You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-irtf-cfrg-bbs-signatures.md
+5-5Lines changed: 5 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -60,11 +60,11 @@ A digital signature scheme is a fundamental cryptographic primitive that is used
60
60
61
61
Beyond the core properties of a digital signature scheme, the BBS signatures and proofs provide multiple additional unique properties. Three key ones are:
62
62
63
-
**Selective Disclosure** - The scheme allows a signer to sign multiple messages and produce a single -constant size- output signature. A holder/Prover then possessing the messages and the signature can generate a proof whereby they can choose which messages to disclose, while revealing no-information about the undisclosed messages. The proof itself guarantees the integrity and authenticity of the disclosed messages (e.g. that they were originally signed by the signer).
63
+
**Selective Disclosure** - The scheme allows a signer to sign multiple messages and produce a single -constant size- output signature. A Prover then possessing the messages and the signature can generate a proof whereby they can choose which messages to disclose, while revealing no-information about the undisclosed messages. The proof itself guarantees the integrity and authenticity of the disclosed messages (e.g. that they were originally signed by the signer).
64
64
65
65
**Unlinkable Proofs** - The proofs generated by the scheme are zero-knowledge, proofs-of-knowledge of the signature, meaning a verifying party in receipt of a proof is unable to determine which signature was used to generate the proof, removing a common source of correlation. In general, each BBS proof is indistinguishable from random even if generated from the same signature.
66
66
67
-
**Proof of Possession** - The proofs generated by the scheme prove to a verifier that the party who generated the proof (holder/Prover) was in possession of a signature without revealing it. The scheme also supports binding a presentation header to the generated proof. The presentation header can include arbitrary information such as a cryptographic nonce, an audience/domain identifier and or time based validity information (for more details on the presentation header, see (#header-and-presentation-header-usage)).
67
+
**Proof of Possession** - The proofs generated by the scheme prove to a verifier that the party who generated the proof (Prover) was in possession of a signature without revealing it. The scheme also supports binding a presentation header to the generated proof. The presentation header can include arbitrary information such as a cryptographic nonce, an audience/domain identifier and or time based validity information (for more details on the presentation header, see (#header-and-presentation-header-usage)).
68
68
69
69
Refer to the (#use-cases) for an elaboration on situations where these properties are useful.
70
70
@@ -1639,9 +1639,9 @@ Outputs:
1639
1639
Procedure:
1640
1640
1641
1641
1. W = octets_to_point_g2(PK)
1642
-
2. If W is INVALID, return INVALID
1642
+
2. if W is INVALID, return INVALID
1643
1643
3. if subgroup_check_G2(W) is INVALID, return INVALID
1644
-
4. If W == Identity_G2, return INVALID
1644
+
4. if W == Identity_G2, return INVALID
1645
1645
5. return W
1646
1646
```
1647
1647
@@ -2532,7 +2532,7 @@ BBS Signatures ofter an alternative model that solves the same problems that pro
BBS signatures when applied to the problem space of identity credentials can help to enhance user privacy. For example a digital drivers license that is cryptographically signed with a BBS signature, allows the holder or subject of the license to disclose different claims from their drivers license to different parties. Furthermore, the unlinkable presentations property of proofs generated by the scheme remove an important possible source of correlation for the holder across multiple presentations.
2535
+
BBS signatures when applied to the problem space of identity credentials can help to enhance user privacy. For example a digital drivers license that is cryptographically signed with a BBS signature, allows the holder or subject of the license (acting as the Prover of the BBS scheme) to disclose different claims from their drivers license to different parties. Furthermore, the unlinkable presentations property of proofs generated by the scheme remove an important possible source of correlation for the holder across multiple presentations.
0 commit comments