Default package

Get desktop application:
View/edit binary Protocol Buffers messages

CredRequest specifies a credential request object that consists of nym - a pseudonym, which is a commitment to the user secret issuer_nonce - a random nonce provided by the issuer proof_c, proof_s - a zero-knowledge proof of knowledge of the user secret inside Nym

optional ECP nym = 1
bytes issuer_nonce = 2
bytes proof_c = 3
bytes proof_s = 4

Credential specifies a credential object that consists of a, b, e, s - signature value attrs - attribute values

optional ECP a = 1
optional ECP b = 2
bytes e = 3
bytes s = 4
repeated bytes attrs = 5

int64 epoch = 1
epoch contains the epoch (time window) in which this CRI is valid
optional ECP2 epoch_pk = 2
epoch_pk is the public key that is used by the revocation authority in this epoch
bytes epoch_pk_sig = 3
epoch_pk_sig is a signature on the EpochPK valid under the revocation authority's long term key
int32 revocation_alg = 4
revocation_alg denotes which revocation algorithm is used
bytes revocation_data = 5
revocation_data contains data specific to the revocation algorithm used

ECP is an elliptic curve point specified by its coordinates ECP corresponds to an element of the first group (G1)

Used in: CredRequest, Credential, IssuerPublicKey, Signature

bytes x = 1
bytes y = 2

ECP2 is an elliptic curve point specified by its coordinates ECP2 corresponds to an element of the second group (G2)

Used in: CredentialRevocationInformation, IssuerPublicKey, Signature

bytes xa = 1
bytes xb = 2
bytes ya = 3
bytes yb = 4

IssuerKey specifies an issuer key pair that consists of ISk - the issuer secret key and IssuerPublicKey - the issuer public key

bytes isk = 1
optional IssuerPublicKey ipk = 2

IssuerPublicKey specifies an issuer public key that consists of attribute_names - a list of the attribute names of a credential issued by the issuer h_sk, h_rand, h_attrs, w, bar_g1, bar_g2 - group elements corresponding to the signing key, randomness, and attributes proof_c, proof_s compose a zero-knowledge proof of knowledge of the secret key hash is a hash of the public key appended to it

Used in: IssuerKey

repeated string attribute_names = 1
optional ECP h_sk = 2
optional ECP h_rand = 3
repeated ECP h_attrs = 4
optional ECP2 w = 5
optional ECP bar_g1 = 6
optional ECP bar_g2 = 7
bytes proof_c = 8
bytes proof_s = 9
bytes hash = 10

NonRevocationProof contains proof that the credential is not revoked

Used in: Signature

int32 revocation_alg = 1
bytes non_revocation_proof = 2

NymSignature specifies a signature object that signs a message with respect to a pseudonym. It differs from the standard idemix.signature in the fact that the standard signature object also proves that the pseudonym is based on a secret certified by a CA (issuer), whereas NymSignature only proves that the the owner of the pseudonym signed the message

bytes proof_c = 1
proof_c is the Fiat-Shamir challenge of the ZKP
bytes proof_s_sk = 2
proof_s_sk is the s-value proving knowledge of the user secret key
bytes proof_s_r_nym = 3
proof_s_r_nym is the s-value proving knowledge of the pseudonym secret
bytes nonce = 4
nonce is a fresh nonce used for the signature

Signature specifies a signature object that consists of a_prime, a_bar, b_prime, proof_* - randomized credential signature values and a zero-knowledge proof of knowledge of a credential and the corresponding user secret together with the attribute values nonce - a fresh nonce used for the signature nym - a fresh pseudonym (a commitment to to the user secret)

optional ECP a_prime = 1
optional ECP a_bar = 2
optional ECP b_prime = 3
bytes proof_c = 4
bytes proof_s_sk = 5
bytes proof_s_e = 6
bytes proof_s_r2 = 7
bytes proof_s_r3 = 8
bytes proof_s_s_prime = 9
repeated bytes proof_s_attrs = 10
bytes nonce = 11
optional ECP nym = 12
bytes proof_s_r_nym = 13
optional ECP2 revocation_epoch_pk = 14
bytes revocation_pk_sig = 15
int64 epoch = 16
optional NonRevocationProof non_revocation_proof = 17

Default package

message CredRequest

optional ECP nym = 1

bytes issuer_nonce = 2

bytes proof_c = 3

bytes proof_s = 4

message Credential

optional ECP a = 1

optional ECP b = 2

bytes e = 3

bytes s = 4

repeated bytes attrs = 5

message CredentialRevocationInformation

int64 epoch = 1

optional ECP2 epoch_pk = 2

bytes epoch_pk_sig = 3

int32 revocation_alg = 4

bytes revocation_data = 5

message ECP

bytes x = 1

bytes y = 2

message ECP2

bytes xa = 1

bytes xb = 2

bytes ya = 3

bytes yb = 4

message IssuerKey

bytes isk = 1

optional IssuerPublicKey ipk = 2

message IssuerPublicKey

repeated string attribute_names = 1

optional ECP h_sk = 2

optional ECP h_rand = 3

repeated ECP h_attrs = 4

optional ECP2 w = 5

optional ECP bar_g1 = 6

optional ECP bar_g2 = 7

bytes proof_c = 8

bytes proof_s = 9

bytes hash = 10

message NonRevocationProof

int32 revocation_alg = 1

bytes non_revocation_proof = 2

message NymSignature

bytes proof_c = 1

bytes proof_s_sk = 2

bytes proof_s_r_nym = 3

bytes nonce = 4

message Signature

optional ECP a_prime = 1

optional ECP a_bar = 2

optional ECP b_prime = 3

bytes proof_c = 4

bytes proof_s_sk = 5

bytes proof_s_e = 6

bytes proof_s_r2 = 7

bytes proof_s_r3 = 8

bytes proof_s_s_prime = 9

repeated bytes proof_s_attrs = 10

bytes nonce = 11

optional ECP nym = 12

bytes proof_s_r_nym = 13

optional ECP2 revocation_epoch_pk = 14

bytes revocation_pk_sig = 15

int64 epoch = 16

optional NonRevocationProof non_revocation_proof = 17