[zklogin] add support for v2 vk

Author: joyqvq

fastcrypto-zkp/benches/zklogin.rs

@@ -17,7 +17,7 @@ mod zklogin_benches {
     use fastcrypto_zkp::bn254::zk_login::ZkLoginInputs;
     use fastcrypto_zkp::bn254::zk_login::JWK;
     use fastcrypto_zkp::bn254::zk_login::{JwkId, OIDCProvider};
-    use fastcrypto_zkp::bn254::zk_login_api::ZkLoginEnv;
+    use fastcrypto_zkp::bn254::zk_login_api::{ZkLoginEnv, CIRCUIT_CONFIG_V1, CIRCUIT_CONFIG_V2};
     use im::hashmap::HashMap as ImHashMap;
 
     /// Benchmark the `fastcrypto_zkp::bn254::zk_login_api::verify_zk_login` function and it's main
@@ -32,7 +32,6 @@ mod zklogin_benches {
         // Test values taken from `test_verify_zk_login_google`. See the test for more details on
         // the values.
         let user_salt = "206703048842351542647799591018316385612";
-        let max_epoch = 10;
         let address_seed = gen_address_seed(
             user_salt,
             "sub",
@@ -58,6 +57,7 @@ mod zklogin_benches {
             ),
             content.clone(),
         );
+        let max_epoch = 10;
         let modulus = Base64UrlUnpadded::decode_vec(&content.n)
             .map_err(|_| {
                 FastCryptoError::GeneralError("Invalid Base64 encoded jwk modulus".to_string())
@@ -77,12 +77,17 @@ mod zklogin_benches {
         c.bench_function("verify_zk_login/calculate_all_inputs_hash", move |b| {
             b.iter(|| {
                 input_clone
-                    .calculate_all_inputs_hash(&eph_pubkey_clone, &modulus_clone, max_epoch)
+                    .calculate_all_inputs_hash(
+                        &eph_pubkey_clone,
+                        &modulus_clone,
+                        max_epoch,
+                        &CIRCUIT_CONFIG_V1,
+                    )
                     .unwrap()
             });
         });
         let input_hashes = input
-            .calculate_all_inputs_hash(&eph_pubkey, &modulus, max_epoch)
+            .calculate_all_inputs_hash(&eph_pubkey, &modulus, max_epoch, &CIRCUIT_CONFIG_V1)
             .unwrap();
 
         // Benchmark the `verify_zk_login_proof_with_fixed_vk` function called by `verify_zk_login`.
@@ -92,9 +97,10 @@ mod zklogin_benches {
             move |b| {
                 b.iter(|| {
                     fastcrypto_zkp::bn254::zk_login_api::verify_zk_login_proof_with_fixed_vk(
-                        &ZkLoginEnv::Prod,
+                        &ZkLoginEnv::Test,
                         &proof,
                         &[input_hashes],
+                        false,
                     )
                 })
             },
@@ -105,10 +111,103 @@ mod zklogin_benches {
             b.iter(|| {
                 fastcrypto_zkp::bn254::zk_login_api::verify_zk_login(
                     &input,
-                    10,
+                    max_epoch,
+                    &eph_pubkey,
+                    &map,
+                    &ZkLoginEnv::Test,
+                )
+            })
+        });
+    }
+
+    /// Benchmark V2 proof verification for 8192-bit RSA keys
+    fn verify_zk_login_v2(c: &mut Criterion) {
+        // Test values captured from test_zklogin_v2
+        let max_epoch = 10;
+        let address_seed =
+            "1930628255822123795956154519923524356793387287437090556144422698180443693114";
+
+        let input = ZkLoginInputs::from_json(
+            r#"{"proofPoints":{"a":["4913491815640002925508764814861178584881454035317776104347888483537912573177","17464247119089096977765585378460061328465709176842125201639874369409917083365","1"],"b":[["13623903508208593385147109129252793918112295419570003309520868038720322470557","21609423682403605552756457705069928412495291852654002331866073641632927420027"],["21392198638402084688930318789933313022805249822640479452861513428525783839707","1188996632803951473949030842369314644349566079256879538309939741515182911983"],["1","0"]],"c":["8847019028968200963788057481027139711885570926967685201543612972187276716667","14579483098715294861159755601821797996287919909580326110060065627124968449243","1"]},"issBase64Details":{"value":"wiaXNzIjoiaHR0cHM6Ly9qd3QtdGVzdGVyLm15c3RlbmxhYnMuY29tIiw","indexMod4":2},"headerBase64":"eyJraWQiOiJzdWkta2V5LWlkLTgxOTIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9","addressSeed":"1930628255822123795956154519923524356793387287437090556144422698180443693114"}"#,
+            address_seed,
+        ).unwrap();
+
+        let kp = Ed25519KeyPair::generate(&mut StdRng::from_seed([0; 32]));
+        let mut eph_pubkey = vec![0x00];
+        eph_pubkey.extend(kp.public().as_ref());
+
+        let mut map = ImHashMap::new();
+        let content = JWK {
+            kty: "RSA".to_string(),
+            e: "AQAB".to_string(),
+            n: "lViYJOuLB6EZenCimgyWrwOH_QBEkCZxSIEfcQgP5MrZkRlohbrTAN1YpXGRaqugp9A4mRzCmi9ddXscpRBSsLefdPJJLG8lQZ2qrw6X2-6HD5kDFd6-K7JZS-_GOEfr5xGEDm8_MS_SorbmneKspL0n4MPYWH8qke4OBFCwL6WzGBU9rqDuvhYmafmkvVvOtHIqekBxNrCud7Spv43BHdiBM0V-jUquuNM3oK97i_GVLjGfwrGRpR3tK4nva_ryiHh9Ajs68If7-ZhIoLJ05lRsHJJpqsloiEqlCZwhge9zEMnNkoaIzdQr-xLy0GPnr5W0gikjlSGYiInfx9ITADwK3W33xdOB7npM7lqJY73Njbuw8hBQicU8t0M0gvvWfmh1KDeA5IqffZgue-ka9Jj1nrYmZtd0JimQpPDUiGbLv69gQJZcLVQWf9z6mVC4gNm8VU2OafssnolrvNndC3wIm8AgqzVzn_DIOcMQdhIe8jTF3hu1_6R4Id3KoA5Hb3uI2H86-8RjhSG2wKb3zi44yKSmxEDhzl7i450PQX64JK4ftv5jb9vSw5unpikmVvGlGsuvrqWFuWKBcrcXLgyar8pGvRO8fR9ifDHSj-D2fBiLnhK0-iqsJeU8XnfJhUvKxSjXejwsoQeLqlgq9-PgCDP3dE61fkqGpJ1UZjZ44Q9Vh4YLCPAO6oX8btXSkwreuP5m0UtWgFsc-ynWbt6NYS7JlsMtJNWybM4_auqRdil_cPMwFsUgjocztGLeG304YH-GehmyBJyGKuDIiXL9RfLoZ35jKawrWJb4UqckKWV5kOKeXsXdKtMw96ABFumcnhrzxAsqwshS5a2lT8P7Cdd9g3T1JXI7JM1AnJU9_gPXmJoc3yEFNf-JxEf00URoy2xUusyyxYdTswLJp3NQP4VjrAGwnsp7gHKC-V-mJ21FpQCHsV0JQ-1x-E3du9hkpsjTtGkffetEsV8k9enbkudox7WIlsnPcA8y7aY4lnaBqLLSzaj2GOf4KTN4cRpcPzOmSvgcVVYYQXDjRw45X86P1WJG8UDl6Wkl044tAdQRuIxW8QVzBFWWxeXcoagOBKn1_DV0RKUX9Ud4LLauy81rUNfoAcnolz9nippTBEZA_4OOBvXhdngCYaoZyjAkmYdPhKIkghGhKoVVKiEJ1Ua6nUr3zB9WFlTO9lODeV9h0tgKGtKGu3UBeaRCQSMv9gZK-eGIpcqjsqK_rEf4htdDZUBzfOJ0VtCiFYUUBPiuJNuIf9xQGVDE7qZufK1irvGug8jvWSWzB4pGLP75PnPH7B9axnXrxssaIR90Y3Vr9ih_ptzcfNrwD_wiGHUTy698FHu2fXp51HbSEQ".to_string(),
+            alg: "RS256".to_string(),
+        };
+
+        map.insert(
+            JwkId::new(
+                OIDCProvider::TestIssuerKey8192.get_config().iss,
+                "sui-key-id-8192".to_string(),
+            ),
+            content.clone(),
+        );
+        let modulus = Base64UrlUnpadded::decode_vec(&content.n)
+            .map_err(|_| {
+                FastCryptoError::GeneralError("Invalid Base64 encoded jwk modulus".to_string())
+            })
+            .unwrap();
+
+        // Benchmark the `as_arkworks` function called by `verify_zk_login`.
+        let input_clone = input.clone();
+        c.bench_function("verify_zk_login_v2/as_arkworks", move |b| {
+            b.iter(|| input_clone.get_proof().as_arkworks().unwrap())
+        });
+
+        // Benchmark the `calculate_all_inputs_hash` function called by `verify_zk_login`.
+        let eph_pubkey_clone = eph_pubkey.clone();
+        let input_clone = input.clone();
+        let modulus_clone = modulus.clone();
+        c.bench_function("verify_zk_login_v2/calculate_all_inputs_hash", move |b| {
+            b.iter(|| {
+                input_clone
+                    .calculate_all_inputs_hash(
+                        &eph_pubkey_clone,
+                        &modulus_clone,
+                        max_epoch,
+                        &CIRCUIT_CONFIG_V2,
+                    )
+                    .unwrap()
+            });
+        });
+        let input_hashes = input
+            .calculate_all_inputs_hash(&eph_pubkey, &modulus, max_epoch, &CIRCUIT_CONFIG_V2)
+            .unwrap();
+
+        // Benchmark the `verify_zk_login_proof_with_fixed_vk` function called by `verify_zk_login`.
+        let proof = input.get_proof().as_arkworks().unwrap();
+        c.bench_function(
+            "verify_zk_login_v2/verify_zk_login_proof_with_fixed_vk",
+            move |b| {
+                b.iter(|| {
+                    fastcrypto_zkp::bn254::zk_login_api::verify_zk_login_proof_with_fixed_vk(
+                        &ZkLoginEnv::Test,
+                        &proof,
+                        &[input_hashes],
+                        true,
+                    )
+                })
+            },
+        );
+
+        // Benchmark the entire `verify_zk_login` function.
+        c.bench_function("verify_zk_login_v2", move |b| {
+            b.iter(|| {
+                fastcrypto_zkp::bn254::zk_login_api::verify_zk_login(
+                    &input,
+                    max_epoch,
                     &eph_pubkey,
                     &map,
-                    &ZkLoginEnv::Prod,
+                    &ZkLoginEnv::Test,
                 )
             })
         });
@@ -117,7 +216,7 @@ mod zklogin_benches {
     criterion_group! {
         name = zklogin_benches;
         config = Criterion::default();
-        targets = verify_zk_login,
+        targets = verify_zk_login, verify_zk_login_v2,
     }
 }
 

fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs

@@ -4,18 +4,16 @@
 use std::str::FromStr;
 
 use crate::bn254::utils::{
-    gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_zk_login_address,
+    gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_proof, get_zk_login_address,
 };
 use crate::bn254::zk_login::big_int_array_to_bits;
 use crate::bn254::zk_login::bitarray_to_bytearray;
 use crate::bn254::zk_login::poseidon_zk_login;
-use crate::bn254::zk_login::OIDCProvider;
 use crate::bn254::zk_login::{
-    base64_to_bitarray, convert_base, decode_base64_url, hash_ascii_str_to_field, hash_to_field,
-    parse_jwks, trim, verify_extended_claim, Claim, JWTDetails, JwkId,
+    base64_to_bitarray, convert_base, decode_base64_url, fetch_jwks, hash_ascii_str_to_field,
+    hash_to_field, parse_jwks, trim, verify_extended_claim, Claim, JWTDetails, JwkId, OIDCProvider,
 };
-use crate::bn254::zk_login_api::ZkLoginEnv;
-use crate::bn254::zk_login_api::{verify_zk_login_id, verify_zk_login_iss, Bn254Fr};
+use crate::bn254::zk_login_api::{verify_zk_login_id, verify_zk_login_iss, Bn254Fr, ZkLoginEnv};
 use crate::bn254::{
     zk_login::{ZkLoginInputs, JWK},
     zk_login_api::verify_zk_login,
@@ -27,7 +25,7 @@ use ark_std::rand::SeedableRng;
 use fastcrypto::ed25519::Ed25519KeyPair;
 use fastcrypto::encoding::{Encoding, Hex};
 use fastcrypto::error::FastCryptoError;
-use fastcrypto::jwt_utils::JWTHeader;
+use fastcrypto::jwt_utils::{parse_and_validate_jwt, JWTHeader};
 use fastcrypto::traits::KeyPair;
 use im::hashmap::HashMap as ImHashMap;
 use num_bigint::BigUint;
@@ -652,6 +650,81 @@ fn test_alternative_iss_for_google() {
     assert!(invalid_res.is_err());
 }
 
+#[tokio::test]
+async fn test_zklogin_v2() {
+    let max_epoch = 10;
+    let jwt_randomness = "100681567828351849884072155819400689117";
+    let user_salt = "129390038577185583942388216820280642146";
+
+    // Generate an ephemeral key pair
+    let kp = Ed25519KeyPair::generate(&mut StdRng::from_seed([0; 32]));
+    let mut eph_pubkey = vec![0x00];
+    eph_pubkey.extend(kp.public().as_ref());
+    let kp_bigint = BigUint::from_bytes_be(&eph_pubkey).to_string();
+
+    // Get nonce
+    let nonce = get_nonce(kp.public().as_ref(), max_epoch, jwt_randomness).unwrap();
+
+    // Get JWT from 8192-bit key endpoint
+    let client = reqwest::Client::new();
+    let iss = OIDCProvider::TestIssuerKey8192.get_config().iss;
+    let response = client
+        .post(format!(
+            "https://jwt-tester.mystenlabs.com/8192/jwt?nonce={}&iss={}&sub={}",
+            nonce, iss, "test"
+        ))
+        .header("Content-Type", "application/json")
+        .header("Content-Length", "0")
+        .send()
+        .await
+        .unwrap();
+    let jwt_response: serde_json::Value = response.json().await.unwrap();
+    let parsed_token = jwt_response["jwt"].as_str().unwrap().to_string();
+
+    // Get a proof from the V2 endpoint
+    let reader = get_proof(
+        &parsed_token,
+        max_epoch,
+        jwt_randomness,
+        &kp_bigint,
+        user_salt,
+        "http://185.209.177.123:8080/v2",
+    )
+    .await
+    .expect("get_proof failed");
+
+    // Get sub and aud
+    let (sub, aud, _) =
+        parse_and_validate_jwt(&parsed_token).expect("parse_and_validate_jwt failed");
+
+    // Get the address seed
+    let address_seed =
+        gen_address_seed(user_salt, "sub", &sub, &aud).expect("gen_address_seed failed");
+
+    let zk_login_inputs =
+        ZkLoginInputs::from_reader(reader, &address_seed).expect("from_reader failed");
+
+    // Fetch the 8192-bit RSA JWK
+    let jwks_vec = fetch_jwks(&OIDCProvider::TestIssuerKey8192, &client, false)
+        .await
+        .unwrap();
+
+    let mut all_jwk = ImHashMap::new();
+    for (jwk_id, jwk) in jwks_vec {
+        all_jwk.insert(jwk_id, jwk);
+    }
+
+    // V2 proof should verify using TEST_VERIFYING_KEY_V2
+    let res_v2 = verify_zk_login(
+        &zk_login_inputs,
+        max_epoch,
+        &eph_pubkey,
+        &all_jwk,
+        &ZkLoginEnv::Test,
+    );
+    assert!(res_v2.is_ok());
+}
+
 #[test]
 fn test_base64_to_bitarray() {
     let input = "a";

fastcrypto-zkp/src/bn254/utils.rs

@@ -18,9 +18,9 @@ use std::str::FromStr;
 use super::zk_login::hash_ascii_str_to_field;
 
 const ZK_LOGIN_AUTHENTICATOR_FLAG: u8 = 0x05;
-const MAX_KEY_CLAIM_NAME_LENGTH: u8 = 32;
-const MAX_KEY_CLAIM_VALUE_LENGTH: u8 = 115;
-const MAX_AUD_VALUE_LENGTH: u8 = 145;
+const MAX_KEY_CLAIM_NAME_LENGTH: u16 = 32;
+const MAX_KEY_CLAIM_VALUE_LENGTH: u16 = 115;
+const MAX_AUD_VALUE_LENGTH: u16 = 145;
 
 /// Calculate the Sui address based on address seed and address params.
 pub fn get_zk_login_address(