@nuggetslife/vc 0.0.24 → 0.0.25

package/demo_bbs_2023.mjs

@@ -0,0 +1,203 @@
+/**
+ * BBS-2023 Data Integrity Demo — W3C Verifiable Credentials with Selective Disclosure
+ *
+ * This demo walks through the full BBS-2023 cryptosuite lifecycle:
+ *   1. Issuer signs a JSON-LD Verifiable Credential with a DataIntegrityProof
+ *   2. Holder derives a selective disclosure proof (reveals only chosen fields)
+ *   3. Verifier checks the derived proof
+ *   4. Bonus: Blind signing with holder commitment (holder binding)
+ *
+ * BBS-2023 replaces BbsBlsSignature2020 for W3C Data Integrity proofs.
+ *
+ * Key differences from BbsBlsSignature2020:
+ *   OLD: JSON-LD framing with @explicit reveal documents, base58 key pairs,
+ *        BbsBlsSignature2020/BbsBlsSignatureProof2020 proof types,
+ *        class-based API (new BbsBlsSignature2020({key})), async operations
+ *   NEW: JSON Pointers for field selection, hex-encoded BBS keys,
+ *        single "DataIntegrityProof" type with cryptosuite "bbs-2023",
+ *        function-based API, mandatory vs selective pointer split
+ */
+
+import {
+    bbsIetfKeygen,
+    bbs2023Sign,
+    bbs2023Derive,
+    bbs2023Verify,
+    bbs2023HolderCommit,
+    bbs2023BlindSign,
+} from './index.js';
+
+function separator(title) {
+    console.log('\n' + '='.repeat(70));
+    console.log(`  ${title}`);
+    console.log('='.repeat(70) + '\n');
+}
+
+function printProof(doc) {
+    const { proof, ...rest } = doc;
+    console.log('Document (without proof):', JSON.stringify(rest, null, 2));
+    console.log('Proof:');
+    console.log('  type:', proof.type);
+    console.log('  cryptosuite:', proof.cryptosuite);
+    console.log('  proofValue:', proof.proofValue.substring(0, 60) + '...');
+    if (proof.verificationMethod) console.log('  verificationMethod:', proof.verificationMethod);
+}
+
+// ── Key Setup ────────────────────────────────────────────────────────
+
+separator('Step 0: Generate BBS Key Pair');
+
+const kp = bbsIetfKeygen();
+console.log('BBS key pair (IETF draft-irtf-cfrg-bbs-signatures):');
+console.log('  Secret key (hex, 32 bytes):', kp.secretKey.substring(0, 20) + '...');
+console.log('  Public key (hex, 96 bytes):', kp.publicKey.substring(0, 20) + '...');
+
+// ── Sample Credential ────────────────────────────────────────────────
+
+const credential = {
+    '@context': [
+        'https://www.w3.org/2018/credentials/v1',
+        {
+            // Inline context defining terms (in production, use published contexts)
+            givenName: 'http://schema.org/givenName',
+            familyName: 'http://schema.org/familyName',
+            email: 'http://schema.org/email',
+            birthDate: 'http://schema.org/birthDate',
+            alumniOf: 'http://schema.org/alumniOf',
+        },
+    ],
+    type: ['VerifiableCredential'],
+    issuer: 'did:example:issuer',
+    issuanceDate: '2025-01-01T00:00:00Z',
+    credentialSubject: {
+        id: 'did:example:alice',
+        givenName: 'Alice',
+        familyName: 'Smith',
+        email: 'alice@example.com',
+        birthDate: '1990-01-15',
+        alumniOf: 'Example University',
+    },
+};
+
+// ── 1. Sign ──────────────────────────────────────────────────────────
+
+separator('Step 1: Issuer signs the credential (base proof)');
+
+console.log('Mandatory pointers (always revealed): /issuer, /issuanceDate');
+console.log('Everything else can be selectively disclosed by the holder.\n');
+
+const signed = bbs2023Sign({
+    document: credential,
+    secretKey: kp.secretKey,
+    publicKey: kp.publicKey,
+    mandatoryPointers: ['/issuer', '/issuanceDate'],
+    verificationMethod: 'did:example:issuer#bbs-key-1',
+    proofPurpose: 'assertionMethod',
+});
+
+printProof(signed);
+
+console.log('\nCompare with old BbsBlsSignature2020:');
+console.log('  OLD: proof.type = "BbsBlsSignature2020"');
+console.log('  NEW: proof.type = "DataIntegrityProof", proof.cryptosuite = "bbs-2023"');
+
+// Verify the base proof
+const baseResult = bbs2023Verify(signed, kp.publicKey);
+console.log('\nBase proof verified:', baseResult.verified);
+
+// ── 2. Derive ────────────────────────────────────────────────────────
+
+separator('Step 2: Holder derives selective disclosure proof');
+
+console.log('Selective pointers (holder chooses to reveal): /credentialSubject/givenName');
+console.log('Hidden: familyName, email, birthDate, alumniOf\n');
+
+console.log('Compare with old BbsBlsSignature2020:');
+console.log('  OLD: revealDocument = { credentialSubject: { "@explicit": true, givenName: {} } }');
+console.log('  NEW: selectivePointers = ["/credentialSubject/givenName"]\n');
+
+const derived = bbs2023Derive({
+    document: signed,
+    selectivePointers: ['/credentialSubject/givenName'],
+});
+
+printProof(derived);
+
+console.log('\nNote: the derived proof only covers mandatory + selected fields.');
+console.log('The proof will not verify claims outside those sets.');
+console.log('In practice, the holder strips undisclosed fields before sharing.');
+
+// ── 3. Verify ────────────────────────────────────────────────────────
+
+separator('Step 3: Verifier checks the derived proof');
+
+const derivedResult = bbs2023Verify(derived, kp.publicKey);
+console.log('Derived proof verified:', derivedResult.verified);
+console.log('Error:', derivedResult.error ?? 'none');
+
+// Show what's cryptographically attested
+console.log('\nCryptographically attested fields (mandatory + selective pointers):');
+console.log('  issuer:', derived.issuer, '(mandatory)');
+console.log('  issuanceDate:', derived.issuanceDate, '(mandatory)');
+console.log('  credentialSubject.givenName:', derived.credentialSubject?.givenName, '(selective)');
+console.log('  credentialSubject.familyName: present but NOT attested by derived proof');
+console.log('  credentialSubject.email: present but NOT attested by derived proof');
+
+// Wrong key should fail
+const wrongKp = bbsIetfKeygen();
+const wrongResult = bbs2023Verify(derived, wrongKp.publicKey);
+console.log('\nVerify with wrong key:', wrongResult.verified, '(expected false)');
+
+// ── 4. Blind Signing (Holder Commitment) ─────────────────────────────
+
+separator('Step 4: Blind Signing — Holder Binding');
+
+console.log('Blind signing lets the holder commit to secret fields before the issuer signs.');
+console.log('The issuer signs without seeing the committed values.');
+console.log('This has no equivalent in BbsBlsSignature2020.\n');
+
+// 4a. Holder creates a commitment
+const commitment = bbs2023HolderCommit({
+    document: credential,
+    publicKey: kp.publicKey,
+    mandatoryPointers: ['/issuer', '/issuanceDate'],
+    committedPointers: ['/credentialSubject/email'],
+});
+
+console.log('Holder commitment:');
+console.log('  commitment (hex):', commitment.commitment.substring(0, 40) + '...');
+console.log('  blindFactor (hex):', commitment.blindFactor.substring(0, 40) + '...');
+console.log('  committedIndices:', commitment.committedIndices);
+
+// 4b. Issuer blind-signs with the commitment
+const blindSigned = bbs2023BlindSign({
+    document: credential,
+    secretKey: kp.secretKey,
+    publicKey: kp.publicKey,
+    commitment: commitment.commitment,
+    hmacKey: commitment.hmacKey,
+    committedIndices: commitment.committedIndices,
+    mandatoryPointers: ['/issuer', '/issuanceDate'],
+    verificationMethod: 'did:example:issuer#bbs-key-1',
+});
+
+console.log('\nBlind-signed proof created:', blindSigned.proof.type, blindSigned.proof.cryptosuite);
+
+// 4c. Holder derives (must include blindFactor)
+const blindDerived = bbs2023Derive({
+    document: blindSigned,
+    selectivePointers: ['/credentialSubject/givenName', '/credentialSubject/email'],
+    blindFactor: commitment.blindFactor,
+});
+
+// 4d. Verify
+const blindResult = bbs2023Verify(blindDerived, kp.publicKey);
+console.log('Blind-signed derived proof verified:', blindResult.verified);
+
+separator('Demo Complete');
+console.log('BBS-2023 provides W3C-standard selective disclosure with:');
+console.log('  - JSON Pointers instead of JSON-LD framing');
+console.log('  - DataIntegrityProof type (not BbsBlsSignature2020)');
+console.log('  - Mandatory vs selective pointer split');
+console.log('  - Blind signing for holder binding (new capability)');
+console.log('');

package/demo_bbs_ietf.mjs

@@ -0,0 +1,193 @@
+/**
+ * BBS IETF Demo — Low-Level BBS Signatures (draft-irtf-cfrg-bbs-signatures)
+ *
+ * This demo shows the raw BBS cryptographic primitives:
+ *   1. Key generation
+ *   2. Sign a set of messages
+ *   3. Verify the signature
+ *   4. Generate a selective disclosure proof (reveal only some messages)
+ *   5. Verify the proof
+ *
+ * This is the low-level layer that BBS-2023 is built on top of.
+ * Most developers will use BBS-2023 (for VCs) or SD-JWT (for plain claims)
+ * instead of calling these directly. But understanding the primitives helps.
+ *
+ * Key concepts:
+ *   - BBS signs a list of messages as a single signature
+ *   - A holder can create a zero-knowledge proof revealing only some messages
+ *   - The verifier learns nothing about hidden messages
+ *   - Two ciphersuites: SHA-256 (default) and SHAKE-256
+ */
+
+import {
+    bbsIetfKeygen,
+    bbsIetfSign,
+    bbsIetfVerify,
+    bbsIetfProofGen,
+    bbsIetfProofVerify,
+} from './index.js';
+
+function separator(title) {
+    console.log('\n' + '='.repeat(70));
+    console.log(`  ${title}`);
+    console.log('='.repeat(70) + '\n');
+}
+
+// ── 1. Key Generation ────────────────────────────────────────────────
+
+separator('Step 1: Key Generation');
+
+// Generate a random BBS key pair
+const kp = bbsIetfKeygen();
+console.log('Random BBS key pair:');
+console.log('  Secret key (32 bytes hex):', kp.secretKey);
+console.log('  Public key (96 bytes hex):', kp.publicKey.substring(0, 40) + '...');
+
+// Deterministic keygen with IKM (Input Key Material)
+const ikm = Buffer.alloc(32);
+for (let i = 0; i < 32; i++) ikm[i] = i + 1;
+const kpDet = bbsIetfKeygen(ikm);
+const kpDet2 = bbsIetfKeygen(ikm);
+console.log('\nDeterministic keygen (same IKM = same keys):');
+console.log('  Keys match:', kpDet.secretKey === kpDet2.secretKey);
+
+// ── 2. Sign Messages ────────────────────────────────────────────────
+
+separator('Step 2: Sign a Set of Messages');
+
+// BBS signs an ordered list of messages in a single operation.
+// Each message is a string; the library handles hashing to curve scalars.
+const messages = [
+    'given_name: Alice',
+    'family_name: Smith',
+    'date_of_birth: 1990-01-15',
+    'email: alice@example.com',
+    'employee_id: EMP-42',
+];
+
+console.log('Messages to sign:');
+messages.forEach((m, i) => console.log(`  [${i}] ${m}`));
+
+const sk = Buffer.from(kp.secretKey, 'hex');
+const pk = Buffer.from(kp.publicKey, 'hex');
+const header = Buffer.from('credential-context-v1');
+
+const signature = bbsIetfSign(sk, pk, header, messages, 'SHA-256');
+console.log('\nSignature (80 bytes):', signature.toString('hex').substring(0, 40) + '...');
+
+// ── 3. Verify Signature ─────────────────────────────────────────────
+
+separator('Step 3: Verify the Signature');
+
+const isValid = bbsIetfVerify(pk, signature, header, messages, 'SHA-256');
+console.log('Signature valid:', isValid);
+
+// Wrong key
+const wrongKp = bbsIetfKeygen();
+const wrongPk = Buffer.from(wrongKp.publicKey, 'hex');
+const isValidWrong = bbsIetfVerify(wrongPk, signature, header, messages, 'SHA-256');
+console.log('Wrong key valid:', isValidWrong, '(expected false)');
+
+// Tampered message
+const tampered = [...messages];
+tampered[2] = 'date_of_birth: 2000-01-01';
+const isValidTampered = bbsIetfVerify(pk, signature, header, tampered, 'SHA-256');
+console.log('Tampered message valid:', isValidTampered, '(expected false)');
+
+// ── 4. Selective Disclosure Proof ────────────────────────────────────
+
+separator('Step 4: Generate Selective Disclosure Proof');
+
+// The holder wants to prove they have a valid credential but only
+// reveal their name and employee ID (indices 0, 1, 4).
+// date_of_birth (2) and email (3) stay hidden.
+
+const disclosedIndices = [0, 1, 4];
+const presentationHeader = Buffer.from('verifier-challenge-xyz');
+
+console.log('Disclosed messages (what the verifier will see):');
+for (const idx of disclosedIndices) {
+    console.log(`  [${idx}] ${messages[idx]}`);
+}
+console.log('Hidden messages (verifier learns nothing about these):');
+for (let i = 0; i < messages.length; i++) {
+    if (!disclosedIndices.includes(i)) {
+        console.log(`  [${i}] ${messages[i]}`);
+    }
+}
+
+const proof = bbsIetfProofGen(
+    pk,
+    signature,
+    header,
+    presentationHeader,
+    messages,
+    disclosedIndices,
+    'SHA-256',
+);
+
+console.log(`\nProof generated (${proof.length} bytes)`);
+
+// ── 5. Verify Proof ─────────────────────────────────────────────────
+
+separator('Step 5: Verify the Selective Disclosure Proof');
+
+// The verifier only has: public key, proof, disclosed messages, total count
+// They do NOT have the original signature or hidden messages.
+const disclosedMessages = {};
+for (const idx of disclosedIndices) {
+    disclosedMessages[idx] = messages[idx];
+}
+
+console.log('Verifier inputs:');
+console.log('  Public key: (96 bytes)');
+console.log('  Proof: (' + proof.length + ' bytes)');
+console.log('  Disclosed messages:', JSON.stringify(disclosedMessages, null, 4));
+console.log('  Total message count:', messages.length);
+
+const proofValid = bbsIetfProofVerify(
+    pk,
+    proof,
+    header,
+    presentationHeader,
+    disclosedMessages,
+    messages.length,
+    'SHA-256',
+);
+
+console.log('\nProof valid:', proofValid);
+
+// Try with wrong disclosed message
+const wrongDisclosed = { ...disclosedMessages, 0: 'given_name: Bob' };
+const proofValidWrong = bbsIetfProofVerify(
+    pk, proof, header, presentationHeader,
+    wrongDisclosed, messages.length, 'SHA-256',
+);
+console.log('Wrong disclosed message valid:', proofValidWrong, '(expected false)');
+
+// ── 6. Ciphersuites ─────────────────────────────────────────────────
+
+separator('Step 6: Ciphersuite Comparison');
+
+console.log('Two ciphersuites available:');
+console.log('  SHA-256  — default, widely compatible');
+console.log('  SHAKE-256 — alternative hash, same security level\n');
+
+const shakekp = bbsIetfKeygen(ikm, null, 'SHAKE-256');
+const shakeSk = Buffer.from(shakekp.secretKey, 'hex');
+const shakePk = Buffer.from(shakekp.publicKey, 'hex');
+
+const shakeSig = bbsIetfSign(shakeSk, shakePk, null, ['test'], 'SHAKE-256');
+const shakeValid = bbsIetfVerify(shakePk, shakeSig, null, ['test'], 'SHAKE-256');
+console.log('SHAKE-256 sign + verify:', shakeValid);
+
+// Cross-ciphersuite: should NOT work
+const crossValid = bbsIetfVerify(shakePk, shakeSig, null, ['test'], 'SHA-256');
+console.log('SHA-256 verify of SHAKE-256 sig:', crossValid, '(expected false)');
+
+separator('Demo Complete');
+console.log('BBS IETF provides the cryptographic foundation for:');
+console.log('  - BBS-2023 Data Integrity proofs (high-level VC API)');
+console.log('  - Any application needing multi-message signatures with selective disclosure');
+console.log('  - Zero-knowledge proofs: verifier learns nothing about hidden messages');
+console.log('');

package/demo_sd_jwt.mjs

@@ -0,0 +1,148 @@
+/**
+ * SD-JWT Demo — Selective Disclosure using JSON Web Tokens
+ *
+ * This demo walks through the full SD-JWT lifecycle:
+ *   1. Issuer creates a credential with selectively-disclosable claims
+ *   2. Holder creates a presentation revealing only chosen claims
+ *   3. Verifier checks the presentation
+ *
+ * SD-JWT (RFC 9901) is a simpler alternative to BBS+ for selective disclosure.
+ * It works with standard JWTs (ES256, EdDSA, etc.) — no pairing-based crypto needed.
+ *
+ * Compare with BbsBlsSignature2020:
+ *   OLD: Requires JSON-LD framing, BLS key pairs, reveal documents, linked data suites
+ *   NEW: Plain JSON claims, standard JWK keys, just list which fields are disclosable
+ */
+
+import {
+    JoseNamedCurve,
+    generateJwk,
+    sdJwtIssue,
+    sdJwtPresent,
+    sdJwtVerify,
+} from './index.js';
+
+function separator(title) {
+    console.log('\n' + '='.repeat(70));
+    console.log(`  ${title}`);
+    console.log('='.repeat(70) + '\n');
+}
+
+// ── Key Setup ────────────────────────────────────────────────────────
+
+separator('Step 0: Generate Keys');
+
+const issuerJwk = generateJwk(JoseNamedCurve.P256);
+const { d: _issD, ...issuerPublicJwk } = issuerJwk;
+console.log('Issuer key (ES256/P-256):');
+console.log('  Public:', JSON.stringify(issuerPublicJwk));
+
+const holderJwk = generateJwk(JoseNamedCurve.P256);
+const { d: _holD, ...holderPublicJwk } = holderJwk;
+console.log('Holder key (ES256/P-256):');
+console.log('  Public:', JSON.stringify(holderPublicJwk));
+
+// ── 1. Issue ─────────────────────────────────────────────────────────
+
+separator('Step 1: Issuer creates SD-JWT credential');
+
+const claims = {
+    iss: 'https://issuer.example.com',
+    sub: 'did:example:user123',
+    given_name: 'Alice',
+    family_name: 'Smith',
+    email: 'alice@example.com',
+    birthdate: '1990-01-15',
+    nationalities: ['US', 'DE'],
+};
+
+// Mark which claims the holder can choose to reveal or hide.
+// Non-listed claims (iss, sub) are always visible.
+const disclosable = [
+    'given_name',
+    'family_name',
+    'email',
+    'birthdate',
+    'nationalities[0]',   // Individual array elements can be disclosable too
+    'nationalities[1]',
+];
+
+console.log('Claims:', JSON.stringify(claims, null, 2));
+console.log('Disclosable fields:', disclosable);
+
+const issued = sdJwtIssue(
+    claims,
+    disclosable,
+    issuerJwk,          // Issuer's private key (signs the JWT)
+    'ES256',            // Standard JWT algorithm
+    holderPublicJwk,    // Optional: bind to holder's key (Key Binding)
+    2,                  // Optional: add 2 decoy digests (privacy)
+);
+
+console.log('\nSD-JWT token (truncated):');
+console.log('  ' + issued.sdJwt.substring(0, 80) + '...');
+console.log(`\n${issued.disclosures.length} disclosures created:`);
+for (const d of issued.disclosures) {
+    const label = d.claimName || '(array element)';
+    console.log(`  - ${label}: ${JSON.stringify(d.claimValue)}`);
+}
+
+// ── 2. Present (selective disclosure) ────────────────────────────────
+
+separator('Step 2: Holder creates presentation (selective disclosure)');
+
+// The holder chooses which disclosures to reveal.
+// Here: reveal name but hide email, birthdate, and one nationality.
+const nameDisclosures = issued.disclosures.filter(
+    d => d.claimName === 'given_name' || d.claimName === 'family_name'
+);
+const usDisclosure = issued.disclosures.find(
+    d => !d.claimName && d.claimValue === 'US'
+);
+const toReveal = [...nameDisclosures, usDisclosure].filter(Boolean).map(d => d.encoded);
+
+console.log('Revealing:', nameDisclosures.map(d => d.claimName).join(', '), '+ US nationality');
+console.log('Hiding: email, birthdate, DE nationality');
+
+const presentation = sdJwtPresent(
+    issued.sdJwt,
+    toReveal,
+    holderJwk,                          // Holder's private key (for Key Binding JWT)
+    'ES256',
+    'https://verifier.example.com',     // Audience
+    'nonce-abc-123',                    // Nonce from verifier
+);
+
+console.log('\nPresentation token (truncated):');
+console.log('  ' + presentation.presentation.substring(0, 80) + '...');
+
+// ── 3. Verify ────────────────────────────────────────────────────────
+
+separator('Step 3: Verifier checks the presentation');
+
+const result = sdJwtVerify(
+    presentation.presentation,
+    issuerPublicJwk,                    // Issuer's public key
+    holderPublicJwk,                    // Holder's public key (verify Key Binding)
+    'https://verifier.example.com',     // Expected audience
+    'nonce-abc-123',                    // Expected nonce
+);
+
+console.log('Verified:', result.verified);
+console.log('Disclosed claims:', JSON.stringify(result.claims, null, 2));
+console.log('');
+
+// Show what the verifier can and cannot see
+console.log('What the verifier sees:');
+console.log('  iss:', result.claims.iss, '(always visible)');
+console.log('  sub:', result.claims.sub, '(always visible)');
+console.log('  given_name:', result.claims.given_name ?? '(hidden)');
+console.log('  family_name:', result.claims.family_name ?? '(hidden)');
+console.log('  email:', result.claims.email ?? '(hidden)');
+console.log('  birthdate:', result.claims.birthdate ?? '(hidden)');
+console.log('  nationalities:', JSON.stringify(result.claims.nationalities));
+
+separator('Demo Complete');
+console.log('SD-JWT provides selective disclosure with standard JWT infrastructure.');
+console.log('No JSON-LD, no BLS keys, no linked data suites required.');
+console.log('');

package/index.d.ts

@@ -9,6 +9,8 @@ export interface Bbs2023VerifyOutput {
 }
 export declare function bbs2023Sign(options: any): any
 export declare function bbs2023Derive(options: any): any
+export declare function bbs2023HolderCommit(options: any): any
+export declare function bbs2023BlindSign(options: any): any
 export declare function bbs2023Verify(document: any, publicKey?: string | undefined | null): Bbs2023VerifyOutput
 export interface BbsIetfKeyPair {
   /** Hex-encoded secret key (32 bytes) */
@@ -356,7 +358,7 @@ export declare function unblindSignature(blindSignature: Uint8Array, blindingFac
 export declare function deriveProofHolderBound(proofDocument: any, revealDocument: any, options: any): Promise<any>
 export interface SdJwtDisclosure {
   salt: string
-  claimName: string
+  claimName?: string
   claimValue: any
   encoded: string
   digest: string

package/index.js

@@ -310,10 +310,12 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { bbs2023Sign, bbs2023Derive, bbs2023Verify, bbsIetfKeygen, bbsIetfSign, bbsIetfVerify, bbsIetfProofGen, bbsIetfProofVerify, BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JoseNamedCurve, JoseContentEncryption, JoseKeyEncryption, JoseSigningAlgorithm, generateJwk, generateKeyPair, joseEncrypt, joseDecrypt, generalEncryptJson, decryptJson, compactSignJson, compactJsonVerify, flattenedSignJson, jsonVerify, generalSignJson, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound, sdJwtIssue, sdJwtPresent, sdJwtVerify } = nativeBinding
+const { bbs2023Sign, bbs2023Derive, bbs2023HolderCommit, bbs2023BlindSign, bbs2023Verify, bbsIetfKeygen, bbsIetfSign, bbsIetfVerify, bbsIetfProofGen, bbsIetfProofVerify, BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JoseNamedCurve, JoseContentEncryption, JoseKeyEncryption, JoseSigningAlgorithm, generateJwk, generateKeyPair, joseEncrypt, joseDecrypt, generalEncryptJson, decryptJson, compactSignJson, compactJsonVerify, flattenedSignJson, jsonVerify, generalSignJson, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound, sdJwtIssue, sdJwtPresent, sdJwtVerify } = nativeBinding
 
 module.exports.bbs2023Sign = bbs2023Sign
 module.exports.bbs2023Derive = bbs2023Derive
+module.exports.bbs2023HolderCommit = bbs2023HolderCommit
+module.exports.bbs2023BlindSign = bbs2023BlindSign
 module.exports.bbs2023Verify = bbs2023Verify
 module.exports.bbsIetfKeygen = bbsIetfKeygen
 module.exports.bbsIetfSign = bbsIetfSign

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.24",
+  "version": "0.0.25",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -32,17 +32,17 @@
     "build": "napi build --platform --release",
     "build:debug": "napi build --platform",
     "prepublishOnly": "napi prepublish -t npm",
-    "test": "node test.mjs && node test_jose.mjs && node test_sd_jwt.mjs && node test_jsonld_crossverify.mjs && node test_backward_compat.mjs",
+    "test": "node test.mjs && node test_jose.mjs && node test_sd_jwt.mjs && node test_bbs_ietf.mjs && node test_bbs_2023.mjs && node test_jsonld_crossverify.mjs && node test_backward_compat.mjs",
     "universal": "napi universal",
     "version": "napi version"
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.24",
-    "@nuggetslife/vc-linux-arm64-gnu": "0.0.24",
-    "@nuggetslife/vc-linux-arm64-musl": "0.0.24",
-    "@nuggetslife/vc-linux-x64-gnu": "0.0.24",
-    "@nuggetslife/vc-linux-x64-musl": "0.0.24"
+    "@nuggetslife/vc-darwin-arm64": "0.0.25",
+    "@nuggetslife/vc-linux-arm64-gnu": "0.0.25",
+    "@nuggetslife/vc-linux-arm64-musl": "0.0.25",
+    "@nuggetslife/vc-linux-x64-gnu": "0.0.25",
+    "@nuggetslife/vc-linux-x64-musl": "0.0.25"
   },
   "dependencies": {}
 }

package/src/bbs_2023.rs

@@ -48,6 +48,45 @@ pub fn bbs2023_derive(options: Value) -> napi::Result<Value> {
     Ok(result)
 }
 
+// ---------------------------------------------------------------------------
+// bbs2023HolderCommit — holder creates Pedersen commitment for blind signing
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbs2023HolderCommit")]
+pub fn bbs2023_holder_commit(options: Value) -> napi::Result<Value> {
+    let commit_opts: vc::bbs_2023::HolderCommitOptions = serde_json::from_value(options)
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023HolderCommit parse options: {e}")))?;
+
+    let rt = tokio::runtime::Runtime::new()
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023HolderCommit runtime: {e}")))?;
+
+    let result = rt
+        .block_on(vc::bbs_2023::create_holder_commitment(commit_opts))
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023HolderCommit failed: {e}")))?;
+
+    serde_json::to_value(&result)
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023HolderCommit serialize: {e}")))
+}
+
+// ---------------------------------------------------------------------------
+// bbs2023BlindSign — issuer creates blind base proof with holder's commitment
+// ---------------------------------------------------------------------------
+
+#[napi(js_name = "bbs2023BlindSign")]
+pub fn bbs2023_blind_sign(options: Value) -> napi::Result<Value> {
+    let blind_opts: vc::bbs_2023::BlindSignOptions = serde_json::from_value(options)
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023BlindSign parse options: {e}")))?;
+
+    let rt = tokio::runtime::Runtime::new()
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023BlindSign runtime: {e}")))?;
+
+    let result = rt
+        .block_on(vc::bbs_2023::create_blind_base_proof(blind_opts))
+        .map_err(|e| napi::Error::from_reason(format!("bbs2023BlindSign failed: {e}")))?;
+
+    Ok(result)
+}
+
 // ---------------------------------------------------------------------------
 // bbs2023Verify — verify a base or derived proof
 // ---------------------------------------------------------------------------

package/src/sd_jwt.rs

@@ -11,7 +11,7 @@ use vc::sd_jwt::verifier::sd_jwt_verify;
 #[napi(object)]
 pub struct SdJwtDisclosure {
     pub salt: String,
-    pub claim_name: String,
+    pub claim_name: Option<String>,
     pub claim_value: Value,
     pub encoded: String,
     pub digest: String,

package/test_bbs_2023.mjs

@@ -1,12 +1,19 @@
 import test from 'node:test';
 import assert from 'node:assert';
+import { readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { dirname, join } from 'node:path';
 import {
     bbsIetfKeygen,
     bbs2023Sign,
     bbs2023Derive,
     bbs2023Verify,
+    bbs2023HolderCommit,
+    bbs2023BlindSign,
 } from './index.js';
 
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
 // =====================================================================
 // Helpers
 // =====================================================================
@@ -193,3 +200,228 @@ test('bbs-2023: sign with no mandatory pointers', () => {
     const result = bbs2023Verify(signed, kp.publicKey);
     assert.ok(result.verified, 'base proof with no mandatory pointers verified');
 });
+
+// =====================================================================
+// PRC (PermanentResidentCard) — Real JSON-LD VC Tests
+// =====================================================================
+
+function loadPRC() {
+    const raw = readFileSync(join(__dirname, 'test-data', 'inputDocument.json'), 'utf8');
+    return JSON.parse(raw);
+}
+
+test('bbs-2023: PRC sign + verify base proof', () => {
+    const kp = makeKeyPair();
+    const doc = loadPRC();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+        verificationMethod: 'did:example:489398593#bbs-key-1',
+        proofPurpose: 'assertionMethod',
+    });
+
+    assert.ok(signed.proof, 'PRC signed document has proof');
+    assert.equal(signed.proof.cryptosuite, 'bbs-2023');
+
+    const result = bbs2023Verify(signed, kp.publicKey);
+    assert.ok(result.verified, 'PRC base proof verified');
+    assert.equal(result.error, null);
+});
+
+test('bbs-2023: PRC sign → derive → verify', () => {
+    const kp = makeKeyPair();
+    const doc = loadPRC();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+    });
+
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/givenName', '/credentialSubject/familyName'],
+    });
+
+    assert.ok(derived.proof, 'PRC derived document has proof');
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'PRC derived proof verified');
+    assert.equal(result.error, null);
+});
+
+test('bbs-2023: PRC derive hiding most fields', () => {
+    const kp = makeKeyPair();
+    const doc = loadPRC();
+
+    const signed = bbs2023Sign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate', '/credentialSubject/type'],
+    });
+
+    // Only reveal lprNumber beyond mandatory
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/lprNumber'],
+    });
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'PRC minimal-reveal derived proof verified');
+    assert.equal(result.error, null);
+});
+
+// =====================================================================
+// Blind BBS Signing Tests
+// =====================================================================
+
+test('bbs-2023: blind sign → derive → verify roundtrip', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    // 1. Holder creates commitment for their secret fields
+    const commitment = bbs2023HolderCommit({
+        document: doc,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+        committedPointers: ['/credentialSubject/email'],
+    });
+
+    assert.ok(commitment.commitment, 'commitment is present');
+    assert.ok(commitment.blindFactor, 'blindFactor is present');
+    assert.ok(commitment.hmacKey, 'hmacKey is present');
+    assert.ok(Array.isArray(commitment.committedIndices), 'committedIndices is array');
+
+    // 2. Issuer blind-signs with the holder's commitment
+    const signed = bbs2023BlindSign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        commitment: commitment.commitment,
+        hmacKey: commitment.hmacKey,
+        committedIndices: commitment.committedIndices,
+        mandatoryPointers: ['/issuer', '/issuanceDate'],
+        verificationMethod: 'did:example:issuer#bbs-key-1',
+    });
+
+    assert.ok(signed.proof, 'blind signed document has proof');
+    assert.equal(signed.proof.cryptosuite, 'bbs-2023');
+
+    // 3. Holder derives selective disclosure (must provide blindFactor for blind-signed proofs)
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/name'],
+        blindFactor: commitment.blindFactor,
+    });
+
+    assert.ok(derived.proof, 'derived document has proof');
+
+    // 4. Verifier verifies
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'blind-signed derived proof verified');
+    assert.equal(result.error, null);
+});
+
+test('bbs-2023: blind sign with signer_blind', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const commitment = bbs2023HolderCommit({
+        document: doc,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer'],
+        committedPointers: ['/credentialSubject/age'],
+    });
+
+    // Use a signer_blind (32 bytes as hex)
+    const signerBlind = '0000000000000000000000000000000000000000000000000000000000000001';
+
+    const signed = bbs2023BlindSign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        commitment: commitment.commitment,
+        hmacKey: commitment.hmacKey,
+        committedIndices: commitment.committedIndices,
+        mandatoryPointers: ['/issuer'],
+        signerBlind,
+    });
+
+    assert.ok(signed.proof, 'blind signed with signerBlind has proof');
+
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/name'],
+        blindFactor: commitment.blindFactor,
+        signerBlind,
+    });
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'blind-signed with signerBlind derived proof verified');
+});
+
+test('bbs-2023: blind sign — wrong key fails verification', () => {
+    const kp = makeKeyPair();
+    const wrongKp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const commitment = bbs2023HolderCommit({
+        document: doc,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer'],
+        committedPointers: ['/credentialSubject/email'],
+    });
+
+    const signed = bbs2023BlindSign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        commitment: commitment.commitment,
+        hmacKey: commitment.hmacKey,
+        committedIndices: commitment.committedIndices,
+        mandatoryPointers: ['/issuer'],
+    });
+
+    const result = bbs2023Verify(signed, wrongKp.publicKey);
+    assert.equal(result.verified, false, 'should not verify with wrong key');
+});
+
+test('bbs-2023: blind sign with multiple committed fields', () => {
+    const kp = makeKeyPair();
+    const doc = sampleCredential();
+
+    const commitment = bbs2023HolderCommit({
+        document: doc,
+        publicKey: kp.publicKey,
+        mandatoryPointers: ['/issuer'],
+        committedPointers: ['/credentialSubject/email', '/credentialSubject/age'],
+    });
+
+    assert.ok(commitment.committedIndices.length >= 1, 'at least 1 committed index');
+
+    const signed = bbs2023BlindSign({
+        document: doc,
+        secretKey: kp.secretKey,
+        publicKey: kp.publicKey,
+        commitment: commitment.commitment,
+        hmacKey: commitment.hmacKey,
+        committedIndices: commitment.committedIndices,
+        mandatoryPointers: ['/issuer'],
+    });
+
+    assert.ok(signed.proof, 'signed document with multiple committed fields');
+
+    const derived = bbs2023Derive({
+        document: signed,
+        selectivePointers: ['/credentialSubject/name', '/credentialSubject/alumniOf'],
+        blindFactor: commitment.blindFactor,
+    });
+
+    const result = bbs2023Verify(derived, kp.publicKey);
+    assert.ok(result.verified, 'multi-committed blind-signed proof verified');
+});

package/test_sd_jwt.mjs

@@ -195,3 +195,94 @@ test('SD-JWT with decoy digests', () => {
     assert.ok(verified.verified);
     assert.equal(verified.claims.name, 'Alice');
 });
+
+// =====================================================================
+// Array Element Disclosure
+// =====================================================================
+
+test('SD-JWT array element disclosure roundtrip', () => {
+    const issuer = makeKeyPair();
+
+    const claims = {
+        sub: 'user123',
+        nationalities: ['US', 'DE', 'FR'],
+    };
+    const result = sdJwtIssue(
+        claims,
+        ['nationalities[0]', 'nationalities[1]', 'nationalities[2]'],
+        issuer.privateJwk,
+        'ES256',
+    );
+
+    assert.equal(result.disclosures.length, 3, 'three array disclosures');
+    // Array element disclosures have null claimName
+    for (const d of result.disclosures) {
+        assert.equal(d.claimName, null, 'array disclosure has null claimName');
+    }
+
+    // Present all disclosures
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.deepStrictEqual(verified.claims.nationalities, ['US', 'DE', 'FR']);
+});
+
+test('SD-JWT array element selective reveal', () => {
+    const issuer = makeKeyPair();
+
+    const claims = {
+        sub: 'user123',
+        nationalities: ['US', 'DE', 'FR'],
+    };
+    const result = sdJwtIssue(
+        claims,
+        ['nationalities[0]', 'nationalities[1]', 'nationalities[2]'],
+        issuer.privateJwk,
+        'ES256',
+    );
+
+    // Only reveal "US"
+    const usDisclosure = result.disclosures.find(d =>
+        JSON.stringify(d.claimValue) === '"US"'
+    );
+    const presentation = sdJwtPresent(result.sdJwt, [usDisclosure.encoded]);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.deepStrictEqual(
+        verified.claims.nationalities,
+        ['US'],
+        'only disclosed element present',
+    );
+});
+
+test('SD-JWT mixed object and array disclosure', () => {
+    const issuer = makeKeyPair();
+
+    const claims = {
+        sub: 'user123',
+        name: 'Alice',
+        nationalities: ['US', 'DE'],
+        age: 30,
+    };
+    const result = sdJwtIssue(
+        claims,
+        ['name', 'nationalities[0]', 'nationalities[1]'],
+        issuer.privateJwk,
+        'ES256',
+    );
+
+    assert.equal(result.disclosures.length, 3, 'three disclosures total');
+
+    // Present all
+    const allEncoded = result.disclosures.map(d => d.encoded);
+    const presentation = sdJwtPresent(result.sdJwt, allEncoded);
+    const verified = sdJwtVerify(presentation.presentation, issuer.publicJwk);
+
+    assert.ok(verified.verified);
+    assert.equal(verified.claims.name, 'Alice');
+    assert.equal(verified.claims.age, 30, 'non-disclosable always present');
+    assert.deepStrictEqual(verified.claims.nationalities, ['US', 'DE']);
+});