Add check that signature r8x & r8y are on the curve. Small signal nam…

…e fix
iden3 · Mar 22, 2024 · 3ea0c50 · 3ea0c50
1 parent 7d5c6d9
commit 3ea0c50
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/circuits/lib/stateTransition.circom b/circuits/lib/stateTransition.circom
@@ -55,8 +55,8 @@ template StateTransition(IdOwnershipLevels) {
     ForceEqualIfEnabled()(one, [stateIsNotZero, 0]);
 
     // old & new state checks
-    signal oldNewNotEqual <== IsEqual()([oldUserState, newUserState]);
-    ForceEqualIfEnabled()(one, [oldNewNotEqual, 0]);
+    signal oldNewEqual <== IsEqual()([oldUserState, newUserState]);
+    ForceEqualIfEnabled()(one, [oldNewEqual, 0]);
 
     // check userID ownership by correct signature of a hash of old state and new state
     signal challenge <== Poseidon(2)([oldUserState, newUserState]);

diff --git a/circuits/lib/utils/babyjubjub.circom b/circuits/lib/utils/babyjubjub.circom
@@ -0,0 +1,20 @@
+pragma circom 2.1.5;
+
+include "../../../node_modules/circomlib/circuits/comparators.circom";
+
+template ForceBabyCheckIfEnabled() {
+    signal input {binary} enabled;
+    signal input x;
+    signal input y;
+
+    signal x2;
+    signal y2;
+
+    var a = 168700;
+    var d = 168696;
+
+    x2 <== x*x;
+    y2 <== y*y;
+
+    ForceEqualIfEnabled()(enabled, [a*x2 + y2, 1 + d*x2*y2]);
+}
diff --git a/circuits/lib/utils/claimUtils.circom b/circuits/lib/utils/claimUtils.circom
@@ -7,6 +7,7 @@ include "../../../node_modules/circomlib/circuits/mux3.circom";
 include "../../../node_modules/circomlib/circuits/mux1.circom";
 include "../../../node_modules/circomlib/circuits/mux2.circom";
 include "./idUtils.circom";
+include "./babyjubjub.circom";
 
 // getClaimSubjectOtherIden checks that a claim Subject is OtherIden and outputs the identity within.
 template getClaimSubjectOtherIden() {
@@ -213,6 +214,8 @@ template verifyClaimSignature() {
     signal input pubKeyX;
     signal input pubKeyY;
 
+    ForceBabyCheckIfEnabled()(enabled, sigR8x, sigR8y);
+
     // signature verification
     EdDSAPoseidonVerifier()(
         enabled <== enabled,
@@ -236,6 +239,8 @@ template checkDataSignatureWithPubKeyInClaim() {
     component getPubKey = getPubKeyFromClaim();
     getPubKey.claim <== claim;
 
+    ForceBabyCheckIfEnabled()(enabled, signatureR8X, signatureR8Y);
+
     EdDSAPoseidonVerifier()(
         enabled <== enabled,
         Ax <== getPubKey.Ax,