rng(); - match BBSPoKOfSigProtocol::init(&mut rng, &signature, ¶ms, msg_iter) { - Ok(sig) => Ok(serde_wasm_bindgen::to_value(&sig) - .map_err(JsValue::from) - .unwrap()), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsInitializeProofOfKnowledgeOfSignatureConstantTime)] +pub fn bbs_initialize_proof_of_knowledge_of_signature_constant_time( + signature: js_sys::Uint8Array, + params: JsValue, + messages: js_sys::Array, + blindings: js_sys::Map, + revealed_indices: js_sys::Set, + encode_messages: bool, +) -> Result { + init_pok!( + signature, + params, + messages, + blindings, + revealed_indices, + encode_messages, + BBSSignature, + BBSSigParams, + BBSPoKOfSigProtocol, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsGenProofOfKnowledgeOfSignature)] @@ -251,7 +390,21 @@ pub fn bbs_gen_proof( let protocol: BBSPoKOfSigProtocol = serde_wasm_bindgen::from_value(protocol)?; let challenge = fr_from_uint8_array(challenge, false)?; match protocol.gen_proof(&challenge) { - Ok(proof) => Ok(obj_to_uint8array!(&proof, false, "BBS+ProofG1")), + Ok(proof) => Ok(obj_to_uint8array!(&proof, false, "BBSProof")), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } +} + +#[wasm_bindgen(js_name = bbsGenProofOfKnowledgeOfSignatureNew)] +pub fn bbs_gen_proof_new( + protocol: JsValue, + challenge: js_sys::Uint8Array, +) -> Result { + set_panic_hook(); + let protocol: BBSPoKOfSigProtocolNew = serde_wasm_bindgen::from_value(protocol)?; + let challenge = fr_from_uint8_array(challenge, false)?; + match protocol.gen_proof(&challenge) { + Ok(proof) => Ok(obj_to_uint8array!(&proof, false, "BBSProofNew")), Err(e) => Err(JsValue::from(&format!("{:?}", e))), } } @@ -265,14 +418,67 @@ pub fn bbs_verify_proof( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let proof: BBSPoKOfSigProof = obj_from_uint8array!(BBSPoKOfSigProof, proof, false); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let public_key = obj_from_uint8array!(BBSPublicKey, public_key, false, "BBSPublicKey"); - let challenge = fr_from_uint8_array(challenge, false)?; + verify_pok!( + proof, + revealed_msgs, + challenge, + public_key, + params, + encode_messages, + BBSPoKOfSigProof, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + encode_messages_as_js_map_to_fr_btreemap + ) +} - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - to_verify_response!(proof.verify(&msgs, &challenge, public_key, params)) +#[wasm_bindgen(js_name = bbsVerifyProofOfKnowledgeOfSignatureNew)] +pub fn bbs_verify_proof_new( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + challenge: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify_pok!( + proof, + revealed_msgs, + challenge, + public_key, + params, + encode_messages, + BBSPoKOfSigProofNew, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = bbsVerifyProofOfKnowledgeOfSignatureConstantTime)] +pub fn bbs_verify_proof_constant_time( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + challenge: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify_pok!( + proof, + revealed_msgs, + challenge, + public_key, + params, + encode_messages, + BBSPoKOfSigProof, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsChallengeContributionFromProtocol)] @@ -282,20 +488,51 @@ pub fn bbs_challenge_contribution_from_protocol( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let protocol: BBSPoKOfSigProtocol = serde_wasm_bindgen::from_value(protocol)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let mut bytes = vec![]; - protocol - .challenge_contribution(&msgs, ¶ms, &mut bytes) - .map_err(|e| { - JsValue::from(&format!( - "Evaluating challenge_contribution returned error: {:?}", - e - )) - })?; - Ok(js_sys::Uint8Array::from(bytes.as_slice())) + challenge_contribution_from_protocol!( + protocol, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProtocol, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = bbsChallengeContributionFromProtocolNew)] +pub fn bbs_challenge_contribution_from_protocol_new( + protocol: JsValue, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_protocol!( + protocol, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProtocolNew, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = bbsChallengeContributionFromProtocolConstantTime)] +pub fn bbs_challenge_contribution_from_protocol_constant_time( + protocol: JsValue, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_protocol!( + protocol, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProtocol, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsChallengeContributionFromProof)] @@ -305,20 +542,51 @@ pub fn bbs_challenge_contribution_from_proof( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let proof: BBSPoKOfSigProof = obj_from_uint8array!(BBSPoKOfSigProof, proof, false); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let mut bytes = vec![]; - proof - .challenge_contribution(&msgs, ¶ms, &mut bytes) - .map_err(|e| { - JsValue::from(&format!( - "Evaluating challenge_contribution returned error: {:?}", - e - )) - })?; - Ok(js_sys::Uint8Array::from(bytes.as_slice())) + challenge_contribution_from_proof!( + proof, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProof, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = bbsChallengeContributionFromProofNew)] +pub fn bbs_challenge_contribution_from_proof_new( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_proof!( + proof, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProofNew, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = bbsChallengeContributionFromProofConstantTime)] +pub fn bbs_challenge_contribution_from_proof_constant_time( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_proof!( + proof, + revealed_msgs, + params, + encode_messages, + BBSPoKOfSigProof, + BBSSigParams, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsAdaptSigParamsForMsgCount)] diff --git a/src/bbs_plus.rs b/src/bbs_plus.rs index 5578eb8..3a63320 100644 --- a/src/bbs_plus.rs +++ b/src/bbs_plus.rs @@ -9,7 +9,12 @@ use wasm_bindgen::prelude::*; use crate::{ common::VerifyResponse, to_verify_response, - utils::{encode_messages_as_js_array_to_fr_vec, encode_messages_as_js_map_to_fr_btreemap}, + utils::{ + encode_messages_as_js_array_to_fr_vec, + encode_messages_as_js_array_to_fr_vec_in_constant_time, + encode_messages_as_js_map_to_fr_btreemap, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + }, Fr, G1Affine, G2Affine, }; use ark_bls12_381::Bls12_381; @@ -36,6 +41,159 @@ pub(crate) type BBSPlusSigG2 = SignatureG2; pub(crate) type BBSPlusPoKOfSigProtocol = PoKOfSignatureG1Protocol; pub(crate) type BBSPlusPoKOfSigProof = PoKOfSignatureG1Proof; +#[macro_export] +macro_rules! sign { + ($messages: ident, $sk: ident, $sig_params: ident, $encode_messages: ident, $sk_type: ident, $sk_str: expr, $sig_params_type: ident, $sig: ident, $sig_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let sk = obj_from_uint8array!($sk_type, $sk, true, $sk_str); + let params: $sig_params_type = serde_wasm_bindgen::from_value($sig_params)?; + let messages = $fn_name(&$messages, $encode_messages)?; + + let mut rng = get_seeded_rng(); + match $sig::new(&mut rng, &messages, &sk, ¶ms) { + Ok(sig) => Ok(obj_to_uint8array!(&sig, true, $sig_str)), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } + }}; +} + +#[macro_export] +macro_rules! verify { + ($messages: ident, $sig: ident, $pk: ident, $sig_params: ident, $encode_messages: ident, $sig_type: ident, $sig_str: expr, $pk_type: ident, $pk_str: expr, $sig_params_type: ident, $fn_name: ident) => {{ + set_panic_hook(); + let signature = obj_from_uint8array!($sig_type, $sig, true, $sig_str); + let pk = obj_from_uint8array!($pk_type, $pk, false, $pk_str); + let params: $sig_params_type = serde_wasm_bindgen::from_value($sig_params)?; + let messages = $fn_name(&$messages, $encode_messages)?; + to_verify_response!(signature.verify(messages.as_slice(), pk, params)) + }}; +} + +#[macro_export] +macro_rules! blind_sign { + ($commitment: ident, $uncommitted_messages: ident, $sk: ident, $sig_params: ident, $encode_messages: ident, $sk_type: ident, $sk_str: expr, $sig_params_type: ident, $sig: ident, $sig_str: expr, $enc_fn_name: ident, $dec_fn_name: ident) => {{ + set_panic_hook(); + let commitment = $dec_fn_name($commitment)?; + let msgs = $enc_fn_name(&$uncommitted_messages, $encode_messages)?; + let msgs_ref = msgs + .iter() + .map(|(i, m)| (*i, m)) + .collect::>(); + let sk = obj_from_uint8array!($sk_type, $sk, true, $sk_str); + let params: $sig_params_type = serde_wasm_bindgen::from_value($sig_params)?; + + let mut rng = get_seeded_rng(); + match $sig::new_with_committed_messages(&mut rng, &commitment, msgs_ref, &sk, ¶ms) { + Ok(sig) => Ok(obj_to_uint8array!(&sig, true, $sig_str)), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } + }}; +} + +#[macro_export] +macro_rules! init_pok { + ($sig: ident, $params: ident, $messages: ident, $blindings: ident, $revealed_indices: ident, $encode_messages: ident, $sig_type: ident, $params_type: ident, $protocol: ident, $fn_name: ident) => {{ + set_panic_hook(); + let signature = obj_from_uint8array!($sig_type, $sig, true); + let params: $params_type = serde_wasm_bindgen::from_value($params)?; + // TODO: Avoid this hack of passing false, create separate method to parse + let mut blindings = encode_messages_as_js_map_to_fr_btreemap(&$blindings, false)?; + let messages = $fn_name(&$messages, $encode_messages)?; + let revealed_indices = js_set_to_btree_set::(&$revealed_indices); + let msg_iter = messages.iter().enumerate().map(|(idx, message)| { + if revealed_indices.contains(&idx) { + MessageOrBlinding::RevealMessage(message) + } else if let Some(blinding) = blindings.remove(&idx) { + MessageOrBlinding::BlindMessageWithConcreteBlinding { message, blinding } + } else { + MessageOrBlinding::BlindMessageRandomly(message) + } + }); + + let mut rng = get_seeded_rng(); + match $protocol::init(&mut rng, &signature, ¶ms, msg_iter) { + Ok(sig) => Ok(serde_wasm_bindgen::to_value(&sig) + .map_err(JsValue::from) + .unwrap()), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } + }}; +} + +#[macro_export] +macro_rules! verify_pok { + ($proof: ident, $revealed_msgs: ident, $challenge: ident, $pk: ident, $params: ident, $encode_messages: ident, $proof_type: ident, $params_type: ident, $pk_type: ident, $pk_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let proof: $proof_type = obj_from_uint8array!($proof_type, $proof, false); + let params: $params_type = serde_wasm_bindgen::from_value($params)?; + let public_key = obj_from_uint8array!($pk_type, $pk, false, $pk_str); + let challenge = fr_from_uint8_array($challenge, false)?; + + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + + to_verify_response!(proof.verify(&msgs, &challenge, public_key, params)) + }}; +} + +#[macro_export] +macro_rules! challenge_contribution_from_protocol { + ($protocol: ident, $revealed_msgs: ident, $params: ident, $encode_messages: ident, $protocol_type: ident, $params_type: ident, $fn_name: ident) => {{ + set_panic_hook(); + let protocol: $protocol_type = serde_wasm_bindgen::from_value($protocol)?; + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let params: $params_type = serde_wasm_bindgen::from_value($params)?; + let mut bytes = vec![]; + protocol + .challenge_contribution(&msgs, ¶ms, &mut bytes) + .map_err(|e| { + JsValue::from(&format!( + "Evaluating challenge_contribution returned error: {:?}", + e + )) + })?; + Ok(js_sys::Uint8Array::from(bytes.as_slice())) + }}; +} + +#[macro_export] +macro_rules! challenge_contribution_from_proof { + ($proof: ident, $revealed_msgs: ident, $params: ident, $encode_messages: ident, $proof_type: ident, $params_type: ident, $fn_name: ident) => {{ + set_panic_hook(); + let proof: $proof_type = obj_from_uint8array!($proof_type, $proof, false); + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let params: $params_type = serde_wasm_bindgen::from_value($params)?; + let mut bytes = vec![]; + proof + .challenge_contribution(&msgs, ¶ms, &mut bytes) + .map_err(|e| { + JsValue::from(&format!( + "Evaluating challenge_contribution returned error: {:?}", + e + )) + })?; + Ok(js_sys::Uint8Array::from(bytes.as_slice())) + }}; +} + +#[macro_export] +macro_rules! commit_to_messages { + ($messages_to_commit: ident, $blinding: ident, $sig_params: ident, $encode_messages: ident, $sig_params_type: ident, $enc_fn_name: ident, $dec_fn_name: ident) => {{ + set_panic_hook(); + let msgs = $enc_fn_name(&$messages_to_commit, $encode_messages)?; + let msgs_ref = msgs + .iter() + .map(|(i, m)| (*i, m)) + .collect::>(); + + let params: $sig_params_type = serde_wasm_bindgen::from_value($sig_params)?; + let blinding = fr_from_uint8_array($blinding, true)?; + match params.commit_to_messages(msgs_ref, &blinding) { + Ok(comm) => $dec_fn_name(&comm), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } + }}; +} + #[wasm_bindgen(js_name = bbsPlusGenerateSignatureParamsG1)] pub fn bbs_plus_generate_g1_params( message_count: u32, @@ -235,19 +393,33 @@ pub fn bbs_plus_commit_to_message_in_g1( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&messages_to_commit, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap, + g1_affine_to_uint8_array + ) +} - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let blinding = fr_from_uint8_array(blinding, true)?; - match params.commit_to_messages(msgs_ref, &blinding) { - Ok(comm) => g1_affine_to_uint8_array(&comm), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusCommitMsgsInG1ConstantTime)] +pub fn bbs_plus_commit_to_message_in_g1_constant_time( + messages_to_commit: js_sys::Map, + blinding: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g1_affine_to_uint8_array + ) } #[wasm_bindgen(js_name = bbsPlusCommitMsgsInG2)] @@ -257,20 +429,33 @@ pub fn bbs_plus_commit_to_message_in_g2( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - - let msgs = encode_messages_as_js_map_to_fr_btreemap(&messages_to_commit, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BBSPlusSigParamsG2, + encode_messages_as_js_map_to_fr_btreemap, + g2_affine_to_uint8_array + ) +} - let params: BBSPlusSigParamsG2 = serde_wasm_bindgen::from_value(params)?; - let blinding = fr_from_uint8_array(blinding, true)?; - match params.commit_to_messages(msgs_ref, &blinding) { - Ok(comm) => g2_affine_to_uint8_array(&comm), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusCommitMsgsInG2ConstantTime)] +pub fn bbs_plus_commit_to_message_in_g2_constant_time( + messages_to_commit: js_sys::Map, + blinding: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BBSPlusSigParamsG2, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g2_affine_to_uint8_array + ) } #[wasm_bindgen(js_name = bbsPlusSignG1)] @@ -280,16 +465,39 @@ pub fn bbs_plus_sign_g1( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let sk = obj_from_uint8array!(BBSPlusSigningKey, secret_key, true, "BBSPlusSigningKey"); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; + sign!( + messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG1, + BBSPlusSigG1, + "BBSPlusSigG1", + encode_messages_as_js_array_to_fr_vec + ) +} - let mut rng = get_seeded_rng(); - match BBSPlusSigG1::new(&mut rng, &messages, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSPlusSigG1")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusSignG1ConstantTime)] +pub fn bbs_plus_sign_g1_constant_time( + messages: js_sys::Array, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + sign!( + messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG1, + BBSPlusSigG1, + "BBSPlusSigG1", + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusBlindSignG1)] @@ -301,20 +509,45 @@ pub fn bbs_plus_blind_sign_g1( encode_messages: bool, ) -> Result { set_panic_hook(); - let commitment = g1_affine_from_uint8_array(commitment)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&uncommitted_messages, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); - let sk = obj_from_uint8array!(BBSPlusSigningKey, secret_key, true, "BBSPlusSigningKey"); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG1, + BBSPlusSigG1, + "BBSPlusSigG1", + encode_messages_as_js_map_to_fr_btreemap, + g1_affine_from_uint8_array + ) +} - let mut rng = get_seeded_rng(); - match BBSPlusSigG1::new_with_committed_messages(&mut rng, &commitment, msgs_ref, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSPlusSigG1")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusBlindSignG1ConstantTime)] +pub fn bbs_plus_blind_sign_g1_constant_time( + commitment: js_sys::Uint8Array, + uncommitted_messages: js_sys::Map, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + set_panic_hook(); + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG1, + BBSPlusSigG1, + "BBSPlusSigG1", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g1_affine_from_uint8_array + ) } #[wasm_bindgen(js_name = bbsPlusUnblindSigG1)] @@ -340,12 +573,42 @@ pub fn bbs_plus_verify_g1( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let signature = obj_from_uint8array!(BBSPlusSigG1, signature, true); - let pk = obj_from_uint8array!(BBSPlusPublicKeyG2, public_key, false, "BBSPlusPublicKeyG2"); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; - to_verify_response!(signature.verify(messages.as_slice(), pk, params)) + verify!( + messages, + signature, + public_key, + params, + encode_messages, + BBSPlusSigG1, + "BBSPlusSigG1", + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + BBSPlusSigParamsG1, + encode_messages_as_js_array_to_fr_vec + ) +} + +#[wasm_bindgen(js_name = bbsPlusVerifyG1ConstantTime)] +pub fn bbs_plus_verify_g1_constant_time( + messages: js_sys::Array, + signature: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify!( + messages, + signature, + public_key, + params, + encode_messages, + BBSPlusSigG1, + "BBSPlusSigG1", + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + BBSPlusSigParamsG1, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusSignG2)] @@ -355,16 +618,39 @@ pub fn bbs_plus_sign_g2( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let sk = obj_from_uint8array!(BBSPlusSigningKey, secret_key, true, "BBSPlusSigningKey"); - let params: BBSPlusSigParamsG2 = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; + sign!( + messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG2, + BBSPlusSigG2, + "BBSPlusSigG2", + encode_messages_as_js_array_to_fr_vec + ) +} - let mut rng = get_seeded_rng(); - match BBSPlusSigG2::new(&mut rng, &messages, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSPlusSigG2")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusSignG2ConstantTime)] +pub fn bbs_plus_sign_g2_constant_time( + messages: js_sys::Array, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + sign!( + messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG2, + BBSPlusSigG2, + "BBSPlusSigG2", + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusBlindSignG2)] @@ -375,21 +661,44 @@ pub fn bbs_plus_blind_sign_g2( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let commitment = g2_affine_from_uint8_array(commitment)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&uncommitted_messages, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); - let sk = obj_from_uint8array!(BBSPlusSigningKey, secret_key, true, "BBSPlusSigningKey"); - let params: BBSPlusSigParamsG2 = serde_wasm_bindgen::from_value(params)?; + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG2, + BBSPlusSigG2, + "BBSPlusSigG2", + encode_messages_as_js_map_to_fr_btreemap, + g2_affine_from_uint8_array + ) +} - let mut rng = get_seeded_rng(); - match BBSPlusSigG2::new_with_committed_messages(&mut rng, &commitment, msgs_ref, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BBSPlusSigG2")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusBlindSignG2ConstantTime)] +pub fn bbs_plus_blind_sign_g2_constant_time( + commitment: js_sys::Uint8Array, + uncommitted_messages: js_sys::Map, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BBSPlusSigningKey, + "BBSPlusSigningKey", + BBSPlusSigParamsG2, + BBSPlusSigG2, + "BBSPlusSigG2", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g2_affine_from_uint8_array + ) } #[wasm_bindgen(js_name = bbsPlusUnblindSigG2)] @@ -424,6 +733,24 @@ pub fn bbs_plus_verify_g2( to_verify_response!(signature.verify(messages.as_slice(), &pk, ¶ms)) } +#[wasm_bindgen(js_name = bbsPlusVerifyG2ConstantTime)] +pub fn bbs_plus_verify_g2_constant_time( + messages: js_sys::Array, + signature: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + set_panic_hook(); + + let signature = obj_from_uint8array!(BBSPlusSigG2, signature, true); + let pk = obj_from_uint8array!(BBSPlusPublicKeyG1, public_key, false, "BBSPlusPublicKeyG1"); + let params: BBSPlusSigParamsG2 = serde_wasm_bindgen::from_value(params)?; + let messages = + encode_messages_as_js_array_to_fr_vec_in_constant_time(&messages, encode_messages)?; + to_verify_response!(signature.verify(messages.as_slice(), &pk, ¶ms)) +} + #[wasm_bindgen(js_name = bbsPlusInitializeProofOfKnowledgeOfSignature)] pub fn bbs_plus_initialize_proof_of_knowledge_of_signature( signature: js_sys::Uint8Array, @@ -433,31 +760,41 @@ pub fn bbs_plus_initialize_proof_of_knowledge_of_signature( revealed_indices: js_sys::Set, encode_messages: bool, ) -> Result { - set_panic_hook(); - - let signature = obj_from_uint8array!(BBSPlusSigG1, signature, true); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - // TODO: Avoid this hack of passing false, create separate method to parse - let mut blindings = encode_messages_as_js_map_to_fr_btreemap(&blindings, false)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; - let revealed_indices = js_set_to_btree_set::(&revealed_indices); - let msg_iter = messages.iter().enumerate().map(|(idx, message)| { - if revealed_indices.contains(&idx) { - MessageOrBlinding::RevealMessage(message) - } else if let Some(blinding) = blindings.remove(&idx) { - MessageOrBlinding::BlindMessageWithConcreteBlinding { message, blinding } - } else { - MessageOrBlinding::BlindMessageRandomly(message) - } - }); + init_pok!( + signature, + params, + messages, + blindings, + revealed_indices, + encode_messages, + BBSPlusSigG1, + BBSPlusSigParamsG1, + BBSPlusPoKOfSigProtocol, + encode_messages_as_js_array_to_fr_vec + ) +} - let mut rng = get_seeded_rng(); - match BBSPlusPoKOfSigProtocol::init(&mut rng, &signature, ¶ms, msg_iter) { - Ok(sig) => Ok(serde_wasm_bindgen::to_value(&sig) - .map_err(JsValue::from) - .unwrap()), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime)] +pub fn bbs_plus_initialize_proof_of_knowledge_of_signature_constant_time( + signature: js_sys::Uint8Array, + params: JsValue, + messages: js_sys::Array, + blindings: js_sys::Map, + revealed_indices: js_sys::Set, + encode_messages: bool, +) -> Result { + init_pok!( + signature, + params, + messages, + blindings, + revealed_indices, + encode_messages, + BBSPlusSigG1, + BBSPlusSigParamsG1, + BBSPlusPoKOfSigProtocol, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusGenProofOfKnowledgeOfSignature)] @@ -483,16 +820,43 @@ pub fn bbs_plus_verify_proof( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let proof: BBSPlusPoKOfSigProof = obj_from_uint8array!(BBSPlusPoKOfSigProof, proof, false); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let public_key = - obj_from_uint8array!(BBSPlusPublicKeyG2, public_key, false, "BBSPlusPublicKeyG2"); - let challenge = fr_from_uint8_array(challenge, false)?; - - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; + verify_pok!( + proof, + revealed_msgs, + challenge, + public_key, + params, + encode_messages, + BBSPlusPoKOfSigProof, + BBSPlusSigParamsG1, + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + encode_messages_as_js_map_to_fr_btreemap + ) +} - to_verify_response!(proof.verify(&msgs, &challenge, public_key, params)) +#[wasm_bindgen(js_name = bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime)] +pub fn bbs_plus_verify_proof_constant_time( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + challenge: js_sys::Uint8Array, + public_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify_pok!( + proof, + revealed_msgs, + challenge, + public_key, + params, + encode_messages, + BBSPlusPoKOfSigProof, + BBSPlusSigParamsG1, + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusChallengeContributionFromProtocol)] @@ -502,20 +866,33 @@ pub fn bbs_plus_challenge_contribution_from_protocol( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let protocol: BBSPlusPoKOfSigProtocol = serde_wasm_bindgen::from_value(protocol)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let mut bytes = vec![]; - protocol - .challenge_contribution(&msgs, ¶ms, &mut bytes) - .map_err(|e| { - JsValue::from(&format!( - "Evaluating challenge_contribution returned error: {:?}", - e - )) - })?; - Ok(js_sys::Uint8Array::from(bytes.as_slice())) + challenge_contribution_from_protocol!( + protocol, + revealed_msgs, + params, + encode_messages, + BBSPlusPoKOfSigProtocol, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = bbsPlusChallengeContributionFromProtocolConstantTime)] +pub fn bbs_plus_challenge_contribution_from_protocol_constant_time( + protocol: JsValue, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_protocol!( + protocol, + revealed_msgs, + params, + encode_messages, + BBSPlusPoKOfSigProtocol, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusChallengeContributionFromProof)] @@ -525,20 +902,33 @@ pub fn bbs_plus_challenge_contribution_from_proof( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let proof: BBSPlusPoKOfSigProof = obj_from_uint8array!(BBSPlusPoKOfSigProof, proof, false); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let mut bytes = vec![]; - proof - .challenge_contribution(&msgs, ¶ms, &mut bytes) - .map_err(|e| { - JsValue::from(&format!( - "Evaluating challenge_contribution returned error: {:?}", - e - )) - })?; - Ok(js_sys::Uint8Array::from(bytes.as_slice())) + challenge_contribution_from_proof!( + proof, + revealed_msgs, + params, + encode_messages, + BBSPlusPoKOfSigProof, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = bbsPlusChallengeContributionFromProofConstantTime)] +pub fn bbs_plus_challenge_contribution_from_proof_constant_time( + proof: js_sys::Uint8Array, + revealed_msgs: js_sys::Map, + params: JsValue, + encode_messages: bool, +) -> Result { + challenge_contribution_from_proof!( + proof, + revealed_msgs, + params, + encode_messages, + BBSPlusPoKOfSigProof, + BBSPlusSigParamsG1, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = bbsPlusAdaptSigParamsG1ForMsgCount)] diff --git a/src/bddt16_kvac.rs b/src/bddt16_kvac.rs index e145532..50895a7 100644 --- a/src/bddt16_kvac.rs +++ b/src/bddt16_kvac.rs @@ -1,12 +1,16 @@ use crate::{ + blind_sign, commit_to_messages, common::VerifyResponse, - to_verify_response, + sign, to_verify_response, utils::{ - encode_messages_as_js_array_to_fr_vec, encode_messages_as_js_map_to_fr_btreemap, - fr_from_uint8_array, g1_affine_from_uint8_array, g1_affine_to_jsvalue, - g1_affine_to_uint8_array, get_seeded_rng, random_bytes, set_panic_hook, + encode_messages_as_js_array_to_fr_vec, + encode_messages_as_js_array_to_fr_vec_in_constant_time, + encode_messages_as_js_map_to_fr_btreemap, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, fr_from_uint8_array, + g1_affine_from_uint8_array, g1_affine_to_jsvalue, g1_affine_to_uint8_array, get_seeded_rng, + random_bytes, set_panic_hook, }, - Fr, G1Affine, + verify, Fr, G1Affine, }; use ark_ec::AffineRepr; use blake2::Blake2b512; @@ -148,19 +152,33 @@ pub fn bddt16_mac_commit_to_message( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&messages_to_commit, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BDDT16MACParams, + encode_messages_as_js_map_to_fr_btreemap, + g1_affine_to_uint8_array + ) +} - let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; - let blinding = fr_from_uint8_array(blinding, true)?; - match params.commit_to_messages(msgs_ref, &blinding) { - Ok(comm) => g1_affine_to_uint8_array(&comm), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bddt16MacCommitMsgsConstantTime)] +pub fn bddt16_mac_commit_to_message_constant_time( + messages_to_commit: js_sys::Map, + blinding: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + commit_to_messages!( + messages_to_commit, + blinding, + params, + encode_messages, + BDDT16MACParams, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g1_affine_to_uint8_array + ) } #[wasm_bindgen(js_name = bddt16MacGenerate)] @@ -170,16 +188,39 @@ pub fn bddt16_mac_generate( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); - let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; + sign!( + messages, + secret_key, + params, + encode_messages, + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + BDDT16MAC, + "BDDT16MAC", + encode_messages_as_js_array_to_fr_vec + ) +} - let mut rng = get_seeded_rng(); - match BDDT16MAC::new(&mut rng, &messages, &sk, ¶ms) { - Ok(mac) => Ok(obj_to_uint8array!(&mac, true, "BDDT16MAC")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bddt16MacGenerateConstantTime)] +pub fn bddt16_mac_generate_constant_time( + messages: js_sys::Array, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + sign!( + messages, + secret_key, + params, + encode_messages, + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + BDDT16MAC, + "BDDT16MAC", + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } #[wasm_bindgen(js_name = bddt16BlindMacGenerate)] @@ -190,21 +231,44 @@ pub fn bddt16_blind_mac_generate( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let commitment = g1_affine_from_uint8_array(commitment)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&uncommitted_messages, encode_messages)?; - let msgs_ref = msgs - .iter() - .map(|(i, m)| (*i, m)) - .collect::>(); - let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); - let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + BDDT16MAC, + "BDDT16MAC", + encode_messages_as_js_map_to_fr_btreemap, + g1_affine_from_uint8_array + ) +} - let mut rng = get_seeded_rng(); - match BDDT16MAC::new_with_committed_messages(&mut rng, &commitment, msgs_ref, &sk, ¶ms) { - Ok(sig) => Ok(obj_to_uint8array!(&sig, true, "BDDT16MAC")), - Err(e) => Err(JsValue::from(&format!("{:?}", e))), - } +#[wasm_bindgen(js_name = bddt16BlindMacGenerateConstantTime)] +pub fn bddt16_blind_mac_generate_constant_time( + commitment: js_sys::Uint8Array, + uncommitted_messages: js_sys::Map, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + blind_sign!( + commitment, + uncommitted_messages, + secret_key, + params, + encode_messages, + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + BDDT16MAC, + "BDDT16MAC", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, + g1_affine_from_uint8_array + ) } #[wasm_bindgen(js_name = bddt16UnblindMac)] @@ -255,7 +319,8 @@ pub fn bddt16_mac_verify_proof_of_validity( ) -> Result { let proof = obj_from_uint8array!(ProofOfValidityOfMACG1, proof, false); let mac = obj_from_uint8array!(BDDT16MAC, mac, true); - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; + let messages = + encode_messages_as_js_array_to_fr_vec_in_constant_time(&messages, encode_messages)?; let pk = obj_from_uint8array!( BDDT16MACPublicKeyG1, public_key, @@ -274,10 +339,40 @@ pub fn bddt16_mac_verify( params: JsValue, encode_messages: bool, ) -> Result { - set_panic_hook(); - let mac = obj_from_uint8array!(BDDT16MAC, mac, true); - let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); - let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; - let messages = encode_messages_as_js_array_to_fr_vec(&messages, encode_messages)?; - to_verify_response!(mac.verify(messages.as_slice(), &sk, ¶ms)) + verify!( + messages, + mac, + secret_key, + params, + encode_messages, + BDDT16MAC, + "BDDT16MAC", + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + encode_messages_as_js_array_to_fr_vec + ) +} + +#[wasm_bindgen(js_name = bddt16MacVerifyConstantTime)] +pub fn bddt16_mac_verify_constant_time( + messages: js_sys::Array, + mac: js_sys::Uint8Array, + secret_key: js_sys::Uint8Array, + params: JsValue, + encode_messages: bool, +) -> Result { + verify!( + messages, + mac, + secret_key, + params, + encode_messages, + BDDT16MAC, + "BDDT16MAC", + BDDT16MACSecretKey, + "BDDT16MACSecretKey", + BDDT16MACParams, + encode_messages_as_js_array_to_fr_vec_in_constant_time + ) } diff --git a/src/common.rs b/src/common.rs index c184165..eea4471 100644 --- a/src/common.rs +++ b/src/common.rs @@ -16,6 +16,39 @@ use zeroize::Zeroize; use wasm_bindgen::prelude::*; +macro_rules! encode_messages_for_signing { + ($messages: ident, $indices_to_encode: ident, $fn_name: ident) => {{ + use serde_wasm_bindgen::from_value; + + set_panic_hook(); + let encoded = js_sys::Array::new(); + + if let Some(indices_to_encode) = $indices_to_encode { + for i in indices_to_encode.values() { + let index: u32 = from_value(i.unwrap())?; + if index >= $messages.length() { + return Err(JsValue::from(&format!( + "Invalid index {:?} to get message", + index + ))); + } + let msg: Vec = from_value($messages.get(index))?; + let fr = utils::$fn_name(&msg); + encoded.push(&fr_to_jsvalue(&fr)?); + } + } else { + for value in $messages.values() { + let msg: Vec = from_value(value?)?; + let fr = utils::$fn_name(&msg); + + encoded.push(&fr_to_jsvalue(&fr)?); + } + } + + Ok(encoded) + }}; +} + #[wasm_bindgen(js_name = encodeMessageForSigning)] pub fn encode_message_for_signing(message: Vec) -> Result { set_panic_hook(); @@ -23,39 +56,33 @@ pub fn encode_message_for_signing(message: Vec) -> Result, +) -> Result { + set_panic_hook(); + let fr = utils::encode_message_for_signing_in_constant_time(&message); + fr_to_uint8_array(&fr) +} + #[wasm_bindgen(js_name = encodeMessagesForSigning)] pub fn encode_messages_for_signing( messages: js_sys::Array, indices_to_encode: Option, ) -> Result { - use serde_wasm_bindgen::from_value; - - set_panic_hook(); - let encoded = js_sys::Array::new(); - - if let Some(indices_to_encode) = indices_to_encode { - for i in indices_to_encode.values() { - let index: u32 = from_value(i.unwrap())?; - if index >= messages.length() { - return Err(JsValue::from(&format!( - "Invalid index {:?} to get message", - index - ))); - } - let msg: Vec = from_value(messages.get(index))?; - let fr = utils::encode_message_for_signing(&msg); - encoded.push(&fr_to_jsvalue(&fr)?); - } - } else { - for value in messages.values() { - let msg: Vec = from_value(value?)?; - let fr = utils::encode_message_for_signing(&msg); - - encoded.push(&fr_to_jsvalue(&fr)?); - } - } + encode_messages_for_signing!(messages, indices_to_encode, encode_message_for_signing) +} - Ok(encoded) +#[wasm_bindgen(js_name = encodeMessagesForSigningInConstantTime)] +pub fn encode_messages_for_signing_in_constant_time( + messages: js_sys::Array, + indices_to_encode: Option, +) -> Result { + encode_messages_for_signing!( + messages, + indices_to_encode, + encode_message_for_signing_in_constant_time + ) } #[wasm_bindgen(js_name = generateRandomG1Element)] diff --git a/src/composite_proof_system/mod.rs b/src/composite_proof_system/mod.rs index 8e4ea98..0587dc8 100644 --- a/src/composite_proof_system/mod.rs +++ b/src/composite_proof_system/mod.rs @@ -14,8 +14,9 @@ use crate::{ ps::PSSignature, to_verify_response, utils::{ - encode_messages_as_js_map_to_fr_btreemap, fr_from_uint8_array, get_seeded_rng, - js_array_to_fr_vec, set_panic_hook, + encode_messages_as_js_map_to_fr_btreemap, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, fr_from_uint8_array, + get_seeded_rng, js_array_to_fr_vec, set_panic_hook, }, G1Affine, }; @@ -44,17 +45,46 @@ pub(crate) type Proof = proof::Proof; pub(crate) type StatementProof = proof_system::prelude::StatementProof; pub(crate) type PoKOfBDDT16MACWit = witness::PoKOfBDDT16MAC; +macro_rules! witness { + ($signature: ident, $unrevealed_msgs: ident, $encode_messages: expr, $sig_type: ident, $wit_type: path, $fn_name: ident) => {{ + set_panic_hook(); + let signature = obj_from_uint8array!($sig_type, $signature, true); + let msgs = $fn_name(&$unrevealed_msgs, $encode_messages)?; + let witness = $wit_type(signature, msgs); + serde_wasm_bindgen::to_value(&witness).map_err(JsValue::from) + }}; +} + #[wasm_bindgen(js_name = generatePoKBBSSignatureWitness)] pub fn generate_pok_bbs_sig_witness( signature: Uint8Array, unrevealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let signature = obj_from_uint8array!(BBSSignature, signature, true); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&unrevealed_msgs, encode_messages)?; - let witness = PoKBBSSigWit::new_as_witness(signature, msgs); - serde_wasm_bindgen::to_value(&witness).map_err(JsValue::from) + witness!( + signature, + unrevealed_msgs, + encode_messages, + BBSSignature, + PoKBBSSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureWitnessConstantTime)] +pub fn generate_pok_bbs_sig_witness_constant_time( + signature: Uint8Array, + unrevealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + witness!( + signature, + unrevealed_msgs, + encode_messages, + BBSSignature, + PoKBBSSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSPlusSignatureWitness)] @@ -63,11 +93,30 @@ pub fn generate_pok_bbs_plus_sig_witness( unrevealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let signature = obj_from_uint8array!(BBSPlusSigG1, signature, true); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&unrevealed_msgs, encode_messages)?; - let witness = PoKBBSPlusSigWit::new_as_witness(signature, msgs); - serde_wasm_bindgen::to_value(&witness).map_err(JsValue::from) + witness!( + signature, + unrevealed_msgs, + encode_messages, + BBSPlusSigG1, + PoKBBSPlusSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSPlusSignatureWitnessConstantTime)] +pub fn generate_pok_bbs_plus_sig_witness_constant_time( + signature: Uint8Array, + unrevealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + witness!( + signature, + unrevealed_msgs, + encode_messages, + BBSPlusSigG1, + PoKBBSPlusSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKPSSignatureWitness)] @@ -75,12 +124,29 @@ pub fn generate_pok_ps_sig_witness( signature: Uint8Array, unrevealed_msgs: js_sys::Map, ) -> Result { - set_panic_hook(); - let signature = obj_from_uint8array!(PSSignature, signature, true); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&unrevealed_msgs, false)?; - let witness = PokPSSigWit::new_as_witness(signature, msgs); + witness!( + signature, + unrevealed_msgs, + false, + PSSignature, + PokPSSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap + ) +} - serde_wasm_bindgen::to_value(&witness).map_err(JsValue::from) +#[wasm_bindgen(js_name = generatePoKPSSignatureWitnessConstantTime)] +pub fn generate_pok_ps_sig_witness_constant_time( + signature: Uint8Array, + unrevealed_msgs: js_sys::Map, +) -> Result { + witness!( + signature, + unrevealed_msgs, + false, + PSSignature, + PokPSSigWit::new_as_witness, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generateAccumulatorMembershipWitness)] @@ -328,11 +394,30 @@ pub fn generate_pok_bddt16_mac_witness( unrevealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let mac = obj_from_uint8array!(BDDT16MAC, mac, true); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&unrevealed_msgs, encode_messages)?; - let witness = PoKOfBDDT16MACWit::new_as_witness::(mac, msgs); - serde_wasm_bindgen::to_value(&witness).map_err(JsValue::from) + witness!( + mac, + unrevealed_msgs, + encode_messages, + BDDT16MAC, + PoKOfBDDT16MACWit::new_as_witness::, + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBDDT16MacWitnessConstantTime)] +pub fn generate_pok_bddt16_mac_witness_constant_time( + mac: Uint8Array, + unrevealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + witness!( + mac, + unrevealed_msgs, + encode_messages, + BDDT16MAC, + PoKOfBDDT16MACWit::new_as_witness::, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } pub fn parse_statements_meta_statements_and_setup_params( diff --git a/src/composite_proof_system/statements/pok_sig.rs b/src/composite_proof_system/statements/pok_sig.rs index 041272f..3f1d347 100644 --- a/src/composite_proof_system/statements/pok_sig.rs +++ b/src/composite_proof_system/statements/pok_sig.rs @@ -3,7 +3,10 @@ use crate::{ bbs_plus::{BBSPlusPublicKeyG2, BBSPlusSigParamsG1}, bddt16_kvac::{BDDT16MACParams, BDDT16MACSecretKey}, ps::{PSPublicKey, PSSignatureParams}, - utils::{encode_messages_as_js_map_to_fr_btreemap, set_panic_hook}, + utils::{ + encode_messages_as_js_map_to_fr_btreemap, + encode_messages_as_js_map_to_fr_btreemap_in_constant_time, set_panic_hook, + }, G1Affine, }; use ark_bls12_381::Bls12_381; @@ -14,6 +17,10 @@ use zeroize::Zeroize; pub(crate) type PoKBBSSigProverStmt = prelude::bbs_23::PoKBBSSignature23G1Prover; pub(crate) type PoKBBSSigVerifierStmt = prelude::bbs_23::PoKBBSSignature23G1Verifier; +pub(crate) type PoKBBSSigProverStmtNew = + prelude::bbs_23_ietf::PoKBBSSignature23IETFG1Prover; +pub(crate) type PoKBBSSigVerifierStmtNew = + prelude::bbs_23_ietf::PoKBBSSignature23IETFG1Verifier; pub(crate) type PoKBBSPlusSigProverStmt = prelude::bbs_plus::PoKBBSSignatureG1Prover; pub(crate) type PoKBBSPlusSigVerifierStmt = prelude::bbs_plus::PoKBBSSignatureG1Verifier; pub(crate) type PoKPSSigStmt = prelude::ps_signature::PoKPSSignatureStatement; @@ -21,20 +28,94 @@ pub(crate) type PoKPSSigStmt = prelude::ps_signature::PoKPSSignatureStatement; pub(crate) type PoKOfMACFullVerifierStmt = prelude::bddt16_kvac::PoKOfMACFullVerifier; +macro_rules! pok_prover { + ($params: ident, $revealed_msgs: ident, $encode_messages: ident, $sig_params_type: ident, $stmt: path, $stmt_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let params: $sig_params_type = serde_wasm_bindgen::from_value($params)?; + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let statement = $stmt(params, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, $stmt_str)) + }}; +} + +macro_rules! pok_verifier { + ($params: ident, $pk: ident, $revealed_msgs: ident, $encode_messages: ident, $sig_params_type: ident, $pk_type: ident, $pk_str: expr, $stmt: ident, $stmt_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let params: $sig_params_type = serde_wasm_bindgen::from_value($params)?; + let pk = obj_from_uint8array!($pk_type, $pk, false, $pk_str); + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let statement = $stmt::new_statement_from_params(params, pk, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, $stmt_str)) + }}; +} + +macro_rules! pok_prover_params_ref { + ($params: ident, $revealed_msgs: ident, $encode_messages: ident, $stmt: path, $stmt_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let statement = $stmt($params, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, $stmt_str)) + }}; +} + +macro_rules! pok_verifier_params_ref { + ($params: ident, $public_key: ident, $revealed_msgs: ident, $encode_messages: ident, $stmt: ident, $stmt_str: expr, $fn_name: ident) => {{ + set_panic_hook(); + let msgs = $fn_name(&$revealed_msgs, $encode_messages)?; + let statement = $stmt::new_statement_from_params_ref($params, $public_key, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, $stmt_str)) + }}; +} + #[wasm_bindgen(js_name = generatePoKBBSSignatureProverStatement)] pub fn generate_pok_bbs_sig_prover_statement( params: JsValue, revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSSigProverStmt::new_statement_from_params(params, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSSigProverStmt" - )) + pok_prover!( + params, + revealed_msgs, + encode_messages, + BBSSigParams, + PoKBBSSigProverStmt::new_statement_from_params, + "PoKBBSSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureProverStatementNew)] +pub fn generate_pok_bbs_sig_prover_statement_new( + params: JsValue, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover!( + params, + revealed_msgs, + encode_messages, + BBSSigParams, + PoKBBSSigProverStmtNew::new_statement_from_params, + "PoKBBSSigProverStmtNew", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureProverStatementConstantTime)] +pub fn generate_pok_bbs_sig_prover_statement_constant_time( + params: JsValue, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover!( + params, + revealed_msgs, + encode_messages, + BBSSigParams, + PoKBBSSigProverStmt::new_statement_from_params, + "PoKBBSSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatement)] @@ -44,15 +125,60 @@ pub fn generate_pok_bbs_sig_verifier_statement( revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let params: BBSSigParams = serde_wasm_bindgen::from_value(params)?; - let pk = obj_from_uint8array!(BBSPublicKey, public_key, false, "BBSPublicKey"); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSSigVerifierStmt::new_statement_from_params(params, pk, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSSigVerifierStmt" - )) + pok_verifier!( + params, + public_key, + revealed_msgs, + encode_messages, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + PoKBBSSigVerifierStmt, + "PoKBBSSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatementNew)] +pub fn generate_pok_bbs_sig_verifier_statement_new( + params: JsValue, + public_key: Uint8Array, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_verifier!( + params, + public_key, + revealed_msgs, + encode_messages, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + PoKBBSSigVerifierStmtNew, + "PoKBBSSigVerifierStmtNew", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatementConstantTime)] +pub fn generate_pok_bbs_sig_verifier_statement_constant_time( + params: JsValue, + public_key: Uint8Array, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_verifier!( + params, + public_key, + revealed_msgs, + encode_messages, + BBSSigParams, + BBSPublicKey, + "BBSPublicKey", + PoKBBSSigVerifierStmt, + "PoKBBSSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSPlusSignatureProverStatement)] @@ -61,14 +187,32 @@ pub fn generate_pok_bbs_plus_sig_prover_statement( revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSPlusSigProverStmt::new_statement_from_params(params, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSPlusSigProverStmt" - )) + pok_prover!( + params, + revealed_msgs, + encode_messages, + BBSPlusSigParamsG1, + PoKBBSPlusSigProverStmt::new_statement_from_params, + "PoKBBSPlusSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSPlusSignatureProverStatementConstantTime)] +pub fn generate_pok_bbs_plus_sig_prover_statement_constant_time( + params: JsValue, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover!( + params, + revealed_msgs, + encode_messages, + BBSPlusSigParamsG1, + PoKBBSPlusSigProverStmt::new_statement_from_params, + "PoKBBSPlusSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSPlusSignatureVerifierStatement)] @@ -77,28 +221,69 @@ pub fn generate_pok_bbs_plus_sig_verifier_statement( public_key: Uint8Array, revealed_msgs: js_sys::Map, encode_messages: bool, +) -> Result { + pok_verifier!( + params, + public_key, + revealed_msgs, + encode_messages, + BBSPlusSigParamsG1, + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + PoKBBSPlusSigVerifierStmt, + "PoKBBSPlusSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSPlusSignatureVerifierStatementConstantTime)] +pub fn generate_pok_bbs_plus_sig_verifier_statement_constant_time( + params: JsValue, + public_key: Uint8Array, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_verifier!( + params, + public_key, + revealed_msgs, + encode_messages, + BBSPlusSigParamsG1, + BBSPlusPublicKeyG2, + "BBSPlusPublicKeyG2", + PoKBBSPlusSigVerifierStmt, + "PoKBBSPlusSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = generatePoKPSSignatureStatement)] +pub fn generate_pok_ps_sig_statement( + params: JsValue, + public_key: Uint8Array, + revealed_msgs: js_sys::Map, ) -> Result { set_panic_hook(); - let params: BBSPlusSigParamsG1 = serde_wasm_bindgen::from_value(params)?; - let pk = obj_from_uint8array!(BBSPlusPublicKeyG2, public_key, false, "BBSPlusPublicKeyG2"); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSPlusSigVerifierStmt::new_statement_from_params(params, pk, msgs); + let params: PSSignatureParams = serde_wasm_bindgen::from_value(params)?; + let pk = obj_from_uint8array!(PSPublicKey, public_key, false, "PSPublicKey"); + let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, false)?; + let statement = PoKPSSigStmt::new_statement_from_params(params, pk, msgs); Ok(obj_to_uint8array_uncompressed!( &statement, - "PoKBBSPlusSigVerifierStmt" + "PokPSStatement" )) } -#[wasm_bindgen(js_name = generatePoKPSSignatureStatement)] -pub fn generate_pok_ps_sig_statement( +#[wasm_bindgen(js_name = generatePoKPSSignatureStatementConstantTime)] +pub fn generate_pok_ps_sig_statement_constant_time( params: JsValue, public_key: Uint8Array, revealed_msgs: js_sys::Map, ) -> Result { set_panic_hook(); let params: PSSignatureParams = serde_wasm_bindgen::from_value(params)?; - let pk = obj_from_uint8array!(PSPublicKey, public_key, false, "BBSPlusPublicKeyG2"); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, false)?; + let pk = obj_from_uint8array!(PSPublicKey, public_key, false, "PSPublicKey"); + let msgs = encode_messages_as_js_map_to_fr_btreemap_in_constant_time(&revealed_msgs, false)?; let statement = PoKPSSigStmt::new_statement_from_params(params, pk, msgs); Ok(obj_to_uint8array_uncompressed!( &statement, @@ -112,13 +297,46 @@ pub fn generate_pok_bbs_sig_prover_statement_from_param_refs( revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSSigProverStmt::new_statement_from_params_ref(params, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSSigProverStmt" - )) + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKBBSSigProverStmt::new_statement_from_params_ref, + "PoKBBSSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureProverStatementFromParamRefsNew)] +pub fn generate_pok_bbs_sig_prover_statement_from_param_refs_new( + params: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKBBSSigProverStmtNew::new_statement_from_params_ref, + "PoKBBSSigProverStmtNew", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureProverStatementFromParamRefsConstantTime)] +pub fn generate_pok_bbs_sig_prover_statement_from_param_refs_constant_time( + params: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKBBSSigProverStmt::new_statement_from_params_ref, + "PoKBBSSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatementFromParamRefs)] @@ -129,12 +347,53 @@ pub fn generate_pok_bbs_sig_verifier_statement_from_param_refs( encode_messages: bool, ) -> Result { set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSSigVerifierStmt::new_statement_from_params_ref(params, public_key, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSSigVerifierStmt" - )) + pok_verifier_params_ref!( + params, + public_key, + revealed_msgs, + encode_messages, + PoKBBSSigVerifierStmt, + "PoKBBSSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatementFromParamRefsNew)] +pub fn generate_pok_bbs_sig_verifier_statement_from_param_refs_new( + params: usize, + public_key: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + pok_verifier_params_ref!( + params, + public_key, + revealed_msgs, + encode_messages, + PoKBBSSigVerifierStmtNew, + "PoKBBSSigVerifierStmtNew", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime)] +pub fn generate_pok_bbs_sig_verifier_statement_from_param_refs_constant_time( + params: usize, + public_key: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + pok_verifier_params_ref!( + params, + public_key, + revealed_msgs, + encode_messages, + PoKBBSSigVerifierStmt, + "PoKBBSSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSPlusSignatureProverStatementFromParamRefs)] @@ -143,13 +402,30 @@ pub fn generate_pok_bbs_plus_sig_prover_statement_from_param_refs( revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKBBSPlusSigProverStmt::new_statement_from_params_ref(params, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSPlusSigProverStmt" - )) + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKBBSPlusSigProverStmt::new_statement_from_params_ref, + "PoKBBSPlusSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime)] +pub fn generate_pok_bbs_plus_sig_prover_statement_from_param_refs_constant_time( + params: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKBBSPlusSigProverStmt::new_statement_from_params_ref, + "PoKBBSPlusSigProverStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBBSPlusSignatureVerifierStatementFromParamRefs)] @@ -160,13 +436,34 @@ pub fn generate_pok_bbs_plus_sig_verifier_statement_from_param_refs( encode_messages: bool, ) -> Result { set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = - PoKBBSPlusSigVerifierStmt::new_statement_from_params_ref(params, public_key, msgs); - Ok(obj_to_uint8array_uncompressed!( - &statement, - "PoKBBSPlusSigVerifierStmt" - )) + pok_verifier_params_ref!( + params, + public_key, + revealed_msgs, + encode_messages, + PoKBBSPlusSigVerifierStmt, + "PoKBBSPlusSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime)] +pub fn generate_pok_bbs_plus_sig_verifier_statement_from_param_refs_constant_time( + params: usize, + public_key: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + pok_verifier_params_ref!( + params, + public_key, + revealed_msgs, + encode_messages, + PoKBBSPlusSigVerifierStmt, + "PoKBBSPlusSigVerifierStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKPSSignatureStatementFromParamRefs)] @@ -184,17 +481,53 @@ pub fn generate_pok_ps_sig_statement_from_param_refs( )) } +#[wasm_bindgen(js_name = generatePoKPSSignatureStatementFromParamRefsConstantTime)] +pub fn generate_pok_ps_sig_statement_from_param_refs_constant_time( + params: usize, + public_key: usize, + revealed_msgs: js_sys::Map, +) -> Result { + set_panic_hook(); + let msgs = encode_messages_as_js_map_to_fr_btreemap_in_constant_time(&revealed_msgs, false)?; + let statement = PoKPSSigStmt::new_statement_from_params_ref(params, public_key, msgs); + Ok(obj_to_uint8array_uncompressed!( + &statement, + "PokPSStatement" + )) +} + #[wasm_bindgen(js_name = generatePoKBDDT16MacStatement)] pub fn generate_pok_bddt16_mac_statement( params: JsValue, revealed_msgs: js_sys::Map, encode_messages: bool, ) -> Result { - set_panic_hook(); - let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKOfMACStmt::new_statement_from_params::(params, msgs); - Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) + pok_prover!( + params, + revealed_msgs, + encode_messages, + BDDT16MACParams, + PoKOfMACStmt::new_statement_from_params::, + "PoKOfMACStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBDDT16MacStatementConstantTime)] +pub fn generate_pok_bddt16_mac_statement_constant_time( + params: JsValue, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + pok_prover!( + params, + revealed_msgs, + encode_messages, + BDDT16MACParams, + PoKOfMACStmt::new_statement_from_params::, + "PoKOfMACStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBDDT16MacStatementFromParamRefs)] @@ -204,9 +537,31 @@ pub fn generate_pok_bddt16_mac_statement_from_param_refs( encode_messages: bool, ) -> Result { set_panic_hook(); - let msgs = encode_messages_as_js_map_to_fr_btreemap(&revealed_msgs, encode_messages)?; - let statement = PoKOfMACStmt::new_statement_from_params_ref::(params, msgs); - Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKOfMACStmt::new_statement_from_params_ref::, + "PoKOfMACStmt", + encode_messages_as_js_map_to_fr_btreemap + ) +} + +#[wasm_bindgen(js_name = generatePoKBDDT16MacStatementFromParamRefsConstantTime)] +pub fn generate_pok_bddt16_mac_statement_from_param_refs_constant_time( + params: usize, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + pok_prover_params_ref!( + params, + revealed_msgs, + encode_messages, + PoKOfMACStmt::new_statement_from_params_ref::, + "PoKOfMACStmt", + encode_messages_as_js_map_to_fr_btreemap_in_constant_time + ) } #[wasm_bindgen(js_name = generatePoKBDDT16MacFullVerifierStatement)] @@ -225,6 +580,23 @@ pub fn generate_pok_bddt16_mac_full_verifier_statement( Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) } +#[wasm_bindgen(js_name = generatePoKBDDT16MacFullVerifierStatementConstantTime)] +pub fn generate_pok_bddt16_mac_full_verifier_statement_constant_time( + params: JsValue, + secret_key: Uint8Array, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); + let msgs = + encode_messages_as_js_map_to_fr_btreemap_in_constant_time(&revealed_msgs, encode_messages)?; + let statement = + PoKOfMACFullVerifierStmt::new_statement_from_params::(sk, params, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) +} + #[wasm_bindgen(js_name = generatePoKBDDT16MacFullVerifierStatementFromParamRefs)] pub fn generate_pok_bddt16_mac_full_verifier_statement_from_param_refs( params: usize, @@ -239,3 +611,19 @@ pub fn generate_pok_bddt16_mac_full_verifier_statement_from_param_refs( PoKOfMACFullVerifierStmt::new_statement_from_params_ref::(sk, params, msgs); Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) } + +#[wasm_bindgen(js_name = generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime)] +pub fn generate_pok_bddt16_mac_full_verifier_statement_from_param_refs_constant_time( + params: usize, + secret_key: Uint8Array, + revealed_msgs: js_sys::Map, + encode_messages: bool, +) -> Result { + set_panic_hook(); + let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); + let msgs = + encode_messages_as_js_map_to_fr_btreemap_in_constant_time(&revealed_msgs, encode_messages)?; + let statement = + PoKOfMACFullVerifierStmt::new_statement_from_params_ref::(sk, params, msgs); + Ok(obj_to_uint8array_uncompressed!(&statement, "PoKOfMACStmt")) +} diff --git a/src/js/bbs_plus_wasm.js b/src/js/bbs_plus_wasm.js index 083919c..839a8ef 100644 --- a/src/js/bbs_plus_wasm.js +++ b/src/js/bbs_plus_wasm.js @@ -124,6 +124,16 @@ module.exports.bbsPlusSignG1 = ( return wasm.bbsPlusSignG1(messages, secretKey, params, encodeMessages); }; +module.exports.bbsPlusSignG1ConstantTime = ( + messages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusSignG1ConstantTime(messages, secretKey, params, encodeMessages); +}; + module.exports.bbsPlusSignG2 = ( messages, secretKey, @@ -134,6 +144,16 @@ module.exports.bbsPlusSignG2 = ( return wasm.bbsPlusSignG2(messages, secretKey, params, encodeMessages); }; +module.exports.bbsPlusSignG2ConstantTime = ( + messages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusSignG2ConstantTime(messages, secretKey, params, encodeMessages); +}; + module.exports.bbsPlusVerifyG1 = ( messages, signature, @@ -145,6 +165,17 @@ module.exports.bbsPlusVerifyG1 = ( return wasm.bbsPlusVerifyG1(messages, signature, publicKey, params, encodeMessages); }; +module.exports.bbsPlusVerifyG1ConstantTime = ( + messages, + signature, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusVerifyG1ConstantTime(messages, signature, publicKey, params, encodeMessages); +}; + module.exports.bbsPlusVerifyG2 = ( messages, signature, @@ -156,6 +187,17 @@ module.exports.bbsPlusVerifyG2 = ( return wasm.bbsPlusVerifyG2(messages, signature, publicKey, params, encodeMessages); }; +module.exports.bbsPlusVerifyG2ConstantTime = ( + messages, + signature, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusVerifyG2ConstantTime(messages, signature, publicKey, params, encodeMessages); +}; + module.exports.bbsPlusCommitMsgsInG1 = ( messages, blinding, @@ -166,6 +208,16 @@ module.exports.bbsPlusCommitMsgsInG1 = ( return wasm.bbsPlusCommitMsgsInG1(messages, blinding, params, encodeMessages); }; +module.exports.bbsPlusCommitMsgsInG1ConstantTime = ( + messages, + blinding, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusCommitMsgsInG1ConstantTime(messages, blinding, params, encodeMessages); +}; + module.exports.bbsPlusCommitMsgsInG2 = ( messages, blinding, @@ -176,6 +228,16 @@ module.exports.bbsPlusCommitMsgsInG2 = ( return wasm.bbsPlusCommitMsgsInG2(messages, blinding, params, encodeMessages); }; +module.exports.bbsPlusCommitMsgsInG2ConstantTime = ( + messages, + blinding, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusCommitMsgsInG2ConstantTime(messages, blinding, params, encodeMessages); +}; + module.exports.bbsPlusBlindSignG1 = ( commitment, uncommittedMessages, @@ -187,6 +249,17 @@ module.exports.bbsPlusBlindSignG1 = ( return wasm.bbsPlusBlindSignG1(commitment, uncommittedMessages, secretKey, params, encodeMessages); }; +module.exports.bbsPlusBlindSignG1ConstantTime = ( + commitment, + uncommittedMessages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusBlindSignG1ConstantTime(commitment, uncommittedMessages, secretKey, params, encodeMessages); +}; + module.exports.bbsPlusBlindSignG2 = ( commitment, uncommittedMessages, @@ -198,6 +271,17 @@ module.exports.bbsPlusBlindSignG2 = ( return wasm.bbsPlusBlindSignG2(commitment, uncommittedMessages, secretKey, params, encodeMessages); }; +module.exports.bbsPlusBlindSignG2ConstantTime = ( + commitment, + uncommittedMessages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusBlindSignG2ConstantTime(commitment, uncommittedMessages, secretKey, params, encodeMessages); +}; + module.exports.bbsPlusUnblindSigG1 = ( signature, blinding, @@ -226,6 +310,18 @@ module.exports.bbsPlusInitializeProofOfKnowledgeOfSignature = ( return wasm.bbsPlusInitializeProofOfKnowledgeOfSignature(signature, params, messages, blindings, revealedIndices, encodeMessages); }; +module.exports.bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime = ( + signature, + params, + messages, + blindings, + revealedIndices, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime(signature, params, messages, blindings, revealedIndices, encodeMessages); +}; + module.exports.bbsPlusGenProofOfKnowledgeOfSignature = ( protocol, challenge @@ -246,6 +342,18 @@ module.exports.bbsPlusVerifyProofOfKnowledgeOfSignature = ( return wasm.bbsPlusVerifyProofOfKnowledgeOfSignature(proof, revealedMessages, challenge, publicKey, params, encodeMessages); }; +module.exports.bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime = ( + proof, + revealedMessages, + challenge, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime(proof, revealedMessages, challenge, publicKey, params, encodeMessages); +}; + module.exports.bbsPlusChallengeContributionFromProtocol = ( protocol, revealedMessages, @@ -256,6 +364,16 @@ module.exports.bbsPlusChallengeContributionFromProtocol = ( return wasm.bbsPlusChallengeContributionFromProtocol(protocol, revealedMessages, params, encodeMessages); }; +module.exports.bbsPlusChallengeContributionFromProtocolConstantTime = ( + protocol, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusChallengeContributionFromProtocolConstantTime(protocol, revealedMessages, params, encodeMessages); +}; + module.exports.bbsPlusChallengeContributionFromProof = ( proof, revealedMessages, @@ -266,6 +384,16 @@ module.exports.bbsPlusChallengeContributionFromProof = ( return wasm.bbsPlusChallengeContributionFromProof(proof, revealedMessages, params, encodeMessages); }; +module.exports.bbsPlusChallengeContributionFromProofConstantTime = ( + proof, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsPlusChallengeContributionFromProofConstantTime(proof, revealedMessages, params, encodeMessages); +}; + module.exports.bbsPlusAdaptSigParamsG1ForMsgCount = (params, generating_label, new_count) => { requireWasmInitialized(); return wasm.bbsPlusAdaptSigParamsG1ForMsgCount(params, generating_label, new_count); diff --git a/src/js/bbs_wasm.js b/src/js/bbs_wasm.js index 3ffa7a5..e10ec89 100644 --- a/src/js/bbs_wasm.js +++ b/src/js/bbs_wasm.js @@ -68,6 +68,16 @@ module.exports.bbsSign = ( return wasm.bbsSign(messages, secretKey, params, encodeMessages); }; +module.exports.bbsSignConstantTime = ( + messages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsSignConstantTime(messages, secretKey, params, encodeMessages); +}; + module.exports.bbsVerify = ( messages, signature, @@ -79,6 +89,17 @@ module.exports.bbsVerify = ( return wasm.bbsVerify(messages, signature, publicKey, params, encodeMessages); }; +module.exports.bbsVerifyConstantTime = ( + messages, + signature, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsVerifyConstantTime(messages, signature, publicKey, params, encodeMessages); +}; + module.exports.bbsCommitMsgs = ( messages, params, @@ -88,6 +109,15 @@ module.exports.bbsCommitMsgs = ( return wasm.bbsCommitMsgs(messages, params, encodeMessages); }; +module.exports.bbsCommitMsgsConstantTime = ( + messages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsCommitMsgsConstantTime(messages, params, encodeMessages); +}; + module.exports.bbsBlindSign = ( commitment, uncommittedMessages, @@ -99,6 +129,17 @@ module.exports.bbsBlindSign = ( return wasm.bbsBlindSign(commitment, uncommittedMessages, secretKey, params, encodeMessages); }; +module.exports.bbsBlindSignConstantTime = ( + commitment, + uncommittedMessages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsBlindSignConstantTime(commitment, uncommittedMessages, secretKey, params, encodeMessages); +}; + module.exports.bbsInitializeProofOfKnowledgeOfSignature = ( signature, params, @@ -111,6 +152,30 @@ module.exports.bbsInitializeProofOfKnowledgeOfSignature = ( return wasm.bbsInitializeProofOfKnowledgeOfSignature(signature, params, messages, blindings, revealedIndices, encodeMessages); }; +module.exports.bbsInitializeProofOfKnowledgeOfSignatureNew = ( + signature, + params, + messages, + blindings, + revealedIndices, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsInitializeProofOfKnowledgeOfSignatureNew(signature, params, messages, blindings, revealedIndices, encodeMessages); +}; + +module.exports.bbsInitializeProofOfKnowledgeOfSignatureConstantTime = ( + signature, + params, + messages, + blindings, + revealedIndices, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsInitializeProofOfKnowledgeOfSignatureConstantTime(signature, params, messages, blindings, revealedIndices, encodeMessages); +}; + module.exports.bbsGenProofOfKnowledgeOfSignature = ( protocol, challenge @@ -119,6 +184,14 @@ module.exports.bbsGenProofOfKnowledgeOfSignature = ( return wasm.bbsGenProofOfKnowledgeOfSignature(protocol, challenge); }; +module.exports.bbsGenProofOfKnowledgeOfSignatureNew = ( + protocol, + challenge +) => { + requireWasmInitialized(); + return wasm.bbsGenProofOfKnowledgeOfSignatureNew(protocol, challenge); +}; + module.exports.bbsVerifyProofOfKnowledgeOfSignature = ( proof, revealedMessages, @@ -131,6 +204,30 @@ module.exports.bbsVerifyProofOfKnowledgeOfSignature = ( return wasm.bbsVerifyProofOfKnowledgeOfSignature(proof, revealedMessages, challenge, publicKey, params, encodeMessages); }; +module.exports.bbsVerifyProofOfKnowledgeOfSignatureNew = ( + proof, + revealedMessages, + challenge, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsVerifyProofOfKnowledgeOfSignatureNew(proof, revealedMessages, challenge, publicKey, params, encodeMessages); +}; + +module.exports.bbsVerifyProofOfKnowledgeOfSignatureConstantTime = ( + proof, + revealedMessages, + challenge, + publicKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsVerifyProofOfKnowledgeOfSignatureConstantTime(proof, revealedMessages, challenge, publicKey, params, encodeMessages); +}; + module.exports.bbsChallengeContributionFromProtocol = ( protocol, revealedMessages, @@ -141,6 +238,26 @@ module.exports.bbsChallengeContributionFromProtocol = ( return wasm.bbsChallengeContributionFromProtocol(protocol, revealedMessages, params, encodeMessages); }; +module.exports.bbsChallengeContributionFromProtocolNew = ( + protocol, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsChallengeContributionFromProtocolNew(protocol, revealedMessages, params, encodeMessages); +}; + +module.exports.bbsChallengeContributionFromProtocolConstantTime = ( + protocol, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsChallengeContributionFromProtocolConstantTime(protocol, revealedMessages, params, encodeMessages); +}; + module.exports.bbsChallengeContributionFromProof = ( proof, revealedMessages, @@ -151,6 +268,26 @@ module.exports.bbsChallengeContributionFromProof = ( return wasm.bbsChallengeContributionFromProof(proof, revealedMessages, params, encodeMessages); }; +module.exports.bbsChallengeContributionFromProofNew = ( + proof, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsChallengeContributionFromProofNew(proof, revealedMessages, params, encodeMessages); +}; + +module.exports.bbsChallengeContributionFromProofConstantTime = ( + proof, + revealedMessages, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bbsChallengeContributionFromProofConstantTime(proof, revealedMessages, params, encodeMessages); +}; + module.exports.bbsAdaptSigParamsForMsgCount = (params, generating_label, new_count) => { requireWasmInitialized(); return wasm.bbsAdaptSigParamsForMsgCount(params, generating_label, new_count); diff --git a/src/js/bdd16_kvac_wasm.js b/src/js/bdd16_kvac_wasm.js index b06c6d7..654af71 100644 --- a/src/js/bdd16_kvac_wasm.js +++ b/src/js/bdd16_kvac_wasm.js @@ -67,6 +67,16 @@ module.exports.bddt16MacGenerate = ( return wasm.bddt16MacGenerate(messages, secretKey, params, encodeMessages); }; +module.exports.bddt16MacGenerateConstantTime = ( + messages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bddt16MacGenerateConstantTime(messages, secretKey, params, encodeMessages); +}; + module.exports.bddt16MacVerify = ( messages, mac, @@ -78,6 +88,17 @@ module.exports.bddt16MacVerify = ( return wasm.bddt16MacVerify(messages, mac, secretKey, params, encodeMessages); }; +module.exports.bddt16MacVerifyConstantTime = ( + messages, + mac, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bddt16MacVerifyConstantTime(messages, mac, secretKey, params, encodeMessages); +}; + module.exports.bddt16MacProofOfValidity = ( mac, secretKey, @@ -110,6 +131,16 @@ module.exports.bddt16MacCommitMsgs = ( return wasm.bddt16MacCommitMsgs(messages, blinding, params, encodeMessages); }; +module.exports.bddt16MacCommitMsgsConstantTime = ( + messages, + blinding, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bddt16MacCommitMsgsConstantTime(messages, blinding, params, encodeMessages); +}; + module.exports.bddt16BlindMacGenerate = ( commitment, uncommittedMessages, @@ -121,6 +152,17 @@ module.exports.bddt16BlindMacGenerate = ( return wasm.bddt16BlindMacGenerate(commitment, uncommittedMessages, secretKey, params, encodeMessages); }; +module.exports.bddt16BlindMacGenerateConstantTime = ( + commitment, + uncommittedMessages, + secretKey, + params, + encodeMessages +) => { + requireWasmInitialized(); + return wasm.bddt16BlindMacGenerateConstantTime(commitment, uncommittedMessages, secretKey, params, encodeMessages); +}; + module.exports.bddt16UnblindMac = ( mac, blinding, diff --git a/src/js/composite_proof_system_wasm.js b/src/js/composite_proof_system_wasm.js index a2720c8..b0a0f17 100644 --- a/src/js/composite_proof_system_wasm.js +++ b/src/js/composite_proof_system_wasm.js @@ -7,51 +7,121 @@ module.exports.generatePoKBBSSignatureProverStatement = (params, revealedMessage return wasm.generatePoKBBSSignatureProverStatement(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSSignatureProverStatementNew = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureProverStatementNew(params, revealedMessages, encodeMessages); +}; + +module.exports.generatePoKBBSSignatureProverStatementConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureProverStatementConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSSignatureVerifierStatement = (params, publicKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSSignatureVerifierStatement(params, publicKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSSignatureVerifierStatementNew = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureVerifierStatementNew(params, publicKey, revealedMessages, encodeMessages); +}; + +module.exports.generatePoKBBSSignatureVerifierStatementConstantTime = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureVerifierStatementConstantTime(params, publicKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSPlusSignatureProverStatement = (params, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSPlusSignatureProverStatement(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSPlusSignatureProverStatementConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSPlusSignatureProverStatementConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSPlusSignatureVerifierStatement = (params, publicKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSPlusSignatureVerifierStatement(params, publicKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSPlusSignatureVerifierStatementConstantTime = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSPlusSignatureVerifierStatementConstantTime(params, publicKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSSignatureProverStatementFromParamRefs = (params, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSSignatureProverStatementFromParamRefs(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSSignatureProverStatementFromParamRefsNew = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureProverStatementFromParamRefsNew(params, revealedMessages, encodeMessages); +}; + +module.exports.generatePoKBBSSignatureProverStatementFromParamRefsConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureProverStatementFromParamRefsConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSSignatureVerifierStatementFromParamRefs = (params, publicKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSSignatureVerifierStatementFromParamRefs(params, publicKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSSignatureVerifierStatementFromParamRefsNew = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureVerifierStatementFromParamRefsNew(params, publicKey, revealedMessages, encodeMessages); +}; + +module.exports.generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime(params, publicKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSPlusSignatureProverStatementFromParamRefs = (params, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSPlusSignatureProverStatementFromParamRefs(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSPlusSignatureVerifierStatementFromParamRefs = (params, publicKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSPlusSignatureVerifierStatementFromParamRefs(params, publicKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime = (params, publicKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime(params, publicKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKPSSignatureStatement = (params, publicKey, revealedMessages) => { requireWasmInitialized(); return wasm.generatePoKPSSignatureStatement(params, publicKey, revealedMessages); }; +module.exports.generatePoKPSSignatureStatementConstantTime = (params, publicKey, revealedMessages) => { + requireWasmInitialized(); + return wasm.generatePoKPSSignatureStatementConstantTime(params, publicKey, revealedMessages); +}; + module.exports.generatePoKPSSignatureStatementFromParamRefs = (params, publicKey, revealedMessages) => { requireWasmInitialized(); return wasm.generatePoKPSSignatureStatementFromParamRefs(params, publicKey, revealedMessages); }; +module.exports.generatePoKPSSignatureStatementFromParamRefsConstantTime = (params, publicKey, revealedMessages) => { + requireWasmInitialized(); + return wasm.generatePoKPSSignatureStatementFromParamRefsConstantTime(params, publicKey, revealedMessages); +}; + module.exports.generateAccumulatorMembershipStatement = (params, publicKey, provingKey, accumulated) => { requireWasmInitialized(); return wasm.generateAccumulatorMembershipStatement(params, publicKey, provingKey, accumulated); @@ -242,16 +312,31 @@ module.exports.generatePoKBBSSignatureWitness = (signature, unrevealedMessages, return wasm.generatePoKBBSSignatureWitness(signature, unrevealedMessages, encodeMessages); }; +module.exports.generatePoKBBSSignatureWitnessConstantTime = (signature, unrevealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSSignatureWitnessConstantTime(signature, unrevealedMessages, encodeMessages); +}; + module.exports.generatePoKBBSPlusSignatureWitness = (signature, unrevealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBBSPlusSignatureWitness(signature, unrevealedMessages, encodeMessages); }; +module.exports.generatePoKBBSPlusSignatureWitnessConstantTime = (signature, unrevealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBBSPlusSignatureWitnessConstantTime(signature, unrevealedMessages, encodeMessages); +}; + module.exports.generatePoKPSSignatureWitness = (signature, unrevealedMessages) => { requireWasmInitialized(); return wasm.generatePoKPSSignatureWitness(signature, unrevealedMessages); }; +module.exports.generatePoKPSSignatureWitnessConstantTime = (signature, unrevealedMessages) => { + requireWasmInitialized(); + return wasm.generatePoKPSSignatureWitnessConstantTime(signature, unrevealedMessages); +}; + module.exports.generateAccumulatorMembershipWitness = (element, witness) => { requireWasmInitialized(); return wasm.generateAccumulatorMembershipWitness(element, witness); @@ -357,26 +442,51 @@ module.exports.generatePoKBDDT16MacStatement = (params, revealedMessages, encode return wasm.generatePoKBDDT16MacStatement(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBDDT16MacStatementConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBDDT16MacStatementConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBDDT16MacStatementFromParamRefs = (params, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBDDT16MacStatementFromParamRefs(params, revealedMessages, encodeMessages); }; +module.exports.generatePoKBDDT16MacStatementFromParamRefsConstantTime = (params, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBDDT16MacStatementFromParamRefsConstantTime(params, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBDDT16MacFullVerifierStatement = (params, secretKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBDDT16MacFullVerifierStatement(params, secretKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBDDT16MacFullVerifierStatementConstantTime = (params, secretKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBDDT16MacFullVerifierStatementConstantTime(params, secretKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBDDT16MacFullVerifierStatementFromParamRefs = (params, secretKey, revealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBDDT16MacFullVerifierStatementFromParamRefs(params, secretKey, revealedMessages, encodeMessages); }; +module.exports.generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime = (params, secretKey, revealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime(params, secretKey, revealedMessages, encodeMessages); +}; + module.exports.generatePoKBDDT16MacWitness = (mac, unrevealedMessages, encodeMessages) => { requireWasmInitialized(); return wasm.generatePoKBDDT16MacWitness(mac, unrevealedMessages, encodeMessages); }; +module.exports.generatePoKBDDT16MacWitnessConstantTime = (mac, unrevealedMessages, encodeMessages) => { + requireWasmInitialized(); + return wasm.generatePoKBDDT16MacWitnessConstantTime(mac, unrevealedMessages, encodeMessages); +}; + module.exports.generateAccumulatorKVMembershipStatement = (accumulated) => { requireWasmInitialized(); return wasm.generateAccumulatorKVMembershipStatement(accumulated); diff --git a/src/js/keyed_proof_wasm.js b/src/js/keyed_proof_wasm.js index 599936b..d7e4bb0 100644 --- a/src/js/keyed_proof_wasm.js +++ b/src/js/keyed_proof_wasm.js @@ -12,6 +12,26 @@ module.exports.verifyBDDT16KeyedProof = (proof, secretKey) => { return wasm.verifyBDDT16KeyedProof(proof, secretKey); }; +module.exports.proofOfValidityOfBDDT16KeyedProof = (proof, secretKey, publicKey, params) => { + requireWasmInitialized(); + return wasm.proofOfValidityOfBDDT16KeyedProof(proof, secretKey, publicKey, params); +}; + +module.exports.verifyProofOfValidityOfBDDT16KeyedProof = (proofOfValidity, keyedProof, publicKey, params) => { + requireWasmInitialized(); + return wasm.verifyProofOfValidityOfBDDT16KeyedProof(proofOfValidity, keyedProof, publicKey, params); +}; + +module.exports.proofOfInvalidityOfBDDT16KeyedProof = (proof, secretKey, publicKey, params) => { + requireWasmInitialized(); + return wasm.proofOfInvalidityOfBDDT16KeyedProof(proof, secretKey, publicKey, params); +}; + +module.exports.verifyProofOfInvalidityOfBDDT16KeyedProof = (proofOfInvalidity, keyedProof, publicKey, params) => { + requireWasmInitialized(); + return wasm.verifyProofOfInvalidityOfBDDT16KeyedProof(proofOfInvalidity, keyedProof, publicKey, params); +}; + module.exports.verifyVBAccumMembershipKeyedProof = (proof, secretKey) => { requireWasmInitialized(); return wasm.verifyVBAccumMembershipKeyedProof(proof, secretKey); diff --git a/src/js/ps_wasm.js b/src/js/ps_wasm.js index 12b1ba8..c514ded 100644 --- a/src/js/ps_wasm.js +++ b/src/js/ps_wasm.js @@ -141,11 +141,11 @@ module.exports.psVerify = (messages, signature, publicKey, params) => { module.exports.psMessageCommitment = ( messages, blinding, - params, - encodeMessages + h, + g ) => { requireWasmInitialized(); - return wasm.psMessageCommitment(messages, blinding, params, encodeMessages); + return wasm.psMessageCommitment(messages, blinding, h, g); }; module.exports.psMultiMessageCommitment = (messages, h, g, blinding) => { @@ -154,47 +154,40 @@ module.exports.psMultiMessageCommitment = (messages, h, g, blinding) => { }; module.exports.psBlindSign = ( - commitment, - uncommittedMessages, + messages, secretKey, - params, - encodeMessages + h ) => { requireWasmInitialized(); return wasm.psBlindSign( - commitment, - uncommittedMessages, - secretKey, - params, - encodeMessages + messages, + secretKey, + h ); }; module.exports.psUnblindSignature = ( blind_signature, indexed_blindings, - pk + pk, + h ) => { requireWasmInitialized(); - return wasm.psUnblindSignature(blind_signature, indexed_blindings, pk); + return wasm.psUnblindSignature(blind_signature, indexed_blindings, pk, h); }; module.exports.psInitializeSignaturePoK = ( signature, params, + publicKey, messages, - blindings, - revealedIndices, - encodeMessages ) => { requireWasmInitialized(); return wasm.psInitializeSignaturePoK( signature, params, - messages, - blindings, - revealedIndices, - encodeMessages + publicKey, + messages, ); }; diff --git a/src/js/type_declarations/bbs.d.ts b/src/js/type_declarations/bbs.d.ts index 634beee..5d8682a 100644 --- a/src/js/type_declarations/bbs.d.ts +++ b/src/js/type_declarations/bbs.d.ts @@ -64,6 +64,13 @@ export function bbsSign( encodeMessages: boolean ): Uint8Array; +export function bbsSignConstantTime( + messages: Uint8Array[], + secretKey: Uint8Array, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsVerify( messages: Uint8Array[], signature: Uint8Array, @@ -72,12 +79,26 @@ export function bbsVerify( encodeMessages: boolean ): Required; +export function bbsVerifyConstantTime( + messages: Uint8Array[], + signature: Uint8Array, + publicKey: Uint8Array, + params: BbsSigParams, + encodeMessages: boolean +): Required; + export function bbsCommitMsgs( messages: Map, params: BbsSigParams, encodeMessages: boolean ): Uint8Array; +export function bbsCommitMsgsConstantTime( + messages: Map, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsBlindSign( commitment: Uint8Array, uncommittedMessages: Map, @@ -86,6 +107,14 @@ export function bbsBlindSign( encodeMessages: boolean ): Uint8Array; +export function bbsBlindSignConstantTime( + commitment: Uint8Array, + uncommittedMessages: Map, + secretKey: Uint8Array, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsInitializeProofOfKnowledgeOfSignature( signature: Uint8Array, params: BbsSigParams, @@ -95,11 +124,34 @@ export function bbsInitializeProofOfKnowledgeOfSignature( encodeMessages: boolean ): BbsPoKSigProtocol; +export function bbsInitializeProofOfKnowledgeOfSignatureNew( + signature: Uint8Array, + params: BbsSigParams, + messages: Uint8Array[], + blindings: Map, + revealedIndices: Set, + encodeMessages: boolean +): BbsPoKSigProtocol; + +export function bbsInitializeProofOfKnowledgeOfSignatureConstantTime( + signature: Uint8Array, + params: BbsSigParams, + messages: Uint8Array[], + blindings: Map, + revealedIndices: Set, + encodeMessages: boolean +): BbsPoKSigProtocol; + export function bbsGenProofOfKnowledgeOfSignature( protocol: BbsPoKSigProtocol, challenge: Uint8Array ): Uint8Array; +export function bbsGenProofOfKnowledgeOfSignatureNew( + protocol: BbsPoKSigProtocol, + challenge: Uint8Array +): Uint8Array; + export function bbsVerifyProofOfKnowledgeOfSignature( proof: Uint8Array, revealedMessages: Map, @@ -109,6 +161,24 @@ export function bbsVerifyProofOfKnowledgeOfSignature( encodeMessages: boolean ): Required; +export function bbsVerifyProofOfKnowledgeOfSignatureNew( + proof: Uint8Array, + revealedMessages: Map, + challenge: Uint8Array, + publicKey: Uint8Array, + params: BbsSigParams, + encodeMessages: boolean +): Required; + +export function bbsVerifyProofOfKnowledgeOfSignatureConstantTime( + proof: Uint8Array, + revealedMessages: Map, + challenge: Uint8Array, + publicKey: Uint8Array, + params: BbsSigParams, + encodeMessages: boolean +): Required; + export function bbsChallengeContributionFromProtocol( protocol: BbsPoKSigProtocol, revealedMessages: Map, @@ -116,6 +186,20 @@ export function bbsChallengeContributionFromProtocol( encodeMessages: boolean ): Uint8Array; +export function bbsChallengeContributionFromProtocolNew( + protocol: BbsPoKSigProtocol, + revealedMessages: Map, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + +export function bbsChallengeContributionFromProtocolConstantTime( + protocol: BbsPoKSigProtocol, + revealedMessages: Map, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsChallengeContributionFromProof( proof: Uint8Array, revealedMessages: Map, @@ -123,6 +207,20 @@ export function bbsChallengeContributionFromProof( encodeMessages: boolean ): Uint8Array; +export function bbsChallengeContributionFromProofNew( + proof: Uint8Array, + revealedMessages: Map, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + +export function bbsChallengeContributionFromProofConstantTime( + proof: Uint8Array, + revealedMessages: Map, + params: BbsSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsAdaptSigParamsForMsgCount( params: BbsSigParams, generating_label: Uint8Array, diff --git a/src/js/type_declarations/bbs_plus.d.ts b/src/js/type_declarations/bbs_plus.d.ts index f8a2da2..08120c5 100644 --- a/src/js/type_declarations/bbs_plus.d.ts +++ b/src/js/type_declarations/bbs_plus.d.ts @@ -1,4 +1,5 @@ import {BbsPlusPoKSigProtocol, BbsPlusSigParams, IKeypair, VerifyResult} from "../types"; +import {bbsChallengeContributionFromProofConstantTime} from "./bbs"; export const DEFAULT_BLS12381_BBS_PLUS_PRIVATE_KEY_LENGTH = 32; @@ -97,6 +98,13 @@ export function bbsPlusSignG1( encodeMessages: boolean ): Uint8Array; +export function bbsPlusSignG1ConstantTime( + messages: Uint8Array[], + secretKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusSignG2( messages: Uint8Array[], secretKey: Uint8Array, @@ -104,6 +112,13 @@ export function bbsPlusSignG2( encodeMessages: boolean ): Uint8Array; +export function bbsPlusSignG2ConstantTime( + messages: Uint8Array[], + secretKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusVerifyG1( messages: Uint8Array[], signature: Uint8Array, @@ -112,6 +127,14 @@ export function bbsPlusVerifyG1( encodeMessages: boolean ): Required; +export function bbsPlusVerifyG1ConstantTime( + messages: Uint8Array[], + signature: Uint8Array, + publicKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Required; + export function bbsPlusVerifyG2( messages: Uint8Array[], signature: Uint8Array, @@ -120,6 +143,14 @@ export function bbsPlusVerifyG2( encodeMessages: boolean ): Required; +export function bbsPlusVerifyG2ConstantTime( + messages: Uint8Array[], + signature: Uint8Array, + publicKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Required; + export function bbsPlusCommitMsgsInG1( messages: Map, blinding: Uint8Array, @@ -127,6 +158,13 @@ export function bbsPlusCommitMsgsInG1( encodeMessages: boolean ): Uint8Array; +export function bbsPlusCommitMsgsInG1ConstantTime( + messages: Map, + blinding: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusCommitMsgsInG2( messages: Map, blinding: Uint8Array, @@ -134,6 +172,13 @@ export function bbsPlusCommitMsgsInG2( encodeMessages: boolean ): Uint8Array; +export function bbsPlusCommitMsgsInG2ConstantTime( + messages: Map, + blinding: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusBlindSignG1( commitment: Uint8Array, uncommittedMessages: Map, @@ -142,6 +187,14 @@ export function bbsPlusBlindSignG1( encodeMessages: boolean ): Uint8Array; +export function bbsPlusBlindSignG1ConstantTime( + commitment: Uint8Array, + uncommittedMessages: Map, + secretKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusBlindSignG2( commitment: Uint8Array, uncommittedMessages: Map, @@ -150,6 +203,14 @@ export function bbsPlusBlindSignG2( encodeMessages: boolean ): Uint8Array; +export function bbsPlusBlindSignG2ConstantTime( + commitment: Uint8Array, + uncommittedMessages: Map, + secretKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusUnblindSigG1( signature: Uint8Array, blinding: Uint8Array, @@ -169,6 +230,15 @@ export function bbsPlusInitializeProofOfKnowledgeOfSignature( encodeMessages: boolean ): BbsPlusPoKSigProtocol; +export function bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime( + signature: Uint8Array, + params: BbsPlusSigParams, + messages: Uint8Array[], + blindings: Map, + revealedIndices: Set, + encodeMessages: boolean +): BbsPlusPoKSigProtocol; + export function bbsPlusGenProofOfKnowledgeOfSignature( protocol: BbsPlusPoKSigProtocol, challenge: Uint8Array @@ -183,6 +253,15 @@ export function bbsPlusVerifyProofOfKnowledgeOfSignature( encodeMessages: boolean ): Required; +export function bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime( + proof: Uint8Array, + revealedMessages: Map, + challenge: Uint8Array, + publicKey: Uint8Array, + params: BbsPlusSigParams, + encodeMessages: boolean +): Required; + export function bbsPlusChallengeContributionFromProtocol( protocol: BbsPlusPoKSigProtocol, revealedMessages: Map, @@ -190,6 +269,13 @@ export function bbsPlusChallengeContributionFromProtocol( encodeMessages: boolean ): Uint8Array; +export function bbsPlusChallengeContributionFromProtocolConstantTime( + protocol: BbsPlusPoKSigProtocol, + revealedMessages: Map, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusChallengeContributionFromProof( proof: Uint8Array, revealedMessages: Map, @@ -197,6 +283,13 @@ export function bbsPlusChallengeContributionFromProof( encodeMessages: boolean ): Uint8Array; +export function bbsPlusChallengeContributionFromProofConstantTime( + proof: Uint8Array, + revealedMessages: Map, + params: BbsPlusSigParams, + encodeMessages: boolean +): Uint8Array; + export function bbsPlusAdaptSigParamsG1ForMsgCount( params: BbsPlusSigParams, generating_label: Uint8Array, diff --git a/src/js/type_declarations/bdd16_kvac.d.ts b/src/js/type_declarations/bdd16_kvac.d.ts index 463e754..ad577fc 100644 --- a/src/js/type_declarations/bdd16_kvac.d.ts +++ b/src/js/type_declarations/bdd16_kvac.d.ts @@ -1,4 +1,5 @@ import {Bddt16MacParams, VerifyResult} from "../types"; +import {bbsPlusChallengeContributionFromProofConstantTime} from "./bbs_plus"; export function bddt16MacGenerateSecretKey(seed?: Uint8Array): Uint8Array; @@ -45,6 +46,13 @@ export function bddt16MacGenerate( encodeMessages: boolean ): Uint8Array; +export function bddt16MacGenerateConstantTime( + messages: Uint8Array[], + secretKey: Uint8Array, + params: Bddt16MacParams, + encodeMessages: boolean +): Uint8Array; + export function bddt16MacVerify( messages: Uint8Array[], mac: Uint8Array, @@ -53,6 +61,14 @@ export function bddt16MacVerify( encodeMessages: boolean ): Required; +export function bddt16MacVerifyConstantTime( + messages: Uint8Array[], + mac: Uint8Array, + secretKey: Uint8Array, + params: Bddt16MacParams, + encodeMessages: boolean +): Required; + export function bddt16MacProofOfValidity( mac: Uint8Array, secretKey: Uint8Array, @@ -76,6 +92,13 @@ export function bddt16MacCommitMsgs( encodeMessages: boolean ): Uint8Array; +export function bddt16MacCommitMsgsConstantTime( + messages: Map, + blinding: Uint8Array, + params: Bddt16MacParams, + encodeMessages: boolean +): Uint8Array; + export function bddt16BlindMacGenerate( commitment: Uint8Array, uncommittedMessages: Map, @@ -84,6 +107,14 @@ export function bddt16BlindMacGenerate( encodeMessages: boolean ): Uint8Array; +export function bddt16BlindMacGenerateConstantTime( + commitment: Uint8Array, + uncommittedMessages: Map, + secretKey: Uint8Array, + params: Bddt16MacParams, + encodeMessages: boolean +): Uint8Array; + export function bddt16UnblindMac( mac: Uint8Array, blinding: Uint8Array, diff --git a/src/js/type_declarations/composite_proof_system.d.ts b/src/js/type_declarations/composite_proof_system.d.ts index 326b5ad..41ec19b 100644 --- a/src/js/type_declarations/composite_proof_system.d.ts +++ b/src/js/type_declarations/composite_proof_system.d.ts @@ -6,6 +6,18 @@ export function generatePoKBBSSignatureProverStatement( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSSignatureProverStatementNew( + params: BbsSigParams, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + +export function generatePoKBBSSignatureProverStatementConstantTime( + params: BbsSigParams, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSSignatureVerifierStatement( params: BbsSigParams, publicKey: Uint8Array, @@ -13,12 +25,32 @@ export function generatePoKBBSSignatureVerifierStatement( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSSignatureVerifierStatementNew( + params: BbsSigParams, + publicKey: Uint8Array, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + +export function generatePoKBBSSignatureVerifierStatementConstantTime( + params: BbsSigParams, + publicKey: Uint8Array, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSPlusSignatureProverStatement( params: BbsPlusSigParams, revealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSPlusSignatureProverStatementConstantTime( + params: BbsPlusSigParams, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSPlusSignatureVerifierStatement( params: BbsPlusSigParams, publicKey: Uint8Array, @@ -26,12 +58,31 @@ export function generatePoKBBSPlusSignatureVerifierStatement( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSPlusSignatureVerifierStatementConstantTime( + params: BbsPlusSigParams, + publicKey: Uint8Array, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSSignatureProverStatementFromParamRefs( params: number, revealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSSignatureProverStatementFromParamRefsNew( + params: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + +export function generatePoKBBSSignatureProverStatementFromParamRefsConstantTime( + params: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSSignatureVerifierStatementFromParamRefs( params: number, publicKey: number, @@ -39,12 +90,32 @@ export function generatePoKBBSSignatureVerifierStatementFromParamRefs( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSSignatureVerifierStatementFromParamRefsNew( + params: number, + publicKey: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + +export function generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime( + params: number, + publicKey: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSPlusSignatureProverStatementFromParamRefs( params: number, revealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime( + params: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSPlusSignatureVerifierStatementFromParamRefs( params: number, publicKey: number, @@ -52,18 +123,37 @@ export function generatePoKBBSPlusSignatureVerifierStatementFromParamRefs( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime( + params: number, + publicKey: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKPSSignatureStatement( params: PSSigParams, publicKey: Uint8Array, revealedMessages: Map ): Uint8Array; +export function generatePoKPSSignatureStatementConstantTime( + params: PSSigParams, + publicKey: Uint8Array, + revealedMessages: Map +): Uint8Array; + export function generatePoKPSSignatureStatementFromParamRefs( params: number, publicKey: number, revealedMessages: Map ): Uint8Array; +export function generatePoKPSSignatureStatementFromParamRefsConstantTime( + params: number, + publicKey: number, + revealedMessages: Map +): Uint8Array; + export function generateAccumulatorMembershipStatement( params: Uint8Array, publicKey: Uint8Array, @@ -304,17 +394,34 @@ export function generatePoKBBSSignatureWitness( encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSSignatureWitnessConstantTime( + signature: Uint8Array, + unrevealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBBSPlusSignatureWitness( signature: Uint8Array, unrevealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBBSPlusSignatureWitnessConstantTime( + signature: Uint8Array, + unrevealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKPSSignatureWitness( signature: Uint8Array, unrevealedMessages: Map ): Uint8Array; +export function generatePoKPSSignatureWitnessConstantTime( + signature: Uint8Array, + unrevealedMessages: Map +): Uint8Array; + export function generateAccumulatorMembershipWitness( element: Uint8Array, accumulatorWitness: Uint8Array @@ -426,12 +533,24 @@ export function generatePoKBDDT16MacStatement( encodeMessages: boolean ): Uint8Array; +export function generatePoKBDDT16MacStatementConstantTime( + params: Bddt16MacParams, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBDDT16MacStatementFromParamRefs( params: number, revealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBDDT16MacStatementFromParamRefsConstantTime( + params: number, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBDDT16MacFullVerifierStatement( params: Bddt16MacParams, secretKey: Uint8Array, @@ -439,6 +558,13 @@ export function generatePoKBDDT16MacFullVerifierStatement( encodeMessages: boolean ): Uint8Array; +export function generatePoKBDDT16MacFullVerifierStatementConstantTime( + params: Bddt16MacParams, + secretKey: Uint8Array, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBDDT16MacFullVerifierStatementFromParamRefs( params: number, secretKey: Uint8Array, @@ -446,12 +572,25 @@ export function generatePoKBDDT16MacFullVerifierStatementFromParamRefs( encodeMessages: boolean ): Uint8Array; +export function generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime( + params: number, + secretKey: Uint8Array, + revealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generatePoKBDDT16MacWitness( mac: Uint8Array, unrevealedMessages: Map, encodeMessages: boolean ): Uint8Array; +export function generatePoKBDDT16MacWitnessConstantTime( + mac: Uint8Array, + unrevealedMessages: Map, + encodeMessages: boolean +): Uint8Array; + export function generateAccumulatorKVMembershipStatement( accumulated: Uint8Array ): Uint8Array; diff --git a/src/js/type_declarations/keyed_proof.d.ts b/src/js/type_declarations/keyed_proof.d.ts index 4779c73..8f1bccc 100644 --- a/src/js/type_declarations/keyed_proof.d.ts +++ b/src/js/type_declarations/keyed_proof.d.ts @@ -1,9 +1,17 @@ -import {VerifyResult} from "../types"; +import {Bddt16MacParams, VerifyResult} from "../types"; export function getAllKeyedSubproofsFromProof(proof: Uint8Array): Map; export function verifyBDDT16KeyedProof(proof: Uint8Array, secretKey: Uint8Array): Required; +export function proofOfValidityOfBDDT16KeyedProof(proof: Uint8Array, secretKey: Uint8Array, publicKey: Uint8Array, params: Bddt16MacParams): Uint8Array; + +export function verifyProofOfValidityOfBDDT16KeyedProof(proofOfValidity: Uint8Array, keyedProof: Uint8Array, publicKey: Uint8Array, params: Bddt16MacParams): Required; + +export function proofOfInvalidityOfBDDT16KeyedProof(proof: Uint8Array, secretKey: Uint8Array, publicKey: Uint8Array, params: Bddt16MacParams): Uint8Array; + +export function verifyProofOfInvalidityOfBDDT16KeyedProof(proofOfInvalidity: Uint8Array, keyedProof: Uint8Array, publicKey: Uint8Array, params: Bddt16MacParams): Required; + export function verifyVBAccumMembershipKeyedProof(proof: Uint8Array, secretKey: Uint8Array): Required; export function verifyKBUniAccumMembershipKeyedProof(proof: Uint8Array, secretKey: Uint8Array): Required; diff --git a/src/js/type_declarations/ps.d.ts b/src/js/type_declarations/ps.d.ts index 25cf890..fd47eee 100644 --- a/src/js/type_declarations/ps.d.ts +++ b/src/js/type_declarations/ps.d.ts @@ -118,6 +118,7 @@ export function psUnblindSignature( blind_signature: Uint8Array, indexed_blindings: Map, pk: Uint8Array, + h: Uint8Array, ): Uint8Array; export function psInitializeSignaturePoK( diff --git a/src/js/type_declarations/util.d.ts b/src/js/type_declarations/util.d.ts index 848bb05..e493adf 100644 --- a/src/js/type_declarations/util.d.ts +++ b/src/js/type_declarations/util.d.ts @@ -19,6 +19,15 @@ export function encodeMessagesForSigning( indicesToEncode?: number[] ): Uint8Array[]; +export function encodeMessageForSigningInConstantTime( + message: Uint8Array +): Uint8Array; + +export function encodeMessagesForSigningInConstantTime( + messages: Uint8Array[], + indicesToEncode?: number[] +): Uint8Array[]; + export function fieldElementAsBytes( element: Uint8Array, elementIsSecure: boolean diff --git a/src/js/util_wasm.js b/src/js/util_wasm.js index ddd1581..382e3af 100644 --- a/src/js/util_wasm.js +++ b/src/js/util_wasm.js @@ -25,6 +25,16 @@ module.exports.encodeMessagesForSigning = (messages, indicesToEncode) => { return wasm.encodeMessagesForSigning(messages, indicesToEncode); }; +module.exports.encodeMessageForSigningInConstantTime = (message) => { + requireWasmInitialized(); + return wasm.encodeMessageForSigningInConstantTime(message); +}; + +module.exports.encodeMessagesForSigningInConstantTime = (messages, indicesToEncode) => { + requireWasmInitialized(); + return wasm.encodeMessagesForSigningInConstantTime(messages, indicesToEncode); +}; + module.exports.generateRandomG2Element = (seed) => { requireWasmInitialized(); return wasm.generateRandomG2Element(seed); diff --git a/src/keyed_proof.rs b/src/keyed_proof.rs index 9229e36..164ec1e 100644 --- a/src/keyed_proof.rs +++ b/src/keyed_proof.rs @@ -1,9 +1,18 @@ use crate::{ - accumulator::common::AccumSk, bddt16_kvac::BDDT16MACSecretKey, common::VerifyResponse, - composite_proof_system::Proof, to_verify_response, utils::set_panic_hook, G1Affine, + accumulator::common::AccumSk, + bddt16_kvac::{BDDT16MACParams, BDDT16MACPublicKeyG1, BDDT16MACSecretKey}, + common::VerifyResponse, + composite_proof_system::Proof, + to_verify_response, + utils::{get_seeded_rng, set_panic_hook}, + G1Affine, }; +use blake2::Blake2b512; use js_sys::Uint8Array; -use kvac::bddt_2016::keyed_proof::KeyedProof as BDDT16Kp; +use kvac::bddt_2016::keyed_proof::{ + KeyedProof as BDDT16Kp, ProofOfInvalidityOfKeyedProof as BDDT16Pivkp, + ProofOfValidityOfKeyedProof as BDDT16Pvkp, +}; use proof_system::prelude::StatementProof; use vb_accumulator::{ kb_universal_accumulator::proofs_keyed_verification::{ @@ -67,18 +76,119 @@ pub fn verify_bddt16_keyed_proof( to_verify_response!(proof.verify(sk.as_ref())) } -#[wasm_bindgen(js_name = verifyVBAccumMembershipKeyedProof)] -pub fn verify_vb_accum_membership_keyed_proof( +#[wasm_bindgen(js_name = proofOfValidityOfBDDT16KeyedProof)] +pub fn proof_of_validity_of_bddt16_keyed_proof( proof: Uint8Array, secret_key: Uint8Array, + public_key: Uint8Array, + params: JsValue, +) -> Result { + set_panic_hook(); + let proof = obj_from_uint8array!(BDDT16Kp, proof, false, "BDDT16KeyedProof"); + let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); + let pk = obj_from_uint8array!( + BDDT16MACPublicKeyG1, + public_key, + false, + "BDDT16MACPublicKeyG1" + ); + let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + let mut rng = get_seeded_rng(); + let p = proof.create_proof_of_validity::<_, Blake2b512>(&mut rng, sk.0, &pk.0, ¶ms.g_0); + Ok(obj_to_uint8array!( + &p, + false, + "ProofOfValidityOfBDDT16KeyedProof" + )) +} + +#[wasm_bindgen(js_name = verifyProofOfValidityOfBDDT16KeyedProof)] +pub fn verify_proof_of_validity_of_bddt16_keyed_proof( + proof_of_validity: Uint8Array, + keyed_proof: Uint8Array, + public_key: Uint8Array, + params: JsValue, ) -> Result { set_panic_hook(); - let proof = obj_from_uint8array!( - VBMemDp, - proof, + let proof_of_validity = obj_from_uint8array!( + BDDT16Pvkp, + proof_of_validity, false, - "VBMembershipKeyedProof" + "BDDT16ProofOfValidityOfKeyedProof" ); + let keyed_proof = + obj_from_uint8array!(BDDT16Kp, keyed_proof, false, "BDDT16KeyedProof"); + let pk = obj_from_uint8array!( + BDDT16MACPublicKeyG1, + public_key, + false, + "BDDT16MACPublicKeyG1" + ); + let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + to_verify_response!(proof_of_validity.verify::(&keyed_proof, &pk.0, ¶ms.g_0)) +} + +#[wasm_bindgen(js_name = proofOfInvalidityOfBDDT16KeyedProof)] +pub fn proof_of_invalidity_of_bddt16_keyed_proof( + proof: Uint8Array, + secret_key: Uint8Array, + public_key: Uint8Array, + params: JsValue, +) -> Result { + set_panic_hook(); + let proof = obj_from_uint8array!(BDDT16Kp, proof, false, "BDDT16KeyedProof"); + let sk = obj_from_uint8array!(BDDT16MACSecretKey, secret_key, true, "BDDT16MACSecretKey"); + let pk = obj_from_uint8array!( + BDDT16MACPublicKeyG1, + public_key, + false, + "BDDT16MACPublicKeyG1" + ); + let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + let mut rng = get_seeded_rng(); + match proof.create_proof_of_invalidity::<_, Blake2b512>(&mut rng, sk.0, &pk.0, ¶ms.g_0) { + Ok(p) => Ok(obj_to_uint8array!( + &p, + false, + "ProofOfInvalidityOfBDDT16KeyedProof" + )), + Err(e) => Err(JsValue::from(&format!("{:?}", e))), + } +} + +#[wasm_bindgen(js_name = verifyProofOfInvalidityOfBDDT16KeyedProof)] +pub fn verify_proof_of_invalidity_of_bddt16_keyed_proof( + proof_of_invalidity: Uint8Array, + keyed_proof: Uint8Array, + public_key: Uint8Array, + params: JsValue, +) -> Result { + set_panic_hook(); + let proof_of_invalidity = obj_from_uint8array!( + BDDT16Pivkp, + proof_of_invalidity, + false, + "BDDT16ProofOfInvalidityOfKeyedProof" + ); + let keyed_proof = + obj_from_uint8array!(BDDT16Kp, keyed_proof, false, "BDDT16KeyedProof"); + let pk = obj_from_uint8array!( + BDDT16MACPublicKeyG1, + public_key, + false, + "BDDT16MACPublicKeyG1" + ); + let params: BDDT16MACParams = serde_wasm_bindgen::from_value(params)?; + to_verify_response!(proof_of_invalidity.verify::(&keyed_proof, &pk.0, ¶ms.g_0)) +} + +#[wasm_bindgen(js_name = verifyVBAccumMembershipKeyedProof)] +pub fn verify_vb_accum_membership_keyed_proof( + proof: Uint8Array, + secret_key: Uint8Array, +) -> Result { + set_panic_hook(); + let proof = obj_from_uint8array!(VBMemDp, proof, false, "VBMembershipKeyedProof"); let sk = obj_from_uint8array!(AccumSk, secret_key, true, "VBAccumulatorSk"); to_verify_response!(proof.verify(&sk)) } diff --git a/src/lib.rs b/src/lib.rs index 6287aa0..2fd33c0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -27,8 +27,8 @@ mod bddt16_kvac; pub mod bound_check; pub mod common; pub mod composite_proof_system; -pub mod keyed_proof; pub mod frost_dkg; +pub mod keyed_proof; pub mod legosnark; pub mod ps; pub mod r1cs; diff --git a/src/ps.rs b/src/ps.rs index 1145424..1af2328 100644 --- a/src/ps.rs +++ b/src/ps.rs @@ -278,9 +278,9 @@ pub fn ps_sign( #[wasm_bindgen(js_name = psBlindSign)] pub fn ps_blind_sign( messages: JsValue, - secret_key: js_sys::Uint8Array, - h: js_sys::Uint8Array, -) -> Result { + secret_key: Uint8Array, + h: Uint8Array, +) -> Result { set_panic_hook(); let messages = js_sys::try_iter(&messages)? @@ -298,10 +298,11 @@ pub fn ps_blind_sign( #[wasm_bindgen(js_name = psUnblindSignature)] pub fn ps_unblind_sig( - blind_signature: js_sys::Uint8Array, + blind_signature: Uint8Array, indexed_blindings: js_sys::Map, public_key: Uint8Array, -) -> Result { + h: Uint8Array, +) -> Result { set_panic_hook(); let signature = obj_from_uint8array!(PSBlindSignature, blind_signature, false); @@ -311,10 +312,11 @@ pub fn ps_unblind_sig( .iter() .map(|(&idx, message)| (idx, message)); let pk = obj_from_uint8array!(PSPublicKey, public_key, false, "PSPublicKey"); + let h = obj_from_uint8array!(G1Affine, h, false); Ok(obj_to_uint8array!( &signature - .unblind(sorted_indexed_blindigns, &pk) + .unblind(sorted_indexed_blindigns, &pk, &h) .map_err(debug_to_js_value)?, true, "PSSignature" diff --git a/src/threshold_sig/base_ot.rs b/src/threshold_sig/base_ot.rs index d6007f6..77fc804 100644 --- a/src/threshold_sig/base_ot.rs +++ b/src/threshold_sig/base_ot.rs @@ -3,12 +3,14 @@ use crate::{ utils::{get_seeded_rng, js_array_to_iter, js_set_to_btree_set, set_panic_hook}, G1Affine, }; -use bbs_plus::threshold::base_ot_phase::{BaseOTPhase, BaseOTPhaseOutput, SenderPubKeyAndProof}; use blake2::Blake2b512; use js_sys::{Array, Map, Set, Uint8Array}; use oblivious_transfer_protocols::{ base_ot::simplest_ot::{Challenges, HashedKey, ReceiverPubKeys, Responses}, - ot_based_multiplication::dkls18_mul_2p::MultiplicationOTEParams, + ot_based_multiplication::{ + base_ot_multi_party_pairwise::{BaseOTOutput, Participant, SenderPubKeyAndProof}, + dkls18_mul_2p::MultiplicationOTEParams, + }, ParticipantId, }; use secret_sharing_and_dkg::common::PublicKeyBase; @@ -34,7 +36,7 @@ pub fn start_base_ot_phase( ote_params.num_base_ot() }); let others = js_set_to_btree_set(&others); - let (base_ot, sender_pk_and_proof) = BaseOTPhase::init::<_, Blake2b512>( + let (base_ot, sender_pk_and_proof) = Participant::init::<_, Blake2b512>( &mut rng, participant_id, others, @@ -63,7 +65,7 @@ pub fn base_ot_phase_process_sender_pubkey( ) -> Result { set_panic_hook(); let mut rng = get_seeded_rng(); - let mut base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let mut base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let pub_key_proof = obj_from_uint8array!(SenderPubKeyAndProof, pub_key_proof, false); let recv_pk = base_ot .receive_sender_pubkey::<_, Blake2b512, BASE_OT_KEY_SIZE>( @@ -93,7 +95,7 @@ pub fn base_ot_phase_process_receiver_pubkey( public_key: Uint8Array, ) -> Result { set_panic_hook(); - let mut base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let mut base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let pk = obj_from_uint8array!(ReceiverPubKeys, public_key, false); let challenges = base_ot .receive_receiver_pubkey::(receiver_id, pk) @@ -118,7 +120,7 @@ pub fn base_ot_phase_process_receiver_challenges( challenges: Uint8Array, ) -> Result { set_panic_hook(); - let mut base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let mut base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let challenges = obj_from_uint8array!(Challenges, challenges, false); let resp = base_ot .receive_challenges(sender_id, challenges) @@ -143,7 +145,7 @@ pub fn base_ot_phase_process_sender_responses( responses: Uint8Array, ) -> Result { set_panic_hook(); - let mut base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let mut base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let responses = obj_from_uint8array!(Responses, responses, false); let hk = base_ot .receive_responses(sender_id, responses) @@ -168,7 +170,7 @@ pub fn base_ot_phase_process_hashed_keys( hashed_keys: Uint8Array, ) -> Result { set_panic_hook(); - let mut base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let mut base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let hk = obj_from_uint8array!(Vec<(HashedKey, HashedKey)>, hashed_keys, false); base_ot.receive_hashed_keys(sender_id, hk).map_err(|e| { JsValue::from(&format!( @@ -183,9 +185,9 @@ pub fn base_ot_phase_process_hashed_keys( #[wasm_bindgen(js_name = baseOTPhaseFinish)] pub fn base_ot_phase_finish(base_ot_phase: Uint8Array) -> Result { set_panic_hook(); - let base_ot = obj_from_uint8array!(BaseOTPhase, base_ot_phase, true); + let base_ot = obj_from_uint8array!(Participant, base_ot_phase, true); let out = base_ot.finish(); - let out = obj_to_uint8array!(&out, true, "BaseOTPhaseOutput"); + let out = obj_to_uint8array!(&out, true, "BaseOTOutput"); Ok(out) } @@ -193,7 +195,7 @@ pub fn base_ot_phase_finish(base_ot_phase: Uint8Array) -> Result Result<(), JsValue> { set_panic_hook(); - let outs = js_array_to_iter(&base_ot_outputs).collect::, _>>()?; + let outs = js_array_to_iter(&base_ot_outputs).collect::, _>>()?; for base_ot in &outs { for (other, sender_keys) in &base_ot.sender_keys { diff --git a/src/threshold_sig/signing.rs b/src/threshold_sig/signing.rs index e5e83f8..71189fe 100644 --- a/src/threshold_sig/signing.rs +++ b/src/threshold_sig/signing.rs @@ -10,17 +10,21 @@ use crate::{ }; use ark_bls12_381::Bls12_381; use bbs_plus::threshold::{ - base_ot_phase::BaseOTPhaseOutput, - cointoss::Commitments, - multiplication_phase::{Message1, Message2, Phase2, Phase2Output}, + multiplication_phase::{Phase2, Phase2Output}, randomness_generation_phase::Phase1, threshold_bbs::{BBSSignatureShare, Phase1Output as BbsPhase1Output}, threshold_bbs_plus::{BBSPlusSignatureShare, Phase1Output as BbsPlusPhase1Output}, }; use blake2::Blake2b512; use js_sys::{Array, Map, Set, Uint8Array}; -use oblivious_transfer_protocols::ot_based_multiplication::{ - dkls18_mul_2p::MultiplicationOTEParams, dkls19_batch_mul_2p::GadgetVector, +use oblivious_transfer_protocols::{ + cointoss::Commitments, + ot_based_multiplication::{ + base_ot_multi_party_pairwise::BaseOTOutput, + batch_mul_multi_party::{Message1, Message2}, + dkls18_mul_2p::MultiplicationOTEParams, + dkls19_batch_mul_2p::GadgetVector, + }, }; use secret_sharing_and_dkg::common::ParticipantId; use wasm_bindgen::prelude::*; @@ -73,7 +77,7 @@ macro_rules! start_phase2 { let mut rng = get_seeded_rng(); let others = js_set_to_btree_set(&$others); let phase1_output = obj_from_uint8array!($phase1_output_type, $phase1_output, true, "Phase1Output"); - let base_ot_output = obj_from_uint8array!(BaseOTPhaseOutput, $base_ot_output, true, "BaseOTOutput"); + let base_ot_output = obj_from_uint8array!(BaseOTOutput, $base_ot_output, true, "BaseOTOutput"); let gadget_vector = obj_from_uint8array!(GadgetVector, $gadget_vector, false, "GadgetVector"); let ote_params = MultiplicationOTEParams:: {}; diff --git a/src/utils.rs b/src/utils.rs index cd20afc..7408c3f 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -19,7 +19,7 @@ use ark_std::{ }; use blake2::Blake2b512; use dock_crypto_utils::concat_slices; -use serde_wasm_bindgen::from_value; +use serde_wasm_bindgen::{from_value, to_value}; use wasm_bindgen::prelude::*; use zeroize::Zeroize; @@ -67,11 +67,11 @@ pub fn fr_to_jsvalue(elem: &Fr) -> Result { )) })?; // Following unwrap won't fail as its serializing only bytes - Ok(serde_wasm_bindgen::to_value(&bytes).unwrap()) + Ok(to_value(&bytes).unwrap()) } pub fn fr_from_jsvalue(value: JsValue) -> Result { - let bytes: Vec = serde_wasm_bindgen::from_value(value)?; + let bytes: Vec = from_value(value)?; let elem = Fr::deserialize_compressed(&bytes[..]).map_err(|e| { JsValue::from(&format!( "Cannot deserialize {:?} to Fr due to error: {:?}", @@ -115,7 +115,7 @@ pub fn fr_from_uint8_array( } pub fn frs_from_jsvalue(value: JsValue) -> Result, JsValue> { - let bytes: Vec = serde_wasm_bindgen::from_value(value)?; + let bytes: Vec = from_value(value)?; let elem = >::deserialize_compressed(&bytes[..]).map_err(|e| { JsValue::from(&format!( "Cannot deserialize to Fr vector due to error: {:?}", @@ -131,7 +131,7 @@ pub fn frs_to_jsvalue(elems: &[Fr]) -> Result { .serialize_compressed(&mut bytes) .map_err(|e| JsValue::from(&format!("Cannot serialize Fr vector due to error: {:?}", e)))?; // Following unwrap won't fail as its serializing only bytes - Ok(serde_wasm_bindgen::to_value(&bytes).unwrap()) + Ok(to_value(&bytes).unwrap()) } pub fn g1_affine_to_jsvalue(elem: &G1Affine) -> Result { @@ -139,11 +139,11 @@ pub fn g1_affine_to_jsvalue(elem: &G1Affine) -> Result { elem.serialize_compressed(&mut bytes) .map_err(|e| JsValue::from(&format!("Cannot serialize G1Affine due to error: {:?}", e)))?; // Following unwrap won't fail as its serializing only bytes - Ok(serde_wasm_bindgen::to_value(&bytes).unwrap()) + Ok(to_value(&bytes).unwrap()) } pub fn g1_affine_from_jsvalue(value: JsValue) -> Result { - let bytes: Vec = serde_wasm_bindgen::from_value(value)?; + let bytes: Vec = from_value(value)?; let elem = G1Affine::deserialize_compressed(&bytes[..]).map_err(|e| { JsValue::from(&format!( "Cannot deserialize to G1Affine due to error: {:?}", @@ -177,11 +177,11 @@ pub fn g2_affine_to_jsvalue(elem: &G2Affine) -> Result { elem.serialize_compressed(&mut bytes) .map_err(|e| JsValue::from(&format!("Cannot serialize G2Affine due to error: {:?}", e)))?; // Following unwrap won't fail as its serializing only bytes - Ok(serde_wasm_bindgen::to_value(&bytes).unwrap()) + Ok(to_value(&bytes).unwrap()) } pub fn g2_affine_from_jsvalue(value: JsValue) -> Result { - let bytes: Vec = serde_wasm_bindgen::from_value(value)?; + let bytes: Vec = from_value(value)?; let elem = G2Affine::deserialize_compressed(&bytes[..]).map_err(|e| { JsValue::from(&format!( "Cannot deserialize to G2Affine due to error: {:?}", @@ -217,32 +217,77 @@ pub fn js_array_to_fr_vec(array: &js_sys::Array) -> Result, JsValue> { Ok(frs) } +macro_rules! messages_as_bytes_to_fr_vec { + ($messages_as_bytes: ident, $encode_messages: ident, $fn_name: ident) => {{ + let mut result = vec![]; + for m in $messages_as_bytes { + result.push({ + if $encode_messages { + $fn_name(m) + } else { + Fr::deserialize_compressed(m.as_slice()).map_err(|e| { + JsValue::from(&format!("Cannot deserialize to Fr due to error: {:?}", e)) + })? + } + }); + } + Ok(result) + }}; +} + +macro_rules! encode_messages_as_js_map_to_fr_btreemap { + ($messages: ident, $encode_messages: ident, $fn_name: ident) => {{ + let mut msgs = BTreeMap::new(); + for e in $messages.entries() { + let arr = js_sys::Array::from(&e.unwrap()); + let index: usize = from_value(arr.get(0))?; + let msg: Vec = from_value(arr.get(1))?; + let m = if $encode_messages { + $fn_name(&msg) + } else { + Fr::deserialize_compressed(msg.as_slice()).map_err(|e| { + JsValue::from(&format!("Cannot deserialize to Fr due to error: {:?}", e)) + })? + }; + msgs.insert(index, m); + } + Ok(msgs) + }}; +} + /// This is to convert a message to field element. This encoding needs to be collision resistant but -/// not preimage-resistant and thus use of hash function is not necessary. However, the encoding must -/// be constant time +/// not preimage-resistant and thus use of hash function is not necessary. pub fn encode_message_for_signing(msg: &[u8]) -> Fr { dock_crypto_utils::hashing_utils::field_elem_from_try_and_incr::( &concat_slices!(msg, b"message to sign"), ) } +/// Constant time encoding arbitrary byte message to field element +pub fn encode_message_for_signing_in_constant_time(msg: &[u8]) -> Fr { + dock_crypto_utils::hashing_utils::hash_to_field::(b"message to sign", msg) +} + pub fn messages_as_bytes_to_fr_vec( messages_as_bytes: &[Vec], encode_messages: bool, ) -> Result, JsValue> { - let mut result = vec![]; - for m in messages_as_bytes { - result.push({ - if encode_messages { - encode_message_for_signing(m) - } else { - Fr::deserialize_compressed(m.as_slice()).map_err(|e| { - JsValue::from(&format!("Cannot deserialize to Fr due to error: {:?}", e)) - })? - } - }); - } - Ok(result) + messages_as_bytes_to_fr_vec!( + messages_as_bytes, + encode_messages, + encode_message_for_signing + ) +} + +pub fn messages_as_bytes_to_fr_vec_in_constant_time( + messages_as_bytes: &[Vec], + encode_messages: bool, +) -> Result, JsValue> { + messages_as_bytes_to_fr_vec!( + messages_as_bytes, + encode_messages, + encode_message_for_signing_in_constant_time + ) } pub fn encode_messages_as_js_array_to_fr_vec( @@ -253,25 +298,30 @@ pub fn encode_messages_as_js_array_to_fr_vec( messages_as_bytes_to_fr_vec(&messages_as_bytes, encode_messages) } +pub fn encode_messages_as_js_array_to_fr_vec_in_constant_time( + messages: &js_sys::Array, + encode_messages: bool, +) -> Result, JsValue> { + let messages_as_bytes = js_array_of_bytearrays_to_vector_of_bytevectors(messages)?; + messages_as_bytes_to_fr_vec_in_constant_time(&messages_as_bytes, encode_messages) +} + pub fn encode_messages_as_js_map_to_fr_btreemap( messages: &js_sys::Map, encode_messages: bool, ) -> Result, JsValue> { - let mut msgs = BTreeMap::new(); - for e in messages.entries() { - let arr = js_sys::Array::from(&e.unwrap()); - let index: usize = serde_wasm_bindgen::from_value(arr.get(0))?; - let msg: Vec = serde_wasm_bindgen::from_value(arr.get(1))?; - let m = if encode_messages { - encode_message_for_signing(&msg) - } else { - Fr::deserialize_compressed(msg.as_slice()).map_err(|e| { - JsValue::from(&format!("Cannot deserialize to Fr due to error: {:?}", e)) - })? - }; - msgs.insert(index, m); - } - Ok(msgs) + encode_messages_as_js_map_to_fr_btreemap!(messages, encode_messages, encode_message_for_signing) +} + +pub fn encode_messages_as_js_map_to_fr_btreemap_in_constant_time( + messages: &js_sys::Map, + encode_messages: bool, +) -> Result, JsValue> { + encode_messages_as_js_map_to_fr_btreemap!( + messages, + encode_messages, + encode_message_for_signing_in_constant_time + ) } pub fn js_array_from_frs(frs: &[Fr]) -> Result { @@ -357,7 +407,7 @@ pub fn js_set_to_btree_set( let set: BTreeSet = js_set .values() .into_iter() - .map(|i| serde_wasm_bindgen::from_value(i.unwrap()).unwrap()) + .map(|i| from_value(i.unwrap()).unwrap()) .collect(); set } diff --git a/tests/js/bbs.spec.ts b/tests/js/bbs.spec.ts index b3f040e..8178f70 100644 --- a/tests/js/bbs.spec.ts +++ b/tests/js/bbs.spec.ts @@ -22,6 +22,17 @@ import { bbsGenerateKeyPair, bbsVerify, bbsBlindSign, + bbsSignConstantTime, + bbsVerifyConstantTime, + bbsCommitMsgsConstantTime, + bbsBlindSignConstantTime, + bbsInitializeProofOfKnowledgeOfSignatureConstantTime, + bbsChallengeContributionFromProtocolConstantTime, + bbsVerifyProofOfKnowledgeOfSignatureConstantTime, + bbsChallengeContributionFromProofConstantTime, + bbsInitializeProofOfKnowledgeOfSignatureNew, + bbsVerifyProofOfKnowledgeOfSignatureNew, + bbsChallengeContributionFromProofNew, bbsChallengeContributionFromProtocolNew, bbsGenProofOfKnowledgeOfSignatureNew, } from "../../lib"; @@ -105,6 +116,12 @@ describe("For BBS signatures", () => { expect(res.verified).toBe(true); }); + it("generate and verify signature in G1 with constant time encoding", () => { + const sig = bbsSignConstantTime(messages, sk, sigParamsG1, true); + const res = bbsVerifyConstantTime(messages, sig, pkG2, sigParamsG1, true); + expect(res.verified).toBe(true); + }); + it("extend signature params in G1", () => { const label = stringToBytes("Sig params g1"); const params0 = bbsGenerateSignatureParams(1); @@ -122,7 +139,7 @@ describe("For BBS signatures", () => { expect(params1.h[1]).toEqual(params2.h[1]); }); - it("generate and verify a blind signature in G1", () => { + function checkBlind(commitFunc, signFunc, verifyFunc) { // Commit to message indices 1 and 5 const msgsToCommit = new Map(); msgsToCommit.set(1, messages[1]); @@ -134,21 +151,29 @@ describe("For BBS signatures", () => { msgsNotToCommit.set(3, messages[3]); msgsNotToCommit.set(4, messages[4]); - const commitment = bbsCommitMsgs(msgsToCommit, sigParamsG1, true); - const sig = bbsBlindSign( - commitment, - msgsNotToCommit, - sk, - sigParamsG1, - true + const commitment = commitFunc(msgsToCommit, sigParamsG1, true); + const sig = signFunc( + commitment, + msgsNotToCommit, + sk, + sigParamsG1, + true ); - const res = bbsVerify(messages, sig, pkG2, sigParamsG1, true); + const res = verifyFunc(messages, sig, pkG2, sigParamsG1, true); expect(res.verified).toBe(true); + } + + it("generate and verify a blind signature in G1", () => { + checkBlind(bbsCommitMsgs, bbsBlindSign, bbsVerify) }); - it("generate a proof of knowledge of signature in G1", () => { - const sig = bbsSign(messages, sk, sigParamsG1, true); - const res = bbsVerify(messages, sig, pkG2, sigParamsG1, true); + it("generate and verify a blind signature in G1 with constant time encoding", () => { + checkBlind(bbsCommitMsgsConstantTime, bbsBlindSignConstantTime, bbsVerifyConstantTime) + }); + + function checkPoK(signFunc, verifyFunc, initPoKFunc, genProofFunc, chalPrtFunc, chalPrfFunc, verifyPoKFunc) { + const sig = signFunc(messages, sk, sigParamsG1, true); + const res = verifyFunc(messages, sig, pkG2, sigParamsG1, true); expect(res.verified).toBe(true); // Prover reveals message indices 0 and 2 and supplies blindings for message indices 1, 4 and 5 @@ -164,42 +189,54 @@ describe("For BBS signatures", () => { revealedMsgs.set(0, messages[0]); revealedMsgs.set(2, messages[2]); - const protocol = bbsInitializeProofOfKnowledgeOfSignature( - sig, - sigParamsG1, - messages, - blindings, - revealed, - true + const protocol = initPoKFunc( + sig, + sigParamsG1, + messages, + blindings, + revealed, + true ); - const pBytes = bbsChallengeContributionFromProtocol( - protocol, - revealedMsgs, - sigParamsG1, - true + const pBytes = chalPrtFunc( + protocol, + revealedMsgs, + sigParamsG1, + true ); expect(pBytes).toBeInstanceOf(Uint8Array); const proverChallenge = generateChallengeFromBytes(pBytes); - const proof = bbsGenProofOfKnowledgeOfSignature(protocol, proverChallenge); + const proof = genProofFunc(protocol, proverChallenge); - const vBytes = bbsChallengeContributionFromProof( - proof, - revealedMsgs, - sigParamsG1, - true + const vBytes = chalPrfFunc( + proof, + revealedMsgs, + sigParamsG1, + true ); expect(vBytes).toBeInstanceOf(Uint8Array); expect(pBytes).toEqual(vBytes); const verifierChallenge = generateChallengeFromBytes(vBytes); expect(proverChallenge).toEqual(verifierChallenge); - const result = bbsVerifyProofOfKnowledgeOfSignature( - proof, - revealedMsgs, - verifierChallenge, - pkG2, - sigParamsG1, - true + const result = verifyPoKFunc( + proof, + revealedMsgs, + verifierChallenge, + pkG2, + sigParamsG1, + true ); expect(result.verified).toBe(true); + } + + it("generate a proof of knowledge of signature in G1", () => { + checkPoK(bbsSign, bbsVerify, bbsInitializeProofOfKnowledgeOfSignature, bbsGenProofOfKnowledgeOfSignature, bbsChallengeContributionFromProtocol, bbsChallengeContributionFromProof, bbsVerifyProofOfKnowledgeOfSignature) + }); + + it("generate a proof of knowledge of signature in G1 with constant time encoding", () => { + checkPoK(bbsSignConstantTime, bbsVerifyConstantTime, bbsInitializeProofOfKnowledgeOfSignatureConstantTime, bbsGenProofOfKnowledgeOfSignature, bbsChallengeContributionFromProtocolConstantTime, bbsChallengeContributionFromProofConstantTime, bbsVerifyProofOfKnowledgeOfSignatureConstantTime) + }); + + it("generate a proof of knowledge of signature in G1 using new protocol", () => { + checkPoK(bbsSignConstantTime, bbsVerifyConstantTime, bbsInitializeProofOfKnowledgeOfSignatureNew, bbsGenProofOfKnowledgeOfSignatureNew, bbsChallengeContributionFromProtocolNew, bbsChallengeContributionFromProofNew, bbsVerifyProofOfKnowledgeOfSignatureNew) }); }); diff --git a/tests/js/bbsPlus.spec.ts b/tests/js/bbsPlus.spec.ts index 6956e84..0792dc6 100644 --- a/tests/js/bbsPlus.spec.ts +++ b/tests/js/bbsPlus.spec.ts @@ -37,6 +37,17 @@ import { bbsPlusSignatureParamsG2ToBytes, BbsPlusSigParams, initializeWasm, + bbsPlusSignG1ConstantTime, + bbsPlusVerifyG1ConstantTime, + bbsPlusSignG2ConstantTime, + bbsPlusVerifyG2ConstantTime, + bbsPlusCommitMsgsInG1ConstantTime, + bbsPlusBlindSignG1ConstantTime, + bbsPlusBlindSignG2ConstantTime, + bbsPlusCommitMsgsInG2ConstantTime, + bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime, + bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime, + bbsPlusChallengeContributionFromProofConstantTime, bbsPlusChallengeContributionFromProtocolConstantTime, } from "../../lib"; @@ -164,12 +175,24 @@ describe("For BBS+ signatures", () => { expect(res.verified).toBe(true); }); + it("generate and verify signature in G1 with constant time encoding", () => { + const sig = bbsPlusSignG1ConstantTime(messages, sk, sigParamsG1, true); + const res = bbsPlusVerifyG1ConstantTime(messages, sig, pkG2, sigParamsG1, true); + expect(res.verified).toBe(true); + }); + it("generate and verify signature in G2", () => { const sig = bbsPlusSignG2(messages, sk, sigParamsG2, true); const res = bbsPlusVerifyG2(messages, sig, pkG1, sigParamsG2, true); expect(res.verified).toBe(true); }); + it("generate and verify signature in G2 with constant time encoding", () => { + const sig = bbsPlusSignG2ConstantTime(messages, sk, sigParamsG2, true); + const res = bbsPlusVerifyG2ConstantTime(messages, sig, pkG1, sigParamsG2, true); + expect(res.verified).toBe(true); + }); + it("extend signature params in G1", () => { const label = stringToBytes("Sig params g1"); const params0 = bbsPlusGenerateSignatureParamsG1(1); @@ -204,7 +227,7 @@ describe("For BBS+ signatures", () => { expect(params1.h[1]).toEqual(params2.h[1]); }); - it("generate and verify a blind signature in G1", () => { + function checkBlind(commitFunc, signFunc, unblindFunc, verifyFunc, pk, params) { // Commit to message indices 1 and 5 const msgsToCommit = new Map(); msgsToCommit.set(1, messages[1]); @@ -217,58 +240,43 @@ describe("For BBS+ signatures", () => { msgsNotToCommit.set(4, messages[4]); const blinding = generateRandomFieldElement(); - const commitment = bbsPlusCommitMsgsInG1( - msgsToCommit, - blinding, - sigParamsG1, - true + const commitment = commitFunc( + msgsToCommit, + blinding, + params, + true ); - const blindSig = bbsPlusBlindSignG1( - commitment, - msgsNotToCommit, - sk, - sigParamsG1, - true + const blindSig = signFunc( + commitment, + msgsNotToCommit, + sk, + params, + true ); - const sig = bbsPlusUnblindSigG1(blindSig, blinding); - const res = bbsPlusVerifyG1(messages, sig, pkG2, sigParamsG1, true); + const sig = unblindFunc(blindSig, blinding); + const res = verifyFunc(messages, sig, pk, params, true); expect(res.verified).toBe(true); + } + + it("generate and verify a blind signature in G1", () => { + checkBlind(bbsPlusCommitMsgsInG1, bbsPlusBlindSignG1, bbsPlusUnblindSigG1, bbsPlusVerifyG1, pkG2, sigParamsG1) }); - it("generate and verify a blind signature in G2", () => { - // Commit to message indices 1 and 5 - const msgsToCommit = new Map(); - msgsToCommit.set(1, messages[1]); - msgsToCommit.set(5, messages[5]); + it("generate and verify a blind signature in G1 with constant time encoding", () => { + checkBlind(bbsPlusCommitMsgsInG1ConstantTime, bbsPlusBlindSignG1ConstantTime, bbsPlusUnblindSigG1, bbsPlusVerifyG1ConstantTime, pkG2, sigParamsG1) + }); - const msgsNotToCommit = new Map(); - msgsNotToCommit.set(0, messages[0]); - msgsNotToCommit.set(2, messages[2]); - msgsNotToCommit.set(3, messages[3]); - msgsNotToCommit.set(4, messages[4]); + it("generate and verify a blind signature in G2", () => { + checkBlind(bbsPlusCommitMsgsInG2, bbsPlusBlindSignG2, bbsPlusUnblindSigG2, bbsPlusVerifyG2, pkG1, sigParamsG2) + }); - const blinding = generateRandomFieldElement(); - const commitment = bbsPlusCommitMsgsInG2( - msgsToCommit, - blinding, - sigParamsG2, - true - ); - const blindSig = bbsPlusBlindSignG2( - commitment, - msgsNotToCommit, - sk, - sigParamsG2, - true - ); - const sig = bbsPlusUnblindSigG2(blindSig, blinding); - const res = bbsPlusVerifyG2(messages, sig, pkG1, sigParamsG2, true); - expect(res.verified).toBe(true); + it("generate and verify a blind signature in G2 with constant time encoding", () => { + checkBlind(bbsPlusCommitMsgsInG2ConstantTime, bbsPlusBlindSignG2ConstantTime, bbsPlusUnblindSigG2, bbsPlusVerifyG2ConstantTime, pkG1, sigParamsG2) }); - it("generate a proof of knowledge of signature in G1", () => { - const sig = bbsPlusSignG1(messages, sk, sigParamsG1, true); - const res = bbsPlusVerifyG1(messages, sig, pkG2, sigParamsG1, true); + function checkPoK(signFunc, verifyFunc, initPoKFunc, chalPrtFunc, chalPrfFunc, verifyPoKFunc) { + const sig = signFunc(messages, sk, sigParamsG1, true); + const res = verifyFunc(messages, sig, pkG2, sigParamsG1, true); expect(res.verified).toBe(true); // Prover reveals message indices 0 and 2 and supplies blindings for message indices 1, 4 and 5 @@ -284,42 +292,50 @@ describe("For BBS+ signatures", () => { revealedMsgs.set(0, messages[0]); revealedMsgs.set(2, messages[2]); - const protocol = bbsPlusInitializeProofOfKnowledgeOfSignature( - sig, - sigParamsG1, - messages, - blindings, - revealed, - true + const protocol = initPoKFunc( + sig, + sigParamsG1, + messages, + blindings, + revealed, + true ); - const pBytes = bbsPlusChallengeContributionFromProtocol( - protocol, - revealedMsgs, - sigParamsG1, - true + const pBytes = chalPrtFunc( + protocol, + revealedMsgs, + sigParamsG1, + true ); expect(pBytes).toBeInstanceOf(Uint8Array); const proverChallenge = generateChallengeFromBytes(pBytes); const proof = bbsPlusGenProofOfKnowledgeOfSignature(protocol, proverChallenge); - const vBytes = bbsPlusChallengeContributionFromProof( - proof, - revealedMsgs, - sigParamsG1, - true + const vBytes = chalPrfFunc( + proof, + revealedMsgs, + sigParamsG1, + true ); expect(vBytes).toBeInstanceOf(Uint8Array); expect(pBytes).toEqual(vBytes); const verifierChallenge = generateChallengeFromBytes(vBytes); expect(proverChallenge).toEqual(verifierChallenge); - const result = bbsPlusVerifyProofOfKnowledgeOfSignature( - proof, - revealedMsgs, - verifierChallenge, - pkG2, - sigParamsG1, - true + const result = verifyPoKFunc( + proof, + revealedMsgs, + verifierChallenge, + pkG2, + sigParamsG1, + true ); expect(result.verified).toBe(true); + } + + it("generate a proof of knowledge of signature in G1", () => { + checkPoK(bbsPlusSignG1, bbsPlusVerifyG1, bbsPlusInitializeProofOfKnowledgeOfSignature, bbsPlusChallengeContributionFromProtocol, bbsPlusChallengeContributionFromProof, bbsPlusVerifyProofOfKnowledgeOfSignature) + }); + + it("generate a proof of knowledge of signature in G1 with constant time encoding", () => { + checkPoK(bbsPlusSignG1ConstantTime, bbsPlusVerifyG1ConstantTime, bbsPlusInitializeProofOfKnowledgeOfSignatureConstantTime, bbsPlusChallengeContributionFromProtocolConstantTime, bbsPlusChallengeContributionFromProofConstantTime, bbsPlusVerifyProofOfKnowledgeOfSignatureConstantTime) }); }); diff --git a/tests/js/bddt16Kvac.spec.ts b/tests/js/bddt16Kvac.spec.ts index 0ab7088..d69c8c0 100644 --- a/tests/js/bddt16Kvac.spec.ts +++ b/tests/js/bddt16Kvac.spec.ts @@ -17,11 +17,14 @@ import { bddt16MacGeneratePublicKeyG1, bddt16MacIsPublicKeyG1Valid, bddt16MacProofOfValidity, - bddt16MacVerifyProofOfValidity + bddt16MacVerifyProofOfValidity, + bddt16MacGenerateConstantTime, + bddt16MacVerifyConstantTime, + bddt16MacCommitMsgsConstantTime, bddt16BlindMacGenerateConstantTime } from "../../lib"; import {checkResult, stringToBytes} from "./util"; -describe("For BBS+ signatures", () => { +describe("For BDDT16 MAC", () => { let macParams: Bddt16MacParams, sk: Uint8Array, pkG1: Uint8Array; const seed = new Uint8Array([0, 2, 3, 4, 5]); const messages = [ @@ -82,10 +85,16 @@ describe("For BBS+ signatures", () => { expect(bddt16MacIsPublicKeyG1Valid(pkG1)).toBe(true); }); - it("generate and verify MAC and its proof of validity", () => { + it("generate and verify MAC", () => { const mac = bddt16MacGenerate(messages, sk, macParams, true); const res = bddt16MacVerify(messages, mac, sk, macParams, true); checkResult(res); + }); + + it("generate and verify MAC and its proof of validity with constant time encoding", () => { + const mac = bddt16MacGenerateConstantTime(messages, sk, macParams, true); + const res = bddt16MacVerifyConstantTime(messages, mac, sk, macParams, true); + checkResult(res); let proofOfValidity = bddt16MacProofOfValidity(mac, sk, pkG1, macParams); checkResult(bddt16MacVerifyProofOfValidity(proofOfValidity, mac, messages, pkG1, macParams, true)); @@ -108,7 +117,7 @@ describe("For BBS+ signatures", () => { expect(params1.g_vec[1]).toEqual(params2.g_vec[1]); }); - it("generate and verify a blind MAC", () => { + function checkBlind(commitFunc, signFunc, verifyFunc) { // Commit to message indices 1 and 5 const msgsToCommit = new Map(); msgsToCommit.set(1, messages[1]); @@ -121,13 +130,13 @@ describe("For BBS+ signatures", () => { msgsNotToCommit.set(4, messages[4]); const blinding = generateRandomFieldElement(); - const commitment = bddt16MacCommitMsgs( + const commitment = commitFunc( msgsToCommit, blinding, macParams, true ); - const blindMac = bddt16BlindMacGenerate( + const blindMac = signFunc( commitment, msgsNotToCommit, sk, @@ -135,7 +144,15 @@ describe("For BBS+ signatures", () => { true ); const mac = bddt16UnblindMac(blindMac, blinding); - const res = bddt16MacVerify(messages, mac, sk, macParams, true); + const res = verifyFunc(messages, mac, sk, macParams, true); expect(res.verified).toBe(true); + } + + it("generate and verify a blind MAC", () => { + checkBlind(bddt16MacCommitMsgs, bddt16BlindMacGenerate, bddt16MacVerify) + }); + + it("generate and verify a blind MAC with constant time encoding", () => { + checkBlind(bddt16MacCommitMsgsConstantTime, bddt16BlindMacGenerateConstantTime, bddt16MacVerifyConstantTime) }); }) \ No newline at end of file diff --git a/tests/js/general.spec.ts b/tests/js/general.spec.ts index 68b5489..4b371c6 100644 --- a/tests/js/general.spec.ts +++ b/tests/js/general.spec.ts @@ -3,8 +3,9 @@ import { fieldElementAsBytes, initializeWasm, isWasmInitialized, - requireWasmInitialized, + requireWasmInitialized, encodeMessageForSigning, encodeMessageForSigningInConstantTime, } from "../../lib"; +import {stringToBytes} from "./util"; describe("For WASM initialization", () => { it("returns false when not initialized", () => { @@ -61,4 +62,21 @@ describe("For utils", () => { expect(bytearrayToNumber(generateFieldElementFromNumber(i))).toEqual(i); }) }) + + it("message encoding timings", () => { + const count = 500; + console.time('Variable time encoding'); + for (let i = 0; i < count; i++) { + let m = stringToBytes(`message no-${i + 1}`); + m = encodeMessageForSigning(m) + } + console.timeEnd('Variable time encoding'); + + console.time('Constant time encoding'); + for (let i = 0; i < count; i++) { + let m = stringToBytes(`message no-${i + 1}`); + m = encodeMessageForSigningInConstantTime(m) + } + console.timeEnd('Constant time encoding'); + }) }); diff --git a/tests/js/proofSystem.spec.ts b/tests/js/proofSystem.spec.ts index 2eb1097..d97da7b 100644 --- a/tests/js/proofSystem.spec.ts +++ b/tests/js/proofSystem.spec.ts @@ -1,16 +1,12 @@ import { BbsPlusSigParams, accumulatorDeriveMembershipProvingKeyFromNonMembershipKey, - bbsPlusBlindSignG1, - bbsPlusCommitMsgsInG1, - encodeMessageForSigning, - encodeMessagesForSigning, + encodeMessageForSigningInConstantTime, + encodeMessagesForSigningInConstantTime, bbsPlusGetBasesForCommitmentG1, generatePoKPSSignatureStatement, bbsPlusSignG1, - generatePoKPSSignatureWitness, bbsPlusUnblindSigG1, - bbsPlusVerifyG1, generateAccumulatorMembershipStatement, generateAccumulatorMembershipWitness, generateAccumulatorNonMembershipStatement, @@ -25,8 +21,6 @@ import { generateNonMembershipProvingKey, generatePedersenCommitmentG1Statement, generatePedersenCommitmentWitness, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness, generateCompositeProofG1, generateProofSpecG1, generateRandomFieldElement, @@ -55,7 +49,6 @@ import { generateSetupParamForVbAccumulatorPublicKey, generateSetupParamForVbAccumulatorMemProvingKey, generateSetupParamForVbAccumulatorNonMemProvingKey, - generatePoKBBSPlusSignatureVerifierStatementFromParamRefs, generateAccumulatorMembershipStatementFromParamRefs, generateAccumulatorNonMembershipStatementFromParamRefs, IUniversalAccumulator, @@ -67,35 +60,20 @@ import { bbsGenerateSignatureParams, bbsGenerateSigningKey, bbsGeneratePublicKey, - generatePoKBBSSignatureVerifierStatement, - bbsSign, generatePoKBBSSignatureWitness, generateSetupParamForBBSSignatureParameters, - generatePoKBBSSignatureVerifierStatementFromParamRefs, generatePublicInequalityG1Statement, generatePedersenCommKeyG1, generatePublicInequalityWitness, Bddt16MacParams, bddt16GenerateMacParams, bddt16MacGenerateSecretKey, - bddt16MacGenerate, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, generatePoKBDDT16MacFullVerifierStatement, - bddt16MacVerify, - bddt16BlindMacGenerate, bddt16UnblindMac, - bddt16MacCommitMsgs, bddt16MacGetBasesForCommitment, generateAccumulatorKVMembershipStatement, generateAccumulatorKVFullVerifierMembershipStatement, generateSetupParamForBDDT16MacParameters, - generatePoKBDDT16MacStatementFromParamRefs, - generatePoKBDDT16MacFullVerifierStatementFromParamRefs, - generatePoKBBSSignatureProverStatement, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureProverStatementFromParamRefs, - generatePoKBBSSignatureProverStatementFromParamRefs, generateMembershipProvingKey, getAllKeyedSubproofsFromProof, verifyBDDT16KeyedProof, @@ -117,7 +95,39 @@ import { generateKBUniversalAccumulatorMembershipVerifierStatementFromParamRefs, generateKBUniversalAccumulatorNonMembershipVerifierStatementFromParamRefs, verifyKBUniAccumMembershipKeyedProof, - verifyKBUniAccumNonMembershipKeyedProof + verifyKBUniAccumNonMembershipKeyedProof, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementConstantTime, + generatePoKBBSSignatureVerifierStatementConstantTime, + generatePoKBBSSignatureWitnessConstantTime, + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime, + generatePoKPSSignatureStatementConstantTime, + generatePoKPSSignatureWitnessConstantTime, + generatePoKBDDT16MacWitnessConstantTime, + generatePoKBDDT16MacStatementConstantTime, + bddt16MacGenerateConstantTime, + bbsPlusSignG1ConstantTime, + bbsPlusBlindSignG1ConstantTime, + bbsPlusVerifyG1ConstantTime, + bbsPlusCommitMsgsInG1ConstantTime, + bddt16MacVerifyConstantTime, + bddt16BlindMacGenerateConstantTime, + bddt16MacCommitMsgsConstantTime, + generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime, + generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime, + generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime, + generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime, + generatePoKBBSSignatureProverStatementFromParamRefsConstantTime, + generatePoKBDDT16MacStatementFromParamRefsConstantTime, + generatePoKBDDT16MacFullVerifierStatementConstantTime, + proofOfValidityOfBDDT16KeyedProof, + bddt16MacGeneratePublicKeyG1, + verifyProofOfValidityOfBDDT16KeyedProof, + generatePoKBBSSignatureProverStatementNew, + generatePoKBBSSignatureVerifierStatementNew, + generatePoKBBSSignatureProverStatementFromParamRefsNew, generatePoKBBSSignatureVerifierStatementFromParamRefsNew } from "../../lib"; import { BbsSigParams, PSSigParams } from "../../lib/types"; import {checkResult, getRevealedUnrevealed, stringToBytes} from "./util"; @@ -131,7 +141,7 @@ function setupMessages( for (let i = 0; i < messageCount; i++) { let m = stringToBytes(`${prefix}-${i + 1}`); if (encode) { - m = encodeMessageForSigning(m); + m = encodeMessageForSigningInConstantTime(m); } messages.push(m); } @@ -423,19 +433,19 @@ describe("Proving knowledge of many signatures", () => { if (isKvac) { const statements: Uint8Array[] = []; - statements.push(generatePoKBDDT16MacFullVerifierStatement( + statements.push(generatePoKBDDT16MacFullVerifierStatementConstantTime( sigParams1, sk1, revealedMsgs1, encodeWhileSigning )); - statements.push(generatePoKBDDT16MacFullVerifierStatement( + statements.push(generatePoKBDDT16MacFullVerifierStatementConstantTime( sigParams2, sk2, revealedMsgs2, encodeWhileSigning )); - statements.push(generatePoKBDDT16MacFullVerifierStatement( + statements.push(generatePoKBDDT16MacFullVerifierStatementConstantTime( sigParams3, sk3, revealedMsgs3, @@ -463,10 +473,10 @@ describe("Proving knowledge of many signatures", () => { proveAndVerifySig( setupBBS, - bbsSign, - generatePoKBBSSignatureProverStatement, - generatePoKBBSSignatureVerifierStatement, - generatePoKBBSSignatureWitness, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementConstantTime, + generatePoKBBSSignatureVerifierStatementConstantTime, + generatePoKBBSSignatureWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -474,15 +484,27 @@ describe("Proving knowledge of many signatures", () => { ); proveAndVerifySig( setupBBS, - bbsSign, - generatePoKBBSSignatureProverStatement, - generatePoKBBSSignatureVerifierStatement, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementConstantTime, + generatePoKBBSSignatureVerifierStatementConstantTime, generatePoKBBSSignatureWitness, messageCount1, messageCount2, messageCount3, false ); + // Using the new protocol + proveAndVerifySig( + setupBBS, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementNew, + generatePoKBBSSignatureVerifierStatementNew, + generatePoKBBSSignatureWitnessConstantTime, + messageCount1, + messageCount2, + messageCount3, + false + ); }); it("generate and verify a proof of knowledge of 3 BBS+ signatures", () => { @@ -492,10 +514,10 @@ describe("Proving knowledge of many signatures", () => { proveAndVerifySig( setupBBSPlus, - bbsPlusSignG1, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness, + bbsPlusSignG1ConstantTime, + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -504,9 +526,9 @@ describe("Proving knowledge of many signatures", () => { proveAndVerifySig( setupBBSPlus, bbsPlusSignG1, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness, + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -522,9 +544,9 @@ describe("Proving knowledge of many signatures", () => { proveAndVerifySig( setupPS, psSign, - generatePoKPSSignatureStatement, - generatePoKPSSignatureStatement, - generatePoKPSSignatureWitness, + generatePoKPSSignatureStatementConstantTime, + generatePoKPSSignatureStatementConstantTime, + generatePoKPSSignatureWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -540,10 +562,10 @@ describe("Proving knowledge of many signatures", () => { proveAndVerifySig( setupBDDT16, - bddt16MacGenerate, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, + bddt16MacGenerateConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -553,10 +575,10 @@ describe("Proving knowledge of many signatures", () => { ); proveAndVerifySig( setupBDDT16, - bddt16MacGenerate, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, + bddt16MacGenerateConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacWitnessConstantTime, messageCount1, messageCount2, messageCount3, @@ -863,20 +885,30 @@ describe("Proving knowledge of signatures and accumulator membership and non-mem it("generate and verify a proof of knowledge of a BBS signature and accumulator membership", () => { check( setupBBS, - bbsSign, - generatePoKBBSSignatureProverStatement, - generatePoKBBSSignatureVerifierStatement, - generatePoKBBSSignatureWitness + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementConstantTime, + generatePoKBBSSignatureVerifierStatementConstantTime, + generatePoKBBSSignatureWitnessConstantTime + ); + }); + + it("generate and verify a proof of knowledge of a BBS signature using new protocol and accumulator membership", () => { + check( + setupBBS, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementNew, + generatePoKBBSSignatureVerifierStatementNew, + generatePoKBBSSignatureWitnessConstantTime ); }); it("generate and verify a proof of knowledge of a BBS+ signature and accumulator membership", () => { check( setupBBSPlus, - bbsPlusSignG1, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness + bbsPlusSignG1ConstantTime, + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime ); }); @@ -884,9 +916,9 @@ describe("Proving knowledge of signatures and accumulator membership and non-mem check( setupPS, psSign, + generatePoKPSSignatureStatementConstantTime, generatePoKPSSignatureStatement, - generatePoKPSSignatureStatement, - generatePoKPSSignatureWitness, + generatePoKPSSignatureWitnessConstantTime, true ); }); @@ -894,10 +926,10 @@ describe("Proving knowledge of signatures and accumulator membership and non-mem it("generate and verify a proof of knowledge of a MAC and accumulator membership", () => { check( setupBDDT16, - bddt16MacGenerate, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, + bddt16MacGenerateConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacWitnessConstantTime, false, true ); @@ -927,6 +959,7 @@ describe("Proving knowledge of a signature or MAC while requesting a partially b messages2[5] = messages1[4]; const sig1 = sign(messages1, sk1, sigParams1, true); + checkResult(isKvac ? verify(messages1, sig1, sk1, sigParams1, true) : verify(messages1, sig1, pk1, sigParams1, true)) const revealedIndices1 = new Set(); revealedIndices1.add(0); @@ -985,7 +1018,7 @@ describe("Proving knowledge of a signature or MAC while requesting a partially b true ); - const pcWits = encodeMessagesForSigning(messages2, indicesToCommit); + const pcWits = encodeMessagesForSigningInConstantTime(messages2, indicesToCommit); pcWits.splice(0, 0, blinding); const witness2 = generatePedersenCommitmentWitness(pcWits); @@ -1030,30 +1063,30 @@ describe("Proving knowledge of a signature or MAC while requesting a partially b it("generate and verify a proof of knowledge of a BBS+ signature and request a blind BBS+ signature", () => { check( setupBBSPlus, - bbsPlusSignG1, - bbsPlusVerifyG1, - bbsPlusBlindSignG1, + bbsPlusSignG1ConstantTime, + bbsPlusVerifyG1ConstantTime, + bbsPlusBlindSignG1ConstantTime, bbsPlusUnblindSigG1, - bbsPlusCommitMsgsInG1, + bbsPlusCommitMsgsInG1ConstantTime, bbsPlusGetBasesForCommitmentG1, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime ) }); it("generate and verify a proof of knowledge of a MAC and request a blind MAC", () => { check( setupBDDT16, - bddt16MacGenerate, - bddt16MacVerify, - bddt16BlindMacGenerate, + bddt16MacGenerateConstantTime, + bddt16MacVerifyConstantTime, + bddt16BlindMacGenerateConstantTime, bddt16UnblindMac, - bddt16MacCommitMsgs, + bddt16MacCommitMsgsConstantTime, bddt16MacGetBasesForCommitment, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacWitnessConstantTime, true ) }); @@ -1674,10 +1707,10 @@ describe("Reusing setup params of BBS, BBS+ and accumulator", () => { if (isKvac) { const statements: Uint8Array[] = []; - statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefs(0, sigSk1, revealedMsgs1, false)); - statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefs(0, sigSk1, revealedMsgs2, false)); - statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefs(1, sigSk2, revealedMsgs3, false)); - statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefs(1, sigSk2, revealedMsgs4, false)); + statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime(0, sigSk1, revealedMsgs1, false)); + statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime(0, sigSk1, revealedMsgs2, false)); + statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime(1, sigSk2, revealedMsgs3, false)); + statements.push(generatePoKBDDT16MacFullVerifierStatementFromParamRefsConstantTime(1, sigSk2, revealedMsgs4, false)); statements.push(statement5); statements.push(statement6); statements.push(statement7); @@ -1698,16 +1731,20 @@ describe("Reusing setup params of BBS, BBS+ and accumulator", () => { } it("generate and verify a proof of knowledge with BBS+ signature and accumulator using setup parameters", () => { - check(sigParams1, sigSk1, sigPk1, sigParams2, sigSk2, sigPk2, bbsPlusSignG1, generateSetupParamForBBSPlusSignatureParametersG1, generateSetupParamForBBSPlusPublicKeyG2, generatePoKBBSPlusSignatureProverStatementFromParamRefs, generatePoKBBSPlusSignatureVerifierStatementFromParamRefs, generatePoKBBSPlusSignatureWitness) + check(sigParams1, sigSk1, sigPk1, sigParams2, sigSk2, sigPk2, bbsPlusSignG1ConstantTime, generateSetupParamForBBSPlusSignatureParametersG1, generateSetupParamForBBSPlusPublicKeyG2, generatePoKBBSPlusSignatureProverStatementFromParamRefsConstantTime, generatePoKBBSPlusSignatureVerifierStatementFromParamRefsConstantTime, generatePoKBBSPlusSignatureWitnessConstantTime) }); it("generate and verify a proof of knowledge with BBS signature and accumulator using setup parameters", () => { - check(sigParams1, sigSk1, sigPk1, sigParams2, sigSk2, sigPk2, bbsSign, generateSetupParamForBBSSignatureParameters, generateSetupParamForBBSPlusPublicKeyG2, generatePoKBBSSignatureProverStatementFromParamRefs, generatePoKBBSSignatureVerifierStatementFromParamRefs, generatePoKBBSSignatureWitness) + check(sigParams1, sigSk1, sigPk1, sigParams2, sigSk2, sigPk2, bbsSignConstantTime, generateSetupParamForBBSSignatureParameters, generateSetupParamForBBSPlusPublicKeyG2, generatePoKBBSSignatureProverStatementFromParamRefsConstantTime, generatePoKBBSSignatureVerifierStatementFromParamRefsConstantTime, generatePoKBBSSignatureWitnessConstantTime) + }); + + it("generate and verify a proof of knowledge with BBS signature using new protocol and accumulator using setup parameters", () => { + check(sigParams1, sigSk1, sigPk1, sigParams2, sigSk2, sigPk2, bbsSignConstantTime, generateSetupParamForBBSSignatureParameters, generateSetupParamForBBSPlusPublicKeyG2, generatePoKBBSSignatureProverStatementFromParamRefsNew, generatePoKBBSSignatureVerifierStatementFromParamRefsNew, generatePoKBBSSignatureWitnessConstantTime) }); it("generate and verify a proof of knowledge with MAC and accumulator using setup parameters", () => { check( - macParams1, macSk1, undefined, macParams2, macSk2, undefined, bddt16MacGenerate, generateSetupParamForBDDT16MacParameters, undefined, generatePoKBDDT16MacStatementFromParamRefs, generatePoKBDDT16MacStatementFromParamRefs, generatePoKBDDT16MacWitness, true + macParams1, macSk1, undefined, macParams2, macSk2, undefined, bddt16MacGenerateConstantTime, generateSetupParamForBDDT16MacParameters, undefined, generatePoKBDDT16MacStatementFromParamRefsConstantTime, generatePoKBDDT16MacStatementFromParamRefsConstantTime, generatePoKBDDT16MacWitnessConstantTime, true ) }); }); @@ -1821,20 +1858,30 @@ describe("Proving knowledge of signature and inequality of a signed message with it("when BBS signatures", () => { check( setupBBS, - bbsSign, - generatePoKBBSSignatureProverStatement, - generatePoKBBSSignatureVerifierStatement, - generatePoKBBSSignatureWitness, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementConstantTime, + generatePoKBBSSignatureVerifierStatementConstantTime, + generatePoKBBSSignatureWitnessConstantTime, + ); + }); + + it("when BBS signatures - new protocol", () => { + check( + setupBBS, + bbsSignConstantTime, + generatePoKBBSSignatureProverStatementNew, + generatePoKBBSSignatureVerifierStatementNew, + generatePoKBBSSignatureWitnessConstantTime, ); }); it("when BBS+ signatures", () => { check( setupBBSPlus, - bbsPlusSignG1, - generatePoKBBSPlusSignatureProverStatement, - generatePoKBBSPlusSignatureVerifierStatement, - generatePoKBBSPlusSignatureWitness, + bbsPlusSignG1ConstantTime, + generatePoKBBSPlusSignatureProverStatementConstantTime, + generatePoKBBSPlusSignatureVerifierStatementConstantTime, + generatePoKBBSPlusSignatureWitnessConstantTime, ); }); @@ -1842,9 +1889,9 @@ describe("Proving knowledge of signature and inequality of a signed message with check( setupPS, psSign, - generatePoKPSSignatureStatement, - generatePoKPSSignatureStatement, - generatePoKPSSignatureWitness, + generatePoKPSSignatureStatementConstantTime, + generatePoKPSSignatureStatementConstantTime, + generatePoKPSSignatureWitnessConstantTime, true ); }); @@ -1852,10 +1899,10 @@ describe("Proving knowledge of signature and inequality of a signed message with it("when BDDT16 MAC signatures", () => { check( setupBDDT16, - bddt16MacGenerate, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacStatement, - generatePoKBDDT16MacWitness, + bddt16MacGenerateConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacStatementConstantTime, + generatePoKBDDT16MacWitnessConstantTime, false, true ); @@ -1887,8 +1934,8 @@ describe("Keyed proofs", () => { const nonMember = messages1[3]; - const sig1 = bbsSign(messages1, bbsSk, bbsParams, false); - const sig2 = bddt16MacGenerate(messages2, bddt16Sk, bddt16Params, false); + const sig1 = bbsSignConstantTime(messages1, bbsSk, bbsParams, false); + const sig2 = bddt16MacGenerateConstantTime(messages2, bddt16Sk, bddt16Params, false); const params = generateAccumulatorParams(); const sk = generateAccumulatorSecretKey(); @@ -1933,8 +1980,8 @@ describe("Keyed proofs", () => { ); const proverStatements: Uint8Array[] = []; - proverStatements.push(generatePoKBBSSignatureProverStatement(bbsParams, revealedMsgs1, false)); - proverStatements.push(generatePoKBDDT16MacStatement(bddt16Params, revealedMsgs2, false)); + proverStatements.push(generatePoKBBSSignatureProverStatementConstantTime(bbsParams, revealedMsgs1, false)); + proverStatements.push(generatePoKBDDT16MacStatementConstantTime(bddt16Params, revealedMsgs2, false)); proverStatements.push(generateAccumulatorMembershipStatement( params, @@ -1969,8 +2016,8 @@ describe("Keyed proofs", () => { const proverProofSpec = generateProofSpecG1(proverStatements, metaStatements, []); expect(isProofSpecG1Valid(proverProofSpec)).toEqual(true); - const witness1 = generatePoKBBSSignatureWitness(sig1, unrevealedMsgs1, false); - const witness2 = generatePoKBDDT16MacWitness(sig2, unrevealedMsgs2, false); + const witness1 = generatePoKBBSSignatureWitnessConstantTime(sig1, unrevealedMsgs1, false); + const witness2 = generatePoKBDDT16MacWitnessConstantTime(sig2, unrevealedMsgs2, false); const witness3 = generateAccumulatorMembershipWitness(member, witness); const witness4 = generateAccumulatorMembershipWitness(member, witness); const witness5 = generateKBUniversalAccumulatorMembershipWitness(member, kbUniMemWitness); @@ -1991,11 +2038,11 @@ describe("Keyed proofs", () => { const proof = generateCompositeProofG1(proverProofSpec, witnesses); const verifierStatements: Uint8Array[] = []; - verifierStatements.push(generatePoKBBSSignatureVerifierStatement(bbsParams, + verifierStatements.push(generatePoKBBSSignatureVerifierStatementConstantTime(bbsParams, bbsPk, revealedMsgs1, false)); - verifierStatements.push(generatePoKBDDT16MacStatement(bddt16Params, + verifierStatements.push(generatePoKBDDT16MacStatementConstantTime(bddt16Params, revealedMsgs1, false)); verifierStatements.push(generateAccumulatorMembershipStatement( @@ -2041,5 +2088,11 @@ describe("Keyed proofs", () => { checkResult(verifyKBUniAccumMembershipKeyedProof(dp2[1], sk)); // @ts-ignore checkResult(verifyKBUniAccumNonMembershipKeyedProof(dp3[1], sk)); + + const pkG1 = bddt16MacGeneratePublicKeyG1(bddt16Sk, bddt16Params); + // @ts-ignore + const pv = proofOfValidityOfBDDT16KeyedProof(dp0[1], bddt16Sk, pkG1, bddt16Params); + // @ts-ignore + checkResult(verifyProofOfValidityOfBDDT16KeyedProof(pv, dp0[1], pkG1, bddt16Params)); }) }) \ No newline at end of file diff --git a/tests/js/ps.spec.ts b/tests/js/ps.spec.ts index 311fb3f..9985d7e 100644 --- a/tests/js/ps.spec.ts +++ b/tests/js/ps.spec.ts @@ -226,7 +226,7 @@ describe("For PS signatures", () => { } const blindSig = psBlindSign(msgOrComs, sk, h); - const sig = psUnblindSignature(blindSig, usedBlindings, pk); + const sig = psUnblindSignature(blindSig, usedBlindings, pk, h); const res = psVerify(messages, sig, pk, sigParams); expect(res.verified).toBe(true); }); diff --git a/tests/js/thresholdBbsPlusAndBbs.spec.ts b/tests/js/thresholdBbsPlusAndBbs.spec.ts index 1c68cab..e292189 100644 --- a/tests/js/thresholdBbsPlusAndBbs.spec.ts +++ b/tests/js/thresholdBbsPlusAndBbs.spec.ts @@ -107,8 +107,6 @@ describe("For threshold BBS+ and BBS", () => { } gadgetVector = generateGadgetVectorForThresholdSig(stringToBytes("test")); - console.log(gadgetVector.length); - console.log(gadgetVector); }); it("run base OT phase", () => { @@ -262,7 +260,7 @@ describe("For threshold BBS+ and BBS", () => { checkThresholdSig(protocolId, paramsBbsPlus, thresholdPubkeyBbsPlus, secretKeysBbsPlus, thresholdBbsPlusStartPhase1, thresholdBbsPlusPhase1ProcessCommitments, thresholdBbsPlusPhase1GetSharesForOther, thresholdBbsPlusPhase1ProcessShares, thresholdBbsPlusPhase1Finish, thresholdBbsPlusPhase2Start, thresholdBbsPlusPhase2ReceiveMessage1, thresholdBbsPlusPhase2ReceiveMessage2, thresholdBbsPlusPhase2Finish, thresholdBbsPlusCreateSignatureShare, thresholdBbsPlusAggregateSignatureShares, bbsPlusVerifyG1) }) - it("create a threshold BBS+ signature", () => { + it("create a threshold BBS signature", () => { const protocolId = stringToBytes("test BBS"); checkThresholdSig(protocolId, paramsBbs, thresholdPubkeyBbs, secretKeysBbs, thresholdBbsStartPhase1, thresholdBbsPhase1ProcessCommitments, thresholdBbsPhase1GetSharesForOther, thresholdBbsPhase1ProcessShares, thresholdBbsPhase1Finish, thresholdBbsPhase2Start, thresholdBbsPhase2ReceiveMessage1, thresholdBbsPhase2ReceiveMessage2, thresholdBbsPhase2Finish, thresholdBbsCreateSignatureShare, thresholdBbsAggregateSignatureShares, bbsVerify) })