async def _initEqProof(self, schemaId, c1: PrimaryClaim,
revealedAttrs: Sequence[str], m1Tilde, m2Tilde, claimAttributes: Dict[str, ClaimAttributeValues]) \
-> PrimaryEqualInitProof:
m2Tilde = m2Tilde if m2Tilde else cmod.integer(
cmod.randomBits(LARGE_MVECT))
revealedAttrs, unrevealedAttrs = splitRevealedAttrs(
claimAttributes, [a.name for a in revealedAttrs])
mtilde = self._getMTilde(unrevealedAttrs)
Ra = cmod.integer(cmod.randomBits(LARGE_VPRIME))
pk = await self._wallet.getPublicKey(ID(schemaId=schemaId))
A, e, v = c1.A, c1.e, c1.v
Aprime = A * (pk.S**Ra) % pk.N
vprime = (v - e * Ra)
eprime = e - (2**LARGE_E_START)
etilde = cmod.integer(cmod.randomBits(LARGE_ETILDE))
vtilde = cmod.integer(cmod.randomBits(LARGE_VTILDE))
Rur = 1 % pk.N
for k, value in unrevealedAttrs.items():
if k in claimAttributes:
Rur = Rur * (pk.R[k]**mtilde[k])
Rur *= pk.Rms**m1Tilde
Rur *= pk.Rctxt**m2Tilde
# T = ((Aprime ** etilde) * Rur * (pk.S ** vtilde)) % pk.N
T = calcTeq(pk, Aprime, etilde, vtilde, mtilde, m1Tilde, m2Tilde,
unrevealedAttrs.keys())
return PrimaryEqualInitProof(c1, Aprime, T, etilde, eprime, vtilde,
vprime, mtilde, m1Tilde, m2Tilde,
unrevealedAttrs.keys(), revealedAttrs)
def __init__(self, credDefPks: Dict[str, IssuerKey], masterSecret=None):
"""
Create a proof instance
:param credDefPks: The public key of the Issuer(s)
"""
self.id = str(uuid.uuid4())
self.nonce = None
self.credential = None
self.encodedAttrs = None
self.revealedAttrs = None
# Generate the master secret
self._ms = masterSecret or cmod.integer(
cmod.randomBits(LARGE_MASTER_SECRET))
# Set the credential definition pub keys
self.credDefPks = credDefPks
for key, x in self.credDefPks.items():
self.credDefPks[key] = x.inFieldN()
self._vprime = {}
for key, val in self.credDefPks.items():
self._vprime[key] = cmod.randomBits(LARGE_VPRIME)
# Calculate the `U` values using Issuer's `S`, R["0"] and master secret
self._U = {}
for key, val in self.credDefPks.items():
N = val.N
R = val.R
S = val.S
self._U[key] = (S**self._vprime[key]) * (R[ZERO_INDEX]**
self._ms) % N
def _genRhoBGamma(cls):
while True:
rho = cmod.randomPrime(LARGE_PUBLIC_RHO)
b = cmod.randomBits(LARGE_PUBLIC_B)
Gamma = b * rho + 1
if cmod.isPrime(Gamma) and (rho % b != 0):
return rho, b, Gamma
async def issuePrimaryClaim(
self, schemaId: ID, attributes: Attribs,
U) -> (PrimaryClaim, Dict[str, ClaimAttributeValues]):
u = strToCryptoInteger(U) if isinstance(U, str) else U
if not u:
raise ValueError("u must be provided to issue a credential")
# Generate a random prime and
# Set the Most-significant-bit to 1
vprimeprime = cmod.integer(
cmod.randomBits(LARGE_VPRIME_PRIME)
| (2**(LARGE_VPRIME_PRIME - 1)))
# Generate prime number in the range (2^596, 2^596 + 2^119)
estart = 2**LARGE_E_START
eend = (estart + 2**LARGE_E_END_RANGE)
e = get_prime_in_range(estart, eend)
encodedAttrs = attributes.encoded()
A = await self._sign(schemaId, encodedAttrs, vprimeprime, u, e)
m2 = await self._wallet.getContextAttr(schemaId)
claimAttributes = \
{attr: ClaimAttributeValues(
attributes._vals[attr], encodedAttrs[attr]) for attr in attributes.keys()}
return (PrimaryClaim(m2, A, e, vprimeprime), claimAttributes)
async def _prepareProof(self, claims: Dict[SchemaKey, ProofClaims], nonce,
requestedProof) -> FullProof:
m1Tilde = cmod.integer(cmod.randomBits(LARGE_M2_TILDE))
initProofs = {}
CList = []
TauList = []
# 1. init proofs
for schemaId, val in claims.items():
c1, c2, revealedAttrs, predicates = val.claims.primaryClaim, val.claims.nonRevocClaim, val.revealedAttrs, val.predicates
claim = await self.wallet.getClaimAttributes(ID(schemaId=schemaId))
nonRevocInitProof = None
if c2:
nonRevocInitProof = await self._nonRevocProofBuilder.initProof(
schemaId, c2)
CList += nonRevocInitProof.asCList()
TauList += nonRevocInitProof.asTauList()
primaryInitProof = None
if c1:
m2Tilde = cmod.integer(int(nonRevocInitProof.TauListParams.m2)
) if nonRevocInitProof else None
primaryInitProof = await self._primaryProofBuilder.initProof(
schemaId, c1, revealedAttrs, predicates, m1Tilde, m2Tilde,
claim)
CList += primaryInitProof.asCList()
TauList += primaryInitProof.asTauList()
initProof = InitProof(nonRevocInitProof, primaryInitProof)
initProofs[schemaId] = initProof
# 2. hash
cH = self._get_hash(self._prepare_collection(CList),
self._prepare_collection(TauList), nonce)
# 3. finalize proofs
proofs = {}
for schemaId, initProof in initProofs.items():
nonRevocProof = None
if initProof.nonRevocInitProof:
nonRevocProof = await self._nonRevocProofBuilder.finalizeProof(
schemaId, cH, initProof.nonRevocInitProof)
primaryProof = await self._primaryProofBuilder.finalizeProof(
schemaId, cH, initProof.primaryInitProof)
schema = await self.wallet.getSchema(ID(schemaId=schemaId))
proof = Proof(primaryProof, nonRevocProof)
proofInfo = ProofInfo(proof=proof,
schema_seq_no=schemaId,
issuer_did=schema.issuerId)
proofs[str(schemaId)] = proofInfo
aggregatedProof = AggregatedProof(cH, self._prepare_collection(CList))
return FullProof(proofs, aggregatedProof, requestedProof)
async def genClaimInitData(self, schemaId: ID) -> ClaimInitDataType:
pk = await self._wallet.getPublicKey(schemaId)
ms = await self._wallet.getMasterSecret(schemaId)
vprime = cmod.randomBits(LARGE_VPRIME)
N = pk.N
Rms = pk.Rms
S = pk.S
U = (S**vprime) * (Rms**ms) % N
return ClaimInitDataType(U=U, vPrime=vprime)
def findSecretValues(encodedAttrs: Dict[str, T], unrevealedAttrs: Dict,
creds: Dict[str, Credential],
issuerPks: Dict[str, IssuerKey]):
def getMTilde(unrevealedAttrs):
mtilde = {}
for key, value in unrevealedAttrs.items():
mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT))
mtilde[ZERO_INDEX] = cmod.integer(cmod.randomBits(LARGE_MVECT))
return mtilde
def getRur(credDefPk, includedAttrs, mtilde, unrevealedAttrs):
Rur = 1 % credDefPk.N
for k, value in unrevealedAttrs.items():
if k in includedAttrs:
Rur = Rur * (credDefPk.R[k] ** mtilde[k])
Rur *= credDefPk.R[ZERO_INDEX] ** mtilde[ZERO_INDEX]
return Rur
Aprime, vprime, eprime, etilde, vtilde, T = {}, {}, {}, {}, {}, {}
mtilde = getMTilde(unrevealedAttrs)
for issuer, credential in creds.items():
Ra = cmod.integer(cmod.randomBits(LARGE_VPRIME))
credDefPk = issuerPks[issuer]
A, e, v = credential
Aprime[issuer] = A * (credDefPk.S ** Ra) % credDefPk.N
vprime[issuer] = (v - e * Ra)
eprime[issuer] = e - (2 ** LARGE_E_START)
etilde[issuer] = cmod.integer(cmod.randomBits(LARGE_ETILDE))
vtilde[issuer] = cmod.integer(cmod.randomBits(LARGE_VTILDE))
Rur = getRur(credDefPk, encodedAttrs[issuer], mtilde, unrevealedAttrs)
T[issuer] = ((Aprime[issuer] ** etilde[issuer]) * Rur * (
credDefPk.S ** vtilde[issuer])) % credDefPk.N
tildValue = TildValue(mtilde, etilde, vtilde)
primeValue = PrimeValue(Aprime, vprime, eprime)
return SecretValue(tildValue, primeValue, T)
def appendToProofCompWithPredicateData(proofComponent, predicate):
for key, val in predicate.items():
x = self.credDefPks[key]
# Iterate over the predicates for a given credential(issuer)
for k, value in val.items():
delta = proofComponent.flatAttrs[k] - value
if delta < 0:
raise ValueError("Predicate is not satisfied")
proofComponent.u = fourSquares(delta)
for i in range(0, ITERATIONS):
proofComponent.r[str(i)] = cmod.integer(
cmod.randomBits(LARGE_VPRIME))
proofComponent.r[DELTA] = cmod.integer(
cmod.randomBits(LARGE_VPRIME))
Tval = {}
for i in range(0, ITERATIONS):
Tval[str(i)] = (x.Z**proofComponent.u[i]) * (
x.S**proofComponent.r[str(i)]) % x.N
proofComponent.utilde[str(i)] = cmod.integer(
cmod.randomBits(LARGE_UTILDE))
proofComponent.rtilde[str(i)] = cmod.integer(
cmod.randomBits(LARGE_RTILDE))
Tval[DELTA] = (x.Z**delta) * (
x.S**proofComponent.r[DELTA]) % x.N
proofComponent.rtilde[DELTA] = cmod.integer(
cmod.randomBits(LARGE_RTILDE))
proofComponent.CList.extend(get_values_of_dicts(Tval))
updateDict(proofComponent.C, key, TVAL, Tval)
for i in range(0, ITERATIONS):
proofComponent.TauList.append(
(x.Z**proofComponent.utilde[str(i)]) *
(x.S**proofComponent.rtilde[str(i)]) % x.N)
proofComponent.TauList.append(
(x.Z**proofComponent.tildeValues.mtilde[k]) *
(x.S**proofComponent.rtilde[DELTA]) % x.N)
proofComponent.alphatilde = cmod.integer(
cmod.randomBits(LARGE_ALPHATILDE))
Q = 1 % x.N
for i in range(0, ITERATIONS):
Q *= Tval[str(i)]**proofComponent.utilde[str(i)]
Q *= x.S**proofComponent.alphatilde % x.N
proofComponent.TauList.append(Q)
proofComponent.c = cmod.integer(
get_hash(
nonce,
*reduce(lambda x, y: x + y,
[proofComponent.TauList, proofComponent.CList])))
async def _prepareProof(self, claims: Dict[SchemaKey, ProofClaims],
nonce) -> FullProof:
m1Tilde = cmod.integer(cmod.randomBits(LARGE_M2_TILDE))
initProofs = {}
CList = []
TauList = []
# 1. init proofs
for schemaKey, val in claims.items():
c1, c2, revealedAttrs, predicates = val.claims.primaryClaim, val.claims.nonRevocClaim, val.revealedAttrs, val.predicates
nonRevocInitProof = None
if c2:
nonRevocInitProof = await self._nonRevocProofBuilder.initProof(
schemaKey, c2)
CList += nonRevocInitProof.asCList()
TauList += nonRevocInitProof.asTauList()
primaryInitProof = None
if c1:
m2Tilde = cmod.integer(int(
nonRevocInitProof.TauListParams.m2)) if nonRevocInitProof else None
primaryInitProof = await self._primaryProofBuilder.initProof(
schemaKey, c1, revealedAttrs, predicates,
m1Tilde, m2Tilde)
CList += primaryInitProof.asCList()
TauList += primaryInitProof.asTauList()
initProof = InitProof(nonRevocInitProof, primaryInitProof)
initProofs[schemaKey] = initProof
# 2. hash
cH = self._get_hash(CList, TauList, nonce)
# 3. finalize proofs
proofs = []
schemaKeys = []
for schemaKey, initProof in initProofs.items():
schemaKeys.append(schemaKey)
nonRevocProof = None
if initProof.nonRevocInitProof:
nonRevocProof = await self._nonRevocProofBuilder.finalizeProof(
schemaKey, cH, initProof.nonRevocInitProof)
primaryProof = await self._primaryProofBuilder.finalizeProof(
schemaKey, cH, initProof.primaryInitProof)
proofs.append(Proof(primaryProof, nonRevocProof))
return FullProof(cH, schemaKeys, proofs, CList)
def generateCredential(cls, uValue, attributes, pk, sk: CredDefSecretKey):
"""
Issue the credential for the defined attributes
:param u: The `u` value provided by the prover
:param attrs: The attributes for which the credential needs to be generated
:return: The presentation token as a combination of (A, e, vprimeprime)
"""
u = strToCryptoInteger(uValue) if isinstance(uValue, str) else uValue
if not u:
raise ValueError("u must be provided to issue a credential")
# Generate a random prime and
# Set the Most-significant-bit to 1
vprimeprime = cmod.integer(
cmod.randomBits(LARGE_VPRIME_PRIME)
| (2**(LARGE_VPRIME_PRIME - 1)))
# Generate prime number in the range (2^596, 2^596 + 2^119)
estart = 2**LARGE_E_START
eend = (estart + 2**LARGE_E_END_RANGE)
e = get_prime_in_range(estart, eend)
A = cls._sign(pk, attributes, vprimeprime, u, e, sk.p_prime,
sk.q_prime)
return A, e, vprimeprime
async def _initGeProof(self, schemaId, eqProof: PrimaryEqualInitProof,
c1: PrimaryClaim, predicate: Predicate, claimAttributes: Dict[str, ClaimAttributeValues]) \
-> PrimaryPrecicateGEInitProof:
# gen U for Delta
pk = await self._wallet.getPublicKey(ID(schemaId=schemaId))
k, value = predicate.attrName, predicate.value
delta = claimAttributes[k].encoded - value
if delta < 0:
raise ValueError("Predicate is not satisfied")
u = fourSquares(delta)
# prepare C list
r = {}
T = {}
CList = []
for i in range(0, ITERATIONS):
r[str(i)] = cmod.integer(cmod.randomBits(LARGE_VPRIME))
T[str(i)] = (pk.Z**u[str(i)]) * (pk.S**r[str(i)]) % pk.N
CList.append(T[str(i)])
r[DELTA] = cmod.integer(cmod.randomBits(LARGE_VPRIME))
T[DELTA] = (pk.Z**delta) * (pk.S**r[DELTA]) % pk.N
CList.append(T[DELTA])
# prepare Tau List
utilde = {}
rtilde = {}
for i in range(0, ITERATIONS):
utilde[str(i)] = cmod.integer(cmod.randomBits(LARGE_UTILDE))
rtilde[str(i)] = cmod.integer(cmod.randomBits(LARGE_RTILDE))
rtilde[DELTA] = cmod.integer(cmod.randomBits(LARGE_RTILDE))
alphatilde = cmod.integer(cmod.randomBits(LARGE_ALPHATILDE))
TauList = calcTge(pk, utilde, rtilde, eqProof.mTilde[k], alphatilde, T)
return PrimaryPrecicateGEInitProof(CList, TauList, u, utilde, r,
rtilde, alphatilde, predicate, T)
def generateVPrime():
return cmod.randomBits(LARGE_VPRIME)
def generateMasterSecret():
# Generate the master secret
return cmod.integer(cmod.randomBits(LARGE_MASTER_SECRET))
def generateNonce(self):
return cmod.integer(cmod.randomBits(LARGE_NONCE))
def generateNonce(self, interactionId):
nv = cmod.integer(cmod.randomBits(LARGE_NONCE))
self.interactionDetail[str(nv)] = interactionId
return nv
def getMTilde(unrevealedAttrs):
mtilde = {}
for key, value in unrevealedAttrs.items():
mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT))
mtilde[ZERO_INDEX] = cmod.integer(cmod.randomBits(LARGE_MVECT))
return mtilde
async def _genMasterSecret(self, schemaId: ID):
ms = cmod.integer(cmod.randomBits(LARGE_MASTER_SECRET))
await self.wallet.submitMasterSecret(schemaId=schemaId, ms=ms)
def _getMTilde(self, unrevealedAttrs):
mtilde = {}
for key, value in unrevealedAttrs.items():
mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT))
return mtilde
