Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add selective disclosure for JWT credentials #96

Merged
merged 10 commits into from
Feb 20, 2025
Merged

Add selective disclosure for JWT credentials #96

merged 10 commits into from
Feb 20, 2025

Conversation

zaverucha
Copy link
Collaborator

No description provided.

- Add basic SD example, for FE-sized attribs

- Attributes that are larger than a field element can be hashed to fit,
then disclosed by revealing the preimage. Completes the core work for
selective disclosure.  Added support for basic proof specifications
encoding a description of attribute data to disclose.

- Callers do not have to specify whether a revaled attribute is hashed or
not, we can figure that out from the config.json file.

- The Groth16 params were being saved twice, once on their own and once in
the prover params, as they can be large, we only save them once in the
prover params.

- Add "prepare" option to command line tool, as a synonym for "prove"

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Leaves the functionality of the samples unchanged, just upates them to
use the updated Crescent API.

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
@zaverucha zaverucha marked this pull request as ready for review February 14, 2025 00:53
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
@@ -52,8 +52,8 @@ impl<G: Group> DLogPoK<G> {
let mut r = Vec::new();

let mut ts: Transcript = Transcript::new(&[0u8]);
let pm = pm.unwrap_or(b"");
add_to_transcript(&mut ts, b"presentation_message", &pm);
let pm = context.unwrap_or(b"");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we change the pm variable name to contextBytes?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, done

@@ -128,8 +128,8 @@ impl<G: Group> DLogPoK<G> {
// serialize and hash the bases, k and y
let dl_verify_timer = start_timer!(|| format!("DlogPoK verify y.len = {}", y.len()));
let mut ts: Transcript = Transcript::new(&[0u8]);
let pm = pm.unwrap_or(b"");
add_to_transcript(&mut ts, b"presentation_message", &pm);
let pm = context.unwrap_or(b"");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we change the pm variable name to contextBytes?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

creds/src/lib.rs Outdated
Ok(domain) => domain,
Err(e) => {
println!("Proof was valid, but failed to unpack domain string, {:?}", e);
// Add the revealed attributes to the output, after converting from field elt to string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

elt?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Short for element... I revised it

proof.clone(),
vk.clone(),
pvk.clone(),
"empty config.json".to_string()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we need to specify this, would we use "empty config.json"? Sounds implementation specific. Use something more generic instead, e.g., "empty config"?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed it to "empty configuration string", but this is an internal API that we're calling here for benchmarking, so I don't think it matters too much.

@@ -511,7 +511,7 @@ mod tests {
assert!(Groth16::<CrescentPairing>::verify_with_processed_vk(&pvk, &inputs, &proof).unwrap());

let mut client_state =
ClientState::<CrescentPairing>::new(inputs.clone(), proof.clone(), vk.clone(), pvk.clone());
ClientState::<CrescentPairing>::new(inputs.clone(), None, proof.clone(), vk.clone(), pvk.clone(), "empty config.json".to_string());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we need to specify this, would we use "empty config.json"? Sounds implementation specific. Use something more generic instead, e.g., "empty config"?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(changed, as above)

- Make it a string in the public ProofSpec, convert to byte array in
  ProofSpecInternal
- In CLI tool, allow only one, either from command line, or proof spec file

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
…r tests

Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
@zaverucha zaverucha merged commit 82dfdd0 into main Feb 20, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants