github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/bbs/bbs.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 // Package bbs provides implementations of BBS+ key management and primitives. 8 // 9 // The functionality of BBS+ signatures/proofs is represented as a pair of 10 // primitives (interfaces): 11 // 12 // - Signer for signing a list of messages with a private key 13 // 14 // - Verifier for verifying a signature against a list of messages, deriving a proof from a signature for a given 15 // set of sub messages and verifying such derived proof. 16 // 17 // Example: 18 // 19 // package main 20 // 21 // import ( 22 // "bytes" 23 // 24 // "github.com/google/tink/go/keyset" 25 // 26 // "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/bbs" 27 // ) 28 // 29 // func main() { 30 // // create signer keyset handle 31 // kh, err := keyset.NewHandle(bbs.BLS12381G2KeyTemplate()) 32 // if err != nil { 33 // //handle error 34 // } 35 // 36 // // extract signer public keyset handle and key for signature verification and proof derivation/verification 37 // verKH, err := kh.Public() 38 // if err != nil { 39 // //handle error 40 // } 41 // 42 // // finally get the BBS+ signing primitive from the private key handle created above 43 // s:= bbs.NewSigner(kh) 44 // 45 // // create a message to be signed 46 // messages := [][]byte{[]byte("message 1"), []byte("message 2"), []byte("message 3"), []byte("message 4")} 47 // 48 // // and now sign using s 49 // sig, err = s.Sign(messages) 50 // if err != nil { 51 // // handle error 52 // } 53 // 54 // // to verify, get the BBS+ verification primitive from the public key handle created earlier above 55 // v := bbs.NewVerifier(verKH) 56 // 57 // // and verify signature 58 // err = v.Verify(messages, sig) 59 // if err != nil { 60 // // handle error 61 // } 62 // 63 // // to derive a proof from the bbs signature, create the indices of the messages to be revealed by the proof 64 // revealedIndexes := []int{0, 2} 65 // 66 // // and a nonce 67 // nonce := make([]byte, 10) 68 // 69 // _, err = rand.Read(nonce) 70 // if err != nil { 71 // // handle error 72 // } 73 // 74 // // then derive a proof for messages at index 0 and 2 as follows 75 // proof, err := verifier.DeriveProof(messages, sig, nonce, revealedIndexes) 76 // if err != nil { 77 // // handle error 78 // } 79 // 80 // // create a copy of the revealed messages to the party that should only access messages at index 0 and 2 81 // revealedMsgs := [][]byte{messages[0], messages[2]} 82 // 83 // // finally to verify the proof's authenticity for revealedMsgs, do the following 84 // err = verifier.VerifyProof(revealedMsgs, proof, nonce) 85 // if err != nil { 86 // // handle error 87 // } 88 // } 89 package bbs 90 91 import ( 92 "fmt" 93 94 "github.com/google/tink/go/core/registry" 95 ) 96 97 // TODO - find a better way to setup tink than init. 98 // nolint: gochecknoinits 99 func init() { 100 // TODO - avoid the tink registry singleton. 101 err := registry.RegisterKeyManager(newBBSSignerKeyManager()) 102 if err != nil { 103 panic(fmt.Sprintf("bbs.init() failed: %v", err)) 104 } 105 106 err = registry.RegisterKeyManager(newBBSVerifierKeyManager()) 107 if err != nil { 108 panic(fmt.Sprintf("ecdh.init() failed: %v", err)) 109 } 110 }