fix: ECDSA verify should not panic when signature not reduced #1458

jonathanpwang · 2025-03-15T06:23:15Z

Finding by @lispc

(style) rename previous IntMod::assert_unique to IntMod::assert_reduced and move the implementation using iseqmod into macro since it's specific to the use of special intrinsic.
Add new is_reduced() -> bool that checks if an integer representation is less than the modulus. Does simple byte-wise comparison check.
Update ECDSA verify and recover functions so it returns Error when r or s are not in [1,n].

Closes INT-3517

github-actions · 2025-03-15T06:32:52Z

group	app.proof_time_ms	app.cycles	app.cells_used	leaf.proof_time_ms	leaf.cycles	leaf.cells_used
verify_fibair	(-16 [-1.2%]) 1,269	334,136	17,905,035	-	-	-
fibonacci_program	(-40 [-1.5%]) 2,651	1,500,096	51,485,167	-	-	-
regex_program	(+11 [+0.1%]) 7,770	4,140,164	167,389,450	-	-	-
ecrecover_program	(-7 [-0.5%]) 1,437	295,291	15,588,656	-	-	-
pairing	(+29 [+0.6%]) 4,717	1,711,640	92,585,975	-	-	-

jonathanpwang added 2 commits March 14, 2025 19:19

feat: move assert_unique impl into macro

5708cc9

fix: use is_reduced in ecdsa

a63b14a

jonathanpwang requested review from lispc, Avaneesh-axiom and manh9203 March 15, 2025 06:23

comments

aae214a

lispc approved these changes Mar 15, 2025

View reviewed changes

lispc mentioned this pull request Mar 15, 2025

Feat: stable phase1/phase2 scroll-tech/zkvm-prover#84

Merged

2 tasks

jonathanpwang merged commit d1321b1 into main Mar 15, 2025
17 checks passed

jonathanpwang deleted the fix/ecdsa-lt-check branch March 15, 2025 20:17

Provide feedback