blindsig_ps16

Pointcheval-Sanders Short Randomizable Signatures (PS16)

Authors: David Pointcheval, Olivier Sanders

Title: “Short Randomizable Signatures”

Published in: RSA Conference on Topics in Cryptology, 2016

Available from: https://dl.acm.org/doi/10.1007/978-3-319-29485-8_7

Notes: Implements single/multi message signatures and blind signatures

Scheme Properties

• Type: blind signature

• Setting: bilinear groups (asymmetric)

• Assumption: PS assumption

Implementation

Authors:

Ahmed Bakr

Date:

04/2023

class blindsig_ps16.PS_BlindMultiMessageSig(groupObj)

Bases: PS_BlindSig

blind(messages, pk)

This function takes a message and blinds it to return a blinded message. Inputs:

• messages: List of messages to be blinded

• pk: pk is needed to know some of the public parameters used in message blinding

Outputs:

• C: A blinded message

• t: Blind random value

keygen(num_messages)

This function is used to generate the secret key and the public key of the signer Outputs:

• sk: Secret key

• pk: public key

sign(sk, pk, blinded_message)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• pk: Public key of the signer

• blinded_message: A blinded message to be signed

Outputs:

• sigma_dash: Signature on the blinded message

unblind(blinded_sig, t)

This function takes a blinded signature and returns the unblinded signature Inputs:

• blinded_sig: Blinded signature

• t: random number used to blind the original message

Outputs:

• sigma: unblinded signature

verify(messages, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• messages: List of messages

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.PS_BlindSig(groupObj)

Bases: PS_Sig

blind(message)

This function takes a message and blinds it to return a blinded message. Inputs:

• message: message to be blinded

Outputs:

• blinded_message: A blinded message

keygen()

This function is used to generate the secret key and the public key of the signer

proof_of_knowledge_of_commitment_secrets(t, messages, blinded_message, pk, group_obj, debug)

This function runs shnorr’ interactive proof of knowledge

sign(sk, blinded_message)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• blinded_message: A blinded message to be signed

Outputs:

• sigma_dash: Signature on the blinded message

unblind(blinded_sig, t)

This function takes a blinded signature and returns the unblinded signature Inputs:

• blinded_sig: Blinded signature

• t: random number used to blind the original message

Outputs:

• sigma: unblinded signature

verify(message, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• message: The message

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.PS_BlindSingleMessageSig(groupObj)

Bases: PS_BlindSig

blind(message, pk)

This function takes a message and blinds it to return a blinded message. Inputs:

• message: message to be blinded

• pk: pk is needed to know some of the public parameters used in message blinding

Outputs:

• C: A blinded message

• t: Blind random value

keygen()

This function is used to generate the secret key and the public key of the signer Outputs:

• sk: Secret key

• pk: public key

sign(sk, pk, blinded_message)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• pk: Public key of the signer

• blinded_message: A blinded message to be signed

Outputs:

• sigma_dash: Signature on the blinded message

unblind(blinded_sig, t)

This function takes a blinded signature and returns the unblinded signature Inputs:

• blinded_sig: Blinded signature

• t: random number used to blind the original message

Outputs:

• sigma: unblinded signature

verify(message, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• message: The message

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.PS_Sig(groupObj)

Bases: PKSig

keygen()

This function is used to generate the secret key and the public key of the signer

sign(sk, message)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• message: message to be signed

Outputs:

• sigma: Signature on the message

verify(message, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• message: The message

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.PS_SigMultiMessage(groupObj)

Bases: PS_Sig

keygen(num_messages)

This function is used to generate the secret key and the public key of the signer Inputs:

• num_message: Number of messages

sign(sk, messages)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• messages: List of messages to be signed

Outputs:

• sigma: Signature on the message

verify(messages, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• messages: The list of messages

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.PS_SigSingleMessage(groupObj)

Bases: PS_Sig

keygen()

This function is used to generate the secret key and the public key of the signer

sign(sk, message)

This function is used for the signer to sign a message Inputs:

• sk: Secret key of the signer

• message: message to be signed

Outputs:

• sigma: Signature on the message

verify(message, pk, sig) → bool

This function is used for the user to verify a signature on a specific message using the message and the public key of the signer. Inputs:

• message: The message

• pk: Public key

• sig: signature

Outputs:

• True if the signature is valid on the message by the user whose public key is pk

• False, otherwise

class blindsig_ps16.ShnorrInteractiveZKP

Bases: object

class Prover(secret_t, secret_messages, groupObj)

Bases: object

create_proof(c)

3. This function is executed by the prover after he received the challenge value (c) from the verifier

create_prover_commitments(pk)

1. This function is executed by the prover to send a random value to the verifier

class Verifier(groupObj)

Bases: object

create_verifier_challenge()

2. This function is executed by the verifier after he had received the value u from the prover to send a challenge value to the prover.

is_proof_verified(s_t, s_ms, pk, blinded_message, commitment)

4. This function is executed by the verifier to verify the authenticity of the proof sent by the prover

blindsig_ps16.blinded_multi_message_main(debug=False)

blindsig_ps16.blinded_single_message_main(debug=False)

blindsig_ps16.dump_to_zp_element(obj, group_obj)

blindsig_ps16.multi_message_main(debug=False)

blindsig_ps16.single_message_main(debug=False)