Skip to content

mobilesec/DAC-from-EQS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Delegatable Anonymous Credentials From Equivalence Class Signatures

This repository contains an implementation of a novel delegatable anonymous credentials (DAC) scheme presented in the paper Practical Delegatable Anonymous Credentials From Equivalence Class Signatures (PETS 2023), showcasing its performance and practicality.

The proposed DAC scheme provides anonymity for delegations, supports attributes, and is efficiently constructed using a new primitive called Structure-Preserving Signatures on Equivalence Classes on Updatable Commitments (SPSEQ-UC). This approach enables the owners of credentials to delegate them to other users, modeling hierarchies as encountered in public-key infrastructures (PKIs) while providing strong privacy guarantees for authentication and access control.

The implementation includes optimizations such as cross-set commitment aggregation and Schnorr-style discrete-logarithm zero-knowledge proofs and using Damgard's technique for obtaining malicious-verifier interactive zero-knowledge proofs of knowledge and etc., allowing for selective and efficient showings in the DAC without using costly zero-knowledge proofs (i.e., proving knowledge of signature and hidden attributes).

Warning:

This implementation has not been audited and is not ready for a productive use. The library is provided for research-purpose only and is still not meant to be used in production.

System Requirements

The following system requirements must be met in order to run the code:

  • Linux operating system
  • x86_64 architecture

Note that the software has only been tested on Linux/x86_64 and may not work on other platforms.

Getting started

Library is built on top of petlib and bplib . To install the development dependencies run the following commands inside the cloned repository:

  1. Install nix with the required experimental features from determinate systems

        curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
    
  2. Run:

         nix develop
    

This will activate the development environment with the required dependencies.

Run tests with nix

To run the tests in a precisely defined python environment using Nix

     nix develop -c pytest -s -v tests/

Documentation

The source codes are in core file and is written in Python. Below, we describe each module:

  • set_commit.py : This module provides an implementation of set commitments that takes a set of messages in string format as input and outputs a set commitment and opening information. The module allows users to create a witness to open any subset of messages, and a verifier can use the witness to confirm that the subset is indeed a subset of the original message set.

     SetCommitment
    

Additionally, the module implements a cross-set commitment. This feature enables the aggregation of witnesses across multiple commitments into a single witness,enables batching verification, which further enhances the efficiency of the implementation.

  CrossSetCommitment(SetCommitment)
  • spseq_uc.py : This module provides an implementation of the SPSQE-UC signature scheme, which is referred to as EQC_Sign class. The scheme is a special signature scheme that can sign vectors of set commitments, which can be extended by additional set commitments. The signatures generated by the scheme also include a user's public key, which can be switched. Also, the module offers the ability to randomize the set commitment and to randomize and adapt the signature to it. This feature enables the creation of signatures and set commitments that are unlinkable and improves the privacy guarantees of the overall system.

  • util.py : This module provides all the common requirements for other schemes. It contains a collection of utility functions that are used across multiple modules in the system.

  • zkp.py : This module provides a collection of zero-knowledge proof (ZKP) implementations in Schnorr style. These include:

    1. Schnorr (interactive) proof of the statement ZK(x ; h = g^x).

      ZKP_Schnorr
      
    2. Schnorr proof (non-interactive using Fiat-Shamir heuristic) of the statement ZK(x, m_1, ..., m_n; h = g^x and h_1^m_1...h_n^m_n) and a generalized version.

      ZKP_Schnorr_FS
      
    3. Damgard's technique that extend interactive proof for obtaining malicious-verifier interactive zero-knowledge proofs of knowledge.

      Damgard_Transfor(ZKP_Schnorr)  
      
  • dac.py : This module is provided as a DAC class in Python. It requires the above modules and has the following methods:

    1. setup(self): Generates the public parameters of the DAC scheme, including the signing and set commitment and zero-knowledge proofs. It also creates objects of the underlying schemes.

    2. user_keygen(self, pp_dac): Generates a key pair for a user.

    3. nym_gen(self, pp_dac, usk, upk): Generates a new pseudonym and auxiliary information.

    4. issue_cred(self, pp_dac, attr_vector, sk, nym_u, k_prime, proof_nym_u): Issues a root credential to a user.

    5. proof_cred(self, pp_dac, nym_R, aux_R, cred_R, Attr, D): Generates a proof of a credential for a given pseudonym and selective disclosure D.

    6. verify_proof(self, pp_dac, proof, D): verify proof of a credential

    7. delegator(self, pp_dac, cred_u, A_l, l, sk_u, proof_nym) and delegatee(self, pp_dac, cred, A_l, sk_R, nym_R): Create a delegatable credential from user U to a user R.

Usage

An easy way to see how to use the library can be found on the tests.

Acknowledgements

I want to express my sincere thanks to Martin Schwaighofer for his support and assistance in using nix manager to build the library.

Citation:

If you use our code, please cite our paper:

 @misc{cryptoeprint:2022/680,
  author = {Omid Mir and Daniel Slamanig and Balthazar Bauer and René Mayrhofer},
  title = {Practical Delegatable Anonymous Credentials From Equivalence Class Signatures},
  howpublished = {Cryptology ePrint Archive, Paper 2022/680},
  year = {2022},
  note = {\url{https://eprint.iacr.org/2022/680}},
  url = {https://eprint.iacr.org/2022/680}
 }

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published