[FAB-8921] adds weak-bb signatures

Manu Drijvers · Manu Drijvers · commit 63a92d1e5fec · 2018-05-01T15:24:09.000+03:00
Adds weak-bb signatures that will be used in idemix
revocation.

Change-Id: I48f231e10c8242732080cb6df6146b89b2a7c57a
Signed-off-by: Manu Drijvers &lt;mdr@zurich.ibm.com&gt;
diff --git a/idemix/idemix_test.go b/idemix/idemix_test.go
@@ -15,14 +15,30 @@ import (
 )
 
 func TestIdemix(t *testing.T) {
+	// Test weak BB sigs:
+	// Test KeyGen
+	rng, err := GetRand()
+	assert.NoError(t, err)
+	wbbsk, wbbpk := WBBKeyGen(rng)
+
+	// Get random message
+	testmsg := RandModOrder(rng)
+
+	// Test Signing
+	wbbsig := WBBSign(wbbsk, testmsg)
+
+	// Test Verification
+	err = WBBVerify(wbbpk, wbbsig, testmsg)
+	assert.NoError(t, err)
+
+	// Test idemix functionality
 	AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"}
 	attrs := make([]*FP256BN.BIG, len(AttributeNames))
 	for i := range AttributeNames {
 		attrs[i] = FP256BN.NewBIGint(i)
 	}
 
 	// Test issuer key generation
-	rng, err := GetRand()
 	if err != nil {
 		t.Fatalf("Error getting rng: \"%s\"", err)
 		return
diff --git a/idemix/util.go b/idemix/util.go
@@ -25,6 +25,9 @@ var GenG2 = FP256BN.NewECP2fp2s(
 	FP256BN.NewFP2bigs(FP256BN.NewBIGints(FP256BN.CURVE_Pxa), FP256BN.NewBIGints(FP256BN.CURVE_Pxb)),
 	FP256BN.NewFP2bigs(FP256BN.NewBIGints(FP256BN.CURVE_Pya), FP256BN.NewBIGints(FP256BN.CURVE_Pyb)))
 
+// GenGT is a generator of Group GT
+var GenGT = FP256BN.Fexp(FP256BN.Ate(GenG2, GenG1))
+
 // GroupOrder is the order of the groups
 var GroupOrder = FP256BN.NewBIGints(FP256BN.CURVE_Order)
 
diff --git a/idemix/weak-bb.go b/idemix/weak-bb.go
@@ -0,0 +1,49 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package idemix
+
+import (
+	"github.com/hyperledger/fabric-amcl/amcl"
+	"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
+	"github.com/pkg/errors"
+)
+
+// WBBKeyGen creates a fresh weak-Boneh-Boyen signature key pair (http://ia.cr/2004/171)
+func WBBKeyGen(rng *amcl.RAND) (*FP256BN.BIG, *FP256BN.ECP2) {
+	// sample sk uniform from Zq
+	sk := RandModOrder(rng)
+	// set pk = g2^sk
+	pk := GenG2.Mul(sk)
+	return sk, pk
+}
+
+// WBBSign places a weak Boneh-Boyen signature on message m using secret key sk
+func WBBSign(sk *FP256BN.BIG, m *FP256BN.BIG) *FP256BN.ECP {
+	// compute exp = 1/(m + sk) mod q
+	exp := Modadd(sk, m, GroupOrder)
+	exp.Invmodp(GroupOrder)
+
+	// return signature sig = g1^(1/(m + sk))
+	return GenG1.Mul(exp)
+}
+
+// WBBVerify verifies a weak Boneh-Boyen signature sig on message m with public key pk
+func WBBVerify(pk *FP256BN.ECP2, sig *FP256BN.ECP, m *FP256BN.BIG) error {
+	if pk == nil || sig == nil || m == nil {
+		return errors.Errorf("Weak-BB signature invalid: received nil input")
+	}
+	// Set P = pk * g2^m
+	P := FP256BN.NewECP2()
+	P.Copy(pk)
+	P.Add(GenG2.Mul(m))
+	P.Affine()
+	// check that e(sig, pk * g2^m) = e(g1, g2)
+	if !FP256BN.Fexp(FP256BN.Ate(P, sig)).Equals(GenGT) {
+		return errors.Errorf("Weak-BB signature is invalid")
+	}
+	return nil
+}
