BBS Update: align impl to Signature test vector.

jovfer · jovfer · commit b117134fd9a7 · 2022-10-26T19:57:49.000+05:00
Signed-off-by: Sergey Minaev &lt;sergey.minaev@avast.com&gt;
diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs.go b/pkg/crypto/primitive/bbs12381g2pub/bbs.go
@@ -190,12 +190,14 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
 		return nil, fmt.Errorf("build generators from public key: %w", err)
 	}
 
+	messagesFr := ParseSignatureMessages(messages)
+
 	esBuilder := newEcnodeForHashBuilder()
 	esBuilder.addScalar(privKey.FR)
 	esBuilder.addScalar(pubKeyWithGenerators.domain)
 
-	for _, msg := range messages {
-		esBuilder.addBytes(msg)
+	for _, msgFr := range messagesFr {
+		esBuilder.addScalar(msgFr.FR)
 	}
 
 	es := Hash2scalars(esBuilder.build(), 2)
@@ -204,7 +206,6 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
 	exp.Add(exp, e)
 	exp.Inverse(exp)
 
-	messagesFr := ParseSignatureMessages(messages)
 	b := computeB(s, messagesFr, pubKeyWithGenerators)
 
 	sig := g1.New()
@@ -222,12 +223,9 @@ func (bbs *BBSG2Pub) SignWithKey(header []byte, messages [][]byte, privKey *Priv
 func computeB(s *bls12381.Fr, messages []*SignatureMessage, key *PublicKeyWithGenerators) *bls12381.PointG1 {
 	const basesOffset = 2
 
-	bindingBasis := g1.One()
-	bindingExp := bls12381.NewFr().One()
-
 	cb := newCommitmentBuilder(len(messages) + basesOffset)
 
-	cb.add(bindingBasis, bindingExp)
+	cb.add(key.p1, bls12381.NewFr().One())
 	cb.add(key.q1, s)
 	cb.add(key.q2, key.domain)
 
diff --git a/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go b/pkg/crypto/primitive/bbs12381g2pub/bbs_test.go
@@ -17,25 +17,25 @@ import (
 )
 
 func TestBlsG2Pub_Verify(t *testing.T) {
-	privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+	privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
 	privateKey, err := bbs12381g2pub.UnmarshalPrivateKey(privateKeyBytes)
 	require.NoError(t, err)
 
 	pkBytes, err := privateKey.PublicKey().Marshal()
 	require.NoError(t, err)
 
-	sigBytes := hexStringToBytesTest(t,
-		"84d9677e651d7e039ff1bd3c6c37a6d465b23ebcc1291cf0082cd94c3971ff2ec64d8ddfd0c2f68d37429f6c751003a7"+
-			"5435cae4b55250e5a3e357b7bd52589ff830820cd5e07a6125d846245efacccb"+
-			"5814139b8bef5b329b3a269f576565d33bf6254916468f9e997a685ac68508a6")
-
+	sigBytes := hexToBytes(t,
+		"9157456791e4f9cae1130372f7cf37709ba661e43df5c23cc1c76be91abff7e2603e2ddaaa71fc42bd6f9d44bd58315b"+
+			"09ee5cc4e7614edde358f2c497b6b05c8b118fae3f71a52af482dceffccb3785"+
+			"1907573c03d2890dffbd1f660cdf89c425d4e0498bbf73dd96ff15ad9a8b581a")
+	header := hexToBytes(t, "11223344556677889900aabbccddeeff")
 	messagesBytes := default10messages(t)
 
 	bls := bbs12381g2pub.New()
 
 	t.Run("valid signature", func(t *testing.T) {
-		err = bls.Verify(nil, messagesBytes, sigBytes, pkBytes)
+		err = bls.Verify(header, messagesBytes, sigBytes, pkBytes)
 		require.NoError(t, err)
 	})
 
@@ -135,15 +135,15 @@ func TestBBSG2Pub_Sign(t *testing.T) {
 }
 
 func TestBBSG2Pub_SignWithPredefinedKeys(t *testing.T) {
-	privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
-	header := hexStringToBytesTest(t, "11223344556677889900aabbccddeeff")
+	privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+	header := hexToBytes(t, "11223344556677889900aabbccddeeff")
 	messagesBytes := default10messages(t)
 
 	bls := bbs12381g2pub.New()
 	signature, err := bls.Sign(header, messagesBytes, privateKeyBytes)
 	require.NoError(t, err)
 
-	expectedSignatureBytes := hexStringToBytesTest(t,
+	expectedSignatureBytes := hexToBytes(t,
 		"9157456791e4f9cae1130372f7cf37709ba661e43df5c23cc1c76be91abff7e2603e2ddaaa71fc42bd6f9d44bd58315b"+
 			"09ee5cc4e7614edde358f2c497b6b05c8b118fae3f71a52af482dceffccb3785"+
 			"1907573c03d2890dffbd1f660cdf89c425d4e0498bbf73dd96ff15ad9a8b581a")
@@ -152,18 +152,18 @@ func TestBBSG2Pub_SignWithPredefinedKeys(t *testing.T) {
 }
 
 func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
-	privateKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+	privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
 	privateKey, err := bbs12381g2pub.UnmarshalPrivateKey(privateKeyBytes)
 	require.NoError(t, err)
 
 	pkBytes, err := privateKey.PublicKey().Marshal()
 	require.NoError(t, err)
 
-	proofBytes := hexStringToBytesTest(t, "000a0005ab1a7238bc9ba5065c9d1f395720f97b8d68208e89edb1fa8f1cde16c07b7771a46359ef198317ca71cfae5937200485b3e62de95b4d05a95c8d882197c56e582f74b5e6e1e4ae866a93fa13ae32690b8ea1bbbd7f1138f18a750ede1915a6d2898eec5b19028f2765585f36be4f152bd4ac2ad280743bed14ec78e0cdbf80f0547b37b1de62d71144f03e1fdec89b05000000748adcb65ca0ed38b9c6d1649bef5cd942175affdb9c7ad5212b371f0472d39228dc6c220cc80846fb2f44911b7aed2f32000000020910a8400998e7903a401b439d9a84723e46c9f0c03a9949ac9ee2d545caf72a50cd0f2f340a04a22ffbc8c4c6aa15af1ae972c18bbe6b463707836fb08d624089a4b92531729d0ce3f44ca36b47331a4c9a51af11d5b0f9bf4b55d8d09db24c8df59c6ad111ae0f9af56e16681a53df0000000a5916c0c291dc659d25699f2b182e2fbafe091bdf7a0667a4e4f047e80fa3d64214ee7f20d63f31472ec2eeac73ca01e51c2e420f3a26cda4e0cbe82e64f92a62075131c9dfde53d16e8c3e1d0b56bd6ac203f07af450cb94b019c6bb667df2465f9317c9ac178e58f638eb52751638fd54a211ab0ab3aeee8d87a69392de458f6ddb6b9f007589f6bdb5376eeffc4f64f7c7c0c426197be97f4f83a1a6f06ff74473dde98edbb444976ef4083237a859807d1a4c1e94fe68b69609fa00431e4b4622a39bd74791ce4b1f7545291b5ded098a757f680cbe1612312c8f841a8d0b077e5cf3eb5cf85f0ed9a3a061c3aa447c9a6bc87808d3ee1f293d157d1f41f14edd5cd0b1fcb5112d7e09386a276f396d4f31f1660bb65f0206eb92d669d2800f1e0f418be23895ad0cac055f973b50c38d57df54563e5493dd7910308ed9a6") //nolint:lll
+	proofBytes := hexToBytes(t, "000a0005b309e66b61ed40151fe80418c2a603ac98ba5a41348daa5ff8452f8d1c3540e627d1d455cc21e416508566f2ad425ecb8e1502e60fb0b4229ea355768725f249ddd96d16aac62317932d7249cd672780518d361956cadde8113304136cba7de696a928df91d8cd4b839c4539fadfb69eaa7fb06f9383df5e71a63313f595a998052e2c5f0f8041b5fdeaa96587d8365f000000748b822f236fbe22a18573db03f7b7867925e25d765f5b3689a480ae429f7bc93b5e7705b19f03ab752d5d8f40f2179f4e0000000206b4f1e7ac8f6342a3f21fbc8f73689d9020b43749c5b59c08019c009506b3fa7293bf6163a59f207b5bddd63520c24186d294169118757f90adbd00c277f911881f03648d511521053c722b69cb4e9901b0c9e5ec1a2b8dc7effcb2cc9551d2c62e908a7906a19e252b9dc9deb435e30000000a1da464bde0b8b36051d9dafe48478fb07c66d809cb01f5ff1af65ddea5926ae25f7eeb0fc7abe707313cd88a82f338ff9bfa6e66438cb07cae7bbc2539a234fa5abde85f4157c27a5e4bb3f91f71e5ba3218ff6a442bb346a6b25cb4f22f7b346b9a713272d5b47740b12f23e8bf2c28ed396b95c94352cfdc6e217fd92d19671ab662782134a08463c3ad2fd45942f980ada1a0e507283d4c5a650c82a818f86f3260817ff2866634485ee4ca5b5ee530e40c7bfbb18165bcd558a8f8e5f8ef257c733a3f0c1eb7a5d5a7be14a6ef5dc897c77ad5e05e830a0e180608aa88fe0d4963a99d88008fe7d9ff77005ba59a3b667d9d17a95510095d631a1e61be812540857d411593c464a0d403713daa9e377d58867dfbb315d09b8eecd2aa58f72de98c306484f88a325ba57b33fd1636c713c340147c55e6c932b394afea1567") //nolint:lll
 
 	// TODO   "header": "11223344556677889900aabbccddeeff"
-	nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
+	nonce := hexToBytes(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
 
 	messagesBytes := default10messages(t)
 	revealedMessagesBytes := [][]byte{messagesBytes[0], messagesBytes[2]}
@@ -195,7 +195,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
 		proofBytesCopy := make([]byte, len(proofBytes))
 
 		copy(proofBytesCopy, proofBytes)
-		proofBytesCopy[23] = 255 - proofBytesCopy[23]
+		proofBytesCopy[21] = 255 - proofBytesCopy[21]
 
 		err = bls.VerifyProof(nil, revealedMessagesBytes, proofBytesCopy, nonce, pkBytes)
 		require.Error(t, err)
@@ -210,7 +210,7 @@ func TestBBSG2Pub_VerifyProof_SeveralDisclosedMessages(t *testing.T) {
 }
 
 func TestBBSG2Pub_DeriveProof(t *testing.T) {
-	privKeyBytes := hexStringToBytesTest(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+	privKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
 
 	privKey, err := bbs12381g2pub.UnmarshalPrivateKey(privKeyBytes)
 	require.NoError(t, err)
@@ -228,7 +228,7 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) {
 
 	require.NoError(t, bls.Verify(nil, messagesBytes, signatureBytes, pubKeyBytes))
 
-	nonce := hexStringToBytesTest(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
+	nonce := hexToBytes(t, "bed231d880675ed101ead304512e043ade9958dd0241ea70b4b3957fba941501")
 	revealedIndexes := []int{0, 2}
 	proofBytes, err := bls.DeriveProof(nil, messagesBytes, signatureBytes, nonce, pubKeyBytes, revealedIndexes)
 	require.NoError(t, err)
@@ -251,22 +251,22 @@ func TestBBSG2Pub_DeriveProof(t *testing.T) {
 
 func default10messages(t *testing.T) [][]byte {
 	messagesBytes := [][]byte{
-		hexStringToBytesTest(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02"),
-		hexStringToBytesTest(t, "87a8bd656d49ee07b8110e1d8fd4f1dcef6fb9bc368c492d9bc8c4f98a739ac6"),
-		hexStringToBytesTest(t, "96012096adda3f13dd4adbe4eea481a4c4b5717932b73b00e31807d3c5894b90"),
-		hexStringToBytesTest(t, "ac55fb33a75909edac8994829b250779298aa75d69324a365733f16c333fa943"),
-		hexStringToBytesTest(t, "d183ddc6e2665aa4e2f088af9297b78c0d22b4290273db637ed33ff5cf703151"),
-		hexStringToBytesTest(t, "515ae153e22aae04ad16f759e07237b43022cb1ced4c176e0999c6a8ba5817cc"),
-		hexStringToBytesTest(t, "496694774c5604ab1b2544eababcf0f53278ff5040c1e77c811656e8220417a2"),
-		hexStringToBytesTest(t, "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c23364568523f8b91"),
-		hexStringToBytesTest(t, "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b7320912416"),
-		hexStringToBytesTest(t, "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80"),
+		hexToBytes(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02"),
+		hexToBytes(t, "87a8bd656d49ee07b8110e1d8fd4f1dcef6fb9bc368c492d9bc8c4f98a739ac6"),
+		hexToBytes(t, "96012096adda3f13dd4adbe4eea481a4c4b5717932b73b00e31807d3c5894b90"),
+		hexToBytes(t, "ac55fb33a75909edac8994829b250779298aa75d69324a365733f16c333fa943"),
+		hexToBytes(t, "d183ddc6e2665aa4e2f088af9297b78c0d22b4290273db637ed33ff5cf703151"),
+		hexToBytes(t, "515ae153e22aae04ad16f759e07237b43022cb1ced4c176e0999c6a8ba5817cc"),
+		hexToBytes(t, "496694774c5604ab1b2544eababcf0f53278ff5040c1e77c811656e8220417a2"),
+		hexToBytes(t, "77fe97eb97a1ebe2e81e4e3597a3ee740a66e9ef2412472c23364568523f8b91"),
+		hexToBytes(t, "7372e9daa5ed31e6cd5c825eac1b855e84476a1d94932aa348e07b7320912416"),
+		hexToBytes(t, "c344136d9ab02da4dd5908bbba913ae6f58c2cc844b802a6f811f5fb075f9b80"),
 	}
 
 	return messagesBytes
 }
 
-func hexStringToBytesTest(t *testing.T, msg string) []byte {
+func hexToBytes(t *testing.T, msg string) []byte {
 	bytes, err := hex.DecodeString(msg)
 	require.NoError(t, err)
 
diff --git a/pkg/crypto/primitive/bbs12381g2pub/fr.go b/pkg/crypto/primitive/bbs12381g2pub/fr.go
@@ -17,10 +17,9 @@ import (
 )
 
 const (
-	logP2     = 384
 	k         = 128
 	h2sDST    = csID + "H2S_"
-	expandLen = (logP2 + k) / 8
+	expandLen = (logR2 + k + 7) / 8 //nolint:gomnd
 )
 
 func parseFr(data []byte) *bls12381.Fr {
@@ -74,20 +73,25 @@ func Hash2scalar(message []byte) *bls12381.Fr {
 
 // Hash2scalars convert messages represented in bytes to Fr.
 func Hash2scalars(msg []byte, cnt int) []*bls12381.Fr {
+	return hash2scalars(msg, []byte(h2sDST), cnt)
+}
+
+func hash2scalars(msg, dst []byte, cnt int) []*bls12381.Fr {
 	bufLen := cnt * expandLen
 	msgLen := len(msg)
 	roundSz := 1
 	msgLenSz := 4
 
 	msgExt := make([]byte, msgLen+roundSz+msgLenSz)
+	// msgExt is a concatenation of: msg || I2OSP(round, 1) || I2OSP(cnt, 4)
 	copy(msgExt, msg)
-	copy(msgExt[msgLen+1:], uint32ToBytes(uint32(msgLen)))
+	copy(msgExt[msgLen+1:], uint32ToBytes(uint32(cnt)))
 
 	out := make([]*bls12381.Fr, cnt)
 
 	for round, completed := byte(0), false; !completed; {
 		msgExt[msgLen] = round
-		buf, _ := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), msgExt, []byte(h2sDST), bufLen) //nolint:errcheck
+		buf, _ := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), msgExt, dst, bufLen) //nolint:errcheck
 
 		ok := true
 		for i := 0; i < cnt && ok; i++ {
diff --git a/pkg/crypto/primitive/bbs12381g2pub/fr_test.go b/pkg/crypto/primitive/bbs12381g2pub/fr_test.go
@@ -0,0 +1,38 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package bbs12381g2pub_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	bbs "github.com/hyperledger/aries-framework-go/pkg/crypto/primitive/bbs12381g2pub"
+)
+
+func TestHash2Scalars(t *testing.T) {
+	msg := hexToBytes(t, "9872ad089e452c7b6e283dfac2a80d58e8d0ff71cc4d5e310a1debdda4a45f02")
+
+	t.Run("single", func(t *testing.T) {
+		sc := bbs.Hash2scalar(msg).ToBytes()
+		require.Equal(t, hexToBytes(t, "260cab748e24ccc2bbd66f5b834d692622fa131f5ce898fa57217434c9ed14fa"), sc)
+	})
+
+	t.Run("multiple", func(t *testing.T) {
+		sc := bbs.Hash2scalars(msg, 10)
+		require.Equal(t, hexToBytes(t, "5c6e62607c16397ee6d9624673be9a7ddacbc7b7dd290bdb853cf4c74a34de0a"), sc[0].ToBytes())
+		require.Equal(t, hexToBytes(t, "2a3524e43413a5d1b34c4c8ed119c4c5a2f9b84392ff0fea0d34e1be44ceafbc"), sc[1].ToBytes())
+		require.Equal(t, hexToBytes(t, "4b649b82eed1e62117d91cd8d22438e72f3f931a0f8ad683d1ade253333c472a"), sc[2].ToBytes())
+		require.Equal(t, hexToBytes(t, "64338965f1d37d17a14b6f431128c0d41a7c3924a5f484c282d20205afdfdb8f"), sc[3].ToBytes())
+		require.Equal(t, hexToBytes(t, "0dfe01c01ff8654e43a611b76aaf4faec618a50d85d34f7cc89879b179bde3d5"), sc[4].ToBytes())
+		require.Equal(t, hexToBytes(t, "6b6935016e64791f5d719f8206284fbe27dbb8efffb4141512c3fbfbfa861a0f"), sc[5].ToBytes())
+		require.Equal(t, hexToBytes(t, "0dfe13f85a36df5ebfe0efac3759becfcc2a18b134fd22485c151db85f981342"), sc[6].ToBytes())
+		require.Equal(t, hexToBytes(t, "5071751012c142046e7c3508decb0b7ba9a453d06ce7787189f4d93a821d538e"), sc[7].ToBytes())
+		require.Equal(t, hexToBytes(t, "5cdae3304e745553a75134d914db5b282cc62d295e3ed176fb12f792919fd85e"), sc[8].ToBytes())
+		require.Equal(t, hexToBytes(t, "32b67dfbba729831798279071a39021b66fd68ee2e68684a0f6901cd6fcb8256"), sc[9].ToBytes())
+	})
+}
diff --git a/pkg/crypto/primitive/bbs12381g2pub/keys.go b/pkg/crypto/primitive/bbs12381g2pub/keys.go
@@ -21,12 +21,13 @@ import (
 )
 
 const (
-	seedSize      = frCompressedSize
-	seedDST       = csID + "SIG_GENERATOR_SEED_"
-	generatorDST  = csID + "SIG_GENERATOR_DST_"
-	generatorSeed = csID + "MESSAGE_GENERATOR_SEED"
-	logR2         = 251
-	seedLen       = ((logR2 + k) + 7) / 8 //nolint:gomnd
+	seedSize        = frCompressedSize
+	seedDST         = csID + "SIG_GENERATOR_SEED_"
+	generatorDST    = csID + "SIG_GENERATOR_DST_"
+	generatorSeed   = csID + "MESSAGE_GENERATOR_SEED"
+	generatorBPSeed = csID + "BP_MESSAGE_GENERATOR_SEED"
+	logR2           = 251
+	seedLen         = ((logR2 + k) + 7) / 8 //nolint:gomnd
 )
 
 // PublicKey defines BLS Public Key.
@@ -42,6 +43,7 @@ type PrivateKey struct {
 // PublicKeyWithGenerators extends PublicKey with a blinding generator h0, a commitment to the secret key w,
 // and a generator for each message h.
 type PublicKeyWithGenerators struct {
+	p1 *bls12381.PointG1
 	q1 *bls12381.PointG1
 	q2 *bls12381.PointG1
 	h  []*bls12381.PointG1
@@ -58,7 +60,12 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int, header []byte)
 	specGenCnt := 2
 	genCnt := messagesCount + specGenCnt
 
-	generators, err := CreateGenerators(genCnt)
+	generators, err := CreateMessageGenerators(genCnt)
+	if err != nil {
+		return nil, err
+	}
+
+	bpGenerators, err := crateGenerators(genCnt, []byte(generatorBPSeed))
 	if err != nil {
 		return nil, err
 	}
@@ -77,6 +84,7 @@ func (pk *PublicKey) ToPublicKeyWithGenerators(messagesCount int, header []byte)
 	domain := Hash2scalar(domainBuilder.build())
 
 	return &PublicKeyWithGenerators{
+		p1:            bpGenerators[0],
 		q1:            generators[0],
 		q2:            generators[1],
 		h:             generators[2:],
@@ -97,11 +105,15 @@ func hashToG1(data, dst []byte) (*bls12381.PointG1, error) {
 	return g1.FromBytes(g.ToBytes(p))
 }
 
-// CreateGenerators create `cnt` determenistic generators.
-func CreateGenerators(cnt int) ([]*bls12381.PointG1, error) {
+// CreateMessageGenerators create `cnt` determenistic generators.
+func CreateMessageGenerators(cnt int) ([]*bls12381.PointG1, error) {
+	return crateGenerators(cnt, []byte(generatorSeed))
+}
+
+func crateGenerators(cnt int, seed []byte) ([]*bls12381.PointG1, error) {
 	generators := make([]*bls12381.PointG1, cnt)
 
-	v, err := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), []byte(generatorSeed), []byte(seedDST), seedLen)
+	v, err := bls12381intern.ExpandMsgXOF(sha3.NewShake256(), seed, []byte(seedDST), seedLen)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/crypto/primitive/bbs12381g2pub/keys_test.go b/pkg/crypto/primitive/bbs12381g2pub/keys_test.go
@@ -67,21 +67,21 @@ func TestPrivateKey_PublicKey(t *testing.T) {
 
 	t.Run("pre-generated key pair", func(t *testing.T) {
 		// original hex seed 746869732d49532d6a7573742d616e2d546573742d494b4d2d746f2d67656e65726174652d246528724074232d6b6579
-		privateKeyB58 := "5qNVd4Wsp7LPC7vxrbuVMsAkAGif2dA82wm1Wte1zH4Z"
-		publicKeyB58 := "25pRBEBDHvG5ryqsEB5tw6eAa3Ds8bx6jMKhEtXnWjCLNg7ikYokwaNtpggZZY3MvWTxBPCidfxFBq2ZiVVTpioCh6GJLs4iESiEydJca9kmeMkEkqK6ePudqoqLHSv4NA7p" // nolint: lll
+		privateKeyBytes := hexToBytes(t, "47d2ede63ab4c329092b342ab526b1079dbc2595897d4f2ab2de4d841cbe7d56")
+		publicKeyBytesExpeted := hexToBytes(t, "b65b7cbff4e81b723456a13936b6bcc77a078bf6291765f3ae13170072249dd7daa7ec1bd82b818ab60198030b45b8fa159c155fc3841a9ad4045e37161c9f0d9a4f361b93cfdc67d365f3be1a398e56aa173d7a55e01b4a8dd2494e7fb90da7") // nolint: lll
 
-		privateKey, err := bbs.UnmarshalPrivateKey(base58.Decode(privateKeyB58))
+		privateKey, err := bbs.UnmarshalPrivateKey(privateKeyBytes)
 		require.NoError(t, err)
 
 		publicKeyBytes, err := privateKey.PublicKey().Marshal()
-		require.Equal(t, publicKeyB58, base58.Encode(publicKeyBytes))
+		require.Equal(t, publicKeyBytesExpeted, publicKeyBytes)
 		require.NoError(t, err)
 	})
 }
 
 func TestGenerators(t *testing.T) {
 	msgCnt := 2
-	generators, err := bbs.CreateGenerators(msgCnt + 2)
+	generators, err := bbs.CreateMessageGenerators(msgCnt + 2)
 	require.NoError(t, err)
 
 	bytes := bls12381.NewG1().ToCompressed(generators[0])
diff --git a/pkg/crypto/primitive/bbs12381g2pub/signature_message.go b/pkg/crypto/primitive/bbs12381g2pub/signature_message.go
@@ -10,6 +10,10 @@ import (
 	bls12381 "github.com/kilic/bls12-381"
 )
 
+const (
+	dstMapMsg = csID + "MAP_MSG_TO_SCALAR_AS_HASH_"
+)
+
 // SignatureMessage defines a message to be used for a signature check.
 type SignatureMessage struct {
 	FR *bls12381.Fr
@@ -20,7 +24,7 @@ func parseSignatureMessage(message []byte) *SignatureMessage {
 	encodedForHashMsg := newEcnodeForHashBuilder()
 	encodedForHashMsg.addBytes(message)
 
-	elm := Hash2scalar(encodedForHashMsg.build())
+	elm := hash2scalars(encodedForHashMsg.build(), []byte(dstMapMsg), 1)[0]
 
 	return &SignatureMessage{
 		FR: elm,
diff --git a/pkg/crypto/primitive/bbs12381g2pub/signature_message_test.go b/pkg/crypto/primitive/bbs12381g2pub/signature_message_test.go
diff --git a/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go b/pkg/crypto/primitive/bbs12381g2pub/signature_proof.go
