Skip to content

feat: increase sha256 byte size and add new rsa circuits #986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Sep 2, 2025
Merged

feat: increase sha256 byte size and add new rsa circuits #986

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
14f90ef
feat: increase sha256 byte size and add new rsa circuits
Nesopie Aug 29, 2025
2a431a0
feat: modularise the rsa fp pow mod
Nesopie Aug 29, 2025
503b5c3
chore: comment signature verifier for testing
Nesopie Aug 29, 2025
7a2d887
fix: sha256_sha256_sha224_ecdsa_secp224r1
Nesopie Sep 1, 2025
ae7a86f
lint
Nesopie Sep 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../dsc.circom";

component main { public [ merkle_root ] } = DSC(50, 120, 35);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Confirm algorithm ID (50) mapping and input chunking alignment

Ensure ID 50 maps to rsa_sha256_107903_4096 and that (120,35) matches JS splitToWords usage for 4096-bit RSA in input generation.

🏁 Script executed:

#!/bin/bash
rg -nP '(rsa_sha256_107903_4096|\\b50\\b)' circuits/circuits/utils/passport/signatureAlgorithm.circom common/src/constants common/src/utils/types.ts -C2
rg -nP 'DSC\\(50,\\s*120,\\s*35\\)' circuits/circuits/dsc/instances -n
rg -nP 'splitToWords\\(.*,(\\s*120\\s*),(\\s*35\\s*)\\)' common/src/utils -C2

Length of output: 1001

🏁 Script executed:

#!/bin/bash
# Locate splitToWords definition and all its invocations
rg -n "function splitToWords" -g "*.ts" -g "*.js" -C3
rg -n "splitToWords" -g "*.ts" -g "*.js" -C3

# Double-check DSC instantiation parameters in the target instance file
rg -n "DSC(50, 120, 35)" -g "circuits/circuits/dsc/instances/*.circom"

Length of output: 10917

🏁 Script executed:

#!/bin/bash
# Extract getNAndK implementation to see how n and k are assigned for each algorithm
rg -nP 'function\s+getNAndK' -C10 common/src/utils/passports/passport.ts

# Check the literal values of the 4096-bit DSC constants
rg -nP 'n_dsc_4096' -C5 common/src/constants/constants.js

Length of output: 1908

Synchronize DSC circuit chunking with JS splitToWords parameters
• Algorithm ID 50 correctly maps to rsa_sha256_107903_4096 in signatureAlgorithm.circom, but the circuit instantiates DSC(50, 120, 35) (120-bit words × 35 chunks) whereas getNAndK('rsa_sha256_107903_4096') yields wordsize 32 bits and 128 chunks (4096/32 = 128). Update the circuit parameters or JS mapping so both use the same (bits-per-word, number-of-words).

🤖 Prompt for AI Agents 
In circuits/circuits/dsc/instances/dsc_sha256_rsa_107903_4096.circom around line
5 the DSC instantiation uses DSC(50, 120, 35) which mismatches the JS
getNAndK('rsa_sha256_107903_4096') that returns wordsize=32 and chunks=128;
update the circuit parameters to use DSC(50, 32, 128) so bits-per-word and
number-of-words match the JS splitToWords logic (alternatively, if you prefer
changing JS, adjust getNAndK/mapping for rsa_sha256_107903_4096 to return 120
and 35 and update any dependent code), and then run tests to ensure both circuit
and JS splitting produce identical word/chunk counts.

5 changes: 5 additions & 0 deletions circuits/circuits/dsc/instances/dsc_sha256_rsa_122125_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../dsc.circom";

component main { public [ merkle_root ] } = DSC(49, 120, 35);
5 changes: 5 additions & 0 deletions circuits/circuits/dsc/instances/dsc_sha256_rsa_130689_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../dsc.circom";

component main { public [ merkle_root ] } = DSC(48, 120, 35);
5 changes: 5 additions & 0 deletions circuits/circuits/dsc/instances/dsc_sha256_rsa_56611_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../dsc.circom";

component main { public [ merkle_root ] } = DSC(51, 120, 35);
5 changes: 5 additions & 0 deletions circuits/circuits/register/instances/register_sha1_sha1_sha1_rsa_64321_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(160, 160, 47, 120, 35, 384, 128);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha1_sha256_sha256_rsa_65537_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(160, 256, 1, 120, 35, 384, 128);
component main { public [ merkle_root ] } = REGISTER(160, 256, 1, 120, 35, 384, 256);
5 changes: 5 additions & 0 deletions circuits/circuits/register/instances/register_sha256_sha1_sha1_rsa_65537_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 160, 3, 120, 35, 512, 128);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha224_ecdsa_secp224r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 224, 44, 32, 7, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 44, 32, 7, 512, 256);
2 changes: 1 addition & 1 deletion ...ts/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 21, 64, 4, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 21, 64, 4, 512, 256);
2 changes: 1 addition & 1 deletion ...ts/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 37, 64, 6, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 37, 64, 6, 512, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp256r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 8, 64, 4, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 8, 64, 4, 512, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha256_ecdsa_secp384r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 23, 64, 6, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 23, 64, 6, 512, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_3_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 13, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 13, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha256_rsa_65537_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 1, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 1, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register/instances/register_sha256_sha256_sha256_rsapss_3_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 43, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 43, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...its/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 4, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 4, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...its/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_3072.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 19, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 19, 120, 35, 512, 256);
5 changes: 5 additions & 0 deletions ...its/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_32_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 12, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...its/circuits/register/instances/register_sha256_sha256_sha256_rsapss_65537_64_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(256, 256, 46, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER(256, 256, 46, 120, 35, 512, 256);
5 changes: 5 additions & 0 deletions ...its/circuits/register/instances/register_sha512_sha512_sha256_rsapss_65537_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../register.circom";

component main { public [ merkle_root ] } = REGISTER(512, 512, 4, 120, 35, 896, 256);
2 changes: 1 addition & 1 deletion circuits/circuits/register_id/instances/register_id_sha1_sha256_sha256_rsa_65537_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(160, 256, 1, 120, 35, 384, 128);
component main { public [ merkle_root ] } = REGISTER_ID(160, 256, 1, 120, 35, 384, 256);
2 changes: 1 addition & 1 deletion ...ts/circuits/register_id/instances/register_id_sha256_sha256_sha224_ecdsa_secp224r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 224, 44, 32, 7, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 44, 32, 7, 512, 256);
2 changes: 1 addition & 1 deletion ...cuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP256r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 21, 64, 4, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 21, 64, 4, 512, 256);
2 changes: 1 addition & 1 deletion ...cuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 37, 64, 6, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 37, 64, 6, 512, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Confirm param semantics and repo-wide consistency (breaking-change risk).

You changed the last REGISTER_ID param from 128 → 256. If this param controls SHA-256 digest/truncation length or max signed-attr bytes, this is a protocol-level change that can invalidate existing proofs/keys and any mobile/contract integration expecting the old shape. Verify the template’s param order and ensure all dependent instances, witness builders, and verifiers are aligned.

Run to confirm template signature and spot any remaining 128s:

If production relies on the 128-param variant, prefer adding a new v2 instance (filename + circuit ID) and deprecate the old one, so mobile clients and contracts can migrate explicitly.

🏁 Script executed:

#!/bin/bash
# 1) Inspect REGISTER_ID template signature(s)
rg -nC3 -g 'circuits/**/*.circom' -P '\btemplate\s+REGISTER_ID\s*\('

# 2) List all REGISTER_ID instantiations and diff the last param
rg -n -g 'circuits/**/*.circom' 'REGISTER_ID\(' | sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' | awk -F, '{print NF "\t" $0}' | sort -u

# 3) Find any lingering instances still using 128 as last arg
rg -n -g 'circuits/**/*.circom' -P 'REGISTER_ID\([^)]*128\s*\)\s*;'

Length of output: 2866

Align REGISTER_ID last parameter across all instances
Five circuits still instantiate REGISTER_ID with a trailing 128 (e.g.,

  • circuits/circuits/register_id/instances/register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom:5
  • circuits/circuits/register_id/instances/register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom:5
  • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_rsa_65537_4096.circom:5
  • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom:5
  • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom:5)
    causing inconsistent digests/truncation lengths and breaking-change risk. Either update all existing instances to use 256 via a new “v2” circuit (and deprecate the old ones), or revert this change and plan a coordinated versioned rollout.

💡 Verification agent

🧩 Analysis chain

Boundary conditions and witness-builder alignment.

If 256 represents max bytes for the SHA-256 preimage of signed attributes, add/verify checks that:

  • Inputs >256 bytes are rejected at witness-build time,
  • Edge cases at 0, 1, 255, 256 bytes pass, and 257 fails,
  • The same limit is enforced consistently in the RN/TS client, server, and circuit.

🏁 Script executed:

#!/bin/bash
# Grep for the REGISTER_ID param usage in the witness builder to ensure 256 is reflected there
rg -n -C3 -P '(Sha256(Bytes|General)|REGISTER_ID).*256' app/witnesscalc src scripts
# Find tests touching REGISTER_ID limits to extend with 0/1/255/256/257 byte cases
rg -n -g '**/*test*' -P 'REGISTER_ID|sha256.*(limit|bytes|max|length)'

Length of output: 460

🏁 Script executed:

#!/bin/bash
# Locate REGISTER_ID usage in the TypeScript client
rg -n -C3 'REGISTER_ID' --glob 'app/**/*.ts'

# Find witness-builder or similar implementations
rg -n -C3 'witness' --glob 'app/**/*.ts'

# Check for SHA-256 preimage handling
rg -n -C3 'sha256' --glob 'app/**/*.ts'

# Search for hardcoded 256 limit references
rg -n -C3 '256' --glob 'app/**/*.ts'

Length of output: 19341

Enforce 256-byte SHA-256 preimage limit across all layers

  • No checks in the RN/TS client (e.g. in provingMachine.ts or validateDocument.ts) or API server reject inputs >256 bytes.
  • Add validations in the witness-builder, client, and server to reject >256-byte preimages at build/runtime.
  • Add unit tests covering boundary cases: 0, 1, 255, 256 (should pass) and 257 (should fail).
🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
around line 5, the circuit is configured for 256-byte SHA-256 preimages but
there are no enforced preimage-size checks in the RN/TS client or server; add
runtime/build-time validations to reject inputs >256 bytes: update the
witness-builder to validate preimage length before constructing witnesses, add
checks in provingMachine.ts and validateDocument.ts to throw/return an error
when preimage.byteLength > 256, and add equivalent validation on the API server
request handler to return 4xx for oversized preimages; finally add unit tests
that assert success for lengths 0, 1, 255, 256 and failure for 257 to cover
boundary cases.

💡 Verification agent

🧩 Analysis chain

Domain separation/tag invariants.

Per spec, Register outputs must keep the Poseidon domain tag “register-v1”. Ensure this param change did not alter the commitment derivation or tag; otherwise, on-chain/verifier-side equality checks can silently break.

If semantics changed (e.g., digest width), consider bumping the circuit ID or file name to make versioning explicit and prevent accidental mixing in clients/contracts.

🏁 Script executed:

#!/bin/bash
# Ensure the domain tag remains unchanged across register/register_id circuits
rg -n -g 'circuits/**/*.circom' -P 'register-v1|register_id.*domain|Poseidon.*domain'

Length of output: 87

🏁 Script executed:

#!/bin/bash
# Locate REGISTER_ID definition and inspect Poseidon domain separation tag usage
rg -n 'template REGISTER_ID' -g 'circuits/**/*.circom'
rg -n 'REGISTER_ID\(' -C3 -g 'circuits/**/*.circom'
rg -n 'Poseidon' -C3 -g 'circuits/**/*.circom'

Length of output: 37528

🏁 Script executed:

#!/bin/bash
# Inspect header of register circuit for domain tag definitions
sed -n '1,200p' circuits/circuits/register/register.circom

# Inspect header of register_id circuit for domain tag definitions
sed -n '1,200p' circuits/circuits/register_id/register_id.circom

# Search for any domain or tag constants across all circom files
rg -n 'domain' -g 'circuits/**/*.circom'
rg -n 'tag' -g 'circuits/**/*.circom'

Length of output: 16846

🏁 Script executed:

#!/bin/bash
# Inspect constants for domain separation tags
sed -n '1,200p' circuits/circuits/utils/passport/constants.circom
rg -n 'register-v1' -g circuits/circuits/utils/passport/constants.circom
rg -n 'domain' -g circuits/circuits/utils/passport/constants.circom

Length of output: 909

Commitment generation omits required register-v1 domain tag
The Poseidon hash in both REGISTER and REGISTER_ID templates currently hashes [secret, attestation_id, …] without the spec-mandated "register-v1" tag. Insert the tag as an explicit input (e.g. Poseidon(6)([registerTag, secret, …])) or bump the circuit version to v2 to prevent on-chain/verifier mismatches.

🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_brainpoolP384r1.circom
around line 5, the instantiated REGISTER_ID call (component main ...) leads to
templates that currently compute Poseidon over [secret, attestation_id, …]
without the required "register-v1" domain tag; update the REGISTER and
REGISTER_ID templates (and this instance if needed) to include an explicit
registerTag as the first Poseidon input (e.g. Poseidon(6)([registerTag, secret,
attestation_id, ...])) or alternatively bump the circuit version to v2 and
adjust all related inputs/verifiers accordingly so the commitment matches the
spec-mandated "register-v1" domain tag.

2 changes: 1 addition & 1 deletion ...ts/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp256r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 8, 64, 4, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 8, 64, 4, 512, 256);
2 changes: 1 addition & 1 deletion ...ts/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 23, 64, 6, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 23, 64, 6, 512, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Bump to 256: verify REGISTER_ID’s 7th param semantics and capacity

If this arg is the SHA-256 input byte bound (as implied by the PR), confirm register_id.circom resized buffers, range checks, and any packing logic accordingly. A mismatch (old 128 caps still in template) would truncate/overflow and silently weaken soundness; also watch for proving-time/constraint growth regressions.

Run to confirm template contract and repo-wide consistency:

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Inspect REGISTER_ID signature/param names
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' circuits/circuits/register_id.circom

# 2) Ensure all instances use 256 as the last arg (no stragglers at 128)
echo "[instances last-arg distribution]"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances \
 | sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
 | awk -F',' '{gsub(/ /,"",$NF); print $NF}' | sort | uniq -c

rg -nP 'REGISTER_ID\([^)]*128\)' circuits/circuits/register_id/instances || true

# 3) Confirm domain-separation tag still enforced in base template
rg -nP 'register-v1' circuits/circuits/register_id.circom circuits/circuits/register/register.circom || true

Length of output: 176

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Locate REGISTER_ID template definition across all .circom files
echo "Locating REGISTER_ID template definition"
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' -g '*.circom'

# 2) Enumerate all REGISTER_ID invocations project-wide
echo "Listing REGISTER_ID invocations"
rg -nHP 'REGISTER_ID\(' -g '*.circom'

# 3) Check last-arg distribution in instances under register_id/instances
echo "[instances last-arg distribution under circuits/circuits/register_id/instances]"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances/**/*.circom \
  | sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
  | awk -F',' '{gsub(/ /,"",$NF); print $NF}' | sort | uniq -c

# 4) Verify domain-separation tag enforcement in base templates
echo "Checking for domain separation tag 'register-v1'"
rg -nP 'register-v1' -g '*.circom'

Length of output: 6597

#!/usr/bin/env bash
set -euo pipefail

echo "1) Inspect REGISTER_ID template signature"
rg -nC3 -P 'template\s+REGISTER_ID\s*\(' circuits/circuits/register_id/register_id.circom

echo
echo "2) List all REGISTER_ID instances and check 7th parameter distribution"
rg -nP 'REGISTER_ID\([^)]*\)' circuits/circuits/register_id/instances/*.circom \
  | sed -E 's/.*REGISTER_ID\((.*)\).*/\1/' \
  | awk -F',' '{gsub(/ /,"",$NF); print "last_arg="$NF}' \
  | sort | uniq -c

echo
echo "3) Verify domain-separation tag 'register-v1' is still enforced"
rg -nP 'register-v1' circuits/circuits/register_id/register_id.circom circuits/circuits/register/register.circom || echo "tag not found"

Bump all REGISTER_ID instances’ 7th param to 256 and verify template logic & domain-sep tag

  • Instances still passing 128 as the 7th arg (must be updated to 256):
    • circuits/circuits/register_id/instances/register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom
    • circuits/circuits/register_id/instances/register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom
    • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_rsa_65537_4096.circom
    • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom
    • circuits/circuits/register_id/instances/register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom

  • In circuits/circuits/register_id/register_id.circom, confirm bump to 256 bytes is reflected in buffer sizing, range checks, and packing logic to prevent truncation/overflow.

  • Verify the "register-v1" domain separation tag remains enforced in the REGISTER_ID template.

🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_ecdsa_secp384r1.circom
around line 5, change the 7th argument of the REGISTER_ID instantiation from 128
to 256 and update the other listed instance files likewise; then open
circuits/circuits/register_id/register_id.circom and ensure the template’s
buffer sizes, byte/bit range checks, and packing/unpacking logic use 256-byte
sizing (no truncation or overflow), and confirm the domain separation tag
"register-v1" is still applied and enforced in the template.

2 changes: 1 addition & 1 deletion circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 13, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 13, 120, 35, 512, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Verify 128→256 parameter bump is fully plumbed (inputs, constants, and witnesses).

If this arg maps to max SHA padded bytes or signed-attr length, you must align:

  • common/src/constants (e.g., MAX_PADDED_SIGNED_ATTR_LEN) = 256
  • Input generators pass datahashes_padded_length accordingly
  • All REGISTER_ID instances use the same value to avoid key/verifier mismatches

Run:

🏁 Script executed:

#!/bin/bash
# Find all REGISTER_ID invocations and last-arg values
rg -nP 'REGISTER_ID\([^)]*\)' circuits | sed -E 's/.*REGISTER_ID\(([^)]*)\).*/\1/' | awk -F, '{print $NF}' | sort -u
# Check constants and usage in TS
rg -n 'MAX_PADDED_SIGNED_ATTR_LEN|MAX_SHA_BYTES|datahashes_padded_length' common | cat

Length of output: 537

Align REGISTER_ID size parameter across all instances
– rg shows both 128 and 256 as the last argument to REGISTER_ID(…) in circuits; change any trailing 128 to 256 so every instance matches.
– In common/src/constants/constants.ts, update MAX_PADDED_SIGNED_ATTR_LEN entries to reflect a padded length of 256 for all relevant hash algorithms.
– Ensure generateInputs.ts (common/src/utils/circuits/generateInputs.ts) uses the updated 256-byte padding.

🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_3_4096.circom
around line 5 and across other circuit instance files, the trailing size
argument to REGISTER_ID must be 256 (not 128) — update any REGISTER_ID(..., 128)
to REGISTER_ID(..., 256) so all instances align; in
common/src/constants/constants.ts update all MAX_PADDED_SIGNED_ATTR_LEN entries
for the affected hash algorithms to 256 (replace any 128 values with 256); and
in common/src/utils/circuits/generateInputs.ts adjust the padding logic to use a
256-byte padded length when generating inputs so it matches the changed
constants and circuit instances.

2 changes: 1 addition & 1 deletion ...its/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsa_65537_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 1, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 1, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...s/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_3_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 43, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 43, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...rcuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Parameter bump to 256: confirm it matches the intended signed-attr/byte-cap and is applied repo-wide.

If this is the SHA-256 signed-attributes/cert-bytes cap, centralize it as a named constant to avoid drift and recompile all dependent instances. Also check proving key size impact.

Run:

Optional refactor within this file:

-component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256);
+// TODO: replace 256 with a shared constant (e.g., SIGNED_ATTR_MAX_BYTES) defined once
+component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 4, 120, 35, 512, 256);

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Any remaining REGISTER_ID/REGISTER instances still using 128 as the last arg?
rg -nP 'REGISTER(_ID)?\([^)]*[, ]128\)' circuits/circuits -g '!**/node_modules/**' -S | sed -n '1,200p'

Length of output: 2269

Define a shared constant for the signed-attributes cap and replace all literal 128 usages

Replace the last argument in every REGISTER and REGISTER_ID call (12 instances still use 128) with a single constant, e.g.

// shared/constants.circom
const SIGNED_ATTR_MAX_BYTES = 256;

then update each instance:

- … REGISTER_ID(…, 128);
+ … REGISTER_ID(…, SIGNED_ATTR_MAX_BYTES);

Finally, regenerate all proving keys to account for the new cap.

2 changes: 1 addition & 1 deletion ...rcuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_32_3072.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 19, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 19, 120, 35, 512, 256);
2 changes: 1 addition & 1 deletion ...rcuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 46, 120, 35, 512, 128);
component main { public [ merkle_root ] } = REGISTER_ID(256, 256, 46, 120, 35, 512, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Consistent 128 → 256 update: validate semantics and centralize the constant.

Same note as other instances: ensure the last arg represents the intended byte cap (e.g., SHA-256 signed attrs) and is uniformly updated across all REGISTER/REGISTER_ID instances to prevent mismatched witness sizing.

Use the same script shared in the other comment to detect any lingering 128s.

🏁 Script executed:

#!/bin/bash
# Search for REGISTER_ID invocations with a last argument of 128 to ensure consistency
rg -nP 'REGISTER_ID\([^)]*128\)' -n .

Length of output: 972

Centralize and unify the signature-attribute byte cap

  • Introduce a named constant (e.g. SIGNATURE_ATTR_BYTES = 256) instead of littering raw literals.
  • Update all REGISTER_ID invocations where the 7th argument is currently 128 to use SIGNATURE_ATTR_BYTES. Affected files under circuits/circuits/register_id/instances:
    • register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom
    • register_id_sha1_sha1_sha1_rsa_65537_4096.circom
    • register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom
    • register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom
    • register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom
🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha256_sha256_sha256_rsapss_65537_64_2048.circom
around line 5, introduce a named constant SIGNATURE_ATTR_BYTES = 256 (placed in
a shared/common header or at the top of the instances folder) and replace the
hard-coded seventh argument in the REGISTER_ID invocation with
SIGNATURE_ATTR_BYTES; then update the same replacement in the other listed files
(register_id_sha256_sha224_sha224_ecdsa_secp224r1.circom,
register_id_sha1_sha1_sha1_rsa_65537_4096.circom,
register_id_sha1_sha1_sha1_ecdsa_secp256r1.circom,
register_id_sha1_sha1_sha1_ecdsa_brainpoolP224r1.circom,
register_id_sha224_sha224_sha224_ecdsa_brainpoolP224r1.circom) where the 7th
argument is currently the literal 128 so they all reference SIGNATURE_ATTR_BYTES
instead of raw numeric literals.

5 changes: 5 additions & 0 deletions ...rcuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pragma circom 2.1.9;

include "../register_id.circom";

component main { public [ merkle_root ] } = REGISTER_ID(512, 512, 4, 120, 35, 896, 256);
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Fix CHUNK_NUMBER: 2048-bit wrapper is using 4096-bit limb count (35).

35 limbs at 120 bits target ~4096-bit moduli; for 2048-bit RSA this should be 18. Mismatch will break witness generation and inflate constraints.

Apply:

-component main { public [ merkle_root ] } = REGISTER_ID(512, 512, 4, 120, 35, 896, 256);
+component main { public [ merkle_root ] } = REGISTER_ID(512, 512, 4, 120, 18, 896, 256);

🏁 Script executed:

#!/bin/bash
# Confirm all 2048-bit register_id instances use 18 limbs and 4096-bit use 35.
rg -nP 'register_id_.*_2048\.circom|REGISTER_ID\(' circuits/circuits/register_id/instances -C1 | sed -n 'N;p' | rg -nP 'REGISTER_ID\([^)]*\)' -n

Length of output: 5307

Fix CHUNK_NUMBER for 2048-bit REGISTER_ID instances
All REGISTER_ID wrappers targeting 2048-bit RSA currently use a limb count of 35 (sized for ≈4096-bit moduli); with 120-bit limbs the correct count is ceil(2048/120)=18. Update the fifth argument in each 2048-bit instance (e.g. circuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circom:5) from 35 to 18 to avoid witness failures and inflated constraints.

🤖 Prompt for AI Agents 
In
circuits/circuits/register_id/instances/register_id_sha512_sha512_sha256_rsapss_65537_32_2048.circom
around line 5, the REGISTER_ID instantiation uses a CHUNK_NUMBER of 35 which is
sized for ~4096-bit moduli; for 2048-bit RSA with 120-bit limbs the correct
CHUNK_NUMBER is ceil(2048/120)=18 — change the fifth argument from 35 to 18 in
that component invocation and keep the rest of the parameters unchanged to avoid
witness failures and excess constraints.

13 changes: 13 additions & 0 deletions circuits/circuits/tests/utils/rsa/test_rsa_sha1_64321_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
pragma circom 2.1.9;

include "../../../utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom";

template VerifyRsaPkcs1v1_5Tester() {
signal input signature[35];
signal input modulus[35];
signal input message[35];

VerifyRsaGenericPkcs1v1_5(120, 35, 160, 47)(signature, modulus, message);
}

component main = VerifyRsaPkcs1v1_5Tester();
13 changes: 13 additions & 0 deletions circuits/circuits/tests/utils/rsa/test_rsa_sha256_107903_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
pragma circom 2.1.9;

include "../../../utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom";

template VerifyRsaPkcs1v1_5Tester() {
signal input signature[35];
signal input modulus[35];
signal input message[35];

VerifyRsaGenericPkcs1v1_5(120, 35, 256, 50)(signature, modulus, message);
}

component main = VerifyRsaPkcs1v1_5Tester();
13 changes: 13 additions & 0 deletions circuits/circuits/tests/utils/rsa/test_rsa_sha256_122125_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
pragma circom 2.1.9;

include "../../../utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom";

template VerifyRsaPkcs1v1_5Tester() {
signal input signature[35];
signal input modulus[35];
signal input message[35];

VerifyRsaGenericPkcs1v1_5(120, 35, 256, 49)(signature, modulus, message);
}

component main = VerifyRsaPkcs1v1_5Tester();
13 changes: 13 additions & 0 deletions circuits/circuits/tests/utils/rsa/test_rsa_sha256_130689_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
pragma circom 2.1.9;

include "../../../utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom";

template VerifyRsaPkcs1v1_5Tester() {
signal input signature[35];
signal input modulus[35];
signal input message[35];

VerifyRsaGenericPkcs1v1_5(120, 35, 256, 48)(signature, modulus, message);
}

component main = VerifyRsaPkcs1v1_5Tester();
13 changes: 13 additions & 0 deletions circuits/circuits/tests/utils/rsa/test_rsa_sha256_56611_4096.circom
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
pragma circom 2.1.9;

include "../../../utils/crypto/signature/rsa/verifyRsaGenericPkcs1v1_5.circom";

template VerifyRsaPkcs1v1_5Tester() {
signal input signature[35];
signal input modulus[35];
signal input message[35];

VerifyRsaGenericPkcs1v1_5(120, 35, 256, 51)(signature, modulus, message);
}

component main = VerifyRsaPkcs1v1_5Tester();
Loading
Loading