feat(backend): Use Schnorr signatures for signed PODs

Cargo.toml

@@ -24,6 +24,10 @@ serde = "1.0.219"
 serde_json = "1.0.140"
 base64 = "0.22.1"
 schemars = "0.8.22"
+num = { version = "0.4.3", features = ["num-bigint"] }
+num-bigint = { version = "0.4.6", features = ["rand"] }
+# num-bigint 0.4 requires rand 0.8
+rand = "0.8.5"
 hashbrown = { version = "0.14.3", default-features = false, features = ["serde"] }
 
 # Uncomment for debugging with https://github.com/ed255/plonky2/ at branch `feat/debug`.  The repo directory needs to be checked out next to the pod2 repo directory.

src/backends/plonky2/circuits/mainpod.rs

@@ -2965,7 +2965,7 @@ mod tests {
 
         // Input
         let statements = statements
-            .into_iter()
+            .iter()
             .map(|st| {
                 let mut st = mainpod::Statement::from(st.clone());
                 pad_statement(params, &mut st);

src/backends/plonky2/circuits/signedpod.rs

@@ -18,7 +18,7 @@ use crate::{
             merkletree::{
                 MerkleClaimAndProof, MerkleProofExistenceGadget, MerkleProofExistenceTarget,
             },
-            signature::{PublicKey, SignatureVerifyGadget, SignatureVerifyTarget},
+            signature::{SignatureVerifyGadget, SignatureVerifyTarget},
         },
         signedpod::SignedPod,
     },
@@ -58,11 +58,12 @@ impl SignedPodVerifyGadget {
         // 3.a. Verify signature
         let signature = SignatureVerifyGadget {}.eval(builder)?;
 
-        // 3.b. Verify signer (ie. signature.pk == merkletree.signer_leaf)
+        // 3.b. Verify signer (ie. hash(signature.pk) == merkletree.signer_leaf)
         let signer_mt_proof = &mt_proofs[1];
         let key_signer = builder.constant_value(Key::from(KEY_SIGNER).raw());
+        let pk_hash = signature.pk.to_value(builder);
         builder.connect_values(signer_mt_proof.key, key_signer);
-        builder.connect_values(signer_mt_proof.value, signature.pk);
+        builder.connect_values(signer_mt_proof.value, pk_hash);
 
         // 3.c. connect signed message to pod.id
         builder.connect_values(ValueTarget::from_slice(&id.elements), signature.msg);
@@ -130,19 +131,17 @@ impl SignedPodVerifyTarget {
         // add proof verification of KEY_TYPE & KEY_SIGNER leaves
         let key_type_key = Key::from(KEY_TYPE);
         let key_signer_key = Key::from(KEY_SIGNER);
-        let key_signer_value = [&key_type_key, &key_signer_key]
+        [&key_type_key, &key_signer_key]
             .iter()
             .enumerate()
-            .map(|(i, k)| {
+            .try_for_each(|(i, k)| {
                 let (v, proof) = pod.dict.prove(k)?;
                 self.mt_proofs[i].set_targets(
                     pw,
                     true,
                     &MerkleClaimAndProof::new(pod.dict.commitment(), k.raw(), Some(v.raw()), proof),
-                )?;
-                Ok(v)
-            })
-            .collect::<Result<Vec<&Value>>>()?[1];
+                )
+            })?;
 
         // add the verification of the rest of leaves
         let mut curr = 2; // since we already added key_type and key_signer
@@ -174,7 +173,7 @@ impl SignedPodVerifyTarget {
         }
 
         // get the signer pk
-        let pk = PublicKey(key_signer_value.raw());
+        let pk = pod.signer;
         // the msg signed is the pod.id
         let msg = RawValue::from(pod.id.0);
 
@@ -199,7 +198,7 @@ pub mod tests {
     use crate::{
         backends::plonky2::{
             basetypes::C,
-            primitives::signature::SecretKey,
+            primitives::ec::schnorr::SecretKey,
             signedpod::{SignedPod, Signer},
         },
         middleware::F,

src/backends/plonky2/error.rs

@@ -10,6 +10,8 @@ pub enum InnerError {
     IdNotEqual(PodId, PodId),
     #[error("type does not match, expected {0}, found {1}")]
     TypeNotEqual(PodType, Value),
+    #[error("signer public key does not match, expected {0}, found {1}")]
+    SignerNotEqual(Value, Value),
 
     // POD related
     #[error("invalid POD ID")]
@@ -90,4 +92,7 @@ impl Error {
     pub fn type_not_equal(expected: PodType, found: Value) -> Self {
         new!(TypeNotEqual(expected, found))
     }
+    pub(crate) fn signer_not_equal(expected: Value, found: Value) -> Self {
+        new!(SignerNotEqual(expected, found))
+    }
 }

src/backends/plonky2/mainpod/mod.rs

@@ -15,14 +15,12 @@ pub use statement::*;
 use crate::{
     backends::plonky2::{
         basetypes::{Proof, ProofWithPublicInputs, VerifierOnlyCircuitData, D},
-        circuits::mainpod::{
-            CustomPredicateVerification, MainPodVerifyInput, MainPodVerifyTarget, NUM_PUBLIC_INPUTS,
-        },
+        circuits::mainpod::{CustomPredicateVerification, MainPodVerifyInput, MainPodVerifyTarget},
         emptypod::EmptyPod,
         error::{Error, Result},
         mock::emptypod::MockEmptyPod,
         primitives::merkletree::MerkleClaimAndProof,
-        recursion::{self, RecursiveCircuit, RecursiveParams},
+        recursion::{RecursiveCircuit, RecursiveParams},
         signedpod::SignedPod,
         STANDARD_REC_MAIN_POD_CIRCUIT_DATA,
     },
@@ -550,12 +548,14 @@ pub struct MainPod {
 fn get_common_data(params: &Params) -> Result<CommonCircuitData<F, D>, Error> {
     // TODO: Cache this somehow
     // https://github.com/0xPARC/pod2/issues/247
-    let rec_params = recursion::new_params::<MainPodVerifyTarget>(
-        params.max_input_recursive_pods,
-        NUM_PUBLIC_INPUTS,
-        params,
-    )?;
-    Ok(rec_params.common_data().clone())
+    let rec_circuit_data = &*STANDARD_REC_MAIN_POD_CIRCUIT_DATA;
+    let (_, circuit_data) =
+        RecursiveCircuit::<MainPodVerifyTarget>::target_and_circuit_data_padded(
+            params.max_input_recursive_pods,
+            &rec_circuit_data.common,
+            params,
+        )?;
+    Ok(circuit_data.common.clone())
 }
 
 impl MainPod {
@@ -682,11 +682,13 @@ impl RecursivePod for MainPod {
 
 #[cfg(test)]
 pub mod tests {
+    use num::{BigUint, One};
+
     use super::*;
     use crate::{
         backends::plonky2::{
             mock::mainpod::{MockMainPod, MockProver},
-            primitives::signature::SecretKey,
+            primitives::ec::schnorr::SecretKey,
             signedpod::Signer,
         },
         examples::{
@@ -698,7 +700,7 @@ pub mod tests {
             {self},
         },
         middleware,
-        middleware::{CustomPredicateRef, NativePredicate as NP, RawValue},
+        middleware::{CustomPredicateRef, NativePredicate as NP},
         op,
     };
 
@@ -716,11 +718,11 @@ pub mod tests {
 
         let (gov_id_builder, pay_stub_builder, sanction_list_builder) =
             zu_kyc_sign_pod_builders(&params);
-        let mut signer = Signer(SecretKey(RawValue::from(1)));
+        let mut signer = Signer(SecretKey(BigUint::one()));
         let gov_id_pod = gov_id_builder.sign(&mut signer)?;
-        let mut signer = Signer(SecretKey(RawValue::from(2)));
+        let mut signer = Signer(SecretKey(2u64.into()));
         let pay_stub_pod = pay_stub_builder.sign(&mut signer)?;
-        let mut signer = Signer(SecretKey(RawValue::from(3)));
+        let mut signer = Signer(SecretKey(3u64.into()));
         let sanction_list_pod = sanction_list_builder.sign(&mut signer)?;
         let kyc_builder =
             zu_kyc_pod_builder(&params, &gov_id_pod, &pay_stub_pod, &sanction_list_pod)?;
@@ -749,7 +751,7 @@ pub mod tests {
         gov_id_builder.insert("idNumber", "4242424242");
         gov_id_builder.insert("dateOfBirth", 1169909384);
         gov_id_builder.insert("socialSecurityNumber", "G2121210");
-        let mut signer = Signer(SecretKey(RawValue::from(42)));
+        let mut signer = Signer(SecretKey(42u64.into()));
         let gov_id = gov_id_builder.sign(&mut signer).unwrap();
         let now_minus_18y: i64 = 1169909388;
         let mut kyc_builder = frontend::MainPodBuilder::new(&params);
@@ -831,24 +833,23 @@ pub mod tests {
         };
         println!("{:#?}", params);
 
-        let mut alice = Signer(SecretKey(RawValue::from(1)));
-        let bob = Signer(SecretKey(RawValue::from(2)));
-        let mut charlie = Signer(SecretKey(RawValue::from(3)));
+        let mut alice = Signer(SecretKey(1u32.into()));
+        let bob = Signer(SecretKey(2u32.into()));
+        let mut charlie = Signer(SecretKey(3u32.into()));
 
         // Alice attests that she is ETH friends with Charlie and Charlie
         // attests that he is ETH friends with Bob.
         let alice_attestation =
-            eth_friend_signed_pod_builder(&params, charlie.public_key().0.into())
-                .sign(&mut alice)?;
+            eth_friend_signed_pod_builder(&params, charlie.public_key().into()).sign(&mut alice)?;
         let charlie_attestation =
-            eth_friend_signed_pod_builder(&params, bob.public_key().0.into()).sign(&mut charlie)?;
+            eth_friend_signed_pod_builder(&params, bob.public_key().into()).sign(&mut charlie)?;
 
         let alice_bob_ethdos_builder = eth_dos_pod_builder(
             &params,
             false,
             &alice_attestation,
             &charlie_attestation,
-            bob.public_key().0.into(),
+            bob.public_key().into(),
         )?;
 
         let mut prover = MockProver {};