-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Jwt Circuit and Helpers #1
base: main
Are you sure you want to change the base?
Conversation
|
||
include "./jwt-verifier.circom"; | ||
|
||
component main = JWTVerifier(121, 17, 1024, 128, 896, 72, 605); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shreyas-londhe
I think this file is not necessary if you already have the test circuit in tests/test-circuits.
// Verify if the typ in the header is "JWT" | ||
var typLength = JWT_TYP_LENGTH(); | ||
var typ[typLength] = JWT_TYP(); | ||
signal typMatch[typLength] <== RevealSubstring(maxHeaderLength, typLength, 0)(header, jwtTypStartIndex, typLength); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you share the context about disabling the shouldCheckUniqueness
here?
Also, I don't understand how RevealSubstring
prevents unrelated jwtTypStartIndex
such that the substring from jwtTypStartIndex
contains "JWT" but is not for "typ"?
(The zk-regex prevents it by masking all characters except for the value of "typ" defined by the regex.)
// Check if the command in the nonce has a valid email address and remove the email address if it exists | ||
signal emailAddrRegexOut, emailAddrRegexReveal[maxCommandLength]; | ||
(emailAddrRegexOut, emailAddrRegexReveal) <== EmailAddrRegex(maxCommandLength)(command); | ||
signal isEmailAddrExist <== IsZero()(emailAddrRegexOut-1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be simplified to isEmailAddrExist <== emailAddrRegexOut
as emailAddrRegexOut is either 0 or 1.
This PR adds a JWT Verifier circuit capable of verifying Google Identity Services JWTs. It also includes TS helpers to generate circuit inputs and solidity contracts to verify the JWT proofs on-chain.