This library contains an implementation of a RSA signature verify for the Noir language. RSA is one of the most widely used digital signature schemes in Web2 applications, such as DKIM email verification, TLS, message encryption etc
The repo contains 2 crates and 1 example circuit:
- rsa-biguint - Fork of shuklaayush's Noir BigInt with additional functionality
- rsa - RSA signature verification library
- dkim - DKIM email verification circuit
Fork of Noir BigInt (commit: cfd409b) with the following updates:
- Updated constants for a max 2048 bit RSA. The BigInt lib only supports 5 limbs
- Added mulmod and powmod functions
- Use unconstrained division for powmod
Currently, Noir RSA supports pkcs1v15, sha256, max RSA modulus of 2048 bits and a max exponent value of 17 bits. Typical RSA modulus sizes are 512, 1024 and 2048 bits. And typically, 65537 is used as the public exponent (which is <2^17).
Verifies a email DKIM signature which signs an email header. The email header comprises of fields such as From, To, Subject and bh (hash of the email body encoded in base64). The circuit does the following:
- Decodes the base64 body hash
- Hash email body (in bytes) using sha256
- Compares the hash of the email body with the decoded base64 body hash
- Hash email header (in bytes) using sha256
- Verifies the RSA signature matches the public key and the hash of the email header
In your Nargo.toml file, add the following dependency:
[dependencies]
noir-rsa = { tag = "main", git = "https://github.com/SetProtocol/noir-rsa" }
The package names of the respective crates are:
- RSA:
rsa - RSA BigUint:
biguint - DKIM example:
dkim
Replace <PACKAGE> in the following commands with the name of the package you would like to run.
At project root, run:
nargo test --package <PACKAGE> --show-output
At project root, run:
nargo prove --package dkim
NOTE: The main branch only allows RSA bits up to 1024. This is due to proving time being significantly slower if you increase the BigInt limbs to support 2048 bit RSA. Currently proving time for 1024 bits takes ~45 min for the DKIM example. If you need to use a 2048 bit RSA, we support it in the richard/2048-rsa branch
TODO
TODO
+---------+------------------------+--------------+----------------------+
| Package | Language | ACIR Opcodes | Backend Circuit Size |
+---------+------------------------+--------------+----------------------+
| dkim | PLONKCSat { width: 3 } | 1651288 | 3051532 |
+---------+------------------------+--------------+----------------------+
On M2 Macbook Air, using Nargo nightly (3140468):
Running tests take approximately 5 mins:
% time nargo test --package dkim
nargo test 301.44s user 2.98s system 99% cpu 5:06.78 total
Compiling takes approximately 27 mins:
% time nargo compile --package dkim
nargo compile --package dkim 1613.97s user 9.46s system 97% cpu 27:51.45 total
Executing for witness takes approximately 25 mins:
% time nargo execute witness --package dkim
nargo execute witness --package dkim 1473.00s user 6.01s system 90% cpu 27:10.01 total
Executing + proving (as nargo prove always re-executes for witness) takes approximately 40 mins:
% time nargo prove --package dkim
nargo prove --package dkim 2399.91s user 95.40s system 140% cpu 29:39.19 total
NOTE: nargo prove includes program compilation if compiled artifacts do not already exist, where subsequent runs without program modifications would make use of the cached artifacts.
TODO
This is experimental software and is provided on an "as is" and "as available" basis. We do not give any warranties and will not be liable for any losses incurred through any use of this code base.