TBS Cert verification

.github/workflows/contracts-ci.yaml

@@ -0,0 +1,23 @@
+name: Contracts CI
+
+on:
+  pull_request:
+    paths:
+      - 'packages/contracts/**/*.sol'
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/contracts
+    steps:
+      - name: Checkout repository code
+        uses: actions/checkout@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Check Solidity formatting
+        id: format
+        run: make format_check

.gitignore

@@ -3,4 +3,6 @@ node_modules/
 .env
 target/
 packages/certs/secret*
-packages/certs/der*
+packages/certs/der*
+packages/certs/myna_new_cert.pem
+packages/certs/*.json

package.json

@@ -17,10 +17,14 @@
   "license": "MIT",
   "devDependencies": {
     "eslint": "^8.51.0",
-    "typescript": "^5.2.2",
-    "prettier": "2.8.8"
+    "prettier": "2.8.8",
+    "typescript": "^5.2.2"
   },
   "dependencies": {
-    "circomlib": "^2.0.5"
+    "circomlib": "^2.0.5",
+    "js-sha256": "^0.10.1",
+    "js-x509-utils": "^1.0.7",
+    "node-rsa": "^1.1.1",
+    "rsasign": "^1.4.2"
   }
 }

packages/certs/myna_cert.pem

@@ -33,4 +33,4 @@ Vbl0KleAkXv/Q0wfYFpawxJ3O6pDBUcuOdQF44BmwBBJr1ooevxi3EekFB4IVL1Q
 Pnd/BTfYmnL2gO8EZRUutj1ndJfYy8o4LvuCsLyqLMiEcnenVWFKoDRksZNNr0Ez
 R/nTPoe4Ohulp+IeHPfztiZttYGUEgV/YVAA2XlFezZzBAzY5augCs6JLuCPLcyl
 +FQ=
------END CERTIFICATE-----
+-----END CERTIFICATE-----

packages/certs/myna_new_cert.pem

@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGLjCCBRagAwIBAgIEBr/DQTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
+SlAxDTALBgNVBAoMBEpQS0kxJTAjBgNVBAsMHEpQS0kgZm9yIHVzZXIgYXV0aGVu
+dGljYXRpb24xPTA7BgNVBAsMNEphcGFuIEFnZW5jeSBmb3IgTG9jYWwgQXV0aG9y
+aXR5IEluZm9ybWF0aW9uIFN5c3RlbXMwHhcNMjMwNTE5MTYzNzA5WhcNMjcxMjA3
+MTQ1OTU5WjAvMQswCQYDVQQGEwJKUDEgMB4GA1UEAwwXNDEyNTk0RTc1SkFDSk0x
+NDEwNDAwM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoF7r4+k5u
+dgho0dvFbuUAmdIqZ62YMocT+f3yBV2bc/xs2abA65yiT/fA40rSaL+LfquW8nAB
+fzJzmBPQB8Usl2MivDIASbPmi5oZU9yRWnWi6F1++iAF1PLzzDq8ojTxGuTt2P59
+f2DzyjGq9N3FIOHjySXukf0IEYMWtLubkQzsdPh4pONQLCsNiUBk6lybeVxEDNPu
+feHaoQsxnvVgqWgoofpMHBfzI5HzNOxoF7lTq66GJY776uK1sovOY6wIpIBy3PY1
+aT+0r35/wHrToreBcjBMGNq589IGWBxISbjY8R1tte/ULiyJZHGeppZjQq5D5v8Q
+G5lK6EWuR88bAgMBAAGjggL8MIIC+DAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAww
+CgYIKwYBBQUHAwIwSQYDVR0gAQH/BD8wPTA7BgsqgwiMm1UIBQEDHjAsMCoGCCsG
+AQUFBwIBFh5odHRwOi8vd3d3Lmpwa2kuZ28uanAvY3BzLmh0bWwwgbcGA1UdEgSB
+rzCBrKSBqTCBpjELMAkGA1UEBhMCSlAxJzAlBgNVBAoMHuWFrOeahOWAi+S6uuiq
+jeiovOOCteODvOODk+OCuTE5MDcGA1UECwww5YWs55qE5YCL5Lq66KqN6Ki844K1
+44O844OT44K55Yip55So6ICF6Ki85piO55SoMTMwMQYDVQQLDCrlnLDmlrnlhazl
+hbHlm6PkvZPmg4XloLHjgrfjgrnjg4bjg6DmqZ/mp4swgbsGA1UdHwSBszCBsDCB
+raCBqqCBp6SBpDCBoTELMAkGA1UEBhMCSlAxDTALBgNVBAoMBEpQS0kxJTAjBgNV
+BAsMHEpQS0kgZm9yIHVzZXIgYXV0aGVudGljYXRpb24xIDAeBgNVBAsMF0NSTCBE
+aXN0cmlidXRpb24gUG9pbnRzMRUwEwYDVQQLDAxLYW5hZ2F3YS1rZW4xIzAhBgNV
+BAMMGllva29oYW1hLXNoaS1OYWthLWt1IENSTERQMDoGCCsGAQUFBwEBBC4wLDAq
+BggrBgEFBQcwAYYeaHR0cDovL29jc3BhdXRobm9ybS5qcGtpLmdvLmpwMIGyBgNV
+HSMEgaowgaeAFIzVWGqJFIXlWTebfinUEM/SizWToYGIpIGFMIGCMQswCQYDVQQG
+EwJKUDENMAsGA1UECgwESlBLSTElMCMGA1UECwwcSlBLSSBmb3IgdXNlciBhdXRo
+ZW50aWNhdGlvbjE9MDsGA1UECww0SmFwYW4gQWdlbmN5IGZvciBMb2NhbCBBdXRo
+b3JpdHkgSW5mb3JtYXRpb24gU3lzdGVtc4IEATPDSTAdBgNVHQ4EFgQUynhhI83F
+h5jBgv3ePsoF4rGCFaUwDQYJKoZIhvcNAQELBQADggEBAEazXZPwSG0TKv9X1k/5
+LHlSB0sfJrtdwLoDd80/LTf+vBayJqRlkjTvacqYGMu+tGXd4VSUisR4RgvaEqPH
+oON6zhpdgsCCrw8YYjTIDfT/MmYl9Eq4/EZp56aY2HjSb1OGFbmyzLuEanqREKYC
+jE3pxJiJ5U5AhNn6oLp5tal+gmArVca8wq+813qfz/eUWlEgS3a+a3cTmi6W/vhf
+Cw43bNXqTerYihBiPhu46rzimDTd4q6EKwowOZdsu/um14IXQ5qOhAu0+Kd2xbRu
+jBA9gYoin8VwsgAhLgrO7V0OGMzBAEMBAQBdvG/r57eACatCbL4X1oQCqKt8i6rs
+Hvg=
+-----END CERTIFICATE-----

packages/circom-circuit/.gitignore

@@ -0,0 +1,17 @@
+build/
+setup/
+certs/
+powersOfTau*
+user-sig-setup/circuit*
+user-sig-setup/witness.wtns
+user-sig-setup/proof.json
+user-sig-setup/public.json
+user-sig-setup/verification_key.json
+user-sig-build/*
+gov-sig-setup/circuit*
+gov-sig-setup/witness.wtns
+gov-sig-setup/proof.json
+gov-sig-setup/public.json
+gov-sig-setup/verification_key.json
+gov-sig-setup/input.json
+gov-sig-build/*

packages/circom-circuit/Makefile

@@ -0,0 +1,59 @@
+init:
+	mkdir ./setup && mkdir ./build
+	cp ./test/input.json ./setup/input.json
+	curl -L https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_19.ptau -o ./setup/powersOfTau28_hez_final_19.ptau
+
+test-circuit:
+	npm run test
+
+gov-sig-build-circuit:
+	circom src/verify-gov-sig.circom --r1cs --wasm --sym -o ./gov-sig-build
+	node gov-sig-build/verify-gov-sig_js/generate_witness.js ./gov-sig-build/verify-gov-sig_js/verify-gov-sig.wasm ./gov-sig-setup/input.json ./gov-sig-setup/witness.wtns
+
+user-sig-build-circuit:
+	circom src/verify-user-sig.circom --r1cs --wasm --sym -o ./user-sig-build
+	node user-sig-build/verify-user-sig_js/generate_witness.js ./user-sig-build/verify-user-sig_js/verify-user-sig.wasm ./user-sig-setup/input.json ./user-sig-setup/witness.wtns
+
+gov-sig-setup-groth16:
+	snarkjs groth16 setup ./gov-sig-build/verify-gov-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./gov-sig-setup/circuit_0000.zkey
+	snarkjs zkey contribute ./gov-sig-setup/circuit_0000.zkey ./gov-sig-setup/circuit_0001.zkey --name="1st Contributor Name 1" -v -e="1st random entropy"
+	snarkjs zkey contribute ./gov-sig-setup/circuit_0001.zkey ./gov-sig-setup/circuit_0002.zkey --name="2st Contributor Name 2" -v -e="2st random entropy"
+	snarkjs zkey contribute ./gov-sig-setup/circuit_0002.zkey ./gov-sig-setup/circuit_0003.zkey --name="3st Contributor Name 3" -v -e="3st random entropy"
+	snarkjs zkey verify ./gov-sig-build/verify-gov-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./gov-sig-setup/circuit_0003.zkey
+	snarkjs zkey beacon ./gov-sig-setup/circuit_0003.zkey ./gov-sig-setup/circuit_final.zkey 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"
+	snarkjs zkey verify ./gov-sig-build/verify-gov-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./gov-sig-setup/circuit_final.zkey
+	snarkjs zkey export verificationkey ./gov-sig-setup/circuit_final.zkey ./gov-sig-setup/verification_key.json
+
+user-sig-setup-groth16:
+	snarkjs groth16 setup ./user-sig-build/verify-user-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./user-sig-setup/circuit_0000.zkey
+	snarkjs zkey contribute ./user-sig-setup/circuit_0000.zkey ./user-sig-setup/circuit_0001.zkey --name="1st Contributor Name 1" -v -e="1st random entropy"
+	snarkjs zkey contribute ./user-sig-setup/circuit_0001.zkey ./user-sig-setup/circuit_0002.zkey --name="2st Contributor Name 2" -v -e="2st random entropy"
+	snarkjs zkey contribute ./user-sig-setup/circuit_0002.zkey ./user-sig-setup/circuit_0003.zkey --name="3st Contributor Name 3" -v -e="3st random entropy"
+	snarkjs zkey verify ./user-sig-build/verify-user-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./user-sig-setup/circuit_0003.zkey
+	snarkjs zkey beacon ./user-sig-setup/circuit_0003.zkey ./user-sig-setup/circuit_final.zkey 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"
+	snarkjs zkey verify ./user-sig-build/verify-user-sig.r1cs ./powersOfTau28_hez_final_20.ptau ./user-sig-setup/circuit_final.zkey
+	snarkjs zkey export verificationkey ./user-sig-setup/circuit_final.zkey ./user-sig-setup/verification_key.json
+
+gov-sig-create-proof:
+	snarkjs groth16 prove ./gov-sig-setup/circuit_final.zkey ./gov-sig-setup/witness.wtns ./gov-sig-setup/proof.json ./gov-sig-setup/public.json
+
+user-sig-create-proof:
+	snarkjs groth16 prove ./user-sig-setup/circuit_final.zkey ./user-sig-setup/witness.wtns ./user-sig-setup/proof.json ./user-sig-setup/public.json
+
+gov-sig-verify-proof:
+	snarkjs groth16 verify ./gov-sig-setup/verification_key.json ./gov-sig-setup/public.json ./gov-sig-setup/proof.json
+
+user-sig-verify-proof:
+	snarkjs groth16 verify ./user-sig-setup/verification_key.json ./user-sig-setup/public.json ./user-sig-setup/proof.json
+
+gov-sig-export-verifier:
+	snarkjs zkey export solidityverifier ./gov-sig-setup/circuit_final.zkey ../contracts/src/circom-verifier/govSigVerifier.sol
+
+user-sig-export-verifier:
+	snarkjs zkey export solidityverifier ./user-sig-setup/circuit_final.zkey ../contracts/src/circom-verifier/userSigVerifier.sol
+
+gov-sig-generate-calldata:
+	snarkjs generatecall ./gov-sig-setup/public.json ./gov-sig-setup/proof.json >> ./gov-sig-build/solidity-input.json
+
+user-sig-generate-calldata:
+	snarkjs generatecall ./user-sig-setup/public.json ./user-sig-setup/proof.json >> ./user-sig-build/solidity-input.json

packages/circom-circuits/package.json → packages/circom-circuit/package.json

@@ -3,14 +3,14 @@
   "version": "1.0.0",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "npx hardhat typechain && npx hardhat test"
   },
   "keywords": [],
   "author": "",
   "license": "MIT",
-   "dependencies": {
+  "dependencies": {
     "commander": "^11.0.0",
-    "snarkjs": "^0.7.0"
+    "snarkjs": "^0.7.2"
   },
   "devDependencies": {
     "chai": "^4.3.7",

packages/circom-circuit/src/test.circom

@@ -0,0 +1,14 @@
+pragma circom 2.1.5;
+
+include "../../../node_modules/circomlib/circuits/sha256/sha256.circom";
+
+template hashTbs() {
+    signal input tbsInBits[10448];
+    signal output hashedTbs[256];
+
+    component sha256 = Sha256(10448);
+    sha256.in <== tbsInBits;
+    hashedTbs <== sha256.out;
+}
+
+component main = hashTbs();

packages/circom-circuit/src/verify-gov-sig.circom

@@ -0,0 +1,147 @@
+pragma circom 2.1.5;
+
+include "../../../node_modules/circomlib/circuits/poseidon.circom";
+include "./helpers/rsa.circom";
+include "../../../node_modules/circomlib/circuits/bitify.circom";
+include "../../../node_modules/circomlib/circuits/sha256/sha256.circom";
+
+// Create a public hashed value from user secret and modulus
+template CalculateHash(k) {
+    signal input modulus[k];
+    signal input userSecret;
+    component poseidon = Poseidon(k-1);
+    component poseidon2 = Poseidon(3);
+
+    for (var i = 0; i < k-1; i++) {
+        poseidon.inputs[i] <== modulus[i];
+    }
+    poseidon2.inputs[0] <== poseidon.out;
+    poseidon2.inputs[1] <== modulus[k-1];
+    poseidon2.inputs[2] <== userSecret;
+
+    signal output out <== poseidon2.out;
+}
+
+template VerifyInclusion() {
+    signal input tbsCert[1600];
+    signal input modulus[17];
+
+    component num2Bits0[256];
+    var pubKeyInSepBits[256][8];
+    var pubKeyInBits[2048];
+    for (var i = 0; i < 256; i++) {
+        num2Bits0[i] = Num2Bits(8);
+        num2Bits0[i].in <== tbsCert[281 + i];
+        pubKeyInSepBits[i] = num2Bits0[i].out;
+    }
+    for (var i = 0; i < 256; i++) {
+        for (var j = 0; j < 8; j++) {
+            pubKeyInBits[i * 8 + j] = pubKeyInSepBits[i][7 - j];
+        }
+    }
+
+    var b[17][121];
+
+    for (var i = 0; i < 16; i++) {
+        for (var j = 0; j < 121; j++) {
+            b[i][j] = pubKeyInBits[2047 - i * 121 - j];
+        }
+    }
+    for (var i = 0; i < 112 ; i++) {
+        b[16][i] = pubKeyInBits[111 - i];
+    }
+
+    component bits2Num[17];
+    var num[17];
+    for (var i = 0; i < 17; i++) {
+        bits2Num[i] = Bits2Num(121);
+        bits2Num[i].in <== b[i];
+        num[i] = bits2Num[i].out;
+    }
+
+    for (var i = 0; i < 17; i++) {
+        num[i] === modulus[i];
+    }
+}
+
+template HashTbs() {
+    signal input tbsCert[1600];
+    signal output hashedTbsInNum[3];
+
+    component num2Bits[1306];
+
+    var tbsInSepBits[1306][8];
+    var tbsInBits[10448];
+    for (var i = 0; i < 1306; i++) {
+        num2Bits[i] = Num2Bits(8);
+        num2Bits[i].in <== tbsCert[4 + i];
+        tbsInSepBits[i] = num2Bits[i].out;
+    }
+    for (var i = 0; i < 1306; i++) {
+        for (var j = 0; j < 8; j++) {
+            tbsInBits[i * 8 + j] = tbsInSepBits[i][7 - j];
+        }
+    }
+
+    component sha256 = Sha256(10448);
+    sha256.in <== tbsInBits;
+    var hashedTbs[256] = sha256.out;
+
+    var intermediate[3][121];
+    for (var i = 0; i < 2; i++) {
+        for (var j = 0; j < 121; j++) {
+            intermediate[i][j] = hashedTbs[255 - i * 121 - j];
+        }
+    }
+    for(var i = 0; i < 14; i++) {
+        intermediate[2][i] = hashedTbs[13 - i];
+    }
+
+    component bits2Num2[3];
+    for (var i = 0; i < 3; i++) {
+        bits2Num2[i] = Bits2Num(121);
+        bits2Num2[i].in <== intermediate[i];
+        hashedTbsInNum[i] <== bits2Num2[i].out;
+    }
+}
+
+template MynaVerifyGovSig(n, k) {
+    assert(n * k > 2048); // constraints for 2048 bit RSA
+    assert(n < (255 \ 2)); // we want a multiplication to fit into a circom signal
+
+    signal input userSecret; // user secret
+    signal input modulus[k]; // rsa public key, verified with smart contract. split up into k parts of n bits each.
+    signal input govModulus[k];
+    signal input govSignature[k];
+    signal input tbsCert[1600];
+
+    var messageLength = (256 + n) \ n;
+
+    // // VERIFY MODULUS IS INCLUDED IN TBS CERT
+    component verifyInclusion = VerifyInclusion();
+    verifyInclusion.tbsCert <== tbsCert;
+    verifyInclusion.modulus <== modulus;
+
+    // // // HASH TBS CERT
+    component hashTbs = HashTbs();
+    hashTbs.tbsCert <== tbsCert;
+
+    // // RSA VERIFICATION FOR TBS CERT
+    component rsa2 = RSAVerify65537(n, k);
+    rsa2.modulus <== govModulus;
+    rsa2.signature <== govSignature;
+    for (var i = 0; i < messageLength; i++) {
+        rsa2.base_message[i] <== hashTbs.hashedTbsInNum[i];
+    }
+    for (var i = messageLength; i < k; i++) {
+        rsa2.base_message[i] <== 0;
+    }
+
+    // CALsCULATE NULLIFIER:
+    component calculateHash = CalculateHash(k);
+    calculateHash.modulus <== modulus;
+    calculateHash.userSecret <== userSecret;
+    signal output hashed <== calculateHash.out; // poseidon(modulus, userSecret);
+}
+
+component main { public [ govModulus, govSignature ] } = MynaVerifyGovSig(121, 17);

packages/circom-circuits/src/mynawallet.circom → packages/circom-circuit/src/verify-user-sig.circom

@@ -2,6 +2,8 @@ pragma circom 2.1.5;
 
 include "../../../node_modules/circomlib/circuits/poseidon.circom";
 include "./helpers/rsa.circom";
+include "../../../node_modules/circomlib/circuits/bitify.circom";
+include "../../../node_modules/circomlib/circuits/sha256/sha256.circom";
 
 // Create a public hashed value from user secret and modulus
 template CalculateHash(k) {
@@ -20,7 +22,7 @@ template CalculateHash(k) {
     signal output out <== poseidon2.out;
 }
 
-template MynaWalletVerify(n, k) {
+template MynaVerifyUserSig(n, k) {
     assert(n * k > 2048); // constraints for 2048 bit RSA
     assert(n < (255 \ 2)); // we want a multiplication to fit into a circom signal
 
@@ -42,13 +44,11 @@ template MynaWalletVerify(n, k) {
         rsa.base_message[i] <== 0;
     }
 
-    // VERIFY MODULUS IS INCLUDED IN TBS CERT
-
-    // TODO VERIFY RSA SIGNATURE FROM GOVERNMENT
-
-    // CALCULATE NULLIFIER:
+    // CALsCULATE NULLIFIER:
     component calculateHash = CalculateHash(k);
     calculateHash.modulus <== modulus;
     calculateHash.userSecret <== userSecret;
     signal output hashed <== calculateHash.out; // poseidon(modulus, userSecret);
 }
+
+component main { public [ sha256HashedMessage ] } = MynaVerifyUserSig(121, 17);