Documentation ¶
Overview ¶
Package ecdsa implements ECDSA signature verification over any elliptic curve.
The package depends on the emulated/sw_emulated package for elliptic curve group operations using non-native arithmetic. Thus we can verify ECDSA signatures over any curve. The cost for a single secp256k1 signature verification in a BN254-SNARK is approximately 122k constraints in R1CS and 453k constraints in PLONKish.
See [ECDSA] for the signature verification algorithm.
[ECDSA]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PublicKey ¶
type PublicKey[Base, Scalar emulated.FieldParams] sw_emulated.AffinePoint[Base]
PublicKey represents the public key to verify the signature for.
func (PublicKey[T, S]) Verify ¶
func (pk PublicKey[T, S]) Verify(api frontend.API, params sw_emulated.CurveParams, msg *emulated.Element[S], sig *Signature[S])
Verify asserts that the signature sig verifies for the message msg and public key pk. The curve parameters params define the elliptic curve.
We assume that the message msg is already hashed to the scalar field.
Example ¶
Example how to verify the signature inside the circuit.
api := frontend.API(nil) // provider by the builder r, s := 0x01, 0x02 // usually given in the witness pubx, puby := 0x03, 0x04 // usually given in the witness m := 0x1337 // usually given in the witness // can be done in or out-circuit. Sig := Signature[emulated.Secp256k1Fr]{ R: emulated.ValueOf[emulated.Secp256k1Fr](r), S: emulated.ValueOf[emulated.Secp256k1Fr](s), } Msg := emulated.ValueOf[emulated.Secp256k1Fr](m) Pub := PublicKey[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{ X: emulated.ValueOf[emulated.Secp256k1Fp](pubx), Y: emulated.ValueOf[emulated.Secp256k1Fp](puby), } // signature verification assertion is done in-circuit Pub.Verify(api, sw_emulated.GetCurveParams[emulated.Secp256k1Fp](), &Msg, &Sig)
Output:
Example (Create) ¶
Example how to create a valid signature for secp256k1
// generate parameters privKey, _ := ecdsa.GenerateKey(rand.Reader) // sign msg := []byte("testing ECDSA") md := sha256.New() sigBin, _ := privKey.Sign(msg, md) pubx := privKey.PublicKey.A.X puby := privKey.PublicKey.A.Y // unmarshal signature var sig ecdsa.Signature sig.SetBytes(sigBin) // can continue in the PublicKey Verify example _, _, _, _, _ = sig.R, sig.S, msg, pubx, puby
Output: