Skip to content

Commit 00d2c32

Browse files
feat: Add eddsa_poseidon_to_pub function to stdlib with test + docs (#4473)
# Description ## Problem\* Gives a source of truth for deriving public keys for EdDSA signatures, e.g. for testing. ## Summary\* Adds this function: ```rust fn eddsa_poseidon_to_pub(secret: Field) -> (Field, Field) ``` ## Additional Context ## Documentation\* Check one: - [ ] No documentation needed. - [x] Documentation included in this PR. - [ ] **[Exceptional Case]** Documentation to be submitted in a separate PR. # PR Checklist\* - [x] I have tested the changes locally. - [x] I have formatted the changes with [Prettier](https://prettier.io/) and/or `cargo fmt` on default settings. --------- Co-authored-by: kevaundray <kevtheappdev@gmail.com>
1 parent 86a0029 commit 00d2c32

File tree

3 files changed

+26
-2
lines changed
  • docs/docs/noir/standard_library/cryptographic_primitives
  • noir_stdlib/src
  • test_programs/execution_success/eddsa/src

3 files changed

+26
-2
lines changed

docs/docs/noir/standard_library/cryptographic_primitives/eddsa.mdx

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,14 @@ fn eddsa_poseidon_verify(public_key_x : Field, public_key_y : Field, signature_s
1616
```
1717

1818
<BlackBoxInfo />
19+
20+
## eddsa::eddsa_to_pub
21+
22+
Private to public key conversion.
23+
24+
Returns `(pub_key_x, pub_key_y)`
25+
26+
```rust
27+
fn eddsa_to_pub(secret : Field) -> (Field, Field)
28+
```
29+

noir_stdlib/src/eddsa.nr

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,10 @@ pub fn eddsa_poseidon_verify(
3838

3939
left.eq(right)
4040
}
41+
42+
// Returns the public key of the given secret key as (pub_key_x, pub_key_y)
43+
pub fn eddsa_to_pub(secret: Field) -> (Field, Field) {
44+
let bjj = baby_jubjub();
45+
let pub_key = bjj.curve.mul(secret, bjj.curve.gen);
46+
(pub_key.x, pub_key.y)
47+
}

test_programs/execution_success/eddsa/src/main.nr

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,20 @@
11
use dep::std::compat;
22
use dep::std::ec::consts::te::baby_jubjub;
3+
use dep::std::ec::tecurve::affine::Point as TEPoint;
34
use dep::std::hash;
4-
use dep::std::eddsa::eddsa_poseidon_verify;
5+
use dep::std::eddsa::{eddsa_to_pub, eddsa_poseidon_verify};
6+
57
fn main(msg: pub Field, _priv_key_a: Field, _priv_key_b: Field) {
68
// Skip this test for non-bn254 backends
79
if compat::is_bn254() {
810
let bjj = baby_jubjub();
911

1012
let pub_key_a = bjj.curve.mul(_priv_key_a, bjj.curve.gen);
11-
// let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen);
13+
let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen);
14+
let (pub_key_a_x, pub_key_a_y) = eddsa_to_pub(_priv_key_a);
15+
let (pub_key_b_x, pub_key_b_y) = eddsa_to_pub(_priv_key_b);
16+
assert(TEPoint::new(pub_key_a_x, pub_key_a_y) == pub_key_a);
17+
assert(TEPoint::new(pub_key_b_x, pub_key_b_y) == pub_key_b);
1218
// Manually computed as fields can't use modulo. Importantantly the commitment is within
1319
// the subgroup order. Note that choice of hash is flexible for this step.
1420
// let r_a = hash::pedersen_commitment([_priv_key_a, msg])[0] % bjj.suborder; // modulus computed manually

0 commit comments

Comments
 (0)