BBS Update: align impl to Signature test vector.

Signed-off-by: Sergey Minaev <sergey.minaev@avast.com>

pkg/crypto/primitive/bbs12381g2pub/bbs.go

@@ -190,12 +190,14 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
  return nil, fmt.Errorf("build generators from public key: %w", err)
  }
 
+ messagesFr := ParseSignatureMessages(messages)
+
  esBuilder := newEcnodeForHashBuilder()
  esBuilder.addScalar(privKey.FR)
  esBuilder.addScalar(pubKeyWithGenerators.domain)
 
- for _, msg := range messages {
- esBuilder.addBytes(msg)
+ for _, msgFr := range messagesFr {
+ esBuilder.addScalar(msgFr.FR)
  }
 
  es := Hash2scalars(esBuilder.build(), 2)
@@ -204,7 +206,6 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
  exp.Add(exp, e)
  exp.Inverse(exp)
 
- messagesFr := ParseSignatureMessages(messages)
  b := computeB(s, messagesFr, pubKeyWithGenerators)
 
  sig := g1.New()
@@ -222,12 +223,9 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
 func computeB(s *bls12381.Fr, messages []*SignatureMessage, key *PublicKeyWithGenerators) *bls12381.PointG1 {
  const basesOffset = 2
 
- bindingBasis := g1.One()
- bindingExp := bls12381.NewFr().One()
-
  cb := newCommitmentBuilder(len(messages) + basesOffset)
 
- cb.add(bindingBasis, bindingExp)
+ cb.add(key.p1, bls12381.NewFr().One())
  cb.add(key.q1, s)
  cb.add(key.q2, key.domain)
 

pkg/crypto/primitive/bbs12381g2pub/bbs_test.go

@@ -17,15 +17,15 @@ import (
 )
 
 func TestBlsG2Pub_Verify(t *testing.T) {
- privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+ privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
  privateKey, err := bbs12381g2pub.UnmarshalPrivateKey(privateKeyBytes)
  require.NoError(t, err)
 
  pkBytes, err := privateKey.PublicKey().Marshal()
  require.NoError(t, err)
 
- sigBytes := hexStringToBytesTest(t,
+ sigBytes := hexToBytes(t,
  "84d9677e651d7e039ff1bd3c6c37a6d465b23ebcc1291cf0082cd94c3971ff2ec64d8ddfd0c2f68d37429f6c751003a7"+
  "5435cae4b55250e5a3e357b7bd52589ff830820cd5e07a6125d846245efacccb"+
  "5814139b8bef5b329b3a269f576565d33bf6254916468f9e997a685ac68508a6")
@@ -135,15 +135,15 @@ func TestBBSG2Pub_Sign(t *testing.T) {
 }
 
 func TestBBSG2Pub_SignWithPredefinedKeys(t *testing.T) {
- privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
- header := hexStringToBytesTest(t, "11223344556677889900aabbccddeeff")
+ privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+ header := hexToBytes(t, "11223344556677889900aabbccddeeff")
  messagesBytes := default10messages(t)
 
  bls := bbs12381g2pub.New()
  signature, err := bls.Sign(header, messagesBytes, privateKeyBytes)
  require.NoError(t, err)
 
- expectedSignatureBytes := hexStringToBytesTest(t,
+ expectedSignatureBytes := hexToBytes(t,
  "9157456791e4f9cae1130372f7cf37709ba661e43df5c23cc1c76be91abff7e2603e2ddaaa71fc42bd6f9d44bd58315b"+
  "09ee5cc4e7614edde358f2c497b6b05c8b118fae3f71a52af482dceffccb3785"+
  "1907573c03d2890dffbd1f660cdf89c425d4e0498bbf73dd96ff15ad9a8b581a")
@@ -152,18 +152,18 @@ func TestBBSG2Pub_SignWithPredefinedKeys(t *testing.T) {
 }
 
 func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
- privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+ privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
  privateKey, err := bbs12381g2pub.UnmarshalPrivateKey(privateKeyBytes)
  require.NoError(t, err)
 
  pkBytes, err := privateKey.PublicKey().Marshal()
  require.NoError(t, err)
 
- proofBytes := hexStringToBytesTest(t, "000a0005ab1a7238bc9ba5065c9d1f395720f97b8d68208e89edb1fa8f1cde16c07b7771a46359ef198317ca71cfae5937200485b3e62de95b4d05a95c8d882197c56e582f74b5e6e1e4ae866a93fa13ae32690b8ea1bbbd7f1138f18a750ede1915a6d2898eec5b19028f2765585f36be4f152bd4ac2ad280743bed14ec78e0cdbf80f0547b37b1de62d71144f03e1fdec89b05000000748adcb65ca0ed38b9c6d1649bef5cd942175affdb9c7ad5212b371f0472d39228dc6c220cc80846fb2f44911b7aed2f32000000020910a8400998e7903a401b439d9a84723e46c9f0c03a9949ac9ee2d545caf72a50cd0f2f340a04a22ffbc8c4c6aa15af1ae972c18bbe6b463707836fb08d624089a4b92531729d0ce3f44ca36b47331a4c9a51af11d5b0f9bf4b55d8d09db24c8df59c6ad111ae0f9af56e16681a53df0000000a5916c0c291dc659d25699f2b182e2fbafe091bdf7a0667a4e4f047e80fa3d64214ee7f20d63f31472ec2eeac73ca01e51c2e420f3a26cda4e0cbe82e64f92a62075131c9dfde53d16e8c3e1d0b56bd6ac203f07af450cb94b019c6bb667df2465f9317c9ac178e58f638eb52751638fd54a211ab0ab3aeee8d87a69392de458f6ddb6b9f007589f6bdb5376eeffc4f64f7c7c0c426197be97f4f83a1a6f06ff74473dde98edbb444976ef4083237a859807d1a4c1e94fe68b69609fa00431e4b4622a39bd74791ce4b1f7545291b5ded098a757f680cbe1612312c8f841a8d0b077e5cf3eb5cf85f0ed9a3a061c3aa447c9a6bc87808d3ee1f293d157d1f41f14edd5cd0b1fcb5112d7e09386a276f396d4f31f1660bb65f0206eb92d669d2800f1e0f418be23895ad0cac055f973b50c38d57df54563e5493dd7910308ed9a6") //nolint:lll
+ proofBytes := hexToBytes(t, "000a0005ab1a7238bc9ba5065c9d1f395720f97b8d68208e89edb1fa8f1cde16c07b7771a46359ef198317ca71cfae5937200485b3e62de95b4d05a95c8d882197c56e582f74b5e6e1e4ae866a93fa13ae32690b8ea1bbbd7f1138f18a750ede1915a6d2898eec5b19028f2765585f36be4f152bd4ac2ad280743bed14ec78e0cdbf80f0547b37b1de62d71144f03e1fdec89b05000000748adcb65ca0ed38b9c6d1649bef5cd942175affdb9c7ad5212b371f0472d39228dc6c220cc80846fb2f44911b7aed2f32000000020910a8400998e7903a401b439d9a84723e46c9f0c03a9949ac9ee2d545caf72a50cd0f2f340a04a22ffbc8c4c6aa15af1ae972c18bbe6b463707836fb08d624089a4b92531729d0ce3f44ca36b47331a4c9a51af11d5b0f9bf4b55d8d09db24c8df59c6ad111ae0f9af56e16681a53df0000000a5916c0c291dc659d25699f2b182e2fbafe091bdf7a0667a4e4f047e80fa3d64214ee7f20d63f31472ec2eeac73ca01e51c2e420f3a26cda4e0cbe82e64f92a62075131c9dfde53d16e8c3e1d0b56bd6ac203f07af450cb94b019c6bb667df2465f9317c9ac178e58f638eb52751638fd54a211ab0ab3aeee8d87a69392de458f6ddb6b9f007589f6bdb5376eeffc4f64f7c7c0c426197be97f4f83a1a6f06ff74473dde98edbb444976ef4083237a859807d1a4c1e94fe68b69609fa00431e4b4622a39bd74791ce4b1f7545291b5ded098a757f680cbe1612312c8f841a8d0b077e5cf3eb5cf85f0ed9a3a061c3aa447c9a6bc87808d3ee1f293d157d1f41f14edd5cd0b1fcb5112d7e09386a276f396d4f31f1660bb65f0206eb92d669d2800f1e0f418be23895ad0cac055f973b50c38d57df54563e5493dd7910308ed9a6") //nolint:lll
 
  // TODO "header": "11223344556677889900aabbccddeeff"
- nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
+ nonce := hexToBytes(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
 
  messagesBytes := default10messages(t)
  revealedMessagesBytes := [][]byte{messagesBytes[0], messagesBytes[2]}
@@ -210,7 +210,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
 }
 
 func TestBBSG2Pub_DeriveProof(t *testing.T) {
- privKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+ privKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
  privKey, err := bbs12381g2pub.UnmarshalPrivateKey(privKeyBytes)
  require.NoError(t, err)
@@ -228,7 +228,7 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) {
 
  require.NoError(t, bls.Verify(nil, messagesBytes, signatureBytes, pubKeyBytes))
 
- nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
+ nonce := hexToBytes(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
  revealedIndexes := []int{0, 2}
  proofBytes, err := bls.DeriveProof(nil, messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes)
  require.NoError(t, err)
@@ -251,22 +251,22 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) {
 
 func default10messages(t *testing.T) [][]byte {
  messagesBytes := [][]byte{
- hexStringToBytesTest(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02"),
- hexStringToBytesTest(t, "87a8bd656d49ee07b8110e1d8fd4f1dcef6fb9bc368c492d9bc8c4f98a739ac6"),
- hexStringToBytesTest(t, "96012096adda3f13dd4adbe4eea481a4c4b5717932b73b00e31807d3c5894b90"),
- hexStringToBytesTest(t, "ac55fb33a75909edac8994829b250779298aa75d69324a365733f16c333fa943"),
- hexStringToBytesTest(t, "d183ddc6e2665aa4e2f088af9297b78c0d22b4290273db637ed33ff5cf703151"),
- hexStringToBytesTest(t, "515ae153e22aae04ad16f759e07237b43022cb1ced4c176e0999c6a8ba5817cc"),
- hexStringToBytesTest(t, "496694774c5604ab1b2544eababcf0f53278ff5040c1e77c811656e8220417a2"),
- hexStringToBytesTest(t, "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c23364568523f8b91"),
- hexStringToBytesTest(t, "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b7320912416"),
- hexStringToBytesTest(t, "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80"),
+ hexToBytes(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02"),
+ hexToBytes(t, "87a8bd656d49ee07b8110e1d8fd4f1dcef6fb9bc368c492d9bc8c4f98a739ac6"),
+ hexToBytes(t, "96012096adda3f13dd4adbe4eea481a4c4b5717932b73b00e31807d3c5894b90"),
+ hexToBytes(t, "ac55fb33a75909edac8994829b250779298aa75d69324a365733f16c333fa943"),
+ hexToBytes(t, "d183ddc6e2665aa4e2f088af9297b78c0d22b4290273db637ed33ff5cf703151"),
+ hexToBytes(t, "515ae153e22aae04ad16f759e07237b43022cb1ced4c176e0999c6a8ba5817cc"),
+ hexToBytes(t, "496694774c5604ab1b2544eababcf0f53278ff5040c1e77c811656e8220417a2"),
+ hexToBytes(t, "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c23364568523f8b91"),
+ hexToBytes(t, "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b7320912416"),
+ hexToBytes(t, "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80"),
  }
 
  return messagesBytes
 }
 
-func hexStringToBytesTest(t *testing.T, msg string) []byte {
+func hexToBytes(t *testing.T, msg string) []byte {
  bytes, err := hex.DecodeString(msg)
  require.NoError(t, err)
 

pkg/crypto/primitive/bbs12381g2pub/fr.go

@@ -17,10 +17,9 @@ import (
 )
 
 const (
- logP2 = 384
  k = 128
  h2sDST = csID + "H2S_"
- expandLen = (logP2 + k) / 8
+ expandLen = (logR2 + k + 7) / 8 //nolint:gomnd
 )
 
 func parseFr(data []byte) *bls12381.Fr {
@@ -74,20 +73,25 @@ func Hash2scalar(message []byte) *bls12381.Fr {
 
 // Hash2scalars convert messages represented in bytes to Fr.
 func Hash2scalars(msg []byte, cnt int) []*bls12381.Fr {
+ return hash2scalars(msg, []byte(h2sDST), cnt)
+}
+
+func hash2scalars(msg, dst []byte, cnt int) []*bls12381.Fr {
  bufLen := cnt * expandLen
  msgLen := len(msg)
  roundSz := 1
  msgLenSz := 4
 
  msgExt := make([]byte, msgLen+roundSz+msgLenSz)
+ // msgExt is a concatenation of: msg || I2OSP(round, 1) || I2OSP(cnt, 4)
  copy(msgExt, msg)
- copy(msgExt[msgLen+1:], uint32ToBytes(uint32(msgLen)))
+ copy(msgExt[msgLen+1:], uint32ToBytes(uint32(cnt)))
 
  out := make([]*bls12381.Fr, cnt)
 
  for round, completed := byte(0), false; !completed; {
  msgExt[msgLen] = round
- buf, _ := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), msgExt, []byte(h2sDST), bufLen) //nolint:errcheck
+ buf, _ := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), msgExt, dst, bufLen) //nolint:errcheck
 
  ok := true
  for i := 0; i < cnt && ok; i++ {

pkg/crypto/primitive/bbs12381g2pub/fr_test.go

@@ -0,0 +1,38 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package bbs12381g2pub_test
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+
+ bbs "github.com/hyperledger/aries-framework-go/pkg/crypto/primitive/bbs12381g2pub"
+)
+
+func TestHash2Scalars(t *testing.T) {
+ msg := hexToBytes(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02")
+
+ t.Run("single", func(t *testing.T) {
+ sc := bbs.Hash2scalar(msg).ToBytes()
+ require.Equal(t, hexToBytes(t, "260cab748e24ccc2bbd66f5b834d692622fa131f5ce898fa57217434c9ed14fa"), sc)
+ })
+
+ t.Run("multiple", func(t *testing.T) {
+ sc := bbs.Hash2scalars(msg, 10)
+ require.Equal(t, hexToBytes(t, "5c6e62607c16397ee6d9624673be9a7ddacbc7b7dd290bdb853cf4c74a34de0a"), sc[0].ToBytes())
+ require.Equal(t, hexToBytes(t, "2a3524e43413a5d1b34c4c8ed119c4c5a2f9b84392ff0fea0d34e1be44ceafbc"), sc[1].ToBytes())
+ require.Equal(t, hexToBytes(t, "4b649b82eed1e62117d91cd8d22438e72f3f931a0f8ad683d1ade253333c472a"), sc[2].ToBytes())
+ require.Equal(t, hexToBytes(t, "64338965f1d37d17a14b6f431128c0d41a7c3924a5f484c282d20205afdfdb8f"), sc[3].ToBytes())
+ require.Equal(t, hexToBytes(t, "0dfe01c01ff8654e43a611b76aaf4faec618a50d85d34f7cc89879b179bde3d5"), sc[4].ToBytes())
+ require.Equal(t, hexToBytes(t, "6b6935016e64791f5d719f8206284fbe27dbb8efffb4141512c3fbfbfa861a0f"), sc[5].ToBytes())
+ require.Equal(t, hexToBytes(t, "0dfe13f85a36df5ebfe0efac3759becfcc2a18b134fd22485c151db85f981342"), sc[6].ToBytes())
+ require.Equal(t, hexToBytes(t, "5071751012c142046e7c3508decb0b7ba9a453d06ce7787189f4d93a821d538e"), sc[7].ToBytes())
+ require.Equal(t, hexToBytes(t, "5cdae3304e745553a75134d914db5b282cc62d295e3ed176fb12f792919fd85e"), sc[8].ToBytes())
+ require.Equal(t, hexToBytes(t, "32b67dfbba729831798279071a39021b66fd68ee2e68684a0f6901cd6fcb8256"), sc[9].ToBytes())
+ })
+}

pkg/crypto/primitive/bbs12381g2pub/keys.go

@@ -21,12 +21,13 @@ import (
 )
 
 const (
- seedSize = frCompressedSize
- seedDST = csID + "SIG_GENERATOR_SEED_"
- generatorDST = csID + "SIG_GENERATOR_DST_"
- generatorSeed = csID + "MESSAGE_GENERATOR_SEED"
- logR2 = 251
- seedLen = ((logR2 + k) + 7) / 8 //nolint:gomnd
+ seedSize = frCompressedSize
+ seedDST = csID + "SIG_GENERATOR_SEED_"
+ generatorDST = csID + "SIG_GENERATOR_DST_"
+ generatorSeed = csID + "MESSAGE_GENERATOR_SEED"
+ generatorBPSeed = csID + "BP_MESSAGE_GENERATOR_SEED"
+ logR2 = 251
+ seedLen = ((logR2 + k) + 7) / 8 //nolint:gomnd
 )
 
 // PublicKey defines BLS Public Key.
@@ -42,6 +43,7 @@ type PrivateKey struct {
 // PublicKeyWithGenerators extends PublicKey with a blinding generator h0, a commitment to the secret key w,
 // and a generator for each message h.
 type PublicKeyWithGenerators struct {
+ p1 *bls12381.PointG1
  q1 *bls12381.PointG1
  q2 *bls12381.PointG1
  h []*bls12381.PointG1
@@ -58,7 +60,12 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int, header []byte)
  specGenCnt := 2
  genCnt := messagesCount + specGenCnt
 
- generators, err := CreateGenerators(genCnt)
+ generators, err := CreateMessageGenerators(genCnt)
+ if err != nil {
+ return nil, err
+ }
+
+ bpGenerators, err := crateGenerators(genCnt, []byte(generatorBPSeed))
  if err != nil {
  return nil, err
  }
@@ -77,6 +84,7 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int, header []byte)
  domain := Hash2scalar(domainBuilder.build())
 
  return &PublicKeyWithGenerators{
+ p1: bpGenerators[0],
  q1: generators[0],
  q2: generators[1],
  h: generators[2:],
@@ -97,11 +105,15 @@ func hashToG1(data, dst []byte) (*bls12381.PointG1, error) {
  return g1.FromBytes(g.ToBytes(p))
 }
 
-// CreateGenerators create `cnt` determenistic generators.
-func CreateGenerators(cnt int) ([]*bls12381.PointG1, error) {
+// CreateMessageGenerators create `cnt` determenistic generators.
+func CreateMessageGenerators(cnt int) ([]*bls12381.PointG1, error) {
+ return crateGenerators(cnt, []byte(generatorSeed))
+}
+
+func crateGenerators(cnt int, seed []byte) ([]*bls12381.PointG1, error) {
  generators := make([]*bls12381.PointG1, cnt)
 
- v, err := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), []byte(generatorSeed), []byte(seedDST), seedLen)
+ v, err := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), seed, []byte(seedDST), seedLen)
  if err != nil {
  return nil, err
  }

pkg/crypto/primitive/bbs12381g2pub/keys_test.go

@@ -67,21 +67,21 @@ func TestPrivateKey_PublicKey(t *testing.T) {
 
  t.Run("pre-generated key pair", func(t *testing.T) {
  // original hex seed 746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579
- privateKeyB58 := "5qNVd4Wsp7LPC7vxrbuVMsAkAGif2dA82wm1Wte1zH4Z"
- publicKeyB58 := "25pRBEBDHvG5ryqsEB5tw6eAa3Ds8bx6jMKhEtXnWjCLNg7ikYokwaNtpggZZY3MvWTxBPCidfxFBq2ZiVVTpioCh6GJLs4iESiEydJca9kmeMkEkqK6ePudqoqLHSv4NA7p" // nolint: lll
+ privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+ publicKeyBytesExpeted := hexToBytes(t, "b65b7cbff4e81b723456a13936b6bcc77a078bf6291765f3ae13170072249dd7daa7ec1bd82b818ab60198030b45b8fa159c155fc3841a9ad4045e37161c9f0d9a4f361b93cfdc67d365f3be1a398e56aa173d7a55e01b4a8dd2494e7fb90da7") // nolint: lll
 
- privateKey, err := bbs.UnmarshalPrivateKey(base58.Decode(privateKeyB58))
+ privateKey, err := bbs.UnmarshalPrivateKey(privateKeyBytes)
  require.NoError(t, err)
 
  publicKeyBytes, err := privateKey.PublicKey().Marshal()
- require.Equal(t, publicKeyB58, base58.Encode(publicKeyBytes))
+ require.Equal(t, publicKeyBytesExpeted, publicKeyBytes)
  require.NoError(t, err)
  })
 }
 
 func TestGenerators(t *testing.T) {
  msgCnt := 2
- generators, err := bbs.CreateGenerators(msgCnt + 2)
+ generators, err := bbs.CreateMessageGenerators(msgCnt + 2)
  require.NoError(t, err)
 
  bytes := bls12381.NewG1().ToCompressed(generators[0])

pkg/crypto/primitive/bbs12381g2pub/signature_message.go

@@ -10,6 +10,10 @@ import (
  bls12381 "github.com/kilic/bls12-381"
 )
 
+const (
+ dstMapMsg = csID + "MAP_MSG_TO_SCALAR_AS_HASH_"
+)
+
 // SignatureMessage defines a message to be used for a signature check.
 type SignatureMessage struct {
  FR *bls12381.Fr
@@ -20,7 +24,7 @@ func parseSignatureMessage(message []byte) *SignatureMessage {
  encodedForHashMsg := newEcnodeForHashBuilder()
  encodedForHashMsg.addBytes(message)
 
- elm := Hash2scalar(encodedForHashMsg.build())
+ elm := hash2scalars(encodedForHashMsg.build(), []byte(dstMapMsg), 1)[0]
 
  return &SignatureMessage{
  FR: elm,

pkg/crypto/primitive/bbs12381g2pub/signature_message_test.go

@@ -0,0 +1,53 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package bbs12381g2pub_test
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+
+ bbs "github.com/hyperledger/aries-framework-go/pkg/crypto/primitive/bbs12381g2pub"
+)
+
+func TestParseSignatureMessages(t *testing.T) {
+ msgs := [][]byte{
+ hexToBytes(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02"),
+ hexToBytes(t, "87a8bd656d49ee07b8110e1d8fd4f1dcef6fb9bc368c492d9bc8c4f98a739ac6"),
+ hexToBytes(t, "96012096adda3f13dd4adbe4eea481a4c4b5717932b73b00e31807d3c5894b90"),
+ hexToBytes(t, "ac55fb33a75909edac8994829b250779298aa75d69324a365733f16c333fa943"),
+ hexToBytes(t, "d183ddc6e2665aa4e2f088af9297b78c0d22b4290273db637ed33ff5cf703151"),
+ hexToBytes(t, "515ae153e22aae04ad16f759e07237b43022cb1ced4c176e0999c6a8ba5817cc"),
+ hexToBytes(t, "496694774c5604ab1b2544eababcf0f53278ff5040c1e77c811656e8220417a2"),
+ hexToBytes(t, "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c23364568523f8b91"),
+ hexToBytes(t, "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b7320912416"),
+ hexToBytes(t, "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80"),
+ }
+
+ sc := bbs.ParseSignatureMessages(msgs)
+
+ require.Equal(t,
+ hexToBytes(t, "4e67c49cf68df268bca0624880770bb57dbe8460c89883cc0ac496785b68bbe9"), sc[0].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "12d92c990f37ffab1c6ac4b0cd83378ffb8a8610259d62d3b885fc4c1bc50f7f"), sc[1].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "41a157520e8752ca100a365ffde4683fb9610bf105b40933bb98dcacbbd56ace"), sc[2].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "3344daad11febac28f0f8e3740cd2921fd6da18ebc7e9692a8287cedea5f4bf4"), sc[3].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "0407198a8ffc4640b840fc924e5308f405ca86035d05366718aafd0b688876f3"), sc[4].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "1918fa78c85628cb3ac705cc4843197d3fce88c8132d9242d87201e65a4d3743"), sc[5].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "0a272f853369d70526d7bd37281bb87d1c8db7d0975dd833812bb9d264f4b0eb"), sc[6].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "00776f91d1ecb5cc01ffe155ae05efea0b820f3d40bada5142bb852f9922b7e1"), sc[7].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "3902ced42427bca88822f818912d2f4c0d88ba1d1fc7a9b0e2321674a5d53f27"), sc[8].FR.ToBytes())
+ require.Equal(t,
+ hexToBytes(t, "397864d9292b1f4a5fff5fa33088ed8e1a9ec52346dbd5f66ee0f978bd67595d"), sc[9].FR.ToBytes())
+}