From c04c23d016212ec576285b1c6aaed432e474943a Mon Sep 17 00:00:00 2001 From: aritroCoder Date: Mon, 23 Oct 2023 20:48:12 +0530 Subject: [PATCH 1/5] NRP calculation done Signed-off-by: aritroCoder --- spec/data_flow_presentation_verify.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/spec/data_flow_presentation_verify.md b/spec/data_flow_presentation_verify.md index c67799b..974467e 100644 --- a/spec/data_flow_presentation_verify.md +++ b/spec/data_flow_presentation_verify.md @@ -81,9 +81,16 @@ the presentation for the NRP being processed, plus the accumulator from appropriate [[ref: RevRegEntry]], the following steps are carried out to verify the NRP. -:::todo -To Do: Outline the NRP verification calculation. -::: +Calculation for NRP: + +$$\widehat{T_1} \leftarrow E^{c_H}\cdot h^{\widehat{\rho}} \cdot \widetilde{h}^{\widehat{o}} $$ +$$\widehat{T_2} \leftarrow E^{\widehat{c}}\cdot h^{-\widehat{m}}\cdot\widetilde{h}^{-\widehat{t}}$$ +$$\widehat{T_3} \leftarrow\left(\frac{e(h_0\mathcal{G},\widehat{h})}{e(A,y)} \right)^{c_H} \cdot e(A,\widehat{h})^{\widehat{c}}\cdot (\widetilde{h},\widehat{h})^{\widehat{r}}\cdot e(\widetilde{h},y)^{-\widehat{\rho}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m}}\cdot e(h_1,\widehat{h})^{-\widehat{m_2}}\cdot e(h_2,\widehat{h})^{-\widehat{s}}$$ +$$\widehat{T_4} \leftarrow\left(\frac{e(\mathcal{G},\mathrm{acc})}{e(g,\mathcal{W})z}\right)^{c_H} \cdot e(\widetilde{h},\mathrm{acc})^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'}}$$ +$$\widehat{T_5} \leftarrow D^{c_H}\cdot g^{\widehat{r}}\widetilde{h}^{\widehat{o'}}$$ +$$\widehat{T_6} \leftarrow D^{\widehat{r''}}\cdot g^{-\widehat{m'}} \widetilde{h}^{-\widehat{t'}}$$ +$$\widehat{T_7} \leftarrow \left(\frac{e(pk\cdot\mathcal{G},\mathcal{S})}{e(g,g')}\right)^{c_H}\cdot e(pk\cdot \mathcal{G},\widehat{h})^{\widehat{r''}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m'}}\cdot e(\widetilde{h},\mathcal{S})^{\widehat{r}}$$ +$$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right)^{c_H}\cdot e(\widetilde{h},u)^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'''}}$$ :::todo To Do: Is there a separate process to bind the NRP to the credential? From c7e016c94d91687ddb5212da4e484750b9c0b477 Mon Sep 17 00:00:00 2001 From: aritroCoder Date: Sat, 28 Oct 2023 11:44:44 +0530 Subject: [PATCH 2/5] completed NRP verificiation section Signed-off-by: aritroCoder --- .vscode/settings.json | 3 ++- spec/data_flow_presentation_verify.md | 9 +++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index e3be3c2..7762627 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -2,5 +2,6 @@ "cSpell.words": [ "accum", "anoncreds" - ] + ], + "liveServer.settings.port": 5501 } diff --git a/spec/data_flow_presentation_verify.md b/spec/data_flow_presentation_verify.md index 974467e..01f70f7 100644 --- a/spec/data_flow_presentation_verify.md +++ b/spec/data_flow_presentation_verify.md @@ -85,16 +85,17 @@ Calculation for NRP: $$\widehat{T_1} \leftarrow E^{c_H}\cdot h^{\widehat{\rho}} \cdot \widetilde{h}^{\widehat{o}} $$ $$\widehat{T_2} \leftarrow E^{\widehat{c}}\cdot h^{-\widehat{m}}\cdot\widetilde{h}^{-\widehat{t}}$$ -$$\widehat{T_3} \leftarrow\left(\frac{e(h_0\mathcal{G},\widehat{h})}{e(A,y)} \right)^{c_H} \cdot e(A,\widehat{h})^{\widehat{c}}\cdot (\widetilde{h},\widehat{h})^{\widehat{r}}\cdot e(\widetilde{h},y)^{-\widehat{\rho}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m}}\cdot e(h_1,\widehat{h})^{-\widehat{m_2}}\cdot e(h_2,\widehat{h})^{-\widehat{s}}$$ +$$\widehat{T_3} \leftarrow\left(\frac{e(h_0\mathcal{G},\widehat{h})}{e(A,y)} \right)^{c_H} \cdot e(A,\widehat{h})^{\widehat{c}}\cdot e(\widetilde{h},\widehat{h})^{\widehat{r}}\cdot e(\widetilde{h},y)^{-\widehat{\rho}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m}}\cdot e(h_1,\widehat{h})^{-\widehat{m_2}}\cdot e(h_2,\widehat{h})^{-\widehat{s}}$$ $$\widehat{T_4} \leftarrow\left(\frac{e(\mathcal{G},\mathrm{acc})}{e(g,\mathcal{W})z}\right)^{c_H} \cdot e(\widetilde{h},\mathrm{acc})^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'}}$$ $$\widehat{T_5} \leftarrow D^{c_H}\cdot g^{\widehat{r}}\widetilde{h}^{\widehat{o'}}$$ $$\widehat{T_6} \leftarrow D^{\widehat{r''}}\cdot g^{-\widehat{m'}} \widetilde{h}^{-\widehat{t'}}$$ $$\widehat{T_7} \leftarrow \left(\frac{e(pk\cdot\mathcal{G},\mathcal{S})}{e(g,g')}\right)^{c_H}\cdot e(pk\cdot \mathcal{G},\widehat{h})^{\widehat{r''}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m'}}\cdot e(\widetilde{h},\mathcal{S})^{\widehat{r}}$$ $$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right)^{c_H}\cdot e(\widetilde{h},u)^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'''}}$$ -:::todo -To Do: Is there a separate process to bind the NRP to the credential? -::: +Then all these values are added to $\hat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ +Now, if $\widehat{c_H} = c_H$ then the proof is valid. + +The NRP is bound to the credential by the $\widehat{m_2}$ value that is present in the proof. The verification code MUST surface to the [[ref: verifier]] if any part of the presentation, including any NRP(s), fail cryptographic verification. The From 4cf028442ee2ffa53c4ed6a7243bd0eaa7e03f7c Mon Sep 17 00:00:00 2001 From: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> Date: Tue, 31 Oct 2023 13:26:24 +0530 Subject: [PATCH 3/5] Update spec/data_flow_presentation_verify.md Co-authored-by: Michael Lodder Signed-off-by: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> --- spec/data_flow_presentation_verify.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/data_flow_presentation_verify.md b/spec/data_flow_presentation_verify.md index 01f70f7..c235f6f 100644 --- a/spec/data_flow_presentation_verify.md +++ b/spec/data_flow_presentation_verify.md @@ -92,7 +92,7 @@ $$\widehat{T_6} \leftarrow D^{\widehat{r''}}\cdot g^{-\widehat{m'}} \widetilde{ $$\widehat{T_7} \leftarrow \left(\frac{e(pk\cdot\mathcal{G},\mathcal{S})}{e(g,g')}\right)^{c_H}\cdot e(pk\cdot \mathcal{G},\widehat{h})^{\widehat{r''}}\cdot e(\widetilde{h},\widehat{h})^{-\widehat{m'}}\cdot e(\widetilde{h},\mathcal{S})^{\widehat{r}}$$ $$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right)^{c_H}\cdot e(\widetilde{h},u)^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'''}}$$ -Then all these values are added to $\hat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ +Then all these values are added to $\widehat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ Now, if $\widehat{c_H} = c_H$ then the proof is valid. The NRP is bound to the credential by the $\widehat{m_2}$ value that is present in the proof. From fbd8a4989f393416c86261d544f184db1a296790 Mon Sep 17 00:00:00 2001 From: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> Date: Tue, 31 Oct 2023 13:26:51 +0530 Subject: [PATCH 4/5] Update spec/data_flow_presentation_verify.md Co-authored-by: Michael Lodder Signed-off-by: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> --- spec/data_flow_presentation_verify.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/data_flow_presentation_verify.md b/spec/data_flow_presentation_verify.md index c235f6f..8826b94 100644 --- a/spec/data_flow_presentation_verify.md +++ b/spec/data_flow_presentation_verify.md @@ -95,7 +95,7 @@ $$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right Then all these values are added to $\widehat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ Now, if $\widehat{c_H} = c_H$ then the proof is valid. -The NRP is bound to the credential by the $\widehat{m_2}$ value that is present in the proof. +The NRP is bound to the primary credential by the $\widehat{m_2}$ value that is presented in both proofs. The verification code MUST surface to the [[ref: verifier]] if any part of the presentation, including any NRP(s), fail cryptographic verification. The From 5e40d1511044a95601003f8fb6a15bd0e9ab2aeb Mon Sep 17 00:00:00 2001 From: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> Date: Tue, 31 Oct 2023 13:27:39 +0530 Subject: [PATCH 5/5] Update spec/data_flow_presentation_verify.md Co-authored-by: Michael Lodder Signed-off-by: Aritra Bhaduri <92646038+aritroCoder@users.noreply.github.com> --- spec/data_flow_presentation_verify.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/data_flow_presentation_verify.md b/spec/data_flow_presentation_verify.md index 8826b94..a66aca7 100644 --- a/spec/data_flow_presentation_verify.md +++ b/spec/data_flow_presentation_verify.md @@ -93,7 +93,7 @@ $$\widehat{T_7} \leftarrow \left(\frac{e(pk\cdot\mathcal{G},\mathcal{S})}{e(g,g' $$\widehat{T_8} \leftarrow \left(\frac{e(\mathcal{G},u)}{e(g,\mathcal{U})}\right)^{c_H}\cdot e(\widetilde{h},u)^{\widehat{r}}\cdot e(1/g,\widehat{h})^{\widehat{r'''}}$$ Then all these values are added to $\widehat{T}$. This is then added with the validity proof which when hashed with $\mathcal{C}$ and $n_1$(recieved from [[ref: holder]]) re constructs the challenge hash $\widehat{c_H}$ -Now, if $\widehat{c_H} = c_H$ then the proof is valid. +If $\widehat{c_H} = c_H$, then the proof is valid. The NRP is bound to the primary credential by the $\widehat{m_2}$ value that is presented in both proofs.