github.com/defanghe/fabric@v2.1.1+incompatible/idemix/idemix.proto (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 syntax = "proto3"; 8 9 option go_package = "github.com/hyperledger/fabric/idemix"; 10 11 // The Identity Mixer protocols make use of pairings (bilinear maps) - 12 // functions that can be described as e: G1 x G2 -> GT that 13 // map group elements from the source groups (G1 and G2) to the target group 14 // Such groups can be represented by the points on an elliptic curve 15 16 // ECP is an elliptic curve point specified by its coordinates 17 // ECP corresponds to an element of the first group (G1) 18 message ECP { 19 bytes x = 1; 20 bytes y = 2; 21 } 22 23 // ECP2 is an elliptic curve point specified by its coordinates 24 // ECP2 corresponds to an element of the second group (G2) 25 message ECP2 { 26 bytes xa = 1; 27 bytes xb = 2; 28 bytes ya = 3; 29 bytes yb = 4; 30 } 31 32 // IssuerPublicKey specifies an issuer public key that consists of 33 // attribute_names - a list of the attribute names of a credential issued by the issuer 34 // h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes 35 // proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key 36 // hash is a hash of the public key appended to it 37 message IssuerPublicKey { 38 repeated string attribute_names = 1; 39 ECP h_sk = 2; 40 ECP h_rand = 3; 41 repeated ECP h_attrs = 4; 42 ECP2 w = 5; 43 ECP bar_g1 = 6; 44 ECP bar_g2 = 7; 45 bytes proof_c = 8; 46 bytes proof_s = 9; 47 bytes hash = 10; 48 } 49 50 // IssuerKey specifies an issuer key pair that consists of 51 // ISk - the issuer secret key and 52 // IssuerPublicKey - the issuer public key 53 message IssuerKey { 54 bytes isk = 1; 55 IssuerPublicKey ipk = 2; 56 } 57 58 // Credential specifies a credential object that consists of 59 // a, b, e, s - signature value 60 // attrs - attribute values 61 message Credential { 62 ECP a = 1; 63 ECP b = 2; 64 bytes e = 3; 65 bytes s = 4; 66 repeated bytes attrs = 5; 67 } 68 69 // CredRequest specifies a credential request object that consists of 70 // nym - a pseudonym, which is a commitment to the user secret 71 // issuer_nonce - a random nonce provided by the issuer 72 // proof_c, proof_s - a zero-knowledge proof of knowledge of the 73 // user secret inside Nym 74 message CredRequest { 75 ECP nym = 1; 76 bytes issuer_nonce = 2; 77 bytes proof_c = 3; 78 bytes proof_s = 4; 79 } 80 81 // Signature specifies a signature object that consists of 82 // a_prime, a_bar, b_prime, proof_* - randomized credential signature values 83 // and a zero-knowledge proof of knowledge of a credential 84 // and the corresponding user secret together with the attribute values 85 // nonce - a fresh nonce used for the signature 86 // nym - a fresh pseudonym (a commitment to to the user secret) 87 message Signature { 88 ECP a_prime = 1; 89 ECP a_bar = 2; 90 ECP b_prime = 3; 91 bytes proof_c = 4; 92 bytes proof_s_sk = 5; 93 bytes proof_s_e = 6; 94 bytes proof_s_r2 = 7; 95 bytes proof_s_r3 = 8; 96 bytes proof_s_s_prime = 9; 97 repeated bytes proof_s_attrs = 10; 98 bytes nonce = 11; 99 ECP nym = 12; 100 bytes proof_s_r_nym = 13; 101 ECP2 revocation_epoch_pk = 14; 102 bytes revocation_pk_sig = 15; 103 int64 epoch = 16; 104 NonRevocationProof non_revocation_proof = 17; 105 } 106 107 // NonRevocationProof contains proof that the credential is not revoked 108 message NonRevocationProof { 109 int32 revocation_alg = 1; 110 bytes non_revocation_proof = 2; 111 } 112 113 // NymSignature specifies a signature object that signs a message 114 // with respect to a pseudonym. It differs from the standard idemix.signature in the fact that 115 // the standard signature object also proves that the pseudonym is based on a secret certified by 116 // a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym 117 // signed the message 118 message NymSignature { 119 // proof_c is the Fiat-Shamir challenge of the ZKP 120 bytes proof_c = 1; 121 // proof_s_sk is the s-value proving knowledge of the user secret key 122 bytes proof_s_sk = 2; 123 //proof_s_r_nym is the s-value proving knowledge of the pseudonym secret 124 bytes proof_s_r_nym = 3; 125 // nonce is a fresh nonce used for the signature 126 bytes nonce = 4; 127 } 128 129 message CredentialRevocationInformation { 130 // epoch contains the epoch (time window) in which this CRI is valid 131 int64 epoch = 1; 132 133 // epoch_pk is the public key that is used by the revocation authority in this epoch 134 ECP2 epoch_pk = 2; 135 136 // epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key 137 bytes epoch_pk_sig = 3; 138 139 // revocation_alg denotes which revocation algorithm is used 140 int32 revocation_alg = 4; 141 142 // revocation_data contains data specific to the revocation algorithm used 143 bytes revocation_data = 5; 144 }