func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey
func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey
func NewNymPublicKey(pk Ecp) *nymPublicKey
func NewNymSecretKey(sk Big, pk Ecp, exportable bool) (*nymSecretKey, error)
func NewRevocationPublicKey(pubKey *ecdsa.PublicKey) *revocationPublicKey
func NewRevocationSecretKey(sk *ecdsa.PrivateKey, exportable bool) *revocationSecretKey
func NewUserSecretKey(sk Big, exportable bool) *userSecretKey
Big represent a big integer
type Big interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
}
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credential requests.
type CredRequest interface {
// Sign creates a new Credential Request, the first message of the interactive credential issuance protocol
// (from user to issuer)
Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error)
// Verify verifies the credential request
Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error
}
CredRequest is a local interface to decouple from the idemix implementation of the issuance of credentials.
type Credential interface {
// Sign issues a new credential, which is the last step of the interactive issuance protocol
// All attribute values are added by the issuer at this step and then signed together with a commitment to
// the user's secret key from a credential request
Sign(key IssuerSecretKey, credentialRequest []byte, attributes []bccsp.IdemixAttribute) ([]byte, error)
// Verify cryptographically verifies the credential by verifying the signature
// on the attribute values and user's secret key
Verify(sk Big, ipk IssuerPublicKey, credential []byte, attributes []bccsp.IdemixAttribute) error
}
CredentialRequestSigner produces credential requests
type CredentialRequestSigner struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
CredentialRequestVerifier verifies credential requests
type CredentialRequestVerifier struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
type CredentialSigner struct {
Credential Credential
}
func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
type CredentialVerifier struct {
Credential Credential
}
func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
type CriSigner struct {
Revocation Revocation
}
func (s *CriSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
type CriVerifier struct {
Revocation Revocation
}
func (v *CriVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
Ecp represents an elliptic curve point
type Ecp interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
}
Issuer is a local interface to decouple from the idemix implementation
type Issuer interface {
// NewKey generates a new idemix issuer key w.r.t the passed attribute names.
NewKey(AttributeNames []string) (IssuerSecretKey, error)
// NewPublicKeyFromBytes converts the passed bytes to an Issuer public key
// It makes sure that the so obtained public key has the passed attributes, if specified
NewPublicKeyFromBytes(raw []byte, attributes []string) (IssuerPublicKey, error)
}
IssuerKeyGen generates issuer secret keys.
type IssuerKeyGen struct {
// exportable is a flag to allow an issuer secret key to be marked as exportable.
// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
Exportable bool
// Issuer implements the underlying cryptographic algorithms
Issuer Issuer
}
func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
IssuerPublicKey is the issuer public key
type IssuerPublicKey interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
// Hash returns the hash representation of this key.
// The output is supposed to be collision-resistant
Hash() []byte
}
IssuerPublicKeyImporter imports issuer public keys
type IssuerPublicKeyImporter struct {
// Issuer implements the underlying cryptographic algorithms
Issuer Issuer
}
func (i *IssuerPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
IssuerPublicKey is the issuer secret key
type IssuerSecretKey interface {
// Bytes returns the byte representation of this key
Bytes() ([]byte, error)
// Public returns the corresponding public key
Public() IssuerPublicKey
}
NymKeyDerivation derives nyms
type NymKeyDerivation struct {
// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
NymPublicKeyImporter imports nym public keys
type NymPublicKeyImporter struct {
// User implements the underlying cryptographic algorithms
User User
}
func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
NymSignatureScheme is a local interface to decouple from the idemix implementation the nym sign-related operations
type NymSignatureScheme interface {
// Sign creates a new idemix pseudonym signature
Sign(sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, digest []byte) ([]byte, error)
// Verify verifies an idemix NymSignature
Verify(pk IssuerPublicKey, Nym Ecp, signature, digest []byte) error
}
type NymSigner struct {
NymSignatureScheme NymSignatureScheme
}
func (s *NymSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
type NymVerifier struct {
NymSignatureScheme NymSignatureScheme
}
func (v *NymVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)
Revocation is a local interface to decouple from the idemix implementation the revocation-related operations
type Revocation interface {
// NewKey generates a long term signing key that will be used for revocation
NewKey() (*ecdsa.PrivateKey, error)
// Sign creates the Credential Revocation Information for a certain time period (epoch).
// Users can use the CRI to prove that they are not revoked.
// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
// and the resulting CRI can be used by any signer.
Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) ([]byte, error)
// Verify verifies that the revocation PK for a certain epoch is valid,
// by checking that it was signed with the long term revocation key.
// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
// to verify the signature to make sure the issuer indeed signed that no revocation
// is used in this epoch.
Verify(pk *ecdsa.PublicKey, cri []byte, epoch int, alg bccsp.RevocationAlgorithm) error
}
RevocationKeyGen generates revocation secret keys.
type RevocationKeyGen struct {
// exportable is a flag to allow an revocation secret key to be marked as exportable.
// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
Exportable bool
// Revocation implements the underlying cryptographic algorithms
Revocation Revocation
}
func (g *RevocationKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
RevocationPublicKeyImporter imports revocation public keys
type RevocationPublicKeyImporter struct {
}
func (i *RevocationPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
SignatureScheme is a local interface to decouple from the idemix implementation the sign-related operations
type SignatureScheme interface {
// Sign creates a new idemix signature (Schnorr-type signature).
// The attributes slice steers which attributes are disclosed:
// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise it is disclosed.
// We require the revocation handle to remain undisclosed (i.e., attributes[rhIndex] == bccsp.IdemixHiddenAttribute).
// Parameters are to be understood as follow:
// cred: the serialized version of an idemix credential;
// sk: the user secret key;
// (Nym, RNym): Nym key-pair;
// ipk: issuer public key;
// attributes: as described above;
// msg: the message to be signed;
// rhIndex: revocation handle index relative to attributes;
// cri: the serialized version of the Credential Revocation Information (it contains the epoch this signature
// is created in reference to).
Sign(cred []byte, sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, attributes []bccsp.IdemixAttribute,
msg []byte, rhIndex int, cri []byte) ([]byte, error)
// Verify verifies an idemix signature.
// The attribute slice steers which attributes it expects to be disclosed
// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise
// attributes[i].Value is expected to contain the disclosed attribute value.
// In other words, this function will check that if attribute i is disclosed, the i-th attribute equals attributes[i].Value.
// Parameters are to be understood as follow:
// ipk: issuer public key;
// signature: signature to verify;
// msg: message signed;
// attributes: as described above;
// rhIndex: revocation handle index relative to attributes;
// revocationPublicKey: revocation public key;
// epoch: revocation epoch.
Verify(ipk IssuerPublicKey, signature, msg []byte, attributes []bccsp.IdemixAttribute, rhIndex int, revocationPublicKey *ecdsa.PublicKey, epoch int) error
}
type Signer struct {
SignatureScheme SignatureScheme
}
func (s *Signer) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)
User is a local interface to decouple from the idemix implementation
type User interface {
// NewKey generates a new User secret key
NewKey() (Big, error)
// NewKeyFromBytes converts the passed bytes to a User secret key
NewKeyFromBytes(raw []byte) (Big, error)
// MakeNym creates a new unlinkable pseudonym
MakeNym(sk Big, key IssuerPublicKey) (Ecp, Big, error)
// NewPublicNymFromBytes converts the passed bytes to a public nym
NewPublicNymFromBytes(raw []byte) (Ecp, error)
}
type UserKeyGen struct {
// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
func (g *UserKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)
UserKeyImporter import user keys
type UserKeyImporter struct {
// Exportable is a flag to allow a secret key to be marked as Exportable.
// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
Exportable bool
// User implements the underlying cryptographic algorithms
User User
}
func (i *UserKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
type Verifier struct {
SignatureScheme SignatureScheme
}
func (v *Verifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)