Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SRI - Update Circom Circuit to use Eddsa Signature verification #758

Closed
3 tasks
biscuitdey opened this issue Oct 5, 2023 · 5 comments · Fixed by #770
Closed
3 tasks

SRI - Update Circom Circuit to use Eddsa Signature verification #758

biscuitdey opened this issue Oct 5, 2023 · 5 comments · Fixed by #770
Assignees
@biscuitdey
Milestone
mil5

Comments

@biscuitdey
Copy link
Collaborator

Overview

Previously we accepted only Ecdsa signatures in the SRI because we used Metamask to login and Metamask used Ecdsa signatures. But Ecdsa signature verification inside circom zk circuits is very inefficient & the available alternatives are not widely used (causing issues with interoperability). Keeping these issues in mind, SRI team has decided to use Eddsa signatures.

Reference

PR #752

Tasks

  • Remove Ecdsa sig verifier
  • Add Eddsa sig verifier to circom circuit
  • Prepare circuit inputs to accept Eddsa signature
@biscuitdey biscuitdey added this to the mil5 milestone Oct 5, 2023
@biscuitdey biscuitdey self-assigned this Oct 5, 2023
@biscuitdey
Copy link
Collaborator Author

@Therecanbeonlyone1969 Is there any library you recommend for generating Eddsa signatures? I found the following libraries :

  1. @transmute/ed25519-signature-2018
  2. @digitalcredentials/ed25519-signature-2020
  3. @digitalbazaar/ed25519-signature-2020

@Therecanbeonlyone1969
Copy link
Collaborator

@biscuitdey here you go https://github.com/paulmillr/noble-curves

@Therecanbeonlyone1969
Copy link
Collaborator

@biscuitdey also circomlibjs supports EdDSA sigs such as with MimC e.g.

const buildEddsa = require("circomlibjs").buildEddsa;
import * as crypto from "crypto";

const SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
const genRandomBabyJubValue = () => {
  // Prevent modulo bias
  //const lim = BigInt('0x10000000000000000000000000000000000000000000000000000000000000000')
  //const min = (lim - SNARK_FIELD_SIZE) % SNARK_FIELD_SIZE
  const min = BigInt("6350874878119819312338956282401532410528162663560392320966563075034087161851");

  let rand;
  // eslint-disable-next-line no-constant-condition
  while (true) {
    rand = BigInt("0x" + crypto.randomBytes(32).toString("hex"));

    if (rand >= min) {
      break;
    }
  }

  const privKey = rand % SNARK_SCALAR_FIELD;

  return privKey;
};

async function eddsasig() {
    const eddsa = await buildEddsa();
    const plaintext = rand = BigInt("0x" + crypto.randomBytes(32).toString("hex"));
    const F = eddsa.F;
    const issuerPrivKey = genRandomBabyJubValue();
    const issuerPubKey = eddsa.prv2pub(issuerPrivKey.toString());
    const signature = eddsa.signMiMC(issuerPrivKey.toString(), F.e(plaintext));

    return signature;
    }

@biscuitdey
Copy link
Collaborator Author

@Therecanbeonlyone1969

@biscuitdey also circomlibjs supports EdDSA sigs such as with MimC e.g.

const buildEddsa = require("circomlibjs").buildEddsa;
import * as crypto from "crypto";

const SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
const genRandomBabyJubValue = () => {
  // Prevent modulo bias
  //const lim = BigInt('0x10000000000000000000000000000000000000000000000000000000000000000')
  //const min = (lim - SNARK_FIELD_SIZE) % SNARK_FIELD_SIZE
  const min = BigInt("6350874878119819312338956282401532410528162663560392320966563075034087161851");

  let rand;
  // eslint-disable-next-line no-constant-condition
  while (true) {
    rand = BigInt("0x" + crypto.randomBytes(32).toString("hex"));

    if (rand >= min) {
      break;
    }
  }

  const privKey = rand % SNARK_SCALAR_FIELD;

  return privKey;
};

async function eddsasig() {
    const eddsa = await buildEddsa();
    const plaintext = rand = BigInt("0x" + crypto.randomBytes(32).toString("hex"));
    const F = eddsa.F;
    const issuerPrivKey = genRandomBabyJubValue();
    const issuerPubKey = eddsa.prv2pub(issuerPrivKey.toString());
    const signature = eddsa.signMiMC(issuerPrivKey.toString(), F.e(plaintext));

    return signature;
    }

I am using this same library

@ognjenkurtic
Copy link
Collaborator

Currently blocked by #765

@biscuitdey biscuitdey linked a pull request Dec 4, 2023 that will close this issue
[SRI] 758 Update circom circuit to use eddsa signature verification #770
Merged
10 tasks
@biscuitdey biscuitdey mentioned this issue Dec 4, 2023
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@biscuitdey biscuitdey

Labels
None yet
Projects
None yet
Milestone
mil5
Development

Successfully merging a pull request may close this issue.

[SRI] 758 Update circom circuit to use eddsa signature verification ethereum-oasis-op/baseline
3 participants
@biscuitdey @Therecanbeonlyone1969 @ognjenkurtic