BbsBlsSignature : Selective Disclosure

[marc4virono]

Hi,

I am interested to do some selective disclosure by using the Bbs algorithm. I noticed that this Bbs/Bls feature is not supported by your library. So I am trying to implement it.

Are you agree if I do this :

1. I create a byte[][] for the result of canonicalization function and it will contain the hash of each canonicalized attribute Example :

   // The result of the json-ld after the canonicalization
   // each line will be hashed (byte[i] = sha256(line[i]_bellow)) with sha256 return an array of byte
   <did:example:ebfeb1f712ebc6f1c276e12ec21> <http://schema.org/familyName> "Sporny" .
   <did:example:ebfeb1f712ebc6f1c276e12ec21> <http://schema.org/givenName> "Manu" .
   <did:example:ebfeb1f712ebc6f1c276e12ec21> <https://example.org/examples#college> <did:example:c276e12ec21ebfeb1f712ebc6f1> .
   <http://example.edu/credentials/1872> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://example.org/examples#UniversityDegreeCredential> .
   <http://example.edu/credentials/1872> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://www.w3.org/2018/credentials#VerifiableCredential> .
   <http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#credentialSubject> <did:example:ebfeb1f712ebc6f1c276e12ec21> .
   <http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#issuanceDate> "2010-01-01T19:73:24Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
   <http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#issuer> <https://example.edu/issuers/565049> .

2. I reproduce the same thing for the ld-proof
3. I edit all the class to call the signing function. The 'messages' is the result of the canonicalization (byte[][])

   
   Bbs.blsSign(this.getPrivateKey().secretKey, this.getPrivateKey().publicKey, messages);

5. To do some selective disclosure I will do this

    byte[] nonce = getNonce();
    byte[][] messages = getMessages(); //
    byte[] publicKey = getPublicKey();
    byte[] signature = getSignature();

    ProofMessage[] proofMessage = {
            //if("to reveal")
            new ProofMessage(ProofMessage.PROOF_MESSAGE_TYPE_REVEALED, messages[i], new byte[0]),
            //else("to hide")
            // new ProofMessage(ProofMessage.PROOF_MESSAGE_TYPE_HIDDEN_PROOF_SPECIFIC_BLINDING, messages[i], new byte[0]),
    };

    byte[] proof = new byte[0];
    byte[] bbsPublicKey = Bbs.blsPublicToBbsPublicKey(publicKey, messages.length);

    try {
        proof = Bbs.createProof(bbsPublicKey, nonce, signature, proofMessage);
    } catch (Exception exception) {
        exception.printStackTrace();
    }

Best regards.

[peacekeeper]

Hello @marc4virono, thanks for opening this issue!

You are 100% correct that a Bbs/Bls selective disclosure feature is not yet supported by the library. It would be great if you implement it, your general approach looks good! Feel free to go ahead with this and let us know if have any more questions/thoughts while working on it..

[marc4virono]

Hi, I am implementing it. I edited also this lib https://github.com/danubetech/key-formats-java.

[peacekeeper]

Great, let us know whenever you have something ready that you want us to review (in either key-formats-java or ld-signatures-java).

[marc4virono]

Hi, I have something, but I need to finalize some test. A quick question about JsonWebSignature2020LdSigner. How it's work ? I am not sure that this signer is ready

[peacekeeper]

Hmm I think JsonWebSignature2020LdSigner should work just fine, what's the issue with it? E.g. try this:

        JsonLDObject jsonLdObject = JsonLDObject.fromJson(new FileReader("input.jsonld"));

        byte[] testEd25519PrivateKey = Hex.decodeHex("984b589e121040156838303f107e13150be4a80fc5088ccba0b0bdc9b1d89090de8777a28f8da1a74e7a13090ed974d879bf692d001cddee16e4cc9f84b60580".toCharArray());

        JsonWebSignature2020LdSigner signer = new JsonWebSignature2020LdSigner(new Ed25519_EdDSA_PrivateKeySigner(testEd25519PrivateKey));
        signer.setCreated(new Date());
        signer.setProofPurpose(LDSecurityKeywords.JSONLD_TERM_ASSERTIONMETHOD);
        signer.setVerificationMethod(URI.create("https://example.com/jdoe/keys/1"));
        signer.setDomain("example.com");
        signer.setNonce("343s$FSFDa-");
        LdProof ldProof = signer.sign(jsonLdObject);

        System.out.println(jsonLdObject.toJson(true));

[marc4virono]

Alright perfect, nothing I just had not understood correctly how it's work. I believed that something was missing, but not. Does it support ES256 and ES384 as https://w3c-ccg.github.io/lds-jws2020/ ?