Restrictive Partially Blind Signatures in Solidity
RPBSsol package is a package for verifying Restrictive Partially Blind Signatures onchain.
This package is meant to work in tandem with the NPM package
designed for creating blind signatures.
The package contains 2 contracts: Curve and RPBS
Curve
The Curve contract implements all of the basic operations over the BN254 field and the respective group.
The point on the afforementioned curve is defined in the following structure:
struct Point {
uint256 x; /// X coordinate of the point
uint256 y; /// Y coordinate of the point
}
The following functions help to execute transformations and operations on the afforementioned structure.
multiplyPointByScalarPoint memory _point, uint256 _scalar)
Takes in a point _point = (x,y)
and a scalar _k \in [0, max(uint256)]
and outputs a point scaled on the elliptic curve:
p' = _k * (x, y)
scalarToPoint(uint256 _k)
Takes in a scalar k \in [0, max(uint256)]
and outputs a point obtained by scaling the generator point (1,2)
by the
specified scalar _k
: p' = _k * (1,2)
addPoints(Point memory _p1, Point memory _p2)
Takes in the 2 points _p1 = (x1, y1)
, _p2 = (x2, y2)
and outputs a sum of the specified points:
p' = (x1, y1) + (x2, y2)
negateScalar(uint256 _scalar)
Computes an additive group inverse of the _scalar
such that (_scalar + negateScalar(_scalar)) mod GROUP_ORDER = 0
reduceScalar(uint256 _scalar)
Computes _scalar mod GROUP_ORDER
encodePointHex(Point memory _p)
Takes in a point in the format (x,y)
and returns a point encoded in the string form: '04' + str(x) + str(y)
.
Here str(x)
and str(y)
are given in the hexadecimal format.
RPBS
The RPBS contract contains 1 main function: verifySignature
which takes in the following parameters:

Point calldata _publicKey
 Public key of the signer 
bytes32 _infoHash
 sha256 hash of the public part of the message 
Signature calldata _signature
 RPBS signature 
bytes32 _messageHash
 sha256 hash of the private part of the signed message
The RPBS signature is defined as following:
struct Signature {
Point z1_hat;
uint256 c1_hat;
uint256 s1_hat;
uint256 c2_hat;
uint256 s2_hat;
uint256 alpha;
uint256 beta;
}
The function outputs is a boolean value for signature being correct true
or not false