add nat spec to rsa related circom files

2026-04-05 03:00:53 -04:00 · 2025-01-15 20:02:59 +09:00
parent 0b14455f93
commit a9d82f552c
3 changed files with 39 additions and 16 deletions
--- a/circuits/circuits/utils/circomlib/signature/rsa/pkcs1v1_5Padding.circom
+++ b/circuits/circuits/utils/circomlib/signature/rsa/pkcs1v1_5Padding.circom
@@ -6,11 +6,20 @@ include "circomlib/circuits/bitify.circom";
 // 0x00 || 0x01 || PS || 0x00 || OID || Hash
 // PS is a sequence of 0xFF bytes that is padded so that the data to be signed matches the length of the key.
 // OID is the object identifier for the hash function used.
-// For SHA1,   the OID is 0x3021300906052b0e03021a05000414 and the size is 120
-// For SHA256, the OID is 0x3031300d060960864801650304020105000420 and the size is 152
-// For SHA384, the OID is 0x3041300d060960864801650304020205000430 and the size is 152
-// For SHA512, the OID is 0x3051300d060960864801650304020305000440 and the size is 152
+// For SHA1,   the OID is 0x3021300906052b0e03021a05000414
+// For SHA256, the OID is 0x3031300d060960864801650304020105000420
+// For SHA384, the OID is 0x3041300d060960864801650304020205000430
+// For SHA512, the OID is 0x3051300d060960864801650304020305000440

+/// @title Pkcs1v1_5Padding
+/// @notice Verify PKCS#1 v1.5 padding scheme for RSA signatures
+/// @dev Pads the message according to PKCS#1 v1.5 and verifies the padding
+/// @param CHUNK_SIZE Number of bits per chunk
+/// @param CHUNK_NUMBER Number of chunks the message is split into
+/// @param HASH_SIZE Size of the hash in bits (160 for SHA1, 256 for SHA256, 384 for SHA384, 512 for SHA512)
+/// @input modulus The RSA modulus split into chunks
+/// @input message The message hash to be padded
+/// @output out The padded message split into chunks
 template Pkcs1v1_5Padding(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE) {
    signal input modulus[CHUNK_NUMBER];
    signal input message[CHUNK_NUMBER];
@@ -88,6 +97,10 @@ template Pkcs1v1_5Padding(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE) {
    }
 }

+/// @title getOID
+/// @notice Returns the OID (Object Identifier) for the specified hash function
+/// @param HASH_SIZE Size of the hash function in bits
+/// @return The OID value as a hex number
 function getOID(HASH_SIZE) {
    if (HASH_SIZE == 160) {
        return 0x3021300906052b0e03021a05000414;
@@ -104,6 +117,10 @@ function getOID(HASH_SIZE) {
    return 0;
 }

+/// @title getOIDSize
+/// @notice Returns the size of the OID for the specified hash function
+/// @param HASH_SIZE Size of the hash function in bits
+/// @return The size of the OID in bits
 function getOIDSize(HASH_SIZE) {
    if (HASH_SIZE == 160) {
        return 120;
--- a/circuits/circuits/utils/circomlib/signature/rsa/verifyRsa3Pkcs1v1_5.circom
+++ b/circuits/circuits/utils/circomlib/signature/rsa/verifyRsa3Pkcs1v1_5.circom
@@ -4,12 +4,15 @@ include "@zk-email/circuits/lib/fp.circom";
 include "./pkcs1v1_5Padding.circom";
 include "../FpPowMod.circom";

-// For 2048bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 32
-// For 3072bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 48
-// For 4096bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 64
-
-// HASH_SIZE is the size of the hash in bits
-
+/// @title VerifyRsa3Pkcs1v1_5
+/// @notice Verifies RSA signatures with exponent 3 using PKCS#1 v1.5 padding
+/// @dev Supports RSA key sizes of 2048, 3072, and 4096 bits
+/// @param CHUNK_SIZE Number of bits per chunk (typically 64)
+/// @param CHUNK_NUMBER Number of chunks (32 for 2048-bit RSA, 48 for 3072-bit, 64 for 4096-bit)
+/// @param HASH_SIZE Size of the hash in bits (160 for SHA1, 256 for SHA256, 384 for SHA384 and 512 for SHA512)
+/// @input signature The RSA signature split into chunks
+/// @input modulus The RSA modulus split into chunks
+/// @input message The message hash to verify
 template VerifyRsa3Pkcs1v1_5(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE) {
    signal input signature[CHUNK_NUMBER];
    signal input modulus[CHUNK_NUMBER];
--- a/circuits/circuits/utils/circomlib/signature/rsa/verifyRsa65537Pkcs1v1_5.circom
+++ b/circuits/circuits/utils/circomlib/signature/rsa/verifyRsa65537Pkcs1v1_5.circom
@@ -4,12 +4,15 @@ include "@zk-email/circuits/lib/fp.circom";
 include "./pkcs1v1_5Padding.circom";
 include "../FpPowMod.circom";

-// For 2048bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 32
-// For 3072bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 48
-// For 4096bits RSA, CHUNK_SIZE = 64, CHUNK_NUMBER = 64
-
-// HASH_SIZE is the size of the hash in bits
-
+/// @title VerifyRsa65537Pkcs1v1_5
+/// @notice Verifies RSA signatures with exponent 65537 using PKCS#1 v1.5 padding
+/// @dev Supports RSA key sizes of 2048, 3072, and 4096 bits
+/// @param CHUNK_SIZE Number of bits per chunk (typically 64)
+/// @param CHUNK_NUMBER Number of chunks (32 for 2048-bit RSA, 48 for 3072-bit, 64 for 4096-bit)
+/// @param HASH_SIZE Size of the hash in bits (160 for SHA1, 256 for SHA256, 384 for SHA384 and 512 for SHA512)
+/// @input signature The RSA signature split into chunks
+/// @input modulus The RSA modulus split into chunks
+/// @input message The message hash to verify
 template VerifyRsa65537Pkcs1v1_5(CHUNK_SIZE, CHUNK_NUMBER, HASH_SIZE) {
    signal input signature[CHUNK_NUMBER];
    signal input modulus[CHUNK_NUMBER];