Require using Schnorr proofs from signature proof for predicates #42
Conversation
Signed-off-by: Michael Lodder <[email protected]>
|
Thanks, Mike. @mark-moir — love to get your review of this. |
There was a problem hiding this comment.
Thanks @mikelodder7, nice work! I have made a few comments and suggestions, but overall I think the approach is effective to ensure that predicate proofs are tied to signed attributes.
I have not reviewed the changes to BBS, which reportedly are (mostly?) not related to the issue being addressed in this PR (as signaled in both PR description and commit comment). IMO, those should be in a different PR explicitly for that purpose. I'd be happy to re-review this PR if those changes are removed from this one (I'd prefer that this one be completed first and then the BBS changes unrelated to this issue be done in a subsequent PR, but will do my best either way).
It seems I do not have sufficient privileges to "Request Changes", so my request is in this comment 😄.
|
The changes to BBS were required to also fix this. I’ll not be breaking those apart |
|
The eprint uses a signature blinding in the proof making predicate proof linking impossible. Thus the revert to IETF. |
I see, thanks @mikelodder7. So I will change my request 😄: Please:
I have not reviewed the BBS signature changes in detail (not sure if I'll have time, but in any case I'd like to know what document to reference and the status of the implementation w.r.t. that document). However, I have looked a bit at the changes now w.r.t. the stated purpose of this PR and am happy with them at that level. I also have a couple more small comments, to follow. |
Signed-off-by: Michael Lodder <[email protected]>
Before, each predicate proof kept a copy of the hidden message proof. However, this wasn't checked against the signature proof. This PR removes the copy and just uses the signature proof hidden message proofs directly which guarantees to check if hidden messages were manipulated.