feat: implement fragmented zkpassport age verification#262
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Implements a fragmented zkPassport age verification flow that supports two circuit chains depending on TBS certificate size (single-pass signature verification for smaller TBS, and split SHA-256 + signature verification for larger TBS).
Changes:
- Introduces
SaltedValue<T>and new shared types/constants to support salted commitments and typed byte buffers. - Adds a new
partial_sha256library and new “fragmented_age_check” workspace with 4-circuit and 5-circuit pipelines. - Updates RSA signature utilities (PSS salt length parameter + pre-hashed RSA verification helper) and refactors commitments to include expiry date.
Reviewed changes
Copilot reviewed 57 out of 57 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| noir-examples/noir-passport-examples/zkpassport_libs/utils/src/types.nr | Adds new common types (dates, digests, buffers) and SaltedValue<T> with Poseidon2 hashing helpers. |
| noir-examples/noir-passport-examples/zkpassport_libs/utils/src/lib.nr | Adds little-endian byte packing and MRZ expiry-date extraction helpers. |
| noir-examples/noir-passport-examples/zkpassport_libs/utils/src/constants.nr | Introduces shared constants (DG1 lengths, nullifier type tags). |
| noir-examples/noir-passport-examples/zkpassport_libs/utils/Nargo.toml | Adds Poseidon dependency for the new salted hashing utilities. |
| noir-examples/noir-passport-examples/zkpassport_libs/sig-check/rsa/src/lib.nr | Adds PSS salt length parameter and a helper for verifying RSA signatures from a precomputed hash. |
| noir-examples/noir-passport-examples/zkpassport_libs/sig-check/rsa/Nargo.toml | Switches RSA dependency from local path to a pinned git tag. |
| noir-examples/noir-passport-examples/zkpassport_libs/partial-sha256/src/lib.nr | New partial SHA-256 implementation for splitting hashing across circuits + Poseidon state/data commitments. |
| noir-examples/noir-passport-examples/zkpassport_libs/partial-sha256/Nargo.toml | New package manifest for partial_sha256. |
| noir-examples/noir-passport-examples/zkpassport_libs/data-check/tbs-pubkey/src/lib.nr | Refactors ECDSA pubkey presence checks to search within TBS rather than requiring a provided offset. |
| noir-examples/noir-passport-examples/zkpassport_libs/data-check/integrity/src/lib.nr | Adds DG1 sizing helpers and SHA-256-based integrity checks used by fragmented circuits. |
| noir-examples/noir-passport-examples/zkpassport_libs/commitment/scoped-nullifier/src/lib.nr | Updates nullifier derivation to use salted commitments + adds nullifier “type” output. |
| noir-examples/noir-passport-examples/zkpassport_libs/commitment/integrity-to-disclosure/src/lib.nr | Updates commitment chaining to include salted expiry date and salted DG1/private-nullifier hashes. |
| noir-examples/noir-passport-examples/zkpassport_libs/commitment/common/src/lib.nr | Updates shared commitment primitives to use salted values and optionally salt scoped nullifiers. |
| noir-examples/noir-passport-examples/passport_validity_check/src/lib.nr | Updates calls to RSA verification to pass the new pss_salt_len argument. |
| noir-examples/noir-passport-examples/noir_rsa/src/types.nr | Removes local noir_rsa types module (migrating to external dependency). |
| noir-examples/noir-passport-examples/noir_rsa/src/lib.nr | Removes local noir_rsa library module. |
| noir-examples/noir-passport-examples/noir_rsa/README.md | Removes local noir_rsa readme. |
| noir-examples/noir-passport-examples/noir_rsa/Nargo.toml | Removes local noir_rsa package manifest. |
| noir-examples/noir-passport-examples/noir_native_sha256/src/tests.nr | Removes old native SHA-256 test harness. |
| noir-examples/noir-passport-examples/noir_native_sha256/src/ryan_sha256_noir.nr | Removes old SHA-256 implementation file. |
| noir-examples/noir-passport-examples/noir_native_sha256/src/ryan_sha256_constants.nr | Removes old SHA-256 constants file. |
| noir-examples/noir-passport-examples/noir_native_sha256/src/ryan_sha256_compression.nr | Removes old SHA-256 compression implementation file. |
| noir-examples/noir-passport-examples/noir_native_sha256/src/lib.nr | Removes old noir_native_sha256 library root. |
| noir-examples/noir-passport-examples/noir_native_sha256/Prover.toml | Removes old prover input fixture. |
| noir-examples/noir-passport-examples/noir_native_sha256/Nargo.toml | Removes old noir_native_sha256 package manifest. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_id_data_720/src/main.nr | New circuit: verifies DSC signature over signed attributes (720-byte TBS path) and commits to ID data. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_id_data_720/Nargo.toml | Package manifest for sig_check_id_data_720. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_id_data_1300/src/main.nr | New circuit: verifies DSC signature over signed attributes (1300-byte TBS path) and commits to ID data. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_id_data_1300/Nargo.toml | Package manifest for sig_check_id_data_1300. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_720/src/main.nr | New circuit: verifies CSCA signature over DSC certificate for small TBS path. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_720/Nargo.toml | Package manifest for sig_check_dsc_720. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_1300_verify/src/main.nr | New circuit: completes SHA-256 over large TBS and verifies CSCA RSA signature with pre-hashed verification. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_1300_verify/Nargo.toml | Package manifest for sig_check_dsc_1300_verify. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_1300_hash/src/main.nr | New circuit: processes first chunk of large TBS with SHA-256 start and commits to state+data. |
| noir-examples/noir-passport-examples/fragmented_age_check/sig_check_dsc_1300_hash/Nargo.toml | Package manifest for sig_check_dsc_1300_hash. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case2/prove-circuits.sh | Adds automation script to prove the 5-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case2/prepare-circuits.sh | Adds automation script to prepare keys for the 5-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case2/compile-circuits.sh | Adds automation script to compile circuits for the 5-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case1/prove-circuits.sh | Adds automation script to prove the 4-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case1/prepare-circuits.sh | Adds automation script to prepare keys for the 4-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/scripts/case1/compile-circuits.sh | Adds automation script to compile circuits for the 4-circuit chain. |
| noir-examples/noir-passport-examples/fragmented_age_check/data_check_integrity_sa/src/main.nr | New circuit: checks DG1↔eContent↔SignedAttributes integrity and commits to disclosure inputs. |
| noir-examples/noir-passport-examples/fragmented_age_check/data_check_integrity_sa/Nargo.toml | Package manifest for data_check_integrity_sa. |
| noir-examples/noir-passport-examples/fragmented_age_check/compare_age/src/main.nr | New circuit: checks expiry, compares age bounds, and produces scoped nullifier + parameter commitment. |
| noir-examples/noir-passport-examples/fragmented_age_check/compare_age/Nargo.toml | Package manifest for compare_age circuit package. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case2/sig_check_id_data_1300_prover.toml | Adds benchmark/prover inputs for case2 ID-data circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case2/sig_check_dsc_1300_verify_prover.toml | Adds benchmark/prover inputs for case2 DSC verification circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case2/sig_check_dsc_1300_hash_prover.toml | Adds benchmark/prover inputs for case2 DSC hash circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case2/data_check_integrity_sa_prover.toml | Adds benchmark/prover inputs for case2 integrity circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case2/compare_age_prover.toml | Adds benchmark/prover inputs for case2 compare-age circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case1/sig_check_id_data_720_prover.toml | Adds benchmark/prover inputs for case1 ID-data circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case1/sig_check_dsc_720_prover.toml | Adds benchmark/prover inputs for case1 DSC verification circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case1/data_check_integrity_sa_prover.toml | Adds benchmark/prover inputs for case1 integrity circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/benchmark-inputs/case1/compare_age_prover.toml | Adds benchmark/prover inputs for case1 compare-age circuit. |
| noir-examples/noir-passport-examples/fragmented_age_check/README.md | Documents the two circuit-chain approaches and when to use each. |
| noir-examples/noir-passport-examples/fragmented_age_check/Nargo.toml | Adds a workspace manifest for the fragmented age-check circuits. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Bisht13
requested changes
Feb 4, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 58 out of 58 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Bisht13
requested changes
Feb 5, 2026
| @@ -0,0 +1,8 @@ | |||
| [package] | |||
| name = "partial_sha256" | |||
Collaborator
There was a problem hiding this comment.
Is the lib borrowed from ZK Passport? Also can we have tests for this lib?
Collaborator
Author
There was a problem hiding this comment.
No this was implemented by me, I tested it locally comparing it with actual sha, and it worked perfectly, I'll add some tests as well.
Collaborator
There was a problem hiding this comment.
Can we put this outside zkpassport_libs folder?
Collaborator
Author
There was a problem hiding this comment.
Should I place it as a top-level package under noir-examples/ folder ? That way it would be reusable outside of noir-passport-examples as well.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…mples/zkpassport_libs/partial-sha256/ to top-level noir-examples/partial_sha256/
Bisht13
approved these changes
Feb 5, 2026
dcbuild3r
pushed a commit
that referenced
this pull request
May 16, 2026
feat: implement fragmented zkpassport age verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements fragmented zkPassport age verification system with two different circuit chains based on TBS certificate size.