baseid_bbs/

signing.rs

use crate::error::BbsError;
use crate::keys::BbsKeyPair;
use zkryptium::schemes::algorithms::BbsBls12381Sha256;
use zkryptium::schemes::generics::Signature;

/// Sign multiple messages with BBS+ producing a single constant-size signature.
pub fn bbs_sign(
    key_pair: &BbsKeyPair,
    messages: &[Vec<u8>],
    header: Option<&[u8]>,
) -> Result<Vec<u8>, BbsError> {
    let sk = key_pair.zk_secret_key()?;
    let pk = key_pair.zk_public_key()?;

    let msg_refs: Option<&[Vec<u8>]> = if messages.is_empty() {
        None
    } else {
        Some(messages)
    };

    let signature = Signature::<BbsBls12381Sha256>::sign(msg_refs, &sk, &pk, header)
        .map_err(|e| BbsError::SigningFailed(format!("{:?}", e)))?;

    Ok(signature.to_bytes().to_vec())
}

/// Verify a BBS+ signature over multiple messages.
pub fn bbs_verify(
    public_key: &[u8],
    signature: &[u8],
    messages: &[Vec<u8>],
    header: Option<&[u8]>,
) -> Result<bool, BbsError> {
    use zkryptium::bbsplus::keys::BBSplusPublicKey;

    let pk = BBSplusPublicKey::from_bytes(public_key)
        .map_err(|e| BbsError::VerificationFailed(format!("invalid public key: {:?}", e)))?;

    let sig_bytes: [u8; 80] = signature
        .try_into()
        .map_err(|_| BbsError::VerificationFailed("signature must be 80 bytes".to_string()))?;

    let sig = Signature::<BbsBls12381Sha256>::from_bytes(&sig_bytes)
        .map_err(|e| BbsError::VerificationFailed(format!("{:?}", e)))?;

    let msg_refs: Option<&[Vec<u8>]> = if messages.is_empty() {
        None
    } else {
        Some(messages)
    };

    match sig.verify(&pk, msg_refs, header) {
        Ok(()) => Ok(true),
        Err(_) => Ok(false),
    }
}