From f7cfc25358e10cdd3a989f4db0f0b309621211fe Mon Sep 17 00:00:00 2001 From: Theo Madzou Date: Wed, 4 Sep 2024 13:49:51 +0100 Subject: [PATCH] feat(optimization): simplification of `verify_sha256_pkcs1v15` logic --- lib/src/rsa.nr | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/src/rsa.nr b/lib/src/rsa.nr index 06bf655..1e972f4 100644 --- a/lib/src/rsa.nr +++ b/lib/src/rsa.nr @@ -231,12 +231,10 @@ impl RSA where BN: **/ pub fn verify_sha256_pkcs1v15(_: Self, instance: BNInstance, msg_hash: [u8; 32], sig: BN, exponent: u32) -> bool { assert((exponent == 3) | (exponent == 65537), "Exponent must be 65537 or 3"); - // e = 65537 = 1 0000 0000 0000 0001 let mut exponentiated = instance.mul(sig, sig); // sig^2 - if exponent == 3 { - exponentiated = instance.mul(exponentiated, sig); // sig^2 * sig = sig^3 - } else if exponent == 65537 { + if exponent == 65537 { + // e = 65537 = 1 0000 0000 0000 0001 exponentiated = instance.mul(exponentiated, exponentiated); // sig^2 * sig^2 = sig^4 exponentiated = instance.mul(exponentiated, exponentiated); // sig^8 exponentiated = instance.mul(exponentiated, exponentiated); // sig^16 @@ -252,8 +250,10 @@ impl RSA where BN: exponentiated = instance.mul(exponentiated, exponentiated); // sig^16384 exponentiated = instance.mul(exponentiated, exponentiated); // sig^32768 exponentiated = instance.mul(exponentiated, exponentiated); // sig^65536 - exponentiated = instance.mul(exponentiated, sig); // sig^65537 } + // otherwise, e = 3 = 11 + + exponentiated = instance.mul(exponentiated, sig); // either sig^2 * sig = sig^3 or sig^65536 * sig = sig^65537 let mut padded_sha256_hash_bytes: [u8; NumBytes] = exponentiated.to_le_bytes(); compare_signature_sha256(padded_sha256_hash_bytes, msg_hash)