Version: dev

Signatures

tip

Many signature schemes are maintained as independent libraries outside of the standard library (e.g. EdDSA, RSA, Schnorr). You can find the complete list in Awesome Noir's Signatures section.

ecdsa_secp256k1::verify_signature

Verifier for ECDSA Secp256k1 signatures.

ecdsa_secp256k1
/// Verifies a ECDSA signature over the secp256k1 curve.
/// - inputs:
///     - x coordinate of public key as 32 bytes
///     - y coordinate of public key as 32 bytes
///     - the signature, as a 64 bytes array
///       The signature internally will be represented as `(r, s)`,
///       where `r` and `s` are fixed-sized big endian scalar values.
///       As the `secp256k1` has a 256-bit modulus, we have a 64 byte signature
///       while `r` and `s` will both be 32 bytes.
///       We expect `s` to be normalized. This means given the curve's order,
///       `s` should be less than or equal to `order / 2`.
///       This is done to prevent malleability.
///       For more context regarding malleability you can reference BIP 0062.
///     - the hash of the message, as a vector of bytes
/// - output: false for failure and true for success
pub fn verify_signature(
    public_key_x: [u8; 32],
    public_key_y: [u8; 32],
    signature: [u8; 64],
    message_hash: [u8; 32],
) -> bool

^{_{Source code: noir_stdlib/src/ecdsa_secp256k1.nr#L1-L23}}

Returns false for invalid inputs (zero r or s, not normalized, public key not on the curve).

example:

fn main(hashed_message : [u8;32], pub_key_x : [u8;32], pub_key_y : [u8;32], signature : [u8;64]) {
     let valid_signature = std::ecdsa_secp256k1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message);
     assert(valid_signature);
}

This is a black box function. Read this section to learn more about black box functions in Noir.

ecdsa_secp256r1::verify_signature

Verifier for ECDSA Secp256r1 signatures.

ecdsa_secp256r1
/// Verifies a ECDSA signature over the secp256r1 curve.
/// - inputs:
///     - x coordinate of public key as 32 bytes
///     - y coordinate of public key as 32 bytes
///     - the signature, as a 64 bytes array
///       The signature internally will be represented as `(r, s)`,
///       where `r` and `s` are fixed-sized big endian scalar values.
///       As the `secp256r1` has a 256-bit modulus, we have a 64 byte signature
///       while `r` and `s` will both be 32 bytes.
///       We expect `s` to be normalized. This means given the curve's order,
///       `s` should be less than or equal to `order / 2`.
///       This is done to prevent malleability.
///       For more context regarding malleability you can reference BIP 0062.
///     - the hash of the message, as a vector of bytes
/// - output: false for failure and true for success
pub fn verify_signature(
    public_key_x: [u8; 32],
    public_key_y: [u8; 32],
    signature: [u8; 64],
    message_hash: [u8; 32],
) -> bool

^{_{Source code: noir_stdlib/src/ecdsa_secp256r1.nr#L2-L24}}

Returns false for invalid inputs (zero r or s, not normalized, public key not on the curve).

example:

fn main(hashed_message : [u8;32], pub_key_x : [u8;32], pub_key_y : [u8;32], signature : [u8;64]) {
     let valid_signature = std::ecdsa_secp256r1::verify_signature(pub_key_x, pub_key_y, signature, hashed_message);
     assert(valid_signature);
}

This is a black box function. Read this section to learn more about black box functions in Noir.

ecdsa_secp256k1::verify_signature​

ecdsa_secp256r1::verify_signature​

ecdsa_secp256k1::verify_signature

ecdsa_secp256r1::verify_signature