github-mig/ZoKrates
github-mig/ZoKrates
1
0
Fork 0
mirror of synced 2025-09-23 12:18:44 +00:00
Code Issues Projects Releases Wiki Activity
ZoKrates/zokrates_stdlib/stdlib/signatures/verifyEddsa.code
sdeml 133919b77e update docs
2019-03-15 19:13:40 +01:00

31 lines
1.2 KiB
Text
Raw Blame History

import "hashes/sha256/1024bitPadded.code" as sha256
import "ecc/edwardsScalarMult.code" as scalarMult
import "ecc/edwardsAdd.code" as add
import "utils/pack/unpack256.code" as unpack256
import "ecc/edwardsOnCurve.code" as onCurve
import "ecc/edwardsOrderCheck.code" as orderCheck
// Return true for a valid EdDSA Signature, false otherwise
// Curve parameters are defined with the last argument
def main(private field[2] R, private field S, field[2] A, field[256] M0, field[256] M1, field[10] context) -> (field):
field[2] G = [context[4], context[5]]
// Check if R is on curve and in prime-order sub-group. A is public input and can be checked offline
field isOnCurve = onCurve(R, context) // throws if R is not on curve
field isPrimeOrder = orderCheck(R, context)
1 == isPrimeOrder
field[256] Rx = unpack256(R[0])
field[256] Ax = unpack256(A[0])
field[256] hRAM = sha256(Rx, Ax, M0, M1)
field[256] sBits = unpack256(S)
field[2] lhs = scalarMult(sBits, G, context)
field[2] AhRAM = scalarMult(hRAM, A, context)
field[2] rhs = add(R, AhRAM, context)
field out = if rhs[0] == lhs[0] && rhs[1] == lhs[1] then 1 else 0 fi
return out
Reference in a new issue View git blame Copy permalink