W3C BBS Test Vectors, BBS Core update, Blind BBS and Pseudonym updates

Hi Simone, I wanted to give you an update on test vectors for Data 
Integrity BBS Cryptosuites v1.0 <https://w3c.github.io/vc-di-bbs/>.

 1.

    The document contains a lengthy section devoted to Test Vectors
    <https://w3c.github.io/vc-di-bbs/#test-vectors>. This includes
    sections for Base Proof
    <https://w3c.github.io/vc-di-bbs/#base-proof> (Issuer -> Holder),
    Derived Proof <https://w3c.github.io/vc-di-bbs/#derived-proof>
    (Holder -> Verifier), and each of the optional features: Anonymous
    Holder Binding
    <https://w3c.github.io/vc-di-bbs/#anonymous-holder-binding-feature>,
    Pseudonym with Issuer Known PID
    <https://w3c.github.io/vc-di-bbs/#pseudonym-with-issuer-known-pid-feature>,
    and Pseudonym with Hidden PID
    <https://w3c.github.io/vc-di-bbs/#pseuonym-with-hidden-pid-feature>.

 2.

    To include the test vectors into the specification document ReSpec’s
    data-include <https://github.com/speced/respec/wiki/data-include>
    mechanism is used. The test vectors are kept in the document’s
    repository under the TestVectors
    <https://github.com/w3c/vc-di-bbs/tree/main/TestVectors> directory.
    This has allowed us to rapidly update test vectors to accommodate
    changes in the specification and dependent specifications and also
    allows easy downloading of all the test vectors by developers.

 3.

    Upcoming changes 1: The IETF draft BBS Signature Scheme version 06
    is about to be released and includes a small but breaking change to
    the signatures and proofs produced (this was a change in the order
    of computing some hashes to be friendlier to memory limited
    devices). This will change all the signatures and proofs shown in
    the test vectors for all cases.

 4.

    Upcoming changes 2: Based on feedback from us on the W3C verifiable
    side to allow for identical verification procedure for the two types
    of pseudonyms (issuer known PID
    <https://w3c.github.io/vc-di-bbs/#pseudonyms-with-issuer-known-pid>,
    hidden PID
    <https://w3c.github.io/vc-di-bbs/#pseudonyms-with-hidden-pid>) both
    the IETF drafts on Blind BBS
    <https://www.ietf.org/archive/id/draft-kalos-bbs-blind-signatures-00.html>
    and BBS Per Verifier ID (pseudonyms)
    <https://www.grotto-networking.com/files/draft-vasilis-bbs-per-verifier-linkability.html>
    are in the process of being updated and will result in updates to
    the optional feature test vectors.

 5.

    For a recent cryptographer discussion of the importance of BBS for
    unlinkable signatures, pseudonyms, and holder binding I recommend
    reading Cryptographers’ Feedback on the EU Digital Identity’s ARF
    <https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200>
    and accompanying paper.

Let me know if you have any other questions.

Best Regards

Greg B.

------------------------------------------------------------------------

Dr. Greg M. Bernstein http://www.grotto-networking.com


​