github.com/Hnampk/my-fabric@v0.0.0-20201028083322-75069da399c0/idemix/idemix.proto

github.com/Hnampk/my-fabric@v0.0.0-20201028083322-75069da399c0/idemix/idemix.proto (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  syntax = "proto3";
     8  
     9  option go_package = "github.com/hyperledger/fabric/idemix";
    10  
    11  // The Identity Mixer protocols make use of pairings (bilinear maps) -
    12  // functions that can be described as e: G1 x G2 -> GT  that
    13  // map group elements from the source groups (G1 and G2) to the target group
    14  // Such groups can be represented by the points on an elliptic curve
    15  
    16  // ECP is an elliptic curve point specified by its coordinates
    17  // ECP corresponds to an element of the first group (G1)
    18  message ECP {
    19  	bytes x = 1;
    20  	bytes y = 2;
    21  }
    22  
    23  // ECP2 is an elliptic curve point specified by its coordinates
    24  // ECP2 corresponds to an element of the second group (G2)
    25  message ECP2 {
    26  	bytes xa = 1;
    27  	bytes xb = 2;
    28  	bytes ya = 3;
    29  	bytes yb = 4;
    30  }
    31  
    32  // IssuerPublicKey specifies an issuer public key that consists of
    33  // attribute_names - a list of the attribute names of a credential issued by the issuer
    34  // h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes
    35  // proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key
    36  // hash is a hash of the public key appended to it
    37  message IssuerPublicKey {
    38  	repeated string attribute_names = 1;
    39  	ECP h_sk = 2;
    40  	ECP h_rand = 3;
    41  	repeated ECP h_attrs = 4;
    42  	ECP2 w = 5;
    43  	ECP bar_g1 = 6;
    44  	ECP bar_g2 = 7;
    45  	bytes proof_c = 8;
    46  	bytes proof_s = 9;
    47  	bytes hash = 10;
    48  }
    49  
    50  // IssuerKey specifies an issuer key pair that consists of
    51  // ISk - the issuer secret key and
    52  // IssuerPublicKey - the issuer public key
    53  message IssuerKey {
    54  	bytes isk = 1;
    55  	IssuerPublicKey ipk = 2;
    56  }
    57  
    58  // Credential specifies a credential object that consists of
    59  // a, b, e, s - signature value
    60  // attrs - attribute values
    61  message Credential {
    62  	ECP a = 1;
    63  	ECP b = 2;
    64  	bytes e = 3;
    65  	bytes s = 4;
    66  	repeated bytes attrs = 5;
    67  }
    68  
    69  // CredRequest specifies a credential request object that consists of
    70  // nym - a pseudonym, which is a commitment to the user secret
    71  // issuer_nonce - a random nonce provided by the issuer
    72  // proof_c, proof_s - a zero-knowledge proof of knowledge of the
    73  // user secret inside Nym
    74  message CredRequest {
    75  	ECP nym = 1;
    76  	bytes issuer_nonce = 2;
    77  	bytes proof_c = 3;
    78  	bytes proof_s = 4;
    79  }
    80  
    81  // Signature specifies a signature object that consists of
    82  // a_prime, a_bar, b_prime, proof_* - randomized credential signature values
    83  // and a zero-knowledge proof of knowledge of a credential
    84  // and the corresponding user secret together with the attribute values
    85  // nonce - a fresh nonce used for the signature
    86  // nym - a fresh pseudonym (a commitment to to the user secret)
    87  message Signature {
    88  	ECP a_prime = 1;
    89  	ECP a_bar = 2;
    90  	ECP b_prime = 3;
    91  	bytes proof_c = 4;
    92  	bytes proof_s_sk = 5;
    93  	bytes proof_s_e = 6;
    94  	bytes proof_s_r2 = 7;
    95  	bytes proof_s_r3 = 8;
    96  	bytes proof_s_s_prime = 9;
    97  	repeated bytes proof_s_attrs = 10;
    98  	bytes nonce = 11;
    99  	ECP nym = 12;
   100  	bytes proof_s_r_nym = 13;
   101  	ECP2 revocation_epoch_pk = 14;
   102  	bytes revocation_pk_sig = 15;
   103  	int64 epoch = 16;
   104  	NonRevocationProof non_revocation_proof = 17;
   105  }
   106  
   107  // NonRevocationProof contains proof that the credential is not revoked
   108  message NonRevocationProof {
   109  	int32 revocation_alg = 1;
   110  	bytes non_revocation_proof = 2;
   111  }
   112  
   113  // NymSignature specifies a signature object that signs a message
   114  // with respect to a pseudonym. It differs from the standard idemix.signature in the fact that
   115  // the  standard signature object also proves that the pseudonym is based on a secret certified by
   116  // a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym
   117  // signed the message
   118  message NymSignature {
   119  	// proof_c is the Fiat-Shamir challenge of the ZKP
   120  	bytes proof_c = 1;
   121  	// proof_s_sk is the s-value proving knowledge of the user secret key
   122  	bytes proof_s_sk = 2;
   123  	//proof_s_r_nym is the s-value proving knowledge of the pseudonym secret
   124  	bytes proof_s_r_nym = 3;
   125  	// nonce is a fresh nonce used for the signature
   126  	bytes nonce = 4;
   127  }
   128  
   129  message CredentialRevocationInformation {
   130  	// epoch contains the epoch (time window) in which this CRI is valid
   131  	int64 epoch = 1;
   132  
   133  	// epoch_pk is the public key that is used by the revocation authority in this epoch
   134  	ECP2 epoch_pk = 2;
   135  
   136  	// epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key
   137  	bytes epoch_pk_sig = 3;
   138  
   139  	// revocation_alg denotes which revocation algorithm is used
   140  	int32 revocation_alg = 4;
   141  
   142  	// revocation_data contains data specific to the revocation algorithm used
   143  	bytes revocation_data = 5;
   144  }