Added Schnorr Signature & EC256 libraries

contracts/libs/crypto/BN254.sol

@@ -0,0 +1,142 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+library BN254 {
+    uint256 internal constant SCALAR_FIELD_SIZE =
+        21888242871839275222246405745257275088548364400416034343698204186575808495617;
+    uint256 internal constant BASE_FIELD_SIZE =
+        21888242871839275222246405745257275088696311157297823662689037894645226208583;
+
+    struct Scalar {
+        uint256 data;
+    }
+
+    struct G1Affine {
+        uint256 x;
+        uint256 y;
+    }
+
+    function g1Basepoint() internal pure returns (G1Affine memory basepoint_) {
+        return G1Affine(1, 2);
+    }
+
+    function scalarFromUint256(uint256 a_) internal pure returns (Scalar memory scalar_) {
+        scalar_ = Scalar(a_);
+
+        require(validateScalar(scalar_), "BN: invalid scalar");
+    }
+
+    function scalarFromUint256ModScalar(uint256 a_) internal pure returns (Scalar memory scalar_) {
+        return Scalar(a_ % SCALAR_FIELD_SIZE);
+    }
+
+    function g1PointFromAffine(
+        uint256 x_,
+        uint256 y_
+    ) internal pure returns (G1Affine memory point_) {
+        point_ = G1Affine(x_, y_);
+
+        require(validateG1Point(point_), "BN254: invalid point");
+    }
+
+    function pointNeg(G1Affine memory a_) internal pure returns (G1Affine memory r_) {
+        return G1Affine(a_.x, BASE_FIELD_SIZE - a_.y);
+    }
+
+    function pointEqual(
+        G1Affine memory a_,
+        G1Affine memory b_
+    ) internal pure returns (bool isEqual_) {
+        return a_.x == b_.x && a_.y == b_.y;
+    }
+
+    function pointSub(
+        G1Affine memory a_,
+        G1Affine memory b_
+    ) internal view returns (G1Affine memory r_) {
+        return pointAdd(a_, pointNeg(b_));
+    }
+
+    function pointAdd(
+        G1Affine memory a_,
+        G1Affine memory b_
+    ) internal view returns (G1Affine memory r_) {
+        assembly {
+            let call_ := mload(0x40)
+            mstore(0x40, add(call_, 0x80))
+
+            mstore(call_, mload(a_))
+            mstore(add(call_, 0x20), mload(add(a_, 0x20)))
+            mstore(add(call_, 0x40), mload(b_))
+            mstore(add(call_, 0x60), mload(add(b_, 0x20)))
+
+            pop(staticcall(gas(), 0x6, call_, 0x80, r_, 0x40))
+        }
+    }
+
+    function pointMul(
+        G1Affine memory p_,
+        Scalar memory a_
+    ) internal view returns (G1Affine memory r_) {
+        assembly {
+            let call_ := mload(0x40)
+            mstore(0x40, add(call_, 0x60))
+
+            mstore(call_, mload(p_))
+            mstore(add(call_, 0x20), mload(add(p_, 0x20)))
+            mstore(add(call_, 0x40), mload(a_))
+
+            pop(staticcall(gas(), 0x7, call_, 0x60, r_, 0x40))
+        }
+    }
+
+    function basepointMul(Scalar memory a_) internal view returns (G1Affine memory point_) {
+        return pointMul(g1Basepoint(), a_);
+    }
+
+    function scalarAdd(
+        Scalar memory a_,
+        Scalar memory b_
+    ) internal pure returns (Scalar memory r_) {
+        return Scalar(addmod(a_.data, b_.data, SCALAR_FIELD_SIZE));
+    }
+
+    function scalarSub(
+        Scalar memory a_,
+        Scalar memory b_
+    ) internal pure returns (Scalar memory r_) {
+        if (a_.data > b_.data) {
+            return Scalar(a_.data - b_.data);
+        }
+
+        return Scalar(SCALAR_FIELD_SIZE - (b_.data - a_.data));
+    }
+
+    function scalarMul(
+        Scalar memory a_,
+        Scalar memory b_
+    ) internal pure returns (Scalar memory r_) {
+        return Scalar(mulmod(a_.data, b_.data, SCALAR_FIELD_SIZE));
+    }
+
+    function validateScalar(BN254.Scalar memory scalar_) internal pure returns (bool isValid_) {
+        return scalar_.data < SCALAR_FIELD_SIZE;
+    }
+
+    function validateG1Point(BN254.G1Affine memory point_) internal pure returns (bool isValid_) {
+        if (point_.x == 0 && point_.y == 0) {
+            return true;
+        }
+
+        if (point_.x > BASE_FIELD_SIZE || point_.y > BASE_FIELD_SIZE) {
+            return false;
+        }
+
+        uint256 lhs_ = mulmod(point_.y, point_.y, BASE_FIELD_SIZE);
+        uint256 rhs_ = mulmod(point_.x, point_.x, BASE_FIELD_SIZE);
+        rhs_ = mulmod(rhs_, point_.x, BASE_FIELD_SIZE);
+        rhs_ = (rhs_ + 3) % BASE_FIELD_SIZE;
+
+        return lhs_ == rhs_;
+    }
+}

contracts/libs/crypto/SchnorrSignature.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+import {BN254} from "./BN254.sol";
+import {MemoryUtils} from "../utils/MemoryUtils.sol";
+
+library SchnorrSignature {
+    using MemoryUtils for *;
+
+    function verifySignature(
+        bytes32 hashedMessage_,
+        bytes memory signature_,
+        bytes memory pubKey_
+    ) internal view returns (bool isVerified_) {
+        (BN254.G1Affine memory r_, BN254.Scalar memory e_) = parseSignature(signature_);
+        BN254.G1Affine memory a_ = parsePubKey(pubKey_);
+
+        BN254.G1Affine memory lhs_ = BN254.basepointMul(e_);
+
+        uint256 challenge_ = uint256(keccak256(abi.encodePacked(r_.x, r_.y, hashedMessage_)));
+        BN254.Scalar memory c_ = BN254.scalarFromUint256ModScalar(challenge_);
+
+        BN254.G1Affine memory rhs_ = BN254.pointAdd(r_, BN254.pointMul(a_, c_));
+
+        return BN254.pointEqual(lhs_, rhs_);
+    }
+
+    function parseSignature(
+        bytes memory signature_
+    ) internal pure returns (BN254.G1Affine memory r_, BN254.Scalar memory e_) {
+        (uint256 pointX_, uint256 pointY_, uint256 scalar_) = abi.decode(
+            signature_,
+            (uint256, uint256, uint256)
+        );
+
+        r_ = BN254.g1PointFromAffine(pointX_, pointY_);
+        e_ = BN254.scalarFromUint256(scalar_);
+    }
+
+    function parsePubKey(bytes memory pubKey_) internal pure returns (BN254.G1Affine memory a_) {
+        (uint256 pointX_, uint256 pointY_) = abi.decode(pubKey_, (uint256, uint256));
+
+        return BN254.g1PointFromAffine(pointX_, pointY_);
+    }
+}

contracts/mock/libs/crypto/BN254Mock.sol

@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+import {BN254} from "../../../libs/crypto/BN254.sol";
+
+contract BN254Mock {
+    function pointAdd(
+        BN254.G1Affine memory a_,
+        BN254.G1Affine memory b_
+    ) external view returns (BN254.G1Affine memory r_) {
+        return BN254.pointAdd(a_, b_);
+    }
+
+    function pointSub(
+        BN254.G1Affine memory a_,
+        BN254.G1Affine memory b_
+    ) external view returns (BN254.G1Affine memory r_) {
+        return BN254.pointSub(a_, b_);
+    }
+
+    function pointMul(
+        BN254.G1Affine memory p_,
+        BN254.Scalar memory a_
+    ) external view returns (BN254.G1Affine memory r_) {
+        return BN254.pointMul(p_, a_);
+    }
+}

contracts/mock/libs/crypto/SchnorrSignatureMock.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+import {SchnorrSignature} from "../../../libs/crypto/SchnorrSignature.sol";
+
+contract SchnorrSignatureMock {
+    function verifySignature(
+        bytes32 hashedMessage_,
+        bytes memory signature_,
+        bytes memory pubKey_
+    ) external view returns (bool isVerified_) {
+        return SchnorrSignature.verifySignature(hashedMessage_, signature_, pubKey_);
+    }
+}

package.json

@@ -46,6 +46,7 @@
   "devDependencies": {
     "@iden3/js-crypto": "^1.1.0",
     "@iden3/js-merkletree": "^1.3.1",
+    "@noble/curves": "^1.9.0",
     "@nomicfoundation/hardhat-chai-matchers": "^2.0.8",
     "@nomicfoundation/hardhat-ethers": "^3.0.8",
     "@nomicfoundation/hardhat-network-helpers": "^1.0.12",