Skip to content

Implementation of the Mercurial signature scheme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

AlvinHon/mercurial-signature

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

version workflow status

Mercurial Signature

This is a simple implementation of the Mercurial signature scheme which is instroduced in the paper Delegatable Anonymous Credentials from Mercurial Signatures, by Elizabeth C. Crites and Anna Lysyanskaya.

A mercurial signature, which allows a signature sig on a message m under public key pk to be transformed into a signature sig' on an equivalent but unlinkable message m' under an equivalent but unlinkable public key pk'.

The crate implements the signature scheme with use of the elliptic curve Bls12-381. It uses the dependencies from Arkworks which is a rust ecosystem for cryptography.

Note: this repository has not been thoroughly audited. Please take your own risk if you use it in production environment.

Example

use mercurial_signature::{Curve, CurveBls12_381, PublicParams, change_representation};
use ark_std::UniformRand;
use rand::thread_rng;

type G1 = <CurveBls12_381 as Curve>::G1;
type Fr = <CurveBls12_381 as Curve>::Fr;

let mut rng = rand::thread_rng();
let pp = PublicParams::new(&mut rng);
let (mut pk, mut sk) = pp.key_gen(&mut rng, 10);
let mut message = (0..10).map(|_| G1::rand(&mut rng)).collect::<Vec<G1>>();
let mut sig = sk.sign(&mut rng, &pp, &message);

// Convert keys and signatures (i.e. randomization)
let p = Fr::rand(&mut rng);
pk.convert(p);
sk.convert(p); // not necessary for the following steps.
sig.convert(&mut rng, p);
// public key, secret key and the signatre are different now.

// Change the message and signature (i.e. randomization)
let u = Fr::rand(&mut rng);
change_representation(&mut rng, &mut message, &mut sig, u);
// message and the signature are different now.

// Verification can still pass.
assert!(pk.verify(&pp, &message, &sig));

About

Implementation of the Mercurial signature scheme

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages