⚠️ NOTE: The current implementation produces circuits that are too large to fit within existing constraint limits. PRs that optimize this library are welcome!
A provable EdDSA signature verification library for o1js, enabling zkApp developers to verify EdDSA signatures inside zk-SNARKs.
- EdDSA Verification in ZK: Verify EdDSA signatures within provable o1js code
- Edwards25519 Support: Built-in support for the popular Edwards25519 curve
- Twisted Edwards Curves: Implementation of twisted Edwards curves for efficient elliptic curve operations
- Fully Composable: Designed to work seamlessly with the o1js ecosystem
npm install eddsa-o1jsHere's a quick example of how to use eddsa-o1js to verify an EdDSA signature:
import { ZkProgram, Bool, Bytes } from 'o1js';
import { createEddsa, createForeignTwisted, TwistedCurves } from 'eddsa-o1js';
// Create a custom Edwards25519 curve class
class Edwards25519 extends createForeignTwisted(TwistedCurves.Edwards25519) {}
class Scalar extends Edwards25519.Scalar {}
class Eddsa extends createEddsa(Edwards25519) {}
class Bytes32 extends Bytes(32) {}
// Define a ZkProgram that verifies EdDSA signatures
const eddsa = ZkProgram({
name: 'eddsa',
publicInput: Bytes32,
publicOutput: Bool,
methods: {
verifyEddsa: {
privateInputs: [Eddsa, Edwards25519],
async method(
message: Bytes32,
signature: Eddsa,
publicKey: Edwards25519
) {
return {
publicOutput: signature.verify(message, publicKey),
};
},
},
},
});
// Example: Generate a signature and verify it
async function run() {
// Generate a keypair
let privateKey = Edwards25519.Scalar.random();
let publicKey = Edwards25519.generator.scale(privateKey);
// Sign a message
let message = Bytes32.fromString('Hello, o1js!');
let signature = Eddsa.sign(message.toBytes(), privateKey.toBigInt());
// Compile the program
await eddsa.compile();
// Verify the signature in zk
let { proof } = await eddsa.verifyEddsa(message, signature, publicKey);
// Check the result
proof.publicOutput.assertTrue('signature verifies');
}For more detailed examples, please check the examples directory:
createEddsa(TwistedCurve): Factory function that creates an EdDSA implementation for a specific curvecreateForeignTwisted(TwistedCurveParams): Creates a provable twisted Edwards curve implementationTwistedCurves: Contains parameters for common twisted Edwards curves (e.g., Edwards25519)
- Define your curve by extending the base implementation
- Create your EdDSA implementation for that curve
- Use the signature verification methods in your ZkProgram
# Build the project
npm run build- o1js - The main framework for writing zero-knowledge applications
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.