Re: W3C BBS Test Vectors, BBS Core update, Blind BBS and Pseudonym updates from Simone Onofri on 2024-06-27 (www-archive@w3.org from June 2024)

From: Simone Onofri <simone@w3.org>
Date: Thu, 27 Jun 2024 19:38:53 +0200
To: Greg Bernstein <gregb@grotto-networking.com>
Cc: www-archive@w3.org, Jaromil <jaromil@dyne.org>, Andrea D'Intino - Forkbomb BV <andrea@forkbomb.eu>, Patrick Schaller <patrick.schaller@inf.ethz.ch>
Message-Id: <2521AF0D-F011-4F6A-973F-8A6BDA16EBB6@w3.org>

Hi Greg,


Thank you for the update.

Cc’ing Denis, Andrea (their working on the Review) and Patrick too that are working on BSS.

Let us know (also updating the GitHub issue) when the update is ready so we can proceed.

I’ve seen the Feedback when you shared on CCG, already planned a post on the social tagging you! :)


Thank you,

Simone

P.S. in a few the SING charter will be sent to the AC, so you’ll be more than welcome!





> On 27 Jun 2024, at 01:30, Greg Bernstein <gregb@grotto-networking.com> wrote:
> 
> Hi Simone, I wanted to give you an update on test vectors for Data Integrity BBS Cryptosuites v1.0.
>     • The document contains a lengthy section devoted to Test Vectors. This includes sections for Base Proof (Issuer -> Holder), Derived Proof (Holder -> Verifier), and each of the optional features: Anonymous Holder Binding, Pseudonym with Issuer Known PID, and Pseudonym with Hidden PID.
>     • To include the test vectors into the specification document ReSpec’s data-include mechanism is used. The test vectors are kept in the document’s repository under the TestVectors directory. This has allowed us to rapidly update test vectors to accommodate changes in the specification and dependent specifications and also allows easy downloading of all the test vectors by developers.
>     • Upcoming changes 1: The IETF draft BBS Signature Scheme version 06 is about to be released and includes a small but breaking change to the signatures and proofs produced (this was a change in the order of computing some hashes to be friendlier to memory limited devices). This will change all the signatures and proofs shown in the test vectors for all cases.
>     • Upcoming changes 2: Based on feedback from us on the W3C verifiable side to allow for identical verification procedure for the two types of pseudonyms (issuer known PID, hidden PID) both the IETF drafts on Blind BBS and BBS Per Verifier ID (pseudonyms) are in the process of being updated and will result in updates to the optional feature test vectors.
>     • For a recent cryptographer discussion of the importance of BBS for unlinkable signatures, pseudonyms, and holder binding I recommend reading Cryptographers’ Feedback on the EU Digital Identity’s ARF and accompanying paper.
> Let me know if you have any other questions.
> Best Regards
> Greg B.
> Dr. Greg M. Bernstein http://www.grotto-networking.com
>

Attachments

application/pgp-keys attachment: OpenPGP_0x80179D68654AA86C.asc

Received on Thursday, 27 June 2024 17:39:47 UTC