RSA Verification
We have covered all of the RSA passports with our approach.
Implicit Variance
First is the key size. For exponention, this changes how many proofs will it take. 2048 does it in one circuit, while 4096 requires two.
The second is the padding scheme of the signature, we support two: PSS and PKCSv1.5.
The last variation is an incidental one, the SHA variant used in the previous stage.
Right now, the implementation covers:
| 2048 | 3072 | 4096 | 6144 | |
|---|---|---|---|---|
| sha-224 | ||||
| sha-256 | pss@local | |||
| sha-384 | ||||
| sha-512 | pkcs@master |
Covering all of the variants is trivial.
Implementation Details
We have a custom variable-size BigInt implementation that focuses on efficient exponentiation.
First we do exponentiation in one or more circuits.
Then, we do PSS or PKCS padding (depending on the document) and verification in an additional circuit.
The right output is either Poseidon-digest of uncompressed pubkey or in-circuit pubkey, depending on if its local or master verification.