Skip to content
This repository was archived by the owner on Apr 18, 2025. It is now read-only.

Commit 0fd1512

Browse files
DreamWuGitDreamWuGit
committed
add verify sig helper
1 parent 9e63de1 commit 0fd1512

File tree

1 file changed

+51
-0
lines changed

1 file changed

+51
-0
lines changed

eth-types/src/sign_types.rs

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,22 +50,73 @@ pub fn sign<
5050
) -> (Fq, Fq, u8) {
5151
let randomness_inv = Option::<Fq>::from(randomness.invert()).expect("cannot invert randomness");
5252
let generator = Affine::generator();
53+
// generator is indeed for r1 if call with r1 type.
54+
5355
let sig_point = generator * randomness;
5456
let sig_v: bool = sig_point.to_affine().into_coordinates().1.is_odd().into();
5557

5658
let x = *Option::<Coordinates<_>>::from(sig_point.to_affine().coordinates())
5759
.expect("point is the identity")
5860
.x();
5961

62+
println!("x_Fp {:?}", x);
63+
println!("Fq modulus {:?}", Fq::MODULUS);
64+
println!("x.repr {:?}", x.to_repr());
65+
6066
let mut x_bytes = [0u8; 64];
6167
x_bytes[..32].copy_from_slice(&x.to_repr());
6268

6369
let sig_r = Fq::from_uniform_bytes(&x_bytes); // get x cordinate (E::Base) on E::Scalar
6470

6571
let sig_s = randomness_inv * (msg_hash + sig_r * sk);
72+
73+
println!("sig_point {:?}", sig_point.to_affine());
74+
println!("sig_r {:?}", sig_r);
75+
println!("sig_s {:?}", sig_s);
76+
6677
(sig_r, sig_s, u8::from(sig_v))
6778
}
6879

80+
/// Do a secp256k1 or secp256r1 signature verification with a given pub key.
81+
/// Refers to https://github.com/scroll-tech/halo2curves/blob/v0.1.0/src/secp256k1/curve.rs
82+
/// and https://github.com/scroll-tech/halo2curves/blob/v0.1.0/src/secp256r1/curve.rs
83+
pub fn verify<
84+
Fp: PrimeField<Repr = [u8; 32]>,
85+
Fq: PrimeField + FromUniformBytes<64>,
86+
Affine: CurveAffine<ScalarExt = Fq, Base = Fp> + std::ops::Mul<Fq> + CurveAffineExt,
87+
>(
88+
pub_key: Affine,
89+
r: Fq,
90+
s: Fq,
91+
msg_hash: Fq,
92+
// if pubkey is not recovered , v is not neccessary.
93+
v: Option<bool>,
94+
) -> bool {
95+
// Verify
96+
let s_inv = s.invert().unwrap();
97+
let u_1 = msg_hash * s_inv;
98+
let u_2 = r * s_inv;
99+
100+
let g = Affine::generator();
101+
let v_1 = g * u_1;
102+
let v_2 = pub_key * u_2;
103+
104+
let r_point = (v_1 + v_2).to_affine().coordinates().unwrap();
105+
let x_candidate = r_point.x();
106+
let r_candidate = mod_n(*x_candidate);
107+
108+
r == r_candidate
109+
}
110+
111+
// convert Fp to Fq
112+
fn mod_n<Fp: PrimeField<Repr = [u8; 32]>, Fq: PrimeField + FromUniformBytes<64>>(x: Fp) -> Fq {
113+
let mut x_repr = [0u8; 32];
114+
x_repr.copy_from_slice(x.to_repr().as_ref());
115+
let mut x_bytes = [0u8; 64];
116+
x_bytes[..32].copy_from_slice(&x_repr[..]);
117+
Fq::from_uniform_bytes(&x_bytes)
118+
}
119+
69120
/// Signature data required by the SignVerify Chip as input to verify a
70121
/// signature.
71122
#[derive(Clone, Debug)]

0 commit comments

Comments
 (0)