Post-Quantum (PQ) and Post-Quantum/Traditional (PQ/T) hybrid signatures for VCs

Cargo.toml

@@ -22,6 +22,7 @@ members = [
   "identity_jose",
   "identity_ecdsa_verifier",
   "identity_eddsa_verifier",
+  "identity_pqc_verifier",
   "examples",
 ]
 
@@ -32,12 +33,25 @@ bls12_381_plus = { version = "0.8.17" }
 iota_interaction = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "iota_interaction" }
 iota_interaction_ts = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "iota_interaction_ts" }
 product_common = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "product_common" }
-serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
+serde = { version = "1.0", default-features = false, features = [
+  "alloc",
+  "derive",
+] }
 serde_json = { version = "1.0", default-features = false }
-strum = { version = "0.25", default-features = false, features = ["std", "derive"] }
+oqs = { version = "0.10", default-features = false, features = [
+  "sigs",
+  "std",
+  "vendored",
+] }
+strum = { version = "0.25", default-features = false, features = [
+  "std",
+  "derive",
+] }
 thiserror = { version = "1.0", default-features = false }
-json-proof-token = { version = "0.3.5" }
-zkryptium = { version = "0.2.2", default-features = false, features = ["bbsplus"] }
+json-proof-token = { version = "0.4" }
+zkryptium = { version = "0.2.2", default-features = false, features = [
+  "bbsplus",
+] }
 
 [workspace.lints.clippy]
 result_large_err = "allow"

bindings/wasm/identity_wasm/Cargo.toml

@@ -28,7 +28,7 @@ iota-sdk = { version = "1.1.5", default-features = false, features = ["serde", "
 iota_interaction = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "iota_interaction", default-features = false }
 iota_interaction_ts = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "iota_interaction_ts" }
 js-sys = { version = "0.3.61" }
-json-proof-token = "0.3.4"
+json-proof-token = "0.4"
 proc_typescript = { version = "0.1.0", path = "./proc_typescript" }
 product_common = { git = "https://github.com/iotaledger/product-core.git", tag = "v0.2.1", package = "product_common", features = ["core-client", "transaction", "bindings"] }
 secret-storage = { git = "https://github.com/iotaledger/secret-storage.git", default-features = false, tag = "v0.3.0" }
@@ -54,6 +54,8 @@ features = [
   "sd-jwt-vc",
   "status-list-2021",
   "jpt-bbs-plus",
+  "pqc",
+  "hybrid",
 ]
 
 [target.'cfg(all(target_arch = "wasm32", not(target_os = "wasi")))'.dependencies]

bindings/wasm/identity_wasm/examples/src/1_advanced/8_zkp.ts

@@ -19,6 +19,53 @@ import {
 import { IotaClient } from "@iota/iota-sdk/client";
 import { getFundedClient, getMemstorage, IOTA_IDENTITY_PKG_ID, NETWORK_URL } from "../util";
 
+/** Creates a DID Document and publishes it in a new Alias Output.
+
+Its functionality is equivalent to the "create DID" example
+and exists for convenient calling from the other examples. */
+export async function createDid(client: Client, secretManager: SecretManagerType, storage: Storage): Promise<{
+    address: Address;
+    document: IotaDocument;
+    fragment: string;
+}> {
+    const didClient = new IotaIdentityClient(client);
+    const networkHrp: string = await didClient.getNetworkHrp();
+
+    const secretManagerInstance = new SecretManager(secretManager);
+    const walletAddressBech32 = (await secretManagerInstance.generateEd25519Addresses({
+        accountIndex: 0,
+        range: {
+            start: 0,
+            end: 1,
+        },
+        bech32Hrp: networkHrp,
+    }))[0];
+
+    console.log("Wallet address Bech32:", walletAddressBech32);
+
+    await ensureAddressHasFunds(client, walletAddressBech32);
+
+    const address: Address = Utils.parseBech32Address(walletAddressBech32);
+
+    // Create a new DID document with a placeholder DID.
+    // The DID will be derived from the Alias Id of the Alias Output after publishing.
+    const document = new IotaDocument(networkHrp);
+
+    const fragment = await document.generateMethodJwp(
+        storage,
+        ProofAlgorithm.BBS,
+        undefined,
+        MethodScope.VerificationMethod(),
+    );
+    // Construct an Alias Output containing the DID document, with the wallet address
+    // set as both the state controller and governor.
+    const aliasOutput: AliasOutput = await didClient.newDidOutput(address, document);
+
+    // Publish the Alias Output and get the published DID document.
+    const published = await didClient.publishDidOutput(secretManager, aliasOutput);
+
+    return { address, document: published, fragment };
+}
 export async function zkp() {
     // ===========================================================================
     // Step 1: Create identity for the issuer.

bindings/wasm/identity_wasm/examples/src/1_advanced/hybrid.ts

@@ -0,0 +1,231 @@
+// Copyright 2024 Fondazione Links
+// SPDX-License-Identifier: Apache-2.0
+
+import {
+    CompositeAlgId,
+    CoreDID,
+    Credential,
+    Duration,
+    EdDSAJwsVerifier,
+    FailFast,
+    IotaDocument,
+    JwkPqMemStore,
+    JwsSignatureOptions,
+    JwsVerificationOptions,
+    Jwt,
+    JwtCredentialValidationOptions,
+    JwtCredentialValidator,
+    JwtCredentialValidatorHybrid,
+    JwtPresentationOptions,
+    JwtPresentationValidationOptions,
+    JwtPresentationValidator,
+    JwtPresentationValidatorHybrid,
+    KeyIdMemStore,
+    MethodScope,
+    PQJwsVerifier,
+    Presentation,
+    Resolver,
+    Storage,
+    SubjectHolderRelationship,
+    Timestamp,
+} from "@iota/identity-wasm/node";
+import { IotaClient } from "@iota/iota-sdk/client";
+import { getFundedClient, NETWORK_URL } from "../util";
+
+/**
+ * This example shows how to create an hybrid Verifiable Presentation and validate it
+ */
+export async function hybrid() {
+    // ===========================================================================
+    // Step 1: Create identities for the issuer and the holder.
+    // ===========================================================================
+
+    const issuerStorage = new Storage(new JwkPqMemStore(), new KeyIdMemStore());
+    const issuerClient = await getFundedClient(issuerStorage);
+    const issuerDocument = new IotaDocument(issuerClient.network());
+    // Create a new method with PQ/T algorithm.
+    const issuerFragment = await issuerDocument.generateMethodHybrid(
+        issuerStorage,
+        CompositeAlgId.IdMldsa44Ed25519,
+        "#0",
+        MethodScope.VerificationMethod(),
+    );
+    const issuerIdentity = await issuerClient
+        .createIdentity(issuerDocument)
+        .finish()
+        .buildAndExecute(issuerClient)
+        .then(res => res.output);
+
+    const aliceStorage = new Storage(new JwkPqMemStore(), new KeyIdMemStore());
+    const aliceClient = await getFundedClient(aliceStorage);
+    const aliceDocument = new IotaDocument(aliceClient.network());
+    // Create a new method with PQ/T algorithm.
+    const aliceFragment = await aliceDocument.generateMethodHybrid(
+        aliceStorage,
+        CompositeAlgId.IdMldsa44Ed25519,
+        "#0",
+        MethodScope.VerificationMethod(),
+    );
+    const aliceIdentity = await aliceClient
+        .createIdentity(aliceDocument)
+        .finish()
+        .buildAndExecute(aliceClient)
+        .then(res => res.output);
+
+    // ===========================================================================
+    // Step 2: Issuer creates and signs a Verifiable Credential.
+    // ===========================================================================
+
+    const subject = {
+        id: aliceDocument.id(),
+        name: "Alice",
+        degreeName: "Bachelor of Science and Arts",
+        degreeType: "BachelorDegree",
+        GPA: "4.0",
+    };
+
+    // Create an unsigned `UniversityDegree` credential for Alice
+    const unsignedVc = new Credential({
+        id: "https://example.edu/credentials/3732",
+        type: "UniversityDegreeCredential",
+        issuer: issuerDocument.id(),
+        credentialSubject: subject,
+    });
+
+    // Create a Credential JWT with the issuer's hybrid verification method.
+    const credentialJwt = await issuerDocument.createCredentialJwtHybrid(
+        issuerStorage,
+        issuerFragment,
+        unsignedVc,
+        new JwsSignatureOptions(),
+    );
+
+    const res = new JwtCredentialValidatorHybrid(new EdDSAJwsVerifier(), new PQJwsVerifier()).validate(
+        credentialJwt,
+        issuerDocument,
+        new JwtCredentialValidationOptions(),
+        FailFast.FirstError,
+    );
+    console.log("credentialjwt validation", res.intoCredential());
+
+    // ===========================================================================
+    // Step 3: Issuer sends the Verifiable Credential to the holder.
+    // ===========================================================================
+
+    // The credential is then serialized to JSON and transmitted to the holder in a secure manner.
+    // Note that the credential is NOT published to the IOTA Tangle. It is sent and stored off-chain.
+    console.log(`Sending credential (as JWT) to the holder`, unsignedVc.toJSON());
+
+    // ===========================================================================
+    // Step 4: Verifier sends the holder a challenge and requests a signed Verifiable Presentation.
+    // ===========================================================================
+
+    // A unique random challenge generated by the requester per presentation can mitigate replay attacks.
+    const nonce = "475a7984-1bb5-4c4c-a56f-822bccd46440";
+
+    // The verifier and holder also agree that the signature should have an expiry date
+    // 10 minutes from now.
+    const expires = Timestamp.nowUTC().checkedAdd(Duration.minutes(10));
+
+    // ===========================================================================
+    // Step 5: Holder creates a verifiable presentation from the issued credential for the verifier to validate.
+    // ===========================================================================
+
+    // Create a Verifiable Presentation from the Credential
+    const unsignedVp = new Presentation({
+        holder: aliceDocument.id(),
+        verifiableCredential: [credentialJwt],
+    });
+
+    // Create a Hybrid JWT verifiable presentation using the holder's verification method
+    // and include the requested challenge and expiry timestamp.
+    const presentationJwt = await aliceDocument.createPresentationJwtHybrid(
+        aliceStorage,
+        aliceFragment,
+        unsignedVp,
+        new JwsSignatureOptions({ nonce }),
+        new JwtPresentationOptions({ expirationDate: expires }),
+    );
+
+    // ===========================================================================
+    // Step 6: Holder sends a verifiable presentation to the verifier.
+    // ===========================================================================
+    console.log(
+        `Sending presentation (as JWT) to the verifier`,
+        unsignedVp.toJSON(),
+    );
+
+    // ===========================================================================
+    // Step 7: Verifier receives the Verifiable Presentation and verifies it.
+    // ===========================================================================
+
+    // The verifier wants the following requirements to be satisfied:
+    // - JWT verification of the presentation (including checking the requested challenge to mitigate replay attacks)
+    // - JWT verification of the credentials.
+    // - The presentation holder must always be the subject, regardless of the presence of the nonTransferable property
+    // - The issuance date must not be in the future.
+
+    const jwtPresentationValidationOptions = new JwtPresentationValidationOptions(
+        {
+            presentationVerifierOptions: new JwsVerificationOptions({ nonce }),
+        },
+    );
+
+    const resolver = new Resolver({
+        client: aliceClient,
+    });
+    // Resolve the presentation holder.
+    const presentationHolderDID: CoreDID = JwtPresentationValidator.extractHolder(presentationJwt);
+    const resolvedHolder = await resolver.resolve(
+        presentationHolderDID.toString(),
+    );
+
+    // Validate presentation. Note that this doesn't validate the included credentials.
+    let decodedPresentation = new JwtPresentationValidatorHybrid(new EdDSAJwsVerifier(), new PQJwsVerifier()).validate(
+        presentationJwt,
+        resolvedHolder,
+        jwtPresentationValidationOptions,
+    );
+
+    // Validate the hybrid credentials in the presentation.
+    let credentialValidator = new JwtCredentialValidatorHybrid(new EdDSAJwsVerifier(), new PQJwsVerifier());
+    let validationOptions = new JwtCredentialValidationOptions({
+        subjectHolderRelationship: [
+            presentationHolderDID.toString(),
+            SubjectHolderRelationship.AlwaysSubject,
+        ],
+    });
+
+    let jwtCredentials: Jwt[] = decodedPresentation
+        .presentation()
+        .verifiableCredential()
+        .map((credential) => {
+            const jwt = credential.tryIntoJwt();
+            if (!jwt) {
+                throw new Error("expected a JWT credential");
+            } else {
+                return jwt;
+            }
+        });
+
+    // Concurrently resolve the issuers' documents.
+    let issuers: string[] = [];
+    for (let jwtCredential of jwtCredentials) {
+        let issuer = JwtCredentialValidator.extractIssuerFromJwt(jwtCredential);
+        issuers.push(issuer.toString());
+    }
+    let resolvedIssuers = await resolver.resolveMultiple(issuers);
+
+    // Validate the credentials in the presentation.
+    for (let i = 0; i < jwtCredentials.length; i++) {
+        credentialValidator.validate(
+            jwtCredentials[i],
+            resolvedIssuers[i],
+            validationOptions,
+            FailFast.FirstError,
+        );
+    }
+
+    // Since no errors were thrown we know that the validation was successful.
+    console.log(`VP successfully validated`);
+}