From 63a92d1e5fec547e20eac7b6aeb51c5e3209d783 Mon Sep 17 00:00:00 2001
From: Manu Drijvers <mdr@zurich.ibm.com>
Date: Fri, 27 Apr 2018 21:00:42 +0200
Subject: [PATCH] [FAB-8921] adds weak-bb signatures

Adds weak-bb signatures that will be used in idemix
revocation.

Change-Id: I48f231e10c8242732080cb6df6146b89b2a7c57a
Signed-off-by: Manu Drijvers <mdr@zurich.ibm.com>
---
 idemix/idemix_test.go | 18 +++++++++++++++-
 idemix/util.go        |  3 +++
 idemix/weak-bb.go     | 49 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 idemix/weak-bb.go

diff --git a/idemix/idemix_test.go b/idemix/idemix_test.go
index c3be9e1754d..7e77255ebb8 100644
--- a/idemix/idemix_test.go
+++ b/idemix/idemix_test.go
@@ -15,6 +15,23 @@ import (
 )
 
 func TestIdemix(t *testing.T) {
+	// Test weak BB sigs:
+	// Test KeyGen
+	rng, err := GetRand()
+	assert.NoError(t, err)
+	wbbsk, wbbpk := WBBKeyGen(rng)
+
+	// Get random message
+	testmsg := RandModOrder(rng)
+
+	// Test Signing
+	wbbsig := WBBSign(wbbsk, testmsg)
+
+	// Test Verification
+	err = WBBVerify(wbbpk, wbbsig, testmsg)
+	assert.NoError(t, err)
+
+	// Test idemix functionality
 	AttributeNames := []string{"Attr1", "Attr2", "Attr3", "Attr4", "Attr5"}
 	attrs := make([]*FP256BN.BIG, len(AttributeNames))
 	for i := range AttributeNames {
@@ -22,7 +39,6 @@ func TestIdemix(t *testing.T) {
 	}
 
 	// Test issuer key generation
-	rng, err := GetRand()
 	if err != nil {
 		t.Fatalf("Error getting rng: \"%s\"", err)
 		return
diff --git a/idemix/util.go b/idemix/util.go
index 85a5384df02..e71f230b012 100644
--- a/idemix/util.go
+++ b/idemix/util.go
@@ -25,6 +25,9 @@ var GenG2 = FP256BN.NewECP2fp2s(
 	FP256BN.NewFP2bigs(FP256BN.NewBIGints(FP256BN.CURVE_Pxa), FP256BN.NewBIGints(FP256BN.CURVE_Pxb)),
 	FP256BN.NewFP2bigs(FP256BN.NewBIGints(FP256BN.CURVE_Pya), FP256BN.NewBIGints(FP256BN.CURVE_Pyb)))
 
+// GenGT is a generator of Group GT
+var GenGT = FP256BN.Fexp(FP256BN.Ate(GenG2, GenG1))
+
 // GroupOrder is the order of the groups
 var GroupOrder = FP256BN.NewBIGints(FP256BN.CURVE_Order)
 
diff --git a/idemix/weak-bb.go b/idemix/weak-bb.go
new file mode 100644
index 00000000000..1b696afcbe1
--- /dev/null
+++ b/idemix/weak-bb.go
@@ -0,0 +1,49 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package idemix
+
+import (
+	"github.com/hyperledger/fabric-amcl/amcl"
+	"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
+	"github.com/pkg/errors"
+)
+
+// WBBKeyGen creates a fresh weak-Boneh-Boyen signature key pair (http://ia.cr/2004/171)
+func WBBKeyGen(rng *amcl.RAND) (*FP256BN.BIG, *FP256BN.ECP2) {
+	// sample sk uniform from Zq
+	sk := RandModOrder(rng)
+	// set pk = g2^sk
+	pk := GenG2.Mul(sk)
+	return sk, pk
+}
+
+// WBBSign places a weak Boneh-Boyen signature on message m using secret key sk
+func WBBSign(sk *FP256BN.BIG, m *FP256BN.BIG) *FP256BN.ECP {
+	// compute exp = 1/(m + sk) mod q
+	exp := Modadd(sk, m, GroupOrder)
+	exp.Invmodp(GroupOrder)
+
+	// return signature sig = g1^(1/(m + sk))
+	return GenG1.Mul(exp)
+}
+
+// WBBVerify verifies a weak Boneh-Boyen signature sig on message m with public key pk
+func WBBVerify(pk *FP256BN.ECP2, sig *FP256BN.ECP, m *FP256BN.BIG) error {
+	if pk == nil || sig == nil || m == nil {
+		return errors.Errorf("Weak-BB signature invalid: received nil input")
+	}
+	// Set P = pk * g2^m
+	P := FP256BN.NewECP2()
+	P.Copy(pk)
+	P.Add(GenG2.Mul(m))
+	P.Affine()
+	// check that e(sig, pk * g2^m) = e(g1, g2)
+	if !FP256BN.Fexp(FP256BN.Ate(P, sig)).Equals(GenGT) {
+		return errors.Errorf("Weak-BB signature is invalid")
+	}
+	return nil
+}