Replies: 2 comments 1 reply
-
Yup, we don't have it currently natively implemented in gnark. We should do it at some point, but in practice it is better to use snark-friendly hash functions where we don't need the byte format of the message/pubkey. But still, see here: https://github.com/ritave/eIDAS-bridge/blob/main/snark/circuits/circuit.go, this is a hackathon project where I implemented X509 certificate verification in-circuit and for that I needed certificate chain verification, including hashing of P384 keys. The trick I used there was that I provided the byte-format of the pubkey and message as private input and then showed that it composes back to the given key/msg. See https://github.com/ritave/eIDAS-bridge/blob/main/snark/circuits/circuit.go#L63-L97 |
Beta Was this translation helpful? Give feedback.
-
Another method: inside circuit type EcdsaCircuit[T, S emulated.FieldParams] struct {
Commitment frontend.Variable `gnark:",public"` // Keccak256(Pub[0], Msg[0], Sig[1], Msg[1], ...)[1:32], ignore the first byte, since BN254 order < uint256
Pub [NumSignatures]PublicKey[T, S] `gnark:",secret"`
Msg [NumSignatures]emulated.Element[S] `gnark:",secret"`
Sig [NumSignatures]Signature[S] `gnark:",secret"`
}
msgLimb := uapi.UnpackMSB(uapi.ValueOf(c.Msg[i].Limbs[j]))
pubXLimb := uapi.UnpackMSB(uapi.ValueOf(c.Pub[i].X.Limbs[j])) |
Beta Was this translation helpful? Give feedback.
-
In my circuit, I want to hash some emulated elements from P-256 public key and message.
Convert
Msg
andPub
here into[]uints.U8
, then use SHA-3 to hash itgnark/std/signature/ecdsa/ecdsa_secpr_test.go
Lines 54 to 58 in 42dcb0c
Saw comments here
gnark/std/math/uints/uint8.go
Lines 64 to 66 in 42dcb0c
Beta Was this translation helpful? Give feedback.
All reactions