From c3204be3f7e60486c974597f0b32c99b2007e75b Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Mon, 4 Mar 2024 15:01:50 -0500 Subject: [PATCH 1/4] add eddsa_poseidon_to_pub function to stdlib with test + docs --- .../cryptographic_primitives/eddsa.mdx | 11 +++++++++++ noir_stdlib/src/eddsa.nr | 9 +++++++++ test_programs/execution_success/eddsa/src/main.nr | 10 ++++++++-- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx index a9c10da6c06..f0a2000d778 100644 --- a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx +++ b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx @@ -16,3 +16,14 @@ fn eddsa_poseidon_verify(public_key_x : Field, public_key_y : Field, signature_s ``` + +## eddsa::eddsa_poseidon_to_pub + +Private to public key conversion for EdDSA signatures. + +Returns `(pub_key_x, pub_key_y)` + +```rust +fn eddsa_poseidon_to_pub(secret : Field) -> (Field, Field) +``` + diff --git a/noir_stdlib/src/eddsa.nr b/noir_stdlib/src/eddsa.nr index 657e791e9c7..ecbe6f88c33 100644 --- a/noir_stdlib/src/eddsa.nr +++ b/noir_stdlib/src/eddsa.nr @@ -38,3 +38,12 @@ pub fn eddsa_poseidon_verify( left.eq(right) } + +// Returns the public key of the given secret key as (pub_key_x, pub_key_y) +pub fn eddsa_poseidon_to_pub( + secret: Field, +) -> (Field, Field) { + let bjj = baby_jubjub(); + let pub_key = bjj.curve.mul(secret, bjj.curve.gen); + (pub_key.x, pub_key.y) +} diff --git a/test_programs/execution_success/eddsa/src/main.nr b/test_programs/execution_success/eddsa/src/main.nr index 12e8ea92785..6a81a6ea07a 100644 --- a/test_programs/execution_success/eddsa/src/main.nr +++ b/test_programs/execution_success/eddsa/src/main.nr @@ -1,14 +1,20 @@ use dep::std::compat; use dep::std::ec::consts::te::baby_jubjub; +use dep::std::ec::tecurve::affine::Point as TEPoint; use dep::std::hash; -use dep::std::eddsa::eddsa_poseidon_verify; +use dep::std::eddsa::{eddsa_poseidon_to_pub, eddsa_poseidon_verify}; + fn main(msg: pub Field, _priv_key_a: Field, _priv_key_b: Field) { // Skip this test for non-bn254 backends if compat::is_bn254() { let bjj = baby_jubjub(); let pub_key_a = bjj.curve.mul(_priv_key_a, bjj.curve.gen); - // let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen); + let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen); + let (pub_key_a_x, pub_key_a_y) = eddsa_poseidon_to_pub(_priv_key_a); + let (pub_key_b_x, pub_key_b_y) = eddsa_poseidon_to_pub(_priv_key_b); + assert(TEPoint::new(pub_key_a_x, pub_key_a_y) == pub_key_a); + assert(TEPoint::new(pub_key_b_x, pub_key_b_y) == pub_key_b); // Manually computed as fields can't use modulo. Importantantly the commitment is within // the subgroup order. Note that choice of hash is flexible for this step. // let r_a = hash::pedersen_commitment([_priv_key_a, msg])[0] % bjj.suborder; // modulus computed manually From acb8e2283f8791aa3d12c105806d56b9e908ad92 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Mon, 4 Mar 2024 15:12:52 -0500 Subject: [PATCH 2/4] rename -> eddsa_to_pub --- .../standard_library/cryptographic_primitives/eddsa.mdx | 4 ++-- noir_stdlib/src/eddsa.nr | 2 +- test_programs/execution_success/eddsa/src/main.nr | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx index f0a2000d778..c4ed823b020 100644 --- a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx +++ b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx @@ -17,13 +17,13 @@ fn eddsa_poseidon_verify(public_key_x : Field, public_key_y : Field, signature_s -## eddsa::eddsa_poseidon_to_pub +## eddsa::eddsa_to_pub Private to public key conversion for EdDSA signatures. Returns `(pub_key_x, pub_key_y)` ```rust -fn eddsa_poseidon_to_pub(secret : Field) -> (Field, Field) +fn eddsa_to_pub(secret : Field) -> (Field, Field) ``` diff --git a/noir_stdlib/src/eddsa.nr b/noir_stdlib/src/eddsa.nr index ecbe6f88c33..534a20cfe05 100644 --- a/noir_stdlib/src/eddsa.nr +++ b/noir_stdlib/src/eddsa.nr @@ -40,7 +40,7 @@ pub fn eddsa_poseidon_verify( } // Returns the public key of the given secret key as (pub_key_x, pub_key_y) -pub fn eddsa_poseidon_to_pub( +pub fn eddsa_to_pub( secret: Field, ) -> (Field, Field) { let bjj = baby_jubjub(); diff --git a/test_programs/execution_success/eddsa/src/main.nr b/test_programs/execution_success/eddsa/src/main.nr index 6a81a6ea07a..4404ffe75f7 100644 --- a/test_programs/execution_success/eddsa/src/main.nr +++ b/test_programs/execution_success/eddsa/src/main.nr @@ -2,7 +2,7 @@ use dep::std::compat; use dep::std::ec::consts::te::baby_jubjub; use dep::std::ec::tecurve::affine::Point as TEPoint; use dep::std::hash; -use dep::std::eddsa::{eddsa_poseidon_to_pub, eddsa_poseidon_verify}; +use dep::std::eddsa::{eddsa_to_pub, eddsa_poseidon_verify}; fn main(msg: pub Field, _priv_key_a: Field, _priv_key_b: Field) { // Skip this test for non-bn254 backends @@ -11,8 +11,8 @@ fn main(msg: pub Field, _priv_key_a: Field, _priv_key_b: Field) { let pub_key_a = bjj.curve.mul(_priv_key_a, bjj.curve.gen); let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen); - let (pub_key_a_x, pub_key_a_y) = eddsa_poseidon_to_pub(_priv_key_a); - let (pub_key_b_x, pub_key_b_y) = eddsa_poseidon_to_pub(_priv_key_b); + let (pub_key_a_x, pub_key_a_y) = eddsa_to_pub(_priv_key_a); + let (pub_key_b_x, pub_key_b_y) = eddsa_to_pub(_priv_key_b); assert(TEPoint::new(pub_key_a_x, pub_key_a_y) == pub_key_a); assert(TEPoint::new(pub_key_b_x, pub_key_b_y) == pub_key_b); // Manually computed as fields can't use modulo. Importantantly the commitment is within From c79061d0f09e55d01af441c7f8fcfbda72461558 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Mon, 4 Mar 2024 16:50:47 -0500 Subject: [PATCH 3/4] nargo fmt --- noir_stdlib/src/eddsa.nr | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/noir_stdlib/src/eddsa.nr b/noir_stdlib/src/eddsa.nr index 534a20cfe05..966bc1da2a1 100644 --- a/noir_stdlib/src/eddsa.nr +++ b/noir_stdlib/src/eddsa.nr @@ -40,9 +40,7 @@ pub fn eddsa_poseidon_verify( } // Returns the public key of the given secret key as (pub_key_x, pub_key_y) -pub fn eddsa_to_pub( - secret: Field, -) -> (Field, Field) { +pub fn eddsa_to_pub(secret: Field) -> (Field, Field) { let bjj = baby_jubjub(); let pub_key = bjj.curve.mul(secret, bjj.curve.gen); (pub_key.x, pub_key.y) From 2e98dbe41486f953fd5f7930e69a2bcc49f7f79f Mon Sep 17 00:00:00 2001 From: Michael J Klein Date: Mon, 4 Mar 2024 18:46:36 -0500 Subject: [PATCH 4/4] Update docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx Co-authored-by: kevaundray --- .../noir/standard_library/cryptographic_primitives/eddsa.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx index c4ed823b020..99b7f830a20 100644 --- a/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx +++ b/docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx @@ -19,7 +19,7 @@ fn eddsa_poseidon_verify(public_key_x : Field, public_key_y : Field, signature_s ## eddsa::eddsa_to_pub -Private to public key conversion for EdDSA signatures. +Private to public key conversion. Returns `(pub_key_x, pub_key_y)`