Added validity proofs for eq, ge and aggregate proof #182
Conversation
Signed-off-by: aritroCoder <ogocodinggod@gmail.com>
| ::: | ||
| #### Verify Validity Proofs | ||
|
|
||
| An AnoncCreds validity proof is the combination of both equality and inequality predicate proofs. The validity proof is bound to the primary credential by the $\widehat{m_2}$ value that is presented in both proofs. The validity proof is verified by the following steps: |
There was a problem hiding this comment.
The term validity proofs has not been used before. I think the intro section needs to be updated to talk about how the data structures in the presentation (eq_proof, ge_proof, aggregate_proof) all contribute to the validity proof.
I can revise that text after this is merged if you would prefer.
There was a problem hiding this comment.
That would be good
| @@ -104,7 +105,7 @@ $$\widehat{T_6} \leftarrow D^{\widehat{r''}}\cdot g^{-\widehat{m'}} \widetilde{ | |||
| $$\widehat{T_7} \leftarrow \left(\frac{e(pk\cdot\mathcal{G},\mathcal{S})}{e(g,g')}\right)^{c_H}\cdot e(pk\cdot \mathcal{G},\widehat{h})^{\widehat{r''}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m'}}\cdot e(\widetilde{h},\mathcal{S})^{\widehat{r}}$$ | |||
| $$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right)^{c_H}\cdot e(\widetilde{h},u)^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'''}}$$ | |||
|
|
|||
| Then all these values are added to $\widehat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ | |||
| Then all these values are added to $\widehat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$. | |||
|
I didn't understand how the validity proof that is processed as per this section is combined with the non-revocation proofs that are also in the presentation. There will be one of those per source credential that have to be processed. |
To verify the proof, we need to regenerate the challenge hash at verifier side and match it with the one recieved from prover. The challenge hash is computed by concatinating |
Signed-off-by: aritroCoder <ogocodinggod@gmail.com>
Correct |
|
Reopend pull request accidentally closed. @mikelodder7 — could you please add your approval? Thanks! |
No description provided.