Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/personaelabs/spartan-ecdsa
The fastest in-browser verification of ECDSA signatures in ZK, using Spartan on the secq256k1 curve
https://github.com/personaelabs/spartan-ecdsa
Last synced: 2 months ago
JSON representation
The fastest in-browser verification of ECDSA signatures in ZK, using Spartan on the secq256k1 curve
- Host: GitHub
- URL: https://github.com/personaelabs/spartan-ecdsa
- Owner: personaelabs
- Created: 2022-12-11T13:57:08.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-05T22:12:44.000Z (10 months ago)
- Last Synced: 2024-05-05T09:35:27.590Z (5 months ago)
- Language: Rust
- Homepage:
- Size: 31.3 MB
- Stars: 185
- Watchers: 5
- Forks: 24
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Spartan-ecdsa
Spartan-ecdsa (which to our knowledge) is the fastest open-source method to verify ECDSA (secp256k1) signatures in zero-knowledge. It can prove ECDSA group membership 10 times faster than [efficient-zk-ecdsa](https://github.com/personaelabs/efficient-zk-ecdsa), our previous implementation of fast ECDSA signature proving. Please refer to [this blog post](https://personaelabs.org/posts/spartan-ecdsa/) for further information.
## Constraint breakdown
spartan-ecdsa achieves the phenomenal result of **hashing becoming the bottleneck instead of ECC operations** for the `pubkey_membership.circom` circuit. In particular, there are **3,039** constraints for efficient ECDSA signature verification, and **5,037** constraints for a depth 20 merkle tree membership check + 1 Poseidon hash of the ECDSA public key. The drop from the original 1.5 million constraints of [circom-ecdsa](https://github.com/0xPARC/circom-ecdsa) comes primarily from doing right-field arithmetic with secq and avoiding SNARK-unfriendly range checks and big integer math.
We also use [efficient ECDSA signatures](https://personaelabs.org/posts/efficient-ecdsa-1/) instead of standard ECDSA siagnatures to save an additional **14,505** constraints. To review, the standard ECDSA signature consists of $(r, s)$ for a public key $Q_a$ and message $m$, where $r$ is the x-coordinate of a random elliptic curve point $R$. Standard ECDSA signature verification checks if
```math
R == m s ^{-1} * G + r s ^{-1} * Q_a
```where $G$ is the generator point of the curve. The efficient ECDSA signature consists of $s$ as well as $T = r^{-1} * R$ and $U = -r^{-1} * m * G$, which can both be computed outside of the SNARK without breaking correctness. Efficient ECDSA signature verification checks if
```math
s * T + U == Q_a
```Thus, verifying a standard ECDSA signature instead of the efficient ECDSA signature requires (1) computing $s^{-1}$, $r \* s^{-1}$, $m \* s^{-1}$, and (2) an extra ECC scalar multiply to compute $m s ^{-1} * G$. The former computations happen in the scalar field of secp, which is unequal to the scalar field of secq, and so we incur 11,494 additional constraints for the wrong-field math. The latter can use the `Secp256k1Mul` subroutine and incurs 3,011 additional constraints.
## Benchmarks
Proving membership to a group of ECDSA public keys
| Benchmark | # |
| :--------------------------: | :---: |
| Constraints | 8,076 |
| Proving time in browser | 4s |
| Proving time in Node.js | 2s |
| Verification time in browser | 1s |
| Verification time in Node.js | 300ms |
| Proof size | 16kb |- Measured on a M1 MacBook Pro with 80Mbps internet speed.
- Both proving and verification time in browser includes the time to download the circuit.## Disclaimers
- Spartan-ecdsa is unaudited. Please use it at your own risk.
- Usage on mobile browsers isn’t currently supported.## Install
```jsx
yarn add @personaelabs/spartan-ecdsa
```## Development
### Node.js
v18 or later
### Build
1. Install Circom with secq256k1 support```
git clone https://github.com/DanTehrani/circom-secq
cd circom-secq && cargo build --release && cargo install --path circom
```2. Install [wasm-pack](https://rustwasm.github.io/wasm-pack/installer/)
4. Install dependencies & Build all packages
```jsx
yarn && yarn build
```