feature: verifiable presentation from identity attributes

.gitignore

@@ -10,7 +10,6 @@ Concordium.cabal
 *.pdf
 *.csv
 *.svg
-*.html
 
 # CMake build folder
 build/
@@ -41,4 +40,4 @@ idiss-csharp/*/obj
 **/*.nix
 **/flake.lock
 
-.DS_STORE
+.DS_STORE

rust-src/concordium_base/CHANGELOG.md

@@ -4,6 +4,8 @@
 - Removed `ChainParameterVersionX` types and the `MintDistributionFamily`, `GASRewardsFamily` and `AuthorizationsFamily` traits and their implementations.
 - Revised `UpdateSigner` implementations not to use references, since the one method (`sign_update_hash`) already takes a reference (`&self`).
 - Made `find_authorized_keys` public for easier re-use.
+- Introduced the trait `StructuredDigest` to add data to `RandomOracle` and other hashes
+- Removed the method `RandomOracle::add` and deprecated `RandomOracle::extend_from`
 
 ## 8.0.0-alpha.3 (2025-10-08)
 

rust-src/concordium_base/README.md

@@ -48,3 +48,11 @@ platform specific limitations though.
 The minimum supported Rust version is stated in the `Cargo.toml` manifest.
 Changes in this minimal supported version are going to be accompanied by at
 least a minor version increase.
+
+### Generating docs
+
+In order to display mathematical typesetting (especially used on crypto modules and types),
+KaTeX headers must be inserted into the generated documentation:
+```sh
+RUSTDOCFLAGS="--html-in-header docs/assets/katex-header.html" cargo doc --no-deps
+```

rust-src/concordium_base/src/bulletproofs/inner_product_proof.rs

@@ -1,5 +1,6 @@
 //! Logarithmic sized inner product proof used as base for the other proofs in
 //! this crate
+use crate::random_oracle::StructuredDigest;
 use crate::{
     common::*,
     curve_arithmetic::{multiexp, Curve, Field},

rust-src/concordium_base/src/bulletproofs/range_proof.rs

@@ -1,5 +1,7 @@
 //! Implementation of range proofs along the lines of bulletproofs
+pub use super::utils::Generators;
 use super::{inner_product_proof::*, utils::*};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     common::*,
     curve_arithmetic::{multiexp, Curve, Field, MultiExp, PrimeField, Value},
@@ -10,8 +12,6 @@ use crate::{
 use rand::*;
 use std::iter::once;
 
-pub use super::utils::Generators;
-
 /// Bulletproof style range proof
 #[derive(Clone, Serialize, SerdeBase16Serialize, Debug)]
 #[allow(non_snake_case)]

rust-src/concordium_base/src/bulletproofs/set_membership_proof.rs

@@ -1,5 +1,6 @@
 //! Implementation of set membership proof along the lines of bulletproofs
 use super::{inner_product_proof::*, utils::*};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     common::*,
     curve_arithmetic::{multiexp, Curve, Field, MultiExp},

rust-src/concordium_base/src/bulletproofs/set_non_membership_proof.rs

@@ -1,5 +1,6 @@
 //! Implementation of set-non-membership proof along the lines of bulletproofs
 use super::{inner_product_proof::*, utils::*};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     common::*,
     curve_arithmetic::{multiexp, Curve, Field, MultiExp},

rust-src/concordium_base/src/eddsa_ed25519/dlog_ed25519.rs

@@ -2,6 +2,7 @@
 //! curve25519 (cf. "Proof of Knowledge of Discrete Logarithm" Section 9.2.1,
 //! Bluepaper v1.2.5) which enables one to prove knowledge of the discrete
 //! logarithm without revealing it.
+use crate::random_oracle::StructuredDigest;
 use crate::{common::*, random_oracle::RandomOracle};
 use anyhow::bail;
 use curve25519_dalek::{

rust-src/concordium_base/src/id/account_holder.rs

@@ -1,6 +1,7 @@
 //! Functionality needed by the account holder, either when interacting with the
 //! identity provider, or when interacting with the chain.
 use super::{id_proof_types::ProofVersion, secret_sharing::*, types::*, utils};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     bulletproofs::{
         inner_product_proof::inner_product,
@@ -486,11 +487,11 @@ fn generate_pio_common<'a, P: Pairing, C: Curve<Scalar = P::ScalarField>, R: ran
 /// Convenient data structure to collect data related to a single AR
 pub struct SingleArData<'a, C: Curve> {
     pub ar: &'a ArInfo<C>,
-    share: Value<C>,
+    pub share: Value<C>,
     pub encrypted_share: Cipher<C>,
-    encryption_randomness: crate::elgamal::Randomness<C>,
+    pub encryption_randomness: crate::elgamal::Randomness<C>,
     pub cmm_to_share: Commitment<C>,
-    randomness_cmm_to_share: PedersenRandomness<C>,
+    pub randomness_cmm_to_share: PedersenRandomness<C>,
 }
 
 type SharingData<'a, C> = (
@@ -954,6 +955,7 @@ pub fn create_unsigned_credential<
     Ok((info, commitment_rands))
 }
 
+/// Compute proof of knowledge signature
 #[allow(clippy::too_many_arguments)]
 fn compute_pok_sig<
     P: Pairing,
@@ -1099,7 +1101,7 @@ fn compute_pok_sig<
 /// For the other values the verifier (the chain) will compute commitments with
 /// randomness 0 in order to verify knowledge of the signature.
 #[allow(clippy::too_many_arguments)]
-pub fn compute_commitments<C: Curve, AttributeType: Attribute<C::Scalar>, R: Rng>(
+fn compute_commitments<C: Curve, AttributeType: Attribute<C::Scalar>, R: Rng>(
     commitment_key: &PedersenKey<C>,
     alist: &AttributeList<C::Scalar, AttributeType>,
     prf_key: &prf::SecretKey<C>,

rust-src/concordium_base/src/id/chain.rs

@@ -1,5 +1,6 @@
 //! Functionality needed by the chain to verify credential deployments.
 use super::{secret_sharing::Threshold, types::*, utils};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     bulletproofs::range_proof::verify_less_than_or_equal,
     common::{to_bytes, types::TransactionTime},

rust-src/concordium_base/src/id/id_prover.rs

@@ -2,6 +2,7 @@
 //! accounts.
 
 use super::{id_proof_types::*, types::*};
+use crate::random_oracle::StructuredDigest;
 use crate::{
     bulletproofs::{
         range_proof::{prove_in_range, RangeProof},

rust-src/concordium_base/src/id/id_verifier.rs

@@ -12,6 +12,7 @@ use crate::bulletproofs::{
 };
 
 use super::id_proof_types::*;
+use crate::random_oracle::StructuredDigest;
 use crate::{
     curve_arithmetic::{Curve, Field},
     pedersen_commitment::{