Add selective disclosure for JWT credentials #96
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add basic SD example, for FE-sized attribs - Attributes that are larger than a field element can be hashed to fit, then disclosed by revealing the preimage. Completes the core work for selective disclosure. Added support for basic proof specifications encoding a description of attribute data to disclose. - Callers do not have to specify whether a revaled attribute is hashed or not, we can figure that out from the config.json file. - The Groth16 params were being saved twice, once on their own and once in the prover params, as they can be large, we only save them once in the prover params. - Add "prepare" option to command line tool, as a synonym for "prove" Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Leaves the functionality of the samples unchanged, just upates them to use the updated Crescent API. Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
creds/src/dlog.rs
Outdated
| @@ -52,8 +52,8 @@ impl<G: Group> DLogPoK<G> { | |||
| let mut r = Vec::new(); | |||
|
|
|||
| let mut ts: Transcript = Transcript::new(&[0u8]); | |||
| let pm = pm.unwrap_or(b""); | |||
| add_to_transcript(&mut ts, b"presentation_message", &pm); | |||
| let pm = context.unwrap_or(b""); | |||
There was a problem hiding this comment.
Should we change the pm variable name to contextBytes?
creds/src/dlog.rs
Outdated
| @@ -128,8 +128,8 @@ impl<G: Group> DLogPoK<G> { | |||
| // serialize and hash the bases, k and y | |||
| let dl_verify_timer = start_timer!(|| format!("DlogPoK verify y.len = {}", y.len())); | |||
| let mut ts: Transcript = Transcript::new(&[0u8]); | |||
| let pm = pm.unwrap_or(b""); | |||
| add_to_transcript(&mut ts, b"presentation_message", &pm); | |||
| let pm = context.unwrap_or(b""); | |||
There was a problem hiding this comment.
Should we change the pm variable name to contextBytes?
creds/src/lib.rs
Outdated
| Ok(domain) => domain, | ||
| Err(e) => { | ||
| println!("Proof was valid, but failed to unpack domain string, {:?}", e); | ||
| // Add the revealed attributes to the output, after converting from field elt to string |
There was a problem hiding this comment.
Short for element... I revised it
creds/benches/proof_benchmark.rs
Outdated
| proof.clone(), | ||
| vk.clone(), | ||
| pvk.clone(), | ||
| "empty config.json".to_string() |
There was a problem hiding this comment.
If we need to specify this, would we use "empty config.json"? Sounds implementation specific. Use something more generic instead, e.g., "empty config"?
There was a problem hiding this comment.
I changed it to "empty configuration string", but this is an internal API that we're calling here for benchmarking, so I don't think it matters too much.
creds/src/rangeproof.rs
Outdated
| @@ -511,7 +511,7 @@ mod tests { | |||
| assert!(Groth16::<CrescentPairing>::verify_with_processed_vk(&pvk, &inputs, &proof).unwrap()); | |||
|
|
|||
| let mut client_state = | |||
| ClientState::<CrescentPairing>::new(inputs.clone(), proof.clone(), vk.clone(), pvk.clone()); | |||
| ClientState::<CrescentPairing>::new(inputs.clone(), None, proof.clone(), vk.clone(), pvk.clone(), "empty config.json".to_string()); | |||
There was a problem hiding this comment.
If we need to specify this, would we use "empty config.json"? Sounds implementation specific. Use something more generic instead, e.g., "empty config"?
There was a problem hiding this comment.
(changed, as above)
- Make it a string in the public ProofSpec, convert to byte array in ProofSpecInternal - In CLI tool, allow only one, either from command line, or proof spec file Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
…r tests Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
Signed-off-by: Greg Zaverucha <gregz@microsoft.com>
christianpaquin
approved these changes
Feb 20, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.