fix: create proof with invalid message set (#81)

Author: mikelodder7

__tests__/bbsSignature/createProof.bbsSignature.spec.ts

@@ -70,7 +70,7 @@ describe("bbsSignature", () => {
       expect(proof.length).toEqual(380); //TODO add a reason for this and some constants?
     });
 
-    it("should create proof revealing single messages from multi-message signature", () => {
+    it("should create proof revealing single message from multi-message signature", () => {
       const messages = ["J42AxhciOVkE9w==", "PNMnARWIHP+s2g==", "ti9WYhhEej85jw=="];
 
       const bbsPublicKey = base64Decode(
@@ -159,14 +159,14 @@ describe("bbsSignature", () => {
       expect(proof.length).toEqual(380); //TODO add a reason for this and some constants?
     });
 
-    it("should create proof revealing single messages from multi-message signature", () => {
-      const messages = ["J42AxhciOVkE9w==", "PNMnARWIHP+s2g==", "ti9WYhhEej85jw=="];
+    it("should create proof revealing single message from multi-message signature", () => {
+      const messages = ["uiSKIfNoO2rMrA==", "lMoHHrFx0LxwAw==", "wdwqLVm9chMMnA=="];
 
       const blsPublicKey = base64Decode(
-        "hmkyvMRoyPLss8TOaencpCmin1Lm0uW8+/N3ZI/ekj/LhCcr4EGCT3rpalTyyNa7B97znLHxW4mijINkyfRhNwSsWxCXHnzFShj3sT4jsCzaGQMqccdZU5qEkpmg9Isl"
+        "V3FW9jlCSwPYOr7SVFXID0nytBj/e6wHoc8dK0Kn3pkckX2+UVKVgpCsFdSweJyvAc9wk6suCxmFJtfojw8BQmG3DtHbyHFWqgxIk9JyH2ZlR6fxtvZKkSlc0LDHHSN2"
       );
       const signature = base64Decode(
-        "D3+1eJbJ3FgSNAq5IoZDUAEC2haOw4F1h2+wsoyfKRIfIwatCfJ5x5apyXnqfLnuAr/tunzDy+xE00CdLvwp9cMKqgphbiqHMXFfAAIPYiMjQZmnrvty6cHCD3nbLTajWuJKB7uM5UTiixByY//GHA=="
+        "AgRmGhPpX/BhxmMHSgRjkjm8v2v7ZT+D4lLbOhQZkU1o8pic21gOPuP6tRBbNKByDWrM4usV+wQgncqA7KdbWbHl3u8PDZvoCsFs2JVs+nAJdK7/BMmAPu1bncufslXMdp9RjXCDYlHfxbYVKhQotQ=="
       );
 
       const request: BbsCreateProofRequest = {
@@ -182,13 +182,13 @@ describe("bbsSignature", () => {
     });
 
     it("should create proof revealing multiple messages from multi-message signature", () => {
-      const messages = ["J42AxhciOVkE9w==", "PNMnARWIHP+s2g==", "ti9WYhhEej85jw=="];
+      const messages = ["uiSKIfNoO2rMrA==", "lMoHHrFx0LxwAw==", "wdwqLVm9chMMnA=="];
 
       const blsPublicKey = base64Decode(
-        "hmkyvMRoyPLss8TOaencpCmin1Lm0uW8+/N3ZI/ekj/LhCcr4EGCT3rpalTyyNa7B97znLHxW4mijINkyfRhNwSsWxCXHnzFShj3sT4jsCzaGQMqccdZU5qEkpmg9Isl"
+        "V3FW9jlCSwPYOr7SVFXID0nytBj/e6wHoc8dK0Kn3pkckX2+UVKVgpCsFdSweJyvAc9wk6suCxmFJtfojw8BQmG3DtHbyHFWqgxIk9JyH2ZlR6fxtvZKkSlc0LDHHSN2"
       );
       const signature = base64Decode(
-        "D3+1eJbJ3FgSNAq5IoZDUAEC2haOw4F1h2+wsoyfKRIfIwatCfJ5x5apyXnqfLnuAr/tunzDy+xE00CdLvwp9cMKqgphbiqHMXFfAAIPYiMjQZmnrvty6cHCD3nbLTajWuJKB7uM5UTiixByY//GHA=="
+        "AgRmGhPpX/BhxmMHSgRjkjm8v2v7ZT+D4lLbOhQZkU1o8pic21gOPuP6tRBbNKByDWrM4usV+wQgncqA7KdbWbHl3u8PDZvoCsFs2JVs+nAJdK7/BMmAPu1bncufslXMdp9RjXCDYlHfxbYVKhQotQ=="
       );
 
       const request: BbsCreateProofRequest = {

__tests__/bbsSignature/verifyProof.bbsSignature.spec.ts

@@ -11,8 +11,9 @@
  * limitations under the License.
  */
 
-import { BbsVerifyProofRequest, verifyProof, blsVerifyProof } from "../../src";
+import { BbsVerifyProofRequest, verifyProof, blsVerifyProof, BbsCreateProofRequest } from "../../src";
 import { Coder } from "@stablelib/base64";
+import { createProof } from "../../lib";
 
 const base64Decode = (string: string): Uint8Array => {
   const coder = new Coder();
@@ -106,6 +107,59 @@ describe("bbsSignature", () => {
 
       expect(verifyProof(request).verified).toBeFalsy();
     });
+
+    it("should not verify with a message that wasn't signed", () => {
+      // Expects messages to be ["Message1", "Message2", "Message3", "Message4"];
+      const messages = ["BadMessage1", "Message2", "Message3", "Message4"];
+      const bbsPublicKey = base64Decode(
+        "S+bRoSJJOet/8hKDpXFV+8TXzg0gPcD64lMFtIUzhYtMJAnNqfJRJnFIS0Vs2VC8AK6MBa6TYgILMqVv4RTSEl3H66mOF6jrEOHelKGlkJCNY8u3bI2aXrmqTkhnjxck"
+      );
+      const proof = base64Decode(
+        "hB0FDeTQc5KEm00wG5HNRvCJ6uoA9flPeTv08PGQct5URoP+mxn6K4hmgRFUMPDZGGspwrc4fCs5SDF+O0nbSyHNLRemj8IMsoruTqhLWrqDWxDhdDDoPYZ4uYoOGIuTBoJqxkv9uFjDRiRnINGvcIJ+QV2iwzwesAHcFmQnxOu/UBEm4XMCDiU93HABZn1uAAAAdJbRgZKb314nZ/PcSUH79GQacq9OAtiOfrCxyaVL5Nt8wXmoY0ri9cBF3XzrySjY7QAAAAIfsXyZmQFTmcislP+mYAk+9nl3V7hTQnc6VIz1Vzayyyses57/fYftogle+iFyMP9kfMujXAf0AOx268LFfZnuA4+PYfY+mH1l/ieGMkvaTFRrfi+sfxFX14wCTH8Qy7Z4+DjTUIPIBGwqCMiBWZ3ZAAAABUtLeqN3HfQNyXQNf7A5MKx00tYvssxatlylAv+lmU2cD2ke0dY7hltzXgGFJ8LjtPIe6uMlZdmdu6+l/0IHK4RGYhEYGwZ4NHu6mlydV/7XiFpJKd9vtmfGBYXU6nXHkxGZ3I0D3FfFFA30B/UFBYqGZ7EKFIObMmvmcQWbTFkkHYAlabXh2RAVSlTmNL+NrIu1LbLW0CBExF4f+H8kZmM="
+      );
+
+      const request: BbsVerifyProofRequest = {
+        proof,
+        publicKey: bbsPublicKey,
+        messageCount: 4,
+        messages,
+        nonce: "0123456789",
+        revealed: [0],
+      };
+      expect(verifyProof(request).verified).toBeFalsy();
+    });
+  });
+
+  it("should not verify with revealed message that was supposed to be hidden", () => {
+    const messages = ["Message1", "Message2", "Message3", "Message4"];
+    const signature = base64Decode(
+      "jps9JChJlTj8upAO+S+0PFH1FFjEC/6wsACGO8sDnsDtH53KbWhiN7Xo/UpAe3q2CydfRcjUi3oOTfxj+IOC9dooSjsfy4WXwBIwAKuD74tc1B+b9ORf/SM2+EM3BVLdPmgj8i4gA1NTdQdbyznHQg=="
+    );
+    const bbsPublicKey = base64Decode(
+      "S+bRoSJJOet/8hKDpXFV+8TXzg0gPcD64lMFtIUzhYtMJAnNqfJRJnFIS0Vs2VC8AK6MBa6TYgILMqVv4RTSEl3H66mOF6jrEOHelKGlkJCNY8u3bI2aXrmqTkhnjxckD1f1djGEQgco//uD1BMpDNmv/OMlQqECeBeev7wJnkXFDfiO6Dw1TvAqTo1HyHcAAAAABI0jHoOG0vFL+EGcD4P5yGs4rlO17j/6dYqrltPk8PwMfe9pDK6zPFcdRbXpFgUHvQTwjgDAEee7S318rCU0h665rUq8ZXJ2R2rS0UpvoHuy+29oJsBWQeIxquKH8pt0YRTZbFJQ+o+6rFrzHyRFcYz9y3f8BsG7wuRsmkENYLfWVUN9MFhfrmEu8re5/ZWmZwxbPPEi7Lo45QS9BQdFPmvRC+GcKP5hfdKz2HulxyJcBnxFmguFoZgldmZGrvmGew=="
+    );
+    const nonce = "0123456789";
+
+    const proofRequest: BbsCreateProofRequest = {
+      signature,
+      publicKey: bbsPublicKey,
+      messages,
+      revealed: [0],
+      nonce,
+    };
+    const proof = createProof(proofRequest);
+
+    const proofMessages = ["BadMessage9"];
+    const request = {
+      proof,
+      publicKey: bbsPublicKey,
+      messageCount: 4,
+      messages: proofMessages,
+      nonce,
+      revealed: [0],
+    };
+
+    expect(verifyProof(request).verified).toBeFalsy();
   });
 
   describe("blsVerifyProof", () => {

__tests__/bls12381.spec.ts

@@ -29,11 +29,23 @@ describe("bls12381", () => {
   });
 
   it("should be able to generate a key pair with a seed", () => {
-    const seed = randomBytes(50);
-    const result = generateBls12381KeyPair(seed);
+    const result = generateBls12381KeyPair(
+      new Uint8Array(new Buffer("H297BpoOgkfpXcxr1fJyQRiNx1+ZekeQ+OU/AYV/lVxaPXXhFBIbxeIU8kIAAX68cwQ=", "base64"))
+    );
     expect(result.publicKey).toBeDefined();
     expect(result.secretKey).toBeDefined();
     expect(result.secretKey?.length as number).toEqual(DEFAULT_BLS12381_PRIVATE_KEY_LENGTH);
     expect(result.publicKey.length).toEqual(DEFAULT_BLS12381_PUBLIC_KEY_LENGTH);
+    expect(result.publicKey).toEqual(
+      new Uint8Array(
+        new Buffer(
+          "ha+sckj0C+dXR6IPUfxGJMCc3XHkGgoDz2PHPMVrMMhJXSGO5y7VrAHrZt64MThKGXE+SAOTHFS5jGoP5uHWvhabYHuIlHLpZHiLyg2m4sc6yfMG3tloUxLY+TiaeQCG",
+          "base64"
+        )
+      )
+    );
+    expect(result.secretKey as Uint8Array).toEqual(
+      new Uint8Array(new Buffer("Ovy0NyLx6ET9/AkuSmxw7X3IGMRq4IqrmFRfzWf/QvQ=", "base64"))
+    );
   });
 });

jest.config.js

@@ -6,8 +6,8 @@ module.exports = {
   testPathIgnorePatterns: ["/node_modules/", "/output/"],
   testRegex: [".spec.ts$"],
   moduleFileExtensions: ["ts", "tsx", "js", "jsx", "json", "node"],
-  coveragePathIgnorePatterns: ["<rootDir>/__tests__"],
+  coveragePathIgnorePatterns: ["<rootDir>/__tests__", "<rootDir>/lib"],
   verbose: true,
   name: pack.name,
   displayName: pack.name,
-};
+};

native/Cargo.lock

@@ -1 +1,17 @@
-{"active":"release","targets":{"release":{"rustc":"","env":{"npm_config_target":null,"npm_config_arch":null,"npm_config_target_arch":null,"npm_config_disturl":null,"npm_config_runtime":null,"npm_config_build_from_source":null,"npm_config_devdir":null}}}}
+{
+  "active": "release",
+  "targets": {
+    "release": {
+      "rustc": "",
+      "env": {
+        "npm_config_target": null,
+        "npm_config_arch": null,
+        "npm_config_target_arch": null,
+        "npm_config_disturl": null,
+        "npm_config_runtime": null,
+        "npm_config_build_from_source": null,
+        "npm_config_devdir": null
+      }
+    }
+  }
+}

native/artifacts.json

@@ -22,7 +22,7 @@ const DOMAIN_SEPARATION_TAG: &str = "BBSSignature2020";
 /// Computed by calling
 ///
 /// SecretKey::from_msg_hash(b"aaaaaaaa");
-// const SECRET_KEY: &str = "GztATHHZwdAp9wwEiHIshRDi4wMZJjKq0pT5etGII3g=";
+const SECRET_KEY: &str = "GztATHHZwdAp9wwEiHIshRDi4wMZJjKq0pT5etGII3g=";
 
 /// Computed by calling
 ///
@@ -254,6 +254,60 @@ fn proof_with_8_messages() {
     // assert_eq!(proved_messages, vec![SignatureMessage::from_msg_hash(b"Message9")])
 }
 
+#[ignore]
+#[test]
+fn print() {
+    let sk = get_secret_key(SECRET_KEY);
+    let dpk = get_public_key(PUBLIC_KEY);
+    let dst = get_dst(DOMAIN_SEPARATION_TAG);
+
+    let messages = vec![
+        SignatureMessage::from_msg_hash(b"Message1"),
+        SignatureMessage::from_msg_hash(b"Message2"),
+        SignatureMessage::from_msg_hash(b"Message3"),
+        SignatureMessage::from_msg_hash(b"Message4")
+    ];
+    let pk = dpk.to_public_key(4, dst).unwrap();
+    let sig = Signature::new(messages.as_slice(), &sk, &pk).unwrap();
+    println!("pk  = {}", base64::encode(&pk.to_compressed_bytes()[..]));
+    println!("sig = {}", base64::encode(&sig.to_compressed_bytes()[..]));
+
+    let nonce = SignatureNonce::from_msg_hash(b"0123456789");
+    let proof_request = Verifier::new_proof_request(&[0], &pk).unwrap();
+
+    // Sends `proof_request` and `nonce` to the prover
+    let proof_messages = vec![
+        pm_revealed!(b"Message1"),
+        pm_hidden!(b"Message2"),
+        pm_hidden!(b"Message3"),
+        pm_hidden!(b"Message4"),
+    ];
+
+    let pok = Prover::commit_signature_pok(&proof_request, proof_messages.as_slice(), &sig)
+        .unwrap();
+
+    // complete other zkps as desired and compute `challenge_hash`
+    // add bytes from other proofs
+
+    let mut challenge_bytes = Vec::new();
+    challenge_bytes.extend_from_slice(pok.to_bytes().as_slice());
+    challenge_bytes.extend_from_slice(&nonce.to_bytes()[..]);
+
+    let challenge = SignatureNonce::from_msg_hash(&challenge_bytes);
+
+    let proof = Prover::generate_signature_pok(pok, &challenge).unwrap();
+    println!("proof = {}", base64::encode(&proof.proof.to_compressed_bytes()[..]));
+
+    let res = Verifier::verify_signature_pok(&proof_request, &proof, &nonce);
+
+    assert!(res.is_ok());
+    let proved_messages = res.unwrap();
+
+    proof_request.revealed_messages = BTreeSet::new();
+    proof_request.revealed_messages.insert(1);
+    proof.revealed_messages = vec![SignatureMessage::from_msg_hash(b"Message2")];
+}
+
 fn get_dst(dst: &str) -> DomainSeparationTag {
     DomainSeparationTag::new(dst.as_bytes(), None, None, None).unwrap()
 }
@@ -263,10 +317,10 @@ fn get_public_key(key: &str) -> DeterministicPublicKey {
     DeterministicPublicKey::from(*array_ref![dpk_bytes, 0, COMPRESSED_DETERMINISTIC_PUBLIC_KEY_SIZE])
 }
 
-// fn get_secret_key(key: &str) -> SecretKey {
-//     let sk_bytes = base64::decode(key).unwrap();
-//     SecretKey::from(array_ref![sk_bytes, 0, COMPRESSED_SECRET_KEY_SIZE])
-// }
+fn get_secret_key(key: &str) -> SecretKey {
+    let sk_bytes = base64::decode(key).unwrap();
+    SecretKey::from(array_ref![sk_bytes, 0, COMPRESSED_SECRET_KEY_SIZE])
+}
 
 fn get_signature(sig: &str) -> Signature {
     let sig_bytes = base64::decode(sig).unwrap();

native/tests/vectors.rs

@@ -28,7 +28,7 @@ export interface BbsVerifyProofRequest {
    */
   readonly messages: readonly string[];
   /**
-   * Zero based indicies of the revealed messages in original signature
+   * Zero based indices of the revealed messages in original signature
    */
   readonly revealed: readonly number[];
   /**