async def _initEqProof(self, schemaId, c1: PrimaryClaim, revealedAttrs: Sequence[str], m1Tilde, m2Tilde, claimAttributes: Dict[str, ClaimAttributeValues]) \ -> PrimaryEqualInitProof: m2Tilde = m2Tilde if m2Tilde else cmod.integer( cmod.randomBits(LARGE_MVECT)) revealedAttrs, unrevealedAttrs = splitRevealedAttrs( claimAttributes, [a.name for a in revealedAttrs]) mtilde = self._getMTilde(unrevealedAttrs) Ra = cmod.integer(cmod.randomBits(LARGE_VPRIME)) pk = await self._wallet.getPublicKey(ID(schemaId=schemaId)) A, e, v = c1.A, c1.e, c1.v Aprime = A * (pk.S**Ra) % pk.N vprime = (v - e * Ra) eprime = e - (2**LARGE_E_START) etilde = cmod.integer(cmod.randomBits(LARGE_ETILDE)) vtilde = cmod.integer(cmod.randomBits(LARGE_VTILDE)) Rur = 1 % pk.N for k, value in unrevealedAttrs.items(): if k in claimAttributes: Rur = Rur * (pk.R[k]**mtilde[k]) Rur *= pk.Rms**m1Tilde Rur *= pk.Rctxt**m2Tilde # T = ((Aprime ** etilde) * Rur * (pk.S ** vtilde)) % pk.N T = calcTeq(pk, Aprime, etilde, vtilde, mtilde, m1Tilde, m2Tilde, unrevealedAttrs.keys()) return PrimaryEqualInitProof(c1, Aprime, T, etilde, eprime, vtilde, vprime, mtilde, m1Tilde, m2Tilde, unrevealedAttrs.keys(), revealedAttrs)
def __init__(self, credDefPks: Dict[str, IssuerKey], masterSecret=None): """ Create a proof instance :param credDefPks: The public key of the Issuer(s) """ self.id = str(uuid.uuid4()) self.nonce = None self.credential = None self.encodedAttrs = None self.revealedAttrs = None # Generate the master secret self._ms = masterSecret or cmod.integer( cmod.randomBits(LARGE_MASTER_SECRET)) # Set the credential definition pub keys self.credDefPks = credDefPks for key, x in self.credDefPks.items(): self.credDefPks[key] = x.inFieldN() self._vprime = {} for key, val in self.credDefPks.items(): self._vprime[key] = cmod.randomBits(LARGE_VPRIME) # Calculate the `U` values using Issuer's `S`, R["0"] and master secret self._U = {} for key, val in self.credDefPks.items(): N = val.N R = val.R S = val.S self._U[key] = (S**self._vprime[key]) * (R[ZERO_INDEX]** self._ms) % N
def _genRhoBGamma(cls): while True: rho = cmod.randomPrime(LARGE_PUBLIC_RHO) b = cmod.randomBits(LARGE_PUBLIC_B) Gamma = b * rho + 1 if cmod.isPrime(Gamma) and (rho % b != 0): return rho, b, Gamma
async def issuePrimaryClaim( self, schemaId: ID, attributes: Attribs, U) -> (PrimaryClaim, Dict[str, ClaimAttributeValues]): u = strToCryptoInteger(U) if isinstance(U, str) else U if not u: raise ValueError("u must be provided to issue a credential") # Generate a random prime and # Set the Most-significant-bit to 1 vprimeprime = cmod.integer( cmod.randomBits(LARGE_VPRIME_PRIME) | (2**(LARGE_VPRIME_PRIME - 1))) # Generate prime number in the range (2^596, 2^596 + 2^119) estart = 2**LARGE_E_START eend = (estart + 2**LARGE_E_END_RANGE) e = get_prime_in_range(estart, eend) encodedAttrs = attributes.encoded() A = await self._sign(schemaId, encodedAttrs, vprimeprime, u, e) m2 = await self._wallet.getContextAttr(schemaId) claimAttributes = \ {attr: ClaimAttributeValues( attributes._vals[attr], encodedAttrs[attr]) for attr in attributes.keys()} return (PrimaryClaim(m2, A, e, vprimeprime), claimAttributes)
async def _prepareProof(self, claims: Dict[SchemaKey, ProofClaims], nonce, requestedProof) -> FullProof: m1Tilde = cmod.integer(cmod.randomBits(LARGE_M2_TILDE)) initProofs = {} CList = [] TauList = [] # 1. init proofs for schemaId, val in claims.items(): c1, c2, revealedAttrs, predicates = val.claims.primaryClaim, val.claims.nonRevocClaim, val.revealedAttrs, val.predicates claim = await self.wallet.getClaimAttributes(ID(schemaId=schemaId)) nonRevocInitProof = None if c2: nonRevocInitProof = await self._nonRevocProofBuilder.initProof( schemaId, c2) CList += nonRevocInitProof.asCList() TauList += nonRevocInitProof.asTauList() primaryInitProof = None if c1: m2Tilde = cmod.integer(int(nonRevocInitProof.TauListParams.m2) ) if nonRevocInitProof else None primaryInitProof = await self._primaryProofBuilder.initProof( schemaId, c1, revealedAttrs, predicates, m1Tilde, m2Tilde, claim) CList += primaryInitProof.asCList() TauList += primaryInitProof.asTauList() initProof = InitProof(nonRevocInitProof, primaryInitProof) initProofs[schemaId] = initProof # 2. hash cH = self._get_hash(self._prepare_collection(CList), self._prepare_collection(TauList), nonce) # 3. finalize proofs proofs = {} for schemaId, initProof in initProofs.items(): nonRevocProof = None if initProof.nonRevocInitProof: nonRevocProof = await self._nonRevocProofBuilder.finalizeProof( schemaId, cH, initProof.nonRevocInitProof) primaryProof = await self._primaryProofBuilder.finalizeProof( schemaId, cH, initProof.primaryInitProof) schema = await self.wallet.getSchema(ID(schemaId=schemaId)) proof = Proof(primaryProof, nonRevocProof) proofInfo = ProofInfo(proof=proof, schema_seq_no=schemaId, issuer_did=schema.issuerId) proofs[str(schemaId)] = proofInfo aggregatedProof = AggregatedProof(cH, self._prepare_collection(CList)) return FullProof(proofs, aggregatedProof, requestedProof)
async def genClaimInitData(self, schemaId: ID) -> ClaimInitDataType: pk = await self._wallet.getPublicKey(schemaId) ms = await self._wallet.getMasterSecret(schemaId) vprime = cmod.randomBits(LARGE_VPRIME) N = pk.N Rms = pk.Rms S = pk.S U = (S**vprime) * (Rms**ms) % N return ClaimInitDataType(U=U, vPrime=vprime)
def findSecretValues(encodedAttrs: Dict[str, T], unrevealedAttrs: Dict, creds: Dict[str, Credential], issuerPks: Dict[str, IssuerKey]): def getMTilde(unrevealedAttrs): mtilde = {} for key, value in unrevealedAttrs.items(): mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT)) mtilde[ZERO_INDEX] = cmod.integer(cmod.randomBits(LARGE_MVECT)) return mtilde def getRur(credDefPk, includedAttrs, mtilde, unrevealedAttrs): Rur = 1 % credDefPk.N for k, value in unrevealedAttrs.items(): if k in includedAttrs: Rur = Rur * (credDefPk.R[k] ** mtilde[k]) Rur *= credDefPk.R[ZERO_INDEX] ** mtilde[ZERO_INDEX] return Rur Aprime, vprime, eprime, etilde, vtilde, T = {}, {}, {}, {}, {}, {} mtilde = getMTilde(unrevealedAttrs) for issuer, credential in creds.items(): Ra = cmod.integer(cmod.randomBits(LARGE_VPRIME)) credDefPk = issuerPks[issuer] A, e, v = credential Aprime[issuer] = A * (credDefPk.S ** Ra) % credDefPk.N vprime[issuer] = (v - e * Ra) eprime[issuer] = e - (2 ** LARGE_E_START) etilde[issuer] = cmod.integer(cmod.randomBits(LARGE_ETILDE)) vtilde[issuer] = cmod.integer(cmod.randomBits(LARGE_VTILDE)) Rur = getRur(credDefPk, encodedAttrs[issuer], mtilde, unrevealedAttrs) T[issuer] = ((Aprime[issuer] ** etilde[issuer]) * Rur * ( credDefPk.S ** vtilde[issuer])) % credDefPk.N tildValue = TildValue(mtilde, etilde, vtilde) primeValue = PrimeValue(Aprime, vprime, eprime) return SecretValue(tildValue, primeValue, T)
def appendToProofCompWithPredicateData(proofComponent, predicate): for key, val in predicate.items(): x = self.credDefPks[key] # Iterate over the predicates for a given credential(issuer) for k, value in val.items(): delta = proofComponent.flatAttrs[k] - value if delta < 0: raise ValueError("Predicate is not satisfied") proofComponent.u = fourSquares(delta) for i in range(0, ITERATIONS): proofComponent.r[str(i)] = cmod.integer( cmod.randomBits(LARGE_VPRIME)) proofComponent.r[DELTA] = cmod.integer( cmod.randomBits(LARGE_VPRIME)) Tval = {} for i in range(0, ITERATIONS): Tval[str(i)] = (x.Z**proofComponent.u[i]) * ( x.S**proofComponent.r[str(i)]) % x.N proofComponent.utilde[str(i)] = cmod.integer( cmod.randomBits(LARGE_UTILDE)) proofComponent.rtilde[str(i)] = cmod.integer( cmod.randomBits(LARGE_RTILDE)) Tval[DELTA] = (x.Z**delta) * ( x.S**proofComponent.r[DELTA]) % x.N proofComponent.rtilde[DELTA] = cmod.integer( cmod.randomBits(LARGE_RTILDE)) proofComponent.CList.extend(get_values_of_dicts(Tval)) updateDict(proofComponent.C, key, TVAL, Tval) for i in range(0, ITERATIONS): proofComponent.TauList.append( (x.Z**proofComponent.utilde[str(i)]) * (x.S**proofComponent.rtilde[str(i)]) % x.N) proofComponent.TauList.append( (x.Z**proofComponent.tildeValues.mtilde[k]) * (x.S**proofComponent.rtilde[DELTA]) % x.N) proofComponent.alphatilde = cmod.integer( cmod.randomBits(LARGE_ALPHATILDE)) Q = 1 % x.N for i in range(0, ITERATIONS): Q *= Tval[str(i)]**proofComponent.utilde[str(i)] Q *= x.S**proofComponent.alphatilde % x.N proofComponent.TauList.append(Q) proofComponent.c = cmod.integer( get_hash( nonce, *reduce(lambda x, y: x + y, [proofComponent.TauList, proofComponent.CList])))
async def _prepareProof(self, claims: Dict[SchemaKey, ProofClaims], nonce) -> FullProof: m1Tilde = cmod.integer(cmod.randomBits(LARGE_M2_TILDE)) initProofs = {} CList = [] TauList = [] # 1. init proofs for schemaKey, val in claims.items(): c1, c2, revealedAttrs, predicates = val.claims.primaryClaim, val.claims.nonRevocClaim, val.revealedAttrs, val.predicates nonRevocInitProof = None if c2: nonRevocInitProof = await self._nonRevocProofBuilder.initProof( schemaKey, c2) CList += nonRevocInitProof.asCList() TauList += nonRevocInitProof.asTauList() primaryInitProof = None if c1: m2Tilde = cmod.integer(int( nonRevocInitProof.TauListParams.m2)) if nonRevocInitProof else None primaryInitProof = await self._primaryProofBuilder.initProof( schemaKey, c1, revealedAttrs, predicates, m1Tilde, m2Tilde) CList += primaryInitProof.asCList() TauList += primaryInitProof.asTauList() initProof = InitProof(nonRevocInitProof, primaryInitProof) initProofs[schemaKey] = initProof # 2. hash cH = self._get_hash(CList, TauList, nonce) # 3. finalize proofs proofs = [] schemaKeys = [] for schemaKey, initProof in initProofs.items(): schemaKeys.append(schemaKey) nonRevocProof = None if initProof.nonRevocInitProof: nonRevocProof = await self._nonRevocProofBuilder.finalizeProof( schemaKey, cH, initProof.nonRevocInitProof) primaryProof = await self._primaryProofBuilder.finalizeProof( schemaKey, cH, initProof.primaryInitProof) proofs.append(Proof(primaryProof, nonRevocProof)) return FullProof(cH, schemaKeys, proofs, CList)
def generateCredential(cls, uValue, attributes, pk, sk: CredDefSecretKey): """ Issue the credential for the defined attributes :param u: The `u` value provided by the prover :param attrs: The attributes for which the credential needs to be generated :return: The presentation token as a combination of (A, e, vprimeprime) """ u = strToCryptoInteger(uValue) if isinstance(uValue, str) else uValue if not u: raise ValueError("u must be provided to issue a credential") # Generate a random prime and # Set the Most-significant-bit to 1 vprimeprime = cmod.integer( cmod.randomBits(LARGE_VPRIME_PRIME) | (2**(LARGE_VPRIME_PRIME - 1))) # Generate prime number in the range (2^596, 2^596 + 2^119) estart = 2**LARGE_E_START eend = (estart + 2**LARGE_E_END_RANGE) e = get_prime_in_range(estart, eend) A = cls._sign(pk, attributes, vprimeprime, u, e, sk.p_prime, sk.q_prime) return A, e, vprimeprime
async def _initGeProof(self, schemaId, eqProof: PrimaryEqualInitProof, c1: PrimaryClaim, predicate: Predicate, claimAttributes: Dict[str, ClaimAttributeValues]) \ -> PrimaryPrecicateGEInitProof: # gen U for Delta pk = await self._wallet.getPublicKey(ID(schemaId=schemaId)) k, value = predicate.attrName, predicate.value delta = claimAttributes[k].encoded - value if delta < 0: raise ValueError("Predicate is not satisfied") u = fourSquares(delta) # prepare C list r = {} T = {} CList = [] for i in range(0, ITERATIONS): r[str(i)] = cmod.integer(cmod.randomBits(LARGE_VPRIME)) T[str(i)] = (pk.Z**u[str(i)]) * (pk.S**r[str(i)]) % pk.N CList.append(T[str(i)]) r[DELTA] = cmod.integer(cmod.randomBits(LARGE_VPRIME)) T[DELTA] = (pk.Z**delta) * (pk.S**r[DELTA]) % pk.N CList.append(T[DELTA]) # prepare Tau List utilde = {} rtilde = {} for i in range(0, ITERATIONS): utilde[str(i)] = cmod.integer(cmod.randomBits(LARGE_UTILDE)) rtilde[str(i)] = cmod.integer(cmod.randomBits(LARGE_RTILDE)) rtilde[DELTA] = cmod.integer(cmod.randomBits(LARGE_RTILDE)) alphatilde = cmod.integer(cmod.randomBits(LARGE_ALPHATILDE)) TauList = calcTge(pk, utilde, rtilde, eqProof.mTilde[k], alphatilde, T) return PrimaryPrecicateGEInitProof(CList, TauList, u, utilde, r, rtilde, alphatilde, predicate, T)
def generateVPrime(): return cmod.randomBits(LARGE_VPRIME)
def generateMasterSecret(): # Generate the master secret return cmod.integer(cmod.randomBits(LARGE_MASTER_SECRET))
def generateNonce(self): return cmod.integer(cmod.randomBits(LARGE_NONCE))
def generateNonce(self, interactionId): nv = cmod.integer(cmod.randomBits(LARGE_NONCE)) self.interactionDetail[str(nv)] = interactionId return nv
def getMTilde(unrevealedAttrs): mtilde = {} for key, value in unrevealedAttrs.items(): mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT)) mtilde[ZERO_INDEX] = cmod.integer(cmod.randomBits(LARGE_MVECT)) return mtilde
async def _genMasterSecret(self, schemaId: ID): ms = cmod.integer(cmod.randomBits(LARGE_MASTER_SECRET)) await self.wallet.submitMasterSecret(schemaId=schemaId, ms=ms)
def _getMTilde(self, unrevealedAttrs): mtilde = {} for key, value in unrevealedAttrs.items(): mtilde[key] = cmod.integer(cmod.randomBits(LARGE_MVECT)) return mtilde