bbs-signature
bbs-signature copied to clipboard
decentralized-identity
The BBS Signature Scheme
As members of the WG have noted (thanks @christianpaquin, @tmarkovski!!), the current [EncodeForHash](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html#name-encodeforhash) section is confusing and prone to error. Especially the part about encoding octet strings. A possible solution...
In order to facilitate interoperability this specification should contain a set of test vectors for the cryptographic structures defined
This is a tracking issue to address [comments](https://github.com/decentralized-identity/bbs-signature/pull/221#issuecomment-1283168657) made by @tmarkovski around test vectors and the spec in general!
The proof gen procedure [defines](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html#name-proofgen) `D = B * r1 + Q_1 * r2`. Everywhere below it's used with `-`. Can we change the sign of the definition and declare...
As noted by @mikelodder7, in the document we don't yet discuss the integers (i.e., scalars mod r) serialization. More specifically, since we have a description for the byte length of...
After inspection of the code, I found some [examples](https://github.com/decentralized-identity/bbs-signature/blob/3e69a8b16fd7788993e9d3a8849f311ade47fc5e/tooling/message-generators/src/main.rs#L117) where a random scalar is chosen then multiplied by a point. While not inherently insecure, there is the potential side channel...
When using the public key as input to Sign, Verify etc., we can define it either as a point of G2 or as an octet string. Rn we do the...
Since we don't use HKDF anywhere else and aren't trying to be compatible with the BLS signatures spec (different salt). It's a bit odd using camel case for the input...
Currently we allow seeds with different scopes but it is not clear how a signature specific seed is going to be used since it is passed as a parameter to...