Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider including bbsHeader in base proof to simplify disclosure / derived proof implementations #126

Closed
dlongley opened this issue Jan 11, 2024 · 4 comments
Closed

Consider including bbsHeader in base proof to simplify disclosure / derived proof implementations #126

dlongley opened this issue Jan 11, 2024 · 4 comments
Assignees
@Wind4Greg

Comments

@dlongley
Copy link
Contributor

If we include the bbsHeader in the base proof at a cost of 64 bytes (as it comprises proofHash of 32 bytes and mandatoryHash of 32 bytes) then disclosure implementations do not need to reproduce these values themselves and can just include them in the BBS ProofGen call.

Including this in the base proof (which is not retransmitted for presentation to verifiers) seems like it's probably worth the trade off of reduced complexity for derived proof implementers.
@Wind4Greg
Copy link
Collaborator

Hmm, when a holder receives the base proof they need to verify it and hence recompute/calculate proofHash and mandatoryHash as part of verification. Couldn't they save it then? Sending it seems a bit redundant since they are supposed to calculate as part of verification. Could we make informational notes that they can cache or otherwise save the values for use in creating derived proofs.

@dlongley
Copy link
Contributor Author

dlongley commented Jan 12, 2024
edited
Loading

I don't think we should assume every holder (their software) will verify the BBS signature upon receipt after receiving the VC from a trusted issuer over a trusted channel. It lowers the implementation burden and ability for wallets to get support if we don't have a hard requirement on that. There might be implementers that need to move quickly to support BBS presentation -- and may only opt to add additional local verification later.

On top of this, if we were to advise implementers that they could cache, etc. -- it would still be simpler if the values were made available in the base proof eliminating the need for figuring out how / where to store the cached values (and these could be confirmed during verification if holder software wanted to do so).

Finally, verification can also be performed by generating a proof and then running verification thereafter. Of course, this still means that the functions to do the checks are in the verification piece, but it keeps the disclosure implementation simpler whilst still enabling verification as desired.

In short, I think the benefits outweigh the costs and we should include those two hashes (32 bytes each) in the base proof for easier, simpler / quicker implementations to be constructed.

@dlongley
Copy link
Contributor Author

So, in conjunction with #125, I'd say the base proof would have these things:

bbsSignature, bbsHeader, publicKey, hmacKey, and mandatoryPointers

@Wind4Greg Wind4Greg self-assigned this Jan 12, 2024
This was referenced Jan 16, 2024
Merged
Merged
@dlongley
Copy link
Contributor Author

dlongley commented Feb 7, 2024

This was my issue and it was addressed by #131, closing.

@dlongley dlongley closed this as completed Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Wind4Greg Wind4Greg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlongley @Wind4Greg