Fix a bug and update docs

Signed-off-by: lovesh <lovesh.bond@gmail.com>

Author: lovesh

README.md

@@ -899,8 +899,8 @@ should be used while encryption, decryption, proving and verification (as shown
 For signers (issuers of credentials), it's important to encode attributes that need to be verifiably encoded using a reversible 
 encoding as the decryption might happen much later than the proof verification and thus the decryptor should be able to independently 
 recover the actual attributes. This situation is different from selective disclosure where the actual attributes are given to the 
-verifier who can then encode the attributes before verifying the proof. One such pair of functions are `Signature.reversibleEncodeStringMessageForSigning`
-and `Signature.reversibleDecodeStringMessageForSigning` and you can see its use in the above-mentioned test.  
+verifier who can then encode the attributes before verifying the proof. One such pair of functions are `Signature.reversibleEncodeStringForSigning`
+and `Signature.reversibleDecodeStringForSigning` and you can see its use in the above-mentioned test.  
 
 For creating the proof of knowledge of the BBS+ signature and verifiably encrypting an attribute, the prover creates the following 2 statements.
 
@@ -1228,9 +1228,37 @@ For complete example, see [these tests](./tests/composite-proofs/bound-check.spe
 
 ### Working with messages as JS objects
 
-The above interfaces have been found to be a bit difficult to work with when signing messages that are represented as JS objects. 
-[Here](./src/sign-verify-js-objs.ts) are some [utilities](./src/bbs-plus/encoder.ts) to make this task a bit easier. [The tests here](tests/composite-proofs/msg-js-obj) contain 
-plenty of examples.
+The above interfaces have been found to be a bit difficult to work with when signing messages/credentials that are represented as JS objects like
+
+```json
+{
+  "fname": "John",
+  "lname": "Smith",
+  "sensitive": {
+    "secret": "my-secret-that-wont-tell-anyone",
+    "email": "john.smith@example.com",
+    "SSN": "123-456789-0",
+    "user-id": "user:123-xyz-#"
+  },
+  "location": {
+    "country": "USA",
+    "city": "New York"
+  },
+  "timeOfBirth": 1662010849619,
+  "physical": {
+    "height": 181.5,
+    "weight": 210,
+    "BMI": 23.25
+  },
+  "score": -13.5
+}
+```
+
+[Here](./src/sign-verify-js-objs.ts) are some utilities to make this task a bit easier. The idea is to flatten the JSON, sort the keys alphabetically 
+to have a list with deterministic order and then use the [encoder](./src/bbs-plus/encoder.ts) to encode each value as a field element (a number between 0 and another large number).  
+The encoder can be configured to use different encoding functions for different keys to convert values from different types 
+like string, positive or negative integers or decimal numbers to field elements.  
+[The tests here](tests/composite-proofs/msg-js-obj) contain plenty of examples.
 
 
 ### Writing predicates in Circom

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@docknetwork/crypto-wasm-ts",
-  "version": "0.23.0",
+  "version": "0.24.0",
   "description": "Typescript abstractions over Dock's Rust crypto library's WASM wrapper",
   "homepage": "https://github.com/docknetwork/crypto-wasm-ts",
   "main": "lib/index.js",
@@ -21,9 +21,10 @@
     "lib": "lib"
   },
   "dependencies": {
-    "@docknetwork/crypto-wasm": "0.14.0",
+    "@docknetwork/crypto-wasm": "0.15.0",
+    "@types/flat": "^5.0.2",
     "flat": "^5.0.2",
-    "@types/flat": "^5.0.2"
+    "lzutf8": "^0.6.3"
   },
   "devDependencies": {
     "@types/jest": "24.0.18",

src/accumulator/accumulator.ts

@@ -861,10 +861,17 @@ export class UniversalAccumulator extends Accumulator {
     await this.ensureAbsenceOfBatch(nonMembers, state);
     const sk = this.getSecretKey(secretKey);
     const params_ = this.getParams(params);
-    const members = await state.elements();
+
+    // store multiple `d`s for each non-member, outer index of array is the non-member index
+    const dsForAll: Uint8Array[][] = new Array<Uint8Array[]>(nonMembers.length);
+    for (let i = 0; i < nonMembers.length; i++) {
+      dsForAll[i] = new Array<Uint8Array>();
+    }
+
     let currentBatch: Uint8Array[] = [];
-    // store multiple `d`s for each non-member
-    const dsForAll: Uint8Array[][] = new Array(nonMembers.length);
+
+    // Iterate over all members of the accumulator
+    const members = await state.elements();
     for (const member of members) {
       currentBatch.push(member);
       if (currentBatch.length == batchSize) {
@@ -875,12 +882,13 @@ export class UniversalAccumulator extends Accumulator {
         currentBatch = [];
       }
     }
+
     if (currentBatch.length > 0) {
       for (let i = 0; i < nonMembers.length; i++) {
         dsForAll[i].push(universalAccumulatorComputeD(nonMembers[i], currentBatch));
       }
     }
-    const ds: Uint8Array[] = new Array(nonMembers.length);
+    const ds: Uint8Array[] = new Array<Uint8Array>(nonMembers.length);
     for (let i = 0; i < nonMembers.length; i++) {
       // Combine `d`s corresponding to each non-member
       ds[i] = universalAccumulatorCombineMultipleD(dsForAll[i]);

src/bbs-plus/signature.ts

@@ -12,8 +12,14 @@ import {
 } from '@docknetwork/crypto-wasm';
 import { BBSPlusPublicKeyG2, BBSPlusSecretKey } from './keys';
 import { BytearrayWrapper } from '../bytearray-wrapper';
+import LZUTF8 from 'lzutf8';
 
 export abstract class Signature extends BytearrayWrapper {
+  // The field element size is 32 bytes so the maximum byte size of encoded message must be 32.
+  static readonly maxEncodedLength = 32;
+  static readonly textEncoder = new TextEncoder();
+  static readonly textDecoder = new TextDecoder();
+
   /**
    * This is an irreversible encoding as a hash function is used to convert a message of
    * arbitrary length to a fixed length encoding.
@@ -39,18 +45,18 @@ export abstract class Signature extends BytearrayWrapper {
    * decryption and thus the decryptor must be able to decrypt it independently. This is different from selective disclosure
    * where the verifier can check that the revealed message is same as the encoded one before even verifying the proof.
    * @param message - utf-8 string of at most 32 bytes
+   * @param compress - whether to compress the text before encoding to bytes. Compression might not always help as things
+   * like public keys, DIDs, UUIDs, etc. are designed to be random and thus won't be compressed
    */
-  static reversibleEncodeStringMessageForSigning(message: string): Uint8Array {
-    const encoder = new TextEncoder();
-    const bytes = encoder.encode(message);
-    const maxLength = 32;
-    if (bytes.length > maxLength) {
-      throw new Error(`Expects a string with at most ${maxLength} bytes`);
+  static reversibleEncodeStringForSigning(message: string, compress = false): Uint8Array {
+    const bytes = compress ? LZUTF8.compress(message) : Signature.textEncoder.encode(message);
+    if (bytes.length > Signature.maxEncodedLength) {
+      throw new Error(`Expects a string with at most ${Signature.maxEncodedLength} bytes`);
     }
     // Create a little-endian representation
-    const fieldElementBytes = new Uint8Array(maxLength);
+    const fieldElementBytes = new Uint8Array(Signature.maxEncodedLength);
     fieldElementBytes.set(bytes);
-    fieldElementBytes.set(new Uint8Array(maxLength - bytes.length), bytes.length);
+    fieldElementBytes.set(new Uint8Array(Signature.maxEncodedLength - bytes.length), bytes.length);
     return fieldElementAsBytes(fieldElementBytes, true);
   }
 
@@ -60,23 +66,33 @@ export abstract class Signature extends BytearrayWrapper {
    * occurrence of a null characters (UTF-16 code unit 0) so if the encoded (using `this.reversibleEncodeStringMessageForSigning`)
    * string also had a null then the decoded string will be different from it.
    * @param message
+   * @param decompress - whether to decompress the bytes before converting to a string
    */
-  static reversibleDecodeStringMessageForSigning(message: Uint8Array): string {
-    const maxLength = 32;
-    if (message.length > maxLength) {
-      throw new Error(`Expects a message with at most ${maxLength} bytes`);
+  static reversibleDecodeStringForSigning(message: Uint8Array, decompress = false): string {
+    if (message.length > Signature.maxEncodedLength) {
+      throw new Error(`Expects a message with at most ${Signature.maxEncodedLength} bytes`);
     }
-    const decoder = new TextDecoder();
-    const decoded = decoder.decode(message);
-    const chars: string[] = [];
-    for (let i = 0; i < maxLength; i++) {
-      // If a null character found then stop looking further
-      if (decoded.charCodeAt(i) == 0) {
-        break;
+    if (decompress) {
+      const strippedMsg = message.slice(0, message.indexOf(0));
+      const str = LZUTF8.decompress(strippedMsg) as string;
+      if (str.length > Signature.maxEncodedLength) {
+        throw new Error(
+          `Expects a message that can be decompressed to at most ${Signature.maxEncodedLength} bytes but decompressed size was ${str.length}`
+        );
+      }
+      return str;
+    } else {
+      const decoded = Signature.textDecoder.decode(message);
+      const chars: string[] = [];
+      for (let i = 0; i < Signature.maxEncodedLength; i++) {
+        // If a null character found then stop looking further
+        if (decoded.charCodeAt(i) == 0) {
+          break;
+        }
+        chars.push(decoded.charAt(i));
       }
-      chars.push(decoded.charAt(i));
+      return chars.join('');
     }
-    return chars.join('');
   }
 }
 

src/sign-verify-js-objs.ts

@@ -212,7 +212,7 @@ export function encodeRevealedMsgs(
   encoder: Encoder
 ): Map<number, Uint8Array> {
   const revealed = new Map<number, Uint8Array>();
-  const names = Object.keys(flatten(msgStructure) as object).sort();
+  const names = Object.keys(flatten(msgStructure)).sort();
   const flattenedRevealed = flatten(revealedMsgsRaw) as object;
   Object.entries(flattenedRevealed).forEach(([n, v]) => {
     const i = names.indexOf(n);
@@ -297,7 +297,7 @@ export function blindSignMessageObject(
   labelOrParams: Uint8Array | SignatureParamsG1,
   encoder: Encoder
 ): BlindSignedMessages {
-  const flattenedAllNames = Object.keys(flatten(msgStructure) as object).sort();
+  const flattenedAllNames = Object.keys(flatten(msgStructure)).sort();
   const [flattenedUnblindedNames, encodedValues] = encoder.encodeMessageObject(knownMessages);
 
   const knownMessagesEncoded = new Map<number, Uint8Array>();

tests/accumulator.spec.ts

@@ -218,14 +218,35 @@ describe('Accumulators type', () => {
     const params = UniversalAccumulator.generateParams();
     const keypair = UniversalAccumulator.generateKeypair(params);
     const store = new InMemoryInitialElementsStore();
-    const accumulator1 = await UniversalAccumulator.initialize(20, params, keypair.secretKey, store);
+    const maxSize = 20;
+    const accumulator1 = await UniversalAccumulator.initialize(maxSize, params, keypair.secretKey, store);
 
     const fixed = UniversalAccumulator.fixedInitialElements();
-    expect(store.store.size).toEqual(20 + fixed.length + 1);
+    expect(store.store.size).toEqual(maxSize + fixed.length + 1);
     for (const i of fixed) {
       await expect(store.has(i)).resolves.toEqual(true);
     }
     const state1 = new InMemoryUniversalState();
     await runCommonTests(keypair, params, accumulator1, state1, store);
+
+    const nm1 = Accumulator.encodePositiveNumberAsAccumulatorMember(500);
+    const nm1Wit = await accumulator1.nonMembershipWitness(nm1, state1, keypair.secretKey, params, store, 2);
+
+    let tempAccumulator = getAccum(accumulator1) as UniversalAccumulator;
+    expect(tempAccumulator.verifyNonMembershipWitness(nm1, nm1Wit, keypair.publicKey, params)).toEqual(true);
+
+    const nm2 = Accumulator.encodePositiveNumberAsAccumulatorMember(501);
+    const nm3 = Accumulator.encodePositiveNumberAsAccumulatorMember(502);
+
+    const [nm2Wit, nm3Wit] = await accumulator1.nonMembershipWitnessesForBatch(
+      [nm2, nm3],
+      state1,
+      keypair.secretKey,
+      params,
+      store,
+      3
+    );
+    expect(tempAccumulator.verifyNonMembershipWitness(nm2, nm2Wit, keypair.publicKey, params)).toEqual(true);
+    expect(tempAccumulator.verifyNonMembershipWitness(nm3, nm3Wit, keypair.publicKey, params)).toEqual(true);
   });
 });

tests/bbs-plus.spec.ts

@@ -222,46 +222,51 @@ describe('BBS+ signature', () => {
   });
 
   it('should support reversible encoding', () => {
-    const messages = [
-      'John Jacob Smith Sr.',
-      'San Francisco, California',
-      'john.jacob.smith.1971@gmail.com',
-      '+1 123-4567890009',
-      'user-id:1234567890012134'
-    ];
-    const count = messages.length;
-    const encodedMessages = new Array<Uint8Array>(5);
-    for (let i = 0; i < count; i++) {
-      encodedMessages[i] = SignatureG1.reversibleEncodeStringMessageForSigning(messages[i]);
-      const decoded = SignatureG1.reversibleDecodeStringMessageForSigning(encodedMessages[i]);
-      expect(decoded).toEqual(messages[i]);
-    }
-    const params = SignatureParamsG1.generate(count);
-    const keypair = KeypairG2.generate(params);
-    const sig = SignatureG1.generate(encodedMessages, keypair.secretKey, params, false);
-    expect(sig.verify(encodedMessages, keypair.publicKey, params, false).verified).toEqual(true);
+    function check(compress: boolean) {
+      const messages = [
+        'John Jacob Smith Sr.',
+        'San Francisco, California',
+        'john.jacob.smith.1971@gmail.com',
+        '+1 123-4567890009',
+        'user-id:1234567890012134'
+      ];
+      const count = messages.length;
+      const encodedMessages = new Array<Uint8Array>(5);
+      for (let i = 0; i < count; i++) {
+        encodedMessages[i] = SignatureG1.reversibleEncodeStringForSigning(messages[i], compress);
+        const decoded = SignatureG1.reversibleDecodeStringForSigning(encodedMessages[i], compress);
+        expect(decoded).toEqual(messages[i]);
+      }
+      const params = SignatureParamsG1.generate(count);
+      const keypair = KeypairG2.generate(params);
+      const sig = SignatureG1.generate(encodedMessages, keypair.secretKey, params, false);
+      expect(sig.verify(encodedMessages, keypair.publicKey, params, false).verified).toEqual(true);
+
+      // Reveal all messages! This is done for testing purposes only.
+      let revealed: Set<number> = new Set();
+      for (let i = 0; i < count; i++) {
+        revealed.add(i);
+      }
 
-    // Reveal all messages! This is done for testing purposes only.
-    let revealed: Set<number> = new Set();
-    for (let i = 0; i < count; i++) {
-      revealed.add(i);
-    }
+      const [revealedMsgs] = getRevealedUnrevealed(encodedMessages, revealed);
+      const protocol = PoKSigProtocol.initialize(encodedMessages, sig, params, false, undefined, revealed);
+      const challengeContributionP = protocol.challengeContribution(params, true, revealedMsgs);
+      const challengeProver = bytesToChallenge(challengeContributionP);
+      const proof = protocol.generateProof(challengeProver);
 
-    const [revealedMsgs, unrevealedMsgs] = getRevealedUnrevealed(encodedMessages, revealed);
-    const protocol = PoKSigProtocol.initialize(encodedMessages, sig, params, false, undefined, revealed);
-    const challengeContributionP = protocol.challengeContribution(params, true, revealedMsgs);
-    const challengeProver = bytesToChallenge(challengeContributionP);
-    const proof = protocol.generateProof(challengeProver);
-
-    const challengeContributionV = proof.challengeContribution(params, true, revealedMsgs);
-    const challengeVerifier = bytesToChallenge(challengeContributionV);
+      const challengeContributionV = proof.challengeContribution(params, true, revealedMsgs);
+      const challengeVerifier = bytesToChallenge(challengeContributionV);
 
-    expect(challengeProver).toEqual(challengeVerifier);
+      expect(challengeProver).toEqual(challengeVerifier);
 
-    expect(proof.verify(challengeVerifier, keypair.publicKey, params, false, revealedMsgs).verified).toEqual(true);
-    for (let i = 0; i < count; i++) {
-      const decoded = SignatureG1.reversibleDecodeStringMessageForSigning(revealedMsgs.get(i) as Uint8Array);
-      expect(decoded).toEqual(messages[i]);
+      expect(proof.verify(challengeVerifier, keypair.publicKey, params, false, revealedMsgs).verified).toEqual(true);
+      for (let i = 0; i < count; i++) {
+        const decoded = SignatureG1.reversibleDecodeStringForSigning(revealedMsgs.get(i) as Uint8Array);
+        expect(decoded).toEqual(messages[i]);
+      }
     }
+
+    check(false);
+    check(true);
   });
 });

tests/composite-proofs/msg-js-obj/index.ts

@@ -31,11 +31,11 @@ encoders.set('lessSensitive.department.location.geo.long', Encoder.decimalNumber
 
 encoders.set('SSN', (v: unknown) => {
   // @ts-ignore
-  return SignatureG1.reversibleEncodeStringMessageForSigning(v);
+  return SignatureG1.reversibleEncodeStringForSigning(v);
 });
 encoders.set('sensitive.SSN', (v: unknown) => {
   // @ts-ignore
-  return SignatureG1.reversibleEncodeStringMessageForSigning(v);
+  return SignatureG1.reversibleEncodeStringForSigning(v);
 });
 
 export const GlobalEncoder = new Encoder(encoders, defaultEncoder);