Cryptography Contracts (RSA signature)

On the OpenZeppelin repo, the section on crypto in my opinion looks kind of dull. I was trying to find out how to carry out RSA signature verification using the precompile and after spending some time stumbled upon this repo. I forked it and added a js test file on the lines of the client side code I am expecting and it worked.

I wanted to know if we can add such contracts too, that help with signature verification using the available precompiles to the OpenZeppelin repo.

2 Likes

Hi @Sanjay,

Sorry to hear that you thought the section on crypto was dull. How can it be improved?

Was it specifically RSA signature verification that you were interested in adding?

There is an informal process for getting contracts added.

It would be good if you could add the following information about the proposed contract:

this contract is for
who <have the following problem/need>
this implementation
that provides
unlike <alternative contract / implementation / competition>
this solution

Examples in use in the wild are great to provide.
Also MIT licence compatible implementations would be helpful if there is interest in adding into OpenZeppelin.

1 Like

this contract is for who require to verify RSA signatures
this implementation uses the precompile at address 5 to calculate the bigModExp and compare it with the message digest
that provides a way to verify signature signed using the pkcs1-sha256 scheme
unlike N/A
this solution is tested with FIPS test vectors.

This repo is available under GNU General Public License v3.0

1 Like

Hi @Sanjay! I do agree that the section is a bit dull and would love for it to have more primitives!

RSA sounds like a good candidate. Unfortunately the repository that you shared is GPL licensed, whereas OpenZeppelin is MIT licensed. Judging from the latest commit in the repo that “fixed” the license by changing it from ISC (MIT-like) to GPL, I doubt the author would like to relicense it again. :sweat_smile:

I’m not familiar with the cryptographic details of RSA so I would not be able to correctly review the development of a library for it. We do have a cryptography working group that perhaps would be able to make this happen.

@nikeshnazareth Do you think it would be possible to provide a correct and useful RSA library in OpenZeppelin Contracts?

3 Likes

Hi @Sanjay,

It may be worth contacting the author of the repository to see if they would be open to licensing as MIT, for potential inclusion in OpenZeppelin.

Alternatively you or someone in the community might like to write a RSA signature contract.

Though it might be a few weeks before someone from the OpenZeppelin team with familiarity with RSA could review it.

1 Like

Thanks @frangio, @abcoathup.

1 Like