Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Anonymous Credential

This repository contains a Python library for implementing anonymous credential scheme.


In an anonymous credential scheme there are three participants: issuer, user(prover), verifier.
Issuer creates a certificate to user which contains a list of user’s attributes and issuer’s signature (use BBS+ signature). This protocol is formally called credential issuance protocol.
The user who is in possession of that credential can selectively disclose some parts to some verifier. This protocol is formally called credential presentation protocol.

Module description


Module containing data structures and utility functions.
Data structures are specified as named tuples:
Issuer’s public key:

IssuerPublicKey = namedtuple('ipk', [
    'AttributeNames',	#array of string
    'HAttrs',			#one G1-element for one attribute
    'pHRand',			#a random G1 point
    'pHSk',			#a random G1 point to encode user's secret key 
    'pw',			#element from G2  
    'p_g1',			#point of G1
    'p_g2',			#point of G1
    'C',			#integer   (challenge)
    'S'])			#integer   (response)

Credential request:

CredRequest = namedtuple('CredRequest', [
    'Nym',		#G1 point (commitment to user's master secret)
    'IssuerNonce',	#integer  (nonce)
    'Attrs',		#array of integer  (encoded attributes)
    'C',		#integer   (challenge)
    'S'])		#integer   (response)

Credential :

Credential = namedtuple('Credential', [
    'A',		#point of G1
    'B',		#point of G1
    'e',		#integer
    's',		#integer
    'Attrs'])		#array of integer

Utility function:

name result type description
getNonce() integer generates nonce using the uuid4 () function. The function is the use of 16 bytes for os.urandom (), converting them into an integer
encodeAttrs(Attrs) integer returns the hash value of attribute
hashStr(string) integer returns a hash value of the string
hashList(listC) integer returns a hash value of the list
formList(listG) list converts an array of curve points to a one-dimensional array of point coordinates
inverse_mod(x, modp) integer return modular multiplicative inverse of an integer x


Module containing Issuer class
Сlass method:

name description
genKeyPair (self, AttributeNames) for the given array of attribute’s names AttributeNames generates the issuer’s key pair
getIssuerPublicKey (self) returns the issuer’s public key
getNonce () returns the issuer’s Nonce
verifyPoK (self, CredRequest) returns a boolean. Verifies the credential request by verifying the zero-knowledge proof
genCredential (self, CredRequest) generates a credentials for a user, by signing the commitment of the secret key, together with the attribute values


Module containing Prover class.
The Prover class is initialized with a set of attributes values.
Сlass method:

name description
genCredRequest (self, IssuerPublicKey, IssuerNonce) generates a Credential Request using the public key of the issuer, user secret, and the nonce as input. The request consists of a commitment to the user secret (can be seen as a public key) and a zero-knowledge proof of knowledge of the user secret key
verifySig (self, Credential) returns a boolean indicating whether a signature is valid for the given Credential
setCredential (self, Credential) it internally sets credentials (obtained from an issuer)
setAttributePredicate (self, Predicate) for the input predicate (example [0,1,0,1,1] 0 - attribute not disclosed (hidden), 1 - attribute disclosed (reveal)) , return (D, I): attribute predicate, describe what attributes will be disclosed. If D[j]==1, I[j]=attrs[j]=aj, else I[j]=null
genProof (self, Predicate) generate the selectively disclosure proof (zero knowledge proof)


Module containing Verifier class.
Сlass method:

name description
verifyProof (AttributePredicate, Proof, PublicKey) returns a boolean indicating whether a signature and Proof of Knowledge (PoK) is valid for the given AttributePredicate, Proof, PublicKey
verifyIssuerPoK (ipk) returns a boolean indicating whether a Proof of Knowledge (PoK) is valid for the given public key


For instance:

import ac_issuer
import ac_prover
import ac_verifier
def testprotokol():
    print('Test protocol')
    issuer = ac_issuer.Issuer
    issuer.genKeyPair(issuer,['Name', 'Age' , 'TelNumber'])
    print('IPK :')
    ipk = issuer.getIssuerPublicKey(issuer)
    prover = ac_prover.Prover(['UserName1', 18, 55555])
    Request = prover.genCredRequest(ipk, issuer.getNonce())
    print('REQUEST : ')
    print (Request)
	Credential = issuer.genCredential(issuer, Request)
    if Credential:
        if prover.setCredential (Credential):
            print('CREDENTIAL issued to the user:')
        else: print ('Error sig')    
        print('Error gen credential')
	Predicate = (0,1,0)
	print('Predicat for ', ipk.AttributeNames, ' : ', Predicate)
	DI, Proof = prover.genProof(Predicate)   
	print('PROOF: ', Proof )
	print('DI', DI)
	verifier = ac_verifier.Verifier
	print('VERIFY Proof = ', verifier.verifyProof(DI, Proof, ipk))


Anonymous Credential






No releases published


No packages published