This is wrapper around plume_rustcrypto crate to produce PLUME signatures in JS contexts using Wasm.
TODO add here couple of examples from systems which uses this.
Getting Started
Get the package from NPM. The repository contains Rust code for generating Wasm and packaging it.
The package usage outline; see the details in subsections.
// ...
let result = plume.sign(isV1, secretKeySec1Der, msg);
console.log(result.instance)
console.log(result.witness.digest_private);
// get all the other witness values
result.zeroize();
Please, refer to the JS-doc for types description, function signatures, and exceptions notes.
Values in the following examples are in line with the tests in the wrapped crate.
producing the signature
import * as plume from 'plume-sig';
let result = plume.sign(
false,
new Uint8Array([48, 107, 2, 1, 1, 4, 32, 81, 155, 66, 61, 113, 95, 139, 88, 31, 79, 168, 238, 89, 244, 119, 26, 91, 68, 200, 19, 11, 78, 62, 172, 202, 84, 165, 109, 218, 114, 180, 100, 161, 68, 3, 66, 0, 4, 12, 236, 2, 142, 224, 141, 9, 224, 38, 114, 166, 131, 16, 129, 67, 84, 249, 234, 191, 255, 13, 230, 218, 204, 28, 211, 167, 116, 73, 96, 118, 174, 239, 244, 113, 251, 160, 64, 152, 151, 182, 164, 142, 136, 1, 173, 18, 249, 93, 0, 9, 183, 83, 207, 143, 81, 193, 40, 191, 107, 11, 210, 127, 189]),
new Uint8Array([
65, 110, 32, 101, 120, 97, 109, 112, 108, 101, 32, 97, 112, 112, 32, 109, 101, 115, 115, 97, 103, 101, 32, 115, 116, 114, 105, 110, 103
])
);
getting the values
PlumeSignature holds two objects: instance with the public values is available for further processing, and witness with the private values provides access to all of them just via getters.
instance
// ...
console.log(result.instance)
/* {
message: [
65, 110, 32, 101, 120, 97, 109,
112, 108, 101, 32, 97, 112, 112,
32, 109, 101, 115, 115, 97, 103,
101, 32, 115, 116, 114, 105, 110,
103
],
nullifier: [
3, 87, 188, 62, 210, 129, 114, 239,
138, 221, 228, 185, 224, 194, 204, 231,
69, 252, 197, 166, 100, 115, 164, 92,
30, 98, 111, 29, 12, 103, 229, 88,
48
],
s: [
48, 107, 2, 1, 1, 4, 32, 51, 230, 85, 68, 129,
138, 1, 100, 183, 88, 247, 98, 146, 145, 211, 106, 95,
239, 188, 178, 48, 169, 159, 94, 215, 1, 144, 63, 9,
125, 69, 216, 161, 68, 3, 66, 0, 4, 50, 19, 61,
44, 42, 226, 58, 241, 87, 46, 105, 142, 188, 131, 170,
240, 229, 2, 237, 102, 205, 67, 65, 81, 191, 10, 91,
215, 89, 152, 15, 75, 170, 71, 184, 186, 137, 87, 138,
241, 43, 170, 182, 20, 0, 42, 161, 149, 129, 159, 189,
213, 144, 44, 29,
... 9 more items
],
is_v1: false
} */
witness
console.log(result.witness.pk)
/* Uint8Array(33) [
3, 12, 236, 2, 142, 224, 141, 9,
224, 38, 114, 166, 131, 16, 129, 67,
84, 249, 234, 191, 255, 13, 230, 218,
204, 28, 211, 167, 116, 73, 96, 118,
174
] */
console.log(result.witness.digest_private)
console.log(result.witness.v1specific);
// undefined
the variant distinguishing
Note that for the witness the variant is specified by v1specific; if it's undefined then the object contains V2, otherwise it's V1.
// ...
if (result.witness.v1specific) {
console.log(result.witness.v1specific.r_point);
console.log(result.witness.v1specific.hashed_to_curve_r);
}
Also there's the #conversion utility provided.
zeroization
Depending on your context you might want to clear witness values from the Wasm memory after getting the values.
// ...
result.zeroize();
#conversion of s to BigInt
JS most native format for scalar is BigInt, but it's not really transportable or secure, so for uniformity of approach s in PlumeSignature is defined similar to digest_private; but if you want to have it as a BigInt there's sec1DerScalarToBigint helper funtion.
Working with source files
This package is built with the tech provided by https://github.com/rustwasm which contains everything needed to work with it. Also the wrapper crate was initiated with wasm-pack-template.
License
See https://github.com/plume-sig/zk-nullifier-sig/blob/main/LICENSE.