Anonymous Credential
This repository contains a Python library for implementing anonymous credential scheme.
Introduction
In an anonymous credential scheme there are three participants: issuer, user(prover), verifier.
Issuer creates a certificate to user which contains a list of user’s attributes and issuer’s signature (use BBS+ signature). This protocol is formally called credential issuance protocol.
The user who is in possession of that credential can selectively disclose some parts to some verifier. This protocol is formally called credential presentation protocol.
Module description
ac_utils
Module containing data structures and utility functions.
Data structures are specified as named tuples:
Issuer’s public key:
IssuerPublicKey = namedtuple('ipk', [
'AttributeNames', #array of string
'HAttrs', #one G1-element for one attribute
'pHRand', #a random G1 point
'pHSk', #a random G1 point to encode user's secret key
'pw', #element from G2
'p_g1', #point of G1
'p_g2', #point of G1
'C', #integer (challenge)
'S']) #integer (response)
Credential request:
CredRequest = namedtuple('CredRequest', [
'Nym', #G1 point (commitment to user's master secret)
'IssuerNonce', #integer (nonce)
'Attrs', #array of integer (encoded attributes)
'C', #integer (challenge)
'S']) #integer (response)
Credential :
Credential = namedtuple('Credential', [
'A', #point of G1
'B', #point of G1
'e', #integer
's', #integer
'Attrs']) #array of integer
Utility function:
| name | result type | description |
|---|---|---|
| getNonce() | integer | generates nonce using the uuid4 () function. The function is the use of 16 bytes for os.urandom (), converting them into an integer |
| encodeAttrs(Attrs) | integer | returns the hash value of attribute |
| hashStr(string) | integer | returns a hash value of the string |
| hashList(listC) | integer | returns a hash value of the list |
| formList(listG) | list | converts an array of curve points to a one-dimensional array of point coordinates |
| inverse_mod(x, modp) | integer | return modular multiplicative inverse of an integer x |
ac_issuer
Module containing Issuer class
Сlass method:
| name | description |
|---|---|
| genKeyPair (self, AttributeNames) | for the given array of attribute’s names AttributeNames generates the issuer’s key pair |
| getIssuerPublicKey (self) | returns the issuer’s public key |
| getNonce () | returns the issuer’s Nonce |
| verifyPoK (self, CredRequest) | returns a boolean. Verifies the credential request by verifying the zero-knowledge proof |
| genCredential (self, CredRequest) | generates a credentials for a user, by signing the commitment of the secret key, together with the attribute values |
ac_prover
Module containing Prover class.
The Prover class is initialized with a set of attributes values.
Сlass method:
| name | description |
|---|---|
| genCredRequest (self, IssuerPublicKey, IssuerNonce) | generates a Credential Request using the public key of the issuer, user secret, and the nonce as input. The request consists of a commitment to the user secret (can be seen as a public key) and a zero-knowledge proof of knowledge of the user secret key |
| verifySig (self, Credential) | returns a boolean indicating whether a signature is valid for the given Credential |
| setCredential (self, Credential) | it internally sets credentials (obtained from an issuer) |
| setAttributePredicate (self, Predicate) | for the input predicate (example [0,1,0,1,1] 0 - attribute not disclosed (hidden), 1 - attribute disclosed (reveal)) , return (D, I): attribute predicate, describe what attributes will be disclosed. If D[j]==1, I[j]=attrs[j]=aj, else I[j]=null |
| genProof (self, Predicate) | generate the selectively disclosure proof (zero knowledge proof) |
ac_verifier
Module containing Verifier class.
Сlass method:
| name | description |
|---|---|
| verifyProof (AttributePredicate, Proof, PublicKey) | returns a boolean indicating whether a signature and Proof of Knowledge (PoK) is valid for the given AttributePredicate, Proof, PublicKey |
| verifyIssuerPoK (ipk) | returns a boolean indicating whether a Proof of Knowledge (PoK) is valid for the given public key |
Usage
For instance:
import ac_issuer
import ac_prover
import ac_verifier
def testprotokol():
print('Test protocol')
issuer = ac_issuer.Issuer
issuer.genKeyPair(issuer,['Name', 'Age' , 'TelNumber'])
print('IPK :')
ipk = issuer.getIssuerPublicKey(issuer)
print(ipk)
prover = ac_prover.Prover(['UserName1', 18, 55555])
Request = prover.genCredRequest(ipk, issuer.getNonce())
print('REQUEST : ')
print (Request)
Credential = issuer.genCredential(issuer, Request)
if Credential:
if prover.setCredential (Credential):
print('CREDENTIAL issued to the user:')
print(Credential)
else: print ('Error sig')
else:
print('Error gen credential')
Predicate = (0,1,0)
print('Predicat for ', ipk.AttributeNames, ' : ', Predicate)
DI, Proof = prover.genProof(Predicate)
print('PROOF: ', Proof )
print('DI', DI)
verifier = ac_verifier.Verifier
print('VERIFY Proof = ', verifier.verifyProof(DI, Proof, ipk))