ecdsa

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2024 License: Apache-2.0 Imports: 3 Imported by: 6

Documentation

Overview

Package ecdsa implements ECDSA signature verification over any elliptic curve.

The package depends on the emulated/sw_emulated package for elliptic curve group operations using non-native arithmetic. Thus we can verify ECDSA signatures over any curve. The cost for a single secp256k1 signature verification in a BN254-SNARK is approximately 122k constraints in R1CS and 453k constraints in PLONKish.

See [ECDSA] for the signature verification algorithm.

[ECDSA]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PublicKey

type PublicKey[Base, Scalar emulated.FieldParams] sw_emulated.AffinePoint[Base]

PublicKey represents the public key to verify the signature for.

func (PublicKey[T, S]) Verify

func (pk PublicKey[T, S]) Verify(api frontend.API, params sw_emulated.CurveParams, msg *emulated.Element[S], sig *Signature[S])

Verify asserts that the signature sig verifies for the message msg and public key pk. The curve parameters params define the elliptic curve.

We assume that the message msg is already hashed to the scalar field.

Example

Example how to verify the signature inside the circuit.

api := frontend.API(nil) // provider by the builder
r, s := 0x01, 0x02       // usually given in the witness
pubx, puby := 0x03, 0x04 // usually given in the witness
m := 0x1337              // usually given in the witness

// can be done in or out-circuit.
Sig := Signature[emulated.Secp256k1Fr]{
	R: emulated.ValueOf[emulated.Secp256k1Fr](r),
	S: emulated.ValueOf[emulated.Secp256k1Fr](s),
}
Msg := emulated.ValueOf[emulated.Secp256k1Fr](m)
Pub := PublicKey[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
	X: emulated.ValueOf[emulated.Secp256k1Fp](pubx),
	Y: emulated.ValueOf[emulated.Secp256k1Fp](puby),
}
// signature verification assertion is done in-circuit
Pub.Verify(api, sw_emulated.GetCurveParams[emulated.Secp256k1Fp](), &Msg, &Sig)
Output:

Example (Create)

Example how to create a valid signature for secp256k1

// generate parameters
privKey, _ := ecdsa.GenerateKey(rand.Reader)

// sign
msg := []byte("testing ECDSA")
md := sha256.New()
sigBin, _ := privKey.Sign(msg, md)

pubx := privKey.PublicKey.A.X
puby := privKey.PublicKey.A.Y

// unmarshal signature
var sig ecdsa.Signature
sig.SetBytes(sigBin)

// can continue in the PublicKey Verify example
_, _, _, _, _ = sig.R, sig.S, msg, pubx, puby
Output:

type Signature

type Signature[Scalar emulated.FieldParams] struct {
	R, S emulated.Element[Scalar]
}

Signature represents the signature for some message.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL