Skip to content
/ sigpop Public
forked from pag-crypto/sigpop

Code for "Efficient Proofs of Possession for Legacy Signatures", by Woo et al., IEEE S&P 2025

License

View license
0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

psycho-virtual/sigpop

BranchesTags
 
 

Repository files navigation

Sig-PoP

This repository contains implementations of proofs of posession for ECDSA, Ed25519, RSA, as well as standalone implementations of SHA512 and SHA256.

For more information, see our paper.

Examples

SHA256 (|m| = 2KB)

cargo run --release --example circ -- zok_src/test/hashes/sha256/test_sha256_adv32.zok r1cs --action setup --proof-impl mirage
cargo run --release --example run_zk -- --compute sha256-adv --aux-input 32 --proof-impl mirage --action prove
cargo run --release --example run_zk -- --compute sha256-adv --aux-input 32 --proof-impl mirage --action verify

RSA-PKCS1v1.5 PoP (dynamic modulus, |m| = 64B)

cargo run --release --example circ -- zok_src/test/modexpon/test_rsa2048_w_hash_advanced1.zok  r1cs --action setup --proof-impl mirage
cargo run --release --example run_zk -- --compute verify-rsa-adv-whole --aux-input 1 --proof-impl mirage --action prove
cargo run --release --example run_zk -- --compute verify-rsa-adv-whole --aux-input 1 --proof-impl mirage --action verify

ECDSA-P256-SHA256 PoP, sidecar approach (|m| = 64B)

cargo run --release --example circ -- zok_src/test/ecdsa/advanced_incomplete/test_sigma_32_6_w_hash1.zok r1cs --action setup --proof-impl mirage
cargo run --release --example run_zk -- --compute verify-ecdsa-sigma-whole --aux-input 1 --proof-impl mirage --action prove
cargo run --release --example run_zk -- --compute verify-ecdsa-sigma-whole --aux-input 1 --proof-impl mirage --action verify

ECDSA-P256-SHA256 PoP, right field approach (|m| = 64B)

cargo run --release --example circ -- zok_src/test/ecdsa/Fp/test_naive_32_w_hash1.zok  r1cs --action setup --proof-impl dorian --pfcurve t256
cargo run --release --example run_zk -- --compute verify-ecdsa-right-whole --aux-input 1 --proof-impl dorian --pfcurve t256 --action prove
cargo run --release --example run_zk -- --compute verify-ecdsa-right-whole --aux-input 1 --proof-impl dorian --pfcurve t256 --action verify

Ed25519 PoP, sidecar approach (|m| = 64B)

cargo run --release --example circ -- zok_src/ed25519/unsafe_witness/sidecar/verify1.zok  r1cs --action setup --proof-impl mirage
cargo run --release --example run_zk -- --compute eddsa-sigma --aux-input 1 --proof-impl mirage --action prove
cargo run --release --example run_zk -- --compute eddsa-sigma --aux-input 1 --proof-impl mirage --action verify

Ed25519 PoP, right field approach (|m| = 64B)

cargo run --release --example circ -- zok_src/ed25519/right_field/verify1.zok r1cs --action setup --proof-impl dorian --pfcurve t25519
cargo run --release --example zk -- --inputs zok_src/ed25519/right_field/test_verify_64.zok.pin --action prove --proof-impl dorian --pfcurve t25519
cargo run --release --example zk -- --inputs zok_src/ed25519/right_field/test_verify_64.zok.vin --action verify --proof-impl dorian --pfcurve t25519

Profiling ECDSA Ring (Ring Size = $2^1$, $2^2$, ..., $2^{14}$)

bash scripts/ecdsa_ring.sh # Results are written to ecdsa_ring_<current date>.csv

NOTES:

Currently both the SHA256 and SHA512 implementations are restricted to certain message lengths. They each essentially currently require that the length of the message in bytes is a multiple of 4 and 8 respectively. Consequently, our proofs of posession have the same restriction at present. We plan on fixing this soon.

About

Code for "Efficient Proofs of Possession for Legacy Signatures", by Woo et al., IEEE S&P 2025

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 95.7%
  • Python 2.4%
  • Perl 1.7%
  • Other 0.2%