Merge pull request #257 from openpassport-org/perf/rsa-optimization

[WIP] Perf/rsa optimization
zk-passport · Dec 13, 2024 · c5c4dd1 · c5c4dd1
2 parents 302d7ae + 4dc6c53
commit c5c4dd1
Show file tree

Hide file tree

Showing 26 changed files with 5,013 additions and 2,355 deletions.
diff --git a/circuits/circuits/prove/instances/prove_rsa_sha256_65537_3072.circom b/circuits/circuits/prove/instances/prove_rsa_sha256_65537_3072.circom
@@ -2,4 +2,4 @@ pragma circom 2.1.9;
 
 include "../openpassport_prove.circom";
 
-component main { public [ scope, user_identifier, current_date ] } = OPENPASSPORT_PROVE(14, 64, 48, 384, 192, 20);
+component main { public [ scope, user_identifier, current_date ] } = OPENPASSPORT_PROVE(14, 96, 32, 384, 192, 20);
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[32];
+    signal input modulus[32];
+    signal input message[32];
+
+    VerifyRsaPkcs1v1_5(3, 64, 32, 17, 160)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[32];
+    signal input modulus[32];
+    signal input message[32];
+
+    VerifyRsaPkcs1v1_5(13, 64, 32, 2, 256)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[32];
+    signal input modulus[32];
+    signal input message[32];
+
+    VerifyRsaPkcs1v1_5(1, 64, 32, 17, 256)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[32];
+    signal input modulus[32];
+    signal input message[32];
+
+    VerifyRsaPkcs1v1_5(14, 96, 32, 17, 256)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[64];
+    signal input modulus[64];
+    signal input message[64];
+
+    VerifyRsaPkcs1v1_5(10, 64, 64, 17, 256)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom
@@ -0,0 +1,13 @@
+pragma circom 2.1.9;
+
+include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom";
+
+template VerifyRsaPkcs1v1_5Tester() {
+    signal input signature[64];
+    signal input modulus[64];
+    signal input message[64];
+
+    VerifyRsaPkcs1v1_5(15, 64, 64, 17, 512)(signature, modulus, message);
+}
+
+component main = VerifyRsaPkcs1v1_5Tester();
diff --git a/circuits/circuits/utils/other/bigInt.circom b/circuits/circuits/utils/other/bigInt.circom
@@ -5,6 +5,8 @@ include "circomlib/circuits/bitify.circom";
 include "circomlib/circuits/gates.circom";
 
 include "bigIntFunc.circom";
+include "./optimized/bigInt/karatsuba.circom";
+include "./optimized/int/arithmetic.circom";
 
 // addition mod 2**CHUNK_SIZE with carry bit
 template ModSum(CHUNK_SIZE) {
@@ -393,6 +395,41 @@ template BigMult(CHUNK_SIZE, CHUNK_NUMBER) {
     }
 }
 
+template BigMultOptimised(CHUNK_SIZE, CHUNK_NUMBER) {
+    signal input dummy;
+    signal input in[2][CHUNK_NUMBER];
+
+    signal output out[CHUNK_NUMBER * 2];
+
+    component karatsuba = KaratsubaNoCarry(CHUNK_NUMBER);
+    karatsuba.in <== in;
+    karatsuba.dummy <== dummy;
+
+    dummy * dummy === 0;
+
+    component getLastNBits[CHUNK_NUMBER * 2 - 1];
+    component bits2Num[CHUNK_NUMBER * 2 - 1];
+
+    for (var i = 0; i < CHUNK_NUMBER * 2 - 1; i++) {
+        getLastNBits[i] = GetLastNBits(CHUNK_SIZE);
+        bits2Num[i] = Bits2Num(CHUNK_SIZE);
+
+        if (i == 0) {
+            getLastNBits[i].in <== karatsuba.out[i];
+        } else {
+            getLastNBits[i].in <== karatsuba.out[i] + getLastNBits[i - 1].div;
+        }
+
+        bits2Num[i].in <== getLastNBits[i].out;
+    }
+
+    for (var i = 0; i < CHUNK_NUMBER * 2 - 1; i++) {
+        out[i] <== bits2Num[i].out;
+    }
+
+    out[CHUNK_NUMBER * 2 - 1] <== getLastNBits[CHUNK_NUMBER * 2 - 2].div;
+}
+
 /*
 Inputs:
     - BigInts a, b
@@ -707,6 +744,32 @@ template BigMultModP(CHUNK_SIZE, CHUNK_NUMBER) {
     }
 }
 
+template BigMultModPOptimized(CHUNK_SIZE, CHUNK_NUMBER) {
+    assert(CHUNK_SIZE <= 252);
+    signal input a[CHUNK_NUMBER];
+    signal input b[CHUNK_NUMBER];
+    signal input p[CHUNK_NUMBER];
+    signal output out[CHUNK_NUMBER];
+
+    component big_mult = BigMultOptimised(CHUNK_SIZE, CHUNK_NUMBER);
+    for (var i = 0; i < CHUNK_NUMBER; i++) {
+        big_mult.in[0][i] <== a[i];
+        big_mult.in[1][i] <== b[i];
+    }
+    big_mult.dummy <== 0;
+
+    component big_mod = BigMod(CHUNK_SIZE, CHUNK_NUMBER);
+    for (var i = 0; i < 2 * CHUNK_NUMBER; i++) {
+        big_mod.a[i] <== big_mult.out[i];
+    }
+    for (var i = 0; i < CHUNK_NUMBER; i++) {
+        big_mod.b[i] <== p[i];
+    }
+    for (var i = 0; i < CHUNK_NUMBER; i++) {
+        out[i] <== big_mod.mod[i];
+    }
+}
+
 template BigModInv(CHUNK_SIZE, CHUNK_NUMBER) {
     assert(CHUNK_SIZE <= 252);
     signal input in[CHUNK_NUMBER];
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ pragma circom 2.1.9;

		include "../openpassport_prove.circom";

		component main { public [ scope, user_identifier, current_date ] } = OPENPASSPORT_PROVE(14, 64, 48, 384, 192, 20);
		component main { public [ scope, user_identifier, current_date ] } = OPENPASSPORT_PROVE(14, 96, 32, 384, 192, 20);