search

decentralized-identity / bbs-signature

The BBS Signature Scheme
https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html
Apache License 2.0
80 stars 26 forks source link

Handle Subroutines ABORT #246

Open BasileiosKal opened 1 year ago

BasileiosKal commented 1 year ago

2 sugestions for the Ciphersuite format:

A. Points serialization:

The point serialization we use is curve agnostic. No reason to be defined in the Ciphersuite. We could simplify things and define them as global parameters.

B. expand_len definition:

After #243 is merged, we can define expand_len in the ciphersuite and impose requirements for its value in a way that expand_message will never fail. We can then remove all the if uniform_bytes is INVALID, return INVALID steps (and potentially even make hash_to_scalar to never fail if we remove the check for 0s).

BasileiosKal commented 1 year ago

Discussed on WG on 6th of Mar. Will revisit for draft 03 after we simplify Sign

BasileiosKal commented 1 year ago

Discussed on WG call on 13th of Mar. The current point serialization cannot be curve agnostic. Will update the test vectors to use un-compressed format and re visit this after.

BasileiosKal commented 1 year ago

Discussed on WG call 20th of Mar. Will consider having PK as a point, to not restrict key representation.

BasileiosKal commented 1 year ago

Discussed on WG call on 27th of Mar. Consensus is to define ciphersuite specific encodings with the addition to define PKs as points in the operation's input

BasileiosKal commented 1 year ago

Discussed on the WG on the 22nd of May. Will address after PR #257 is merged