Skip to content

Commit

Permalink
failed attempt at protecting r
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaromil
jaromil committed Jul 3, 2024
1 parent 32343e5 commit f572b86
Showing 1 changed file with 9 additions and 23 deletions.
32 changes: 9 additions & 23 deletions POC.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ for m,v in pairs(SIGNED_CLAIMS) do
id = m,
s = sig + sign(tri, m),
p = (revG2 + G2*tri):to_zcash(),
r = G1*er -- TODO: protect
r = (A.pk*er):to_zcash() -- protect
})
end
end
Expand All @@ -121,7 +121,7 @@ function revocation_contains(revocations, claim)
local tri =
BIG.new(
sha256:process(
(Miller(A.pk,claim.r)^rev)
(Miller(ECP2.from_zcash(claim.r), G1)^rev)
:octet()
))

Expand All @@ -139,9 +139,10 @@ function revocation_contains(revocations, claim)
return res
end

-- disclose = { 'name', 'gender', 'above_18' }
local torevoke = {
'HolderID/born_in=Napoli',
-- 'HolderID/gender=male',
'HolderID/gender=male',
'HolderID/nationality=italian'}
local revocations = {}
for _,v in pairs(torevoke) do
Expand All @@ -159,22 +160,6 @@ print(JSON.encode({

-- relying party verifies credentials
-- downloads PK of IssuerID from DID
for _,proof in pairs(CREDENTIAL_PROOF) do
local sig = proof.s
local pk = ECP2.from_zcash(proof.p)
assert(not revocation_contains(revocations, proof), "Revoked: "..proof.id)
assert( verify(pk + A.pk, proof.id, sig) )
end

-- found revocation
local torevoke = {
'HolderID/gender=male'
}
local revocations = {}
for _,v in pairs(torevoke) do
local k = strtok(v,'/')[2]
revocations[k] = REVOCATIONS[v]
end
for _,proof in pairs(CREDENTIAL_PROOF) do
local sig = proof.s
local pk = ECP2.from_zcash(proof.p)
Expand All @@ -186,6 +171,7 @@ for _,proof in pairs(CREDENTIAL_PROOF) do
assert( verify(pk + A.pk, proof.id, sig) )
end


local function FUZZ(o)
t = type(o)
assert(iszen(t), "cannot fuzz non zenroom type: "..t)
Expand All @@ -197,7 +183,7 @@ local function FUZZ(o)
error("cannot fuzz zenroom type: "..t)
end

-- random proof.s
warn('random proof.s')
for _,proof in pairs(CREDENTIAL_PROOF) do
local sig = ECP.random() -- FUZZ
local pk = ECP2.from_zcash(proof.p)
Expand All @@ -209,7 +195,7 @@ for _,proof in pairs(CREDENTIAL_PROOF) do
assert( not verify(pk + A.pk, proof.id, sig) )
end

-- fuzz proof.p
warn('random proof.p')
for _,proof in pairs(CREDENTIAL_PROOF) do
local sig = proof.s
local pk = ECP2.random() -- FUZZ
Expand All @@ -221,11 +207,11 @@ for _,proof in pairs(CREDENTIAL_PROOF) do
assert( not verify(pk + A.pk, proof.id, sig) )
end

-- fuzz proof.r
warn('random proof.r')
for _,proof in pairs(CREDENTIAL_PROOF) do
local sig = proof.s
local pk = ECP2.from_zcash(proof.p)
proof.r = ECP.random() -- FUZZ(proof.r)
proof.r = (A.pk*BIG.random()):to_zcash() -- FUZZ(proof.r)
if proof.id == 'gender=male' then
assert(revocation_contains(revocations, proof), "Not revoked: "..proof.id)
else
Expand Down

0 comments on commit f572b86

Please sign in to comment.