-
|
I cannot find existing RSA implementation in Gnark. Could someone give advice on how to implement a new one? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Field emulation allows to perform modular exponentiation for a modulus defined as witness. I think this should be sufficient for implementing RSA verification? See Field.ModExp and test implementation. Note that checking RSA signatures may also require doing padding computation a la RSA-OAEP or RSA-PSS. We don't have the padding implementation and I think we're not planning to implement ourselves in gnark as RSA is generally being deprecated in favor of ECC based signature schemes (Schnorr, EdDSA, ECDSA) or post-quantum secure schemes. And RSA verification for reasonable key sizes (3k+) in circuit is very inefficient. |
Beta Was this translation helpful? Give feedback.
Field emulation allows to perform modular exponentiation for a modulus defined as witness. I think this should be sufficient for implementing RSA verification?
See Field.ModExp and test implementation.
Note that checking RSA signatures may also require doing padding computation a la RSA-OAEP or RSA-PSS. We don't have the padding implementation and I think we're not planning to implement ourselves in gnark as RSA is generally being deprecated in favor of ECC based signature schemes (Schnorr, EdDSA, ECDSA) or post-quantum secure schemes. And RSA verification for reasonable key sizes (3k+) in circuit is very inefficient.