Skip to content

Commit

Permalink
Merge pull request #57 from rarimo/dev
Browse files Browse the repository at this point in the history
Dev branch merge
  • Loading branch information
1KitCat1 authored Nov 29, 2024
2 parents 034d660 + 060927b commit c7fcdd1
Show file tree
Hide file tree
Showing 23 changed files with 362 additions and 156 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,5 @@ test/passports/*
test/inputs/*
test/registerIdentityTest.ts
test/circuits/*
!test/passports/readme.txt
!test/passports/readme.txt
circuits/scripts/*
4 changes: 0 additions & 4 deletions circuits/activeAuth/rsaActiveAuthentication.circom
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ template RsaSha1ActiveAuthentication(CHUNK_SIZE, CHUNK_NUMBER, E_BITS) {
rsaDecryptor.modulus[i] <== modulus[i];
}

for (var i = 0; i < CHUNK_NUMBER; i++) {
log(rsaDecryptor.out[i]);
}

}

component main = RsaSha1ActiveAuthentication(64, 16, 17);
2 changes: 1 addition & 1 deletion circuits/ecdsa/p320main.circom
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.6;

include "./brainpoolP320r1/signatureVerification.circom";

component main = verifyBrainpool320(32,10,256);
component main = verifyBrainpool320(32, 10, 256);
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ include "circomlib/circuits/poseidon.circom";
// SIGNATURE_TYPE:
// - 1: RSA 2048 bits + SHA2-256 + e = 65537
// - 2: RSA 4096 bits + SHA2-256 + e = 65537
// - 3: RSA 2048 bits + SHA1 + e = 65537

// - 10: RSASSA-PSS 2048 bits MGF1 (SHA2-256) + SHA2-256 + e = 3 + salt = 32
// - 11: RSASSA-PSS 2048 bits MGF1 (SHA2-256) + SHA2-256 + e = 65537 + salt = 32
Expand Down Expand Up @@ -59,6 +60,15 @@ template RegisterIdentityBuilder (
CHUNK_NUMBER = 64;
}

if (SIGNATURE_TYPE == 3){
HASH_TYPE = 160;
}

if (SIGNATURE_TYPE == 4){
HASH_TYPE = 160;
CHUNK_NUMBER = 48;
}

if (SIGNATURE_TYPE == 13){
HASH_TYPE = 384;
}
Expand Down Expand Up @@ -138,6 +148,7 @@ template RegisterIdentityBuilder (
// -------
// PASSPORT VERIFICATION
// -------

component passportVerifier = PassportVerificationBuilder(
SIGNATURE_TYPE, // 1, 2.. (list above) ^^^
DG_HASH_TYPE, // 160, 224, 256, 384, 512 (list above)^^^
Expand Down
23 changes: 14 additions & 9 deletions circuits/passportVerification/passportVerificationBuilder.circom
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,13 @@ template PassportVerificationBuilder(SIGNATURE_TYPE,DG_HASH_TYPE,EC_BLOCK_NUMBER
if (SIGNATURE_TYPE == 2){
CHUNK_NUMBER = 64;
}

if (SIGNATURE_TYPE == 3){
HASH_TYPE = 160;
}
if (SIGNATURE_TYPE == 4){
HASH_TYPE = 160;
CHUNK_NUMBER = 48;
}
if (SIGNATURE_TYPE == 13){
HASH_TYPE = 384;
}
Expand Down Expand Up @@ -46,7 +52,7 @@ template PassportVerificationBuilder(SIGNATURE_TYPE,DG_HASH_TYPE,EC_BLOCK_NUMBER
CHUNK_SIZE = 32;
HASH_TYPE = 224;
}

var DG_HASH_BLOCK_SIZE = 1024;
if (DG_HASH_TYPE <= 256){
DG_HASH_BLOCK_SIZE = 512;
Expand All @@ -55,8 +61,8 @@ template PassportVerificationBuilder(SIGNATURE_TYPE,DG_HASH_TYPE,EC_BLOCK_NUMBER
if (HASH_TYPE <= 256){
HASH_BLOCK_SIZE = 512;
}



var DG1_LEN = 1024;
var SIGNED_ATTRIBUTES_LEN = 1024;
Expand Down Expand Up @@ -135,8 +141,7 @@ template PassportVerificationBuilder(SIGNATURE_TYPE,DG_HASH_TYPE,EC_BLOCK_NUMBER
if (AA_SIGNATURE_ALGO != 0){
DG15_ACTUAL_SHIFT = DG15_SHIFT;
}

passportVerificationFlow = PassportVerificationFlow(ENCAPSULATED_CONTENT_LEN,DG_HASH_TYPE,EC_HASH_TYPE,DG1_SHIFT,DG15_ACTUAL_SHIFT,EC_SHIFT,AA_SIGNATURE_ALGO);
passportVerificationFlow = PassportVerificationFlow(ENCAPSULATED_CONTENT_LEN,DG_HASH_TYPE,EC_HASH_TYPE,DG1_SHIFT,DG15_ACTUAL_SHIFT,EC_SHIFT,AA_SIGNATURE_ALGO);

passportVerificationFlow.dg1Hash <== dg1Hash;
passportVerificationFlow.dg15Hash <== dg15Hash;
Expand Down Expand Up @@ -183,15 +188,15 @@ template PassportVerificationBuilder(SIGNATURE_TYPE,DG_HASH_TYPE,EC_BLOCK_NUMBER
}
//ECDSA SIG
else {

var EC_FIELD_SIZE = CHUNK_NUMBER * CHUNK_SIZE;
var DIFF = 0;
if (EC_FIELD_SIZE > 248){
DIFF = 248 - EC_FIELD_SIZE;
DIFF = EC_FIELD_SIZE - 248;
}
component xToNum = Bits2Num(EC_FIELD_SIZE - DIFF);
component yToNum = Bits2Num(EC_FIELD_SIZE - DIFF);

for (var i = 0; i < EC_FIELD_SIZE - DIFF; i++) {
xToNum.in[EC_FIELD_SIZE - DIFF - 1 - i] <== pubkey[i + DIFF];
yToNum.in[EC_FIELD_SIZE - DIFF - 1 - i] <== pubkey[EC_FIELD_SIZE + i + DIFF];
Expand Down
171 changes: 169 additions & 2 deletions circuits/rsa/powMod.circom
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ pragma circom 2.1.6;

include "../bigInt/bigInt.circom";

// CHUNK_SIZE = 32
// E_BITS = 17
// CHUNK_NUMBER is the length of the base and modulus
// calculates (base^exp) % modulus, exp = 2^(E_BITS - 1) + 1 = 2^16 + 1
template PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS) {
Expand Down Expand Up @@ -45,3 +43,172 @@ template PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS) {
out[i] <== muls[E_BITS - 1].out[i];
}
}

// Deprecated
// template PowerMod37187(CHUNK_SIZE, CHUNK_NUMBER) {

// signal input base[CHUNK_NUMBER];
// signal input modulus[CHUNK_NUMBER];

// signal output out[CHUNK_NUMBER];

// component muls[15];
// component resultMuls[5];

// for (var i = 0; i < 15; i++) {
// muls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);

// for (var j = 0; j < CHUNK_NUMBER; j++) {
// muls[i].p[j] <== modulus[j];
// }
// }

// for (var i = 0; i < 5; i++) {
// resultMuls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);

// for (var j = 0; j < CHUNK_NUMBER; j++) {
// resultMuls[i].p[j] <== modulus[j];
// }
// }


// for (var i = 0; i < CHUNK_NUMBER; i++) {
// muls[0].a[i] <== base[i];
// muls[0].b[i] <== base[i];
// }

// for (var i = 1; i < 15; i++) {
// for (var j = 0; j < CHUNK_NUMBER; j++) {
// muls[i].a[j] <== muls[i - 1].out[j];
// muls[i].b[j] <== muls[i - 1].out[j];
// }
// }

// resultMuls[0].a <== muls[14].out; // 32768
// resultMuls[0].b <== muls[11].out; // 4096
// resultMuls[1].a <== resultMuls[0].out; // 32768 + 4096
// resultMuls[1].b <== muls[7].out; // 256
// resultMuls[2].a <== resultMuls[1].out; // 32768 + 4096 + 256
// resultMuls[2].b <== muls[5].out; // 64
// resultMuls[3].a <== resultMuls[2].out; // 32768 + 4096 + 256 + 64
// resultMuls[3].b <== muls[0].out; // 2
// resultMuls[4].a <== resultMuls[3].out; // 32768 + 4096 + 256 + 64 + 2
// resultMuls[4].b <== base; // 1


// for (var i = 0; i < CHUNK_NUMBER; i++) {
// out[i] <== resultMuls[4].out[i];
// log(out[i]);
// }


// }

template PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, EXP) {
assert(EXP >= 3);

signal input base[CHUNK_NUMBER];
signal input modulus[CHUNK_NUMBER];

signal output out[CHUNK_NUMBER];

var exp_process[256] = exp_to_bits(EXP);

component muls[exp_process[0]];
component resultMuls[exp_process[1] - 1];

for (var i = 0; i < exp_process[0]; i++){
muls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
muls[i].p <== modulus;
}

for (var i = 0; i < exp_process[1] - 1; i++){
resultMuls[i] = BigMultModP(CHUNK_SIZE, CHUNK_NUMBER);
resultMuls[i].p <== modulus;
}

muls[0].a <== base;
muls[0].b <== base;

for (var i = 1; i < exp_process[0]; i++){
muls[i].a <== muls[i - 1].out;
muls[i].b <== muls[i - 1].out;
}

for (var i = 0; i < exp_process[1] - 1; i++){
if (i == 0){
if (exp_process[i + 2] == 0){
resultMuls[i].a <== base;
} else {
resultMuls[i].a <== muls[exp_process[i + 2] - 1].out;
}
resultMuls[i].b <== muls[exp_process[i + 3] - 1].out;
}
else {
resultMuls[i].a <== resultMuls[i - 1].out;
resultMuls[i].b <== muls[exp_process[i + 3] - 1].out;
}
}

out <== resultMuls[exp_process[1] - 2].out;
}


template GetLastBit(){
signal input in;
signal output bit;
signal output div;

bit <-- in % 2;
div <-- in \ 2;

(1 - bit) * bit === 0;
div * 2 + bit * bit === in;
}

template GetLastNBits(N){
signal input in;
signal output div;
signal output out[N];

component getLastBit[N];
for (var i = 0; i < N; i++){
getLastBit[i] = GetLastBit();
if (i == 0){
getLastBit[i].in <== in;
} else {
getLastBit[i].in <== getLastBit[i - 1].div;
}
out[i] <== getLastBit[i].bit;
}

div <== getLastBit[N - 1].div;
}


function exp_to_bits(exp){
var mul_num = 0;
var result_mul_num = 0;
var indexes[256];
var bits[254];

var exp_clone = exp;
var counter = 0;
var result_counter;
while (exp > 0){
bits[counter] = exp % 2;
exp = exp \ 2;
if (bits[counter] == 1) {
result_mul_num += 1;
indexes[result_counter+2] = counter;
result_counter += 1;
}
mul_num += 1;
counter++;
}
indexes[0] = mul_num - 1;
indexes[1] = result_mul_num;

return indexes;

}
79 changes: 79 additions & 0 deletions circuits/rsa/rsa.circom
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,82 @@ template RsaVerifyPkcs1v15(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
pm.out[i] === 18446744073709551615; // 0b1111111111111111111111111111111111111111111111111111111111111111
}
}

// Pkcs1v15 + Sha160, e = 65537
template RsaVerifyPkcs1v15Sha1(CHUNK_SIZE, CHUNK_NUMBER, E_BITS, HASH_TYPE) {
signal input signature[CHUNK_NUMBER];
signal input pubkey[CHUNK_NUMBER]; //aka modulus

signal input hashed[HASH_TYPE];

// signature ** exp mod modulus
component pm = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS);
for (var i = 0; i < CHUNK_NUMBER; i++) {
pm.base[i] <== signature[i];
pm.modulus[i] <== pubkey[i];
}

signal hashed_chunks[2];

component bits2num[2];
for (var i = 0; i < 2; i++){
bits2num[i] = Bits2Num(64);
for (var j = 0; j < 64; j++){
bits2num[i].in[j] <== hashed[159 - j - i * 64];
}
}

component getBits = GetLastNBits(32);
getBits.in <== pm.out[2];
for (var i = 0; i < 32; i++){
getBits.out[i] === hashed[31 - i];
}
getBits.div === 83887124; //0x5000414

pm.out[3] === 650212878678426138;
pm.out[4] === 18446744069417738544;
for (var i = 5; i < CHUNK_NUMBER-1; i++) {
pm.out[i] === 18446744073709551615; // 0b1111111111111111111111111111111111111111111111111111111111111111
}
pm.out[CHUNK_NUMBER - 1] === 562949953421311;
}

// TODO: research this moment https://www.youtube.com/watch?v=XfELJU1mRMg,
// optimisation may be possible
template RsaVerifyPkcs1v15Sha1E37817(CHUNK_SIZE, CHUNK_NUMBER, HASH_TYPE) {
signal input signature[CHUNK_NUMBER];
signal input pubkey[CHUNK_NUMBER]; //aka modulus

signal input hashed[HASH_TYPE];

// signature ** exp mod modulus
component pm = PowerModAnyExp(CHUNK_SIZE, CHUNK_NUMBER, 37187);
for (var i = 0; i < CHUNK_NUMBER; i++) {
pm.base[i] <== signature[i];
pm.modulus[i] <== pubkey[i];
}

signal hashed_chunks[2];

component bits2num[2];
for (var i = 0; i < 2; i++){
bits2num[i] = Bits2Num(64);
for (var j = 0; j < 64; j++){
bits2num[i].in[j] <== hashed[159 - j - i * 64];
}
}

component getBits = GetLastNBits(32);
getBits.in <== pm.out[2];
for (var i = 0; i < 32; i++){
getBits.out[i] === hashed[31 - i];
}
getBits.div === 83887124; //0x5000414

pm.out[3] === 650212878678426138;
pm.out[4] === 18446744069417738544;
for (var i = 5; i < CHUNK_NUMBER-1; i++) {
pm.out[i] === 18446744073709551615; // 0b1111111111111111111111111111111111111111111111111111111111111111
}
pm.out[CHUNK_NUMBER - 1] === 562949953421311;
}
2 changes: 1 addition & 1 deletion circuits/rsa/rsaVerify.circom
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.6;

include "./rsa.circom";

component main = RsaVerifyPkcs1v15(64, 32, 17, 256);
component main = PowerModAnyExp(64, 48, 37187);
Loading

0 comments on commit c7fcdd1

Please sign in to comment.