Merge branch 'main' into pr/codeesura/1

* main:
  .
  feat(optimization): simplification of `verify_sha256_pkcs1v15` logic
  feat: add support for public exponent 3
  .
  .
  chore: add CI
  adding suggestions
  docs: update readme with benchmark results
  updated example and readme
  stopped being a lazy ass and did the rest of it
  reorg, adding an example, refactoring the readme
  Add benchmarks section
  Add installation section
  Add dependencies section
  Add example section TODOs
  Supplement parameter parsing section
  Add signature gathering section
  swithc to bignum 0.3.0 and remove usage of u64 num generics

.github/NIGHTLY_CANARY_DIED.md

@@ -0,0 +1,8 @@
+---
+title: "Tests fail on latest Nargo nightly release"
+assignees: TomAFrench
+---
+
+The tests on this Noir project have started failing when using the latest nightly release of the Noir compiler. This likely means that there have been breaking changes for which this project needs to be updated to take into account.
+
+Check the [{{env.WORKFLOW_NAME}}]({{env.WORKFLOW_URL}}) workflow for details.

.github/workflows/nightly-canary.yml

@@ -0,0 +1,41 @@
+name: Noir Nightly Canary
+
+on:
+  schedule:
+    # Run a check at 9 AM UTC
+    - cron: "0 9 * * *"
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test on Nargo ${{matrix.toolchain}}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Install Nargo
+        uses: noir-lang/[email protected]
+        with:
+          toolchain: nightly
+
+      - name: Run Noir tests
+        run: nargo test
+
+      - name: Run formatter
+        working-directory: ./lib
+        run: nargo fmt --check
+
+      - name: Alert on dead canary
+        uses: JasonEtco/create-an-issue@v2
+        if: ${{ failure() }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WORKFLOW_NAME: ${{ github.workflow }}
+          WORKFLOW_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        with:
+          update_existing: true
+          filename: .github/NIGHTLY_CANARY_DIED.md
+

.github/workflows/test.yml

@@ -0,0 +1,46 @@
+name: Noir tests
+
+on:
+  push:
+   branches:
+    - main
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test on Nargo ${{matrix.toolchain}}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        toolchain: [nightly, 0.34.0]
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Install Nargo
+        uses: noir-lang/[email protected]
+        with:
+          toolchain: ${{ matrix.toolchain }}
+
+      - name: Run Noir tests
+        working-directory: ./lib      
+        run: nargo test
+
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Install Nargo
+        uses: noir-lang/[email protected]
+        with:
+          toolchain: 0.34.0
+
+      - name: Run formatter
+        working-directory: ./lib
+        run: nargo fmt --check

.gitignore

@@ -1,2 +1,3 @@
 /target
-./.DS_Store
+./.DS_Store
+.vscode

README.md

@@ -2,49 +2,141 @@
 
 Optimized Noir library that evaluates RSA signatures.
 
-Uses https://github.com/zac-williamson/noir-bignum as a dependency.
+This library uses <https://github.com/noir-lang/noir-bignum> as a dependency.
 
-NOTE: library requires noir v 0.32.0 or later. If using the barretenberg backend, bb version of at least 0.46.1 is required (`bbup -v 0.46.1 `)
+## Benchmarks
 
-# Usage
+The benchmarking source code and its details can be found in [this repository](https://github.com/hashcloak/noir_rsa_bench).
+
+For the results, "UP" stands for UltraPlonk and "UH" stands for UltraHonk.
+
+The benchmark results for the verification of one signature are the following:
+
+| **Bit length** | **Circuit size** | **Avg. proving time (UP) [ms]**  | **Avg. proving time (UH) [ms]** | 
+|----------------|------------------|---------------------------------|--------------------------------------|
+|           1024 |             2204 |                           234.8 |                             181 |
+|           2048 |             7131 |                           345.6 |                           261.9 |
+
+Also, the results for the verification of 10 signatures are the following:
+
+| **Bit length** | **Circuit size** | **Avg. proving time (UP) [ms]** | **Avg. proving time (UH) [ms]** |
+|----------------|------------------|---------------------------------|--------------------------------------|
+|           1024 |            21516 |                           970.9 |                           514.4 |   
+|           2048 |            63821 |                          1801.7 |                           964.2 |
+
+The benchmarks were executed using a laptop with Intel(R) Core(TM) i7-13700H CPU and 32 GB of RAM.
+
+## Dependencies
+
+- Noir ≥v0.32.0
+- Barretenberg ≥v0.46.1
+
+Refer to [Noir's docs](https://noir-lang.org/docs/getting_started/installation/) and [Barretenberg's docs](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/cpp/src/barretenberg/bb/readme.md#installation) for installation steps.
+
+## Installation
+
+In your _Nargo.toml_ file, add the version of this library you would like to install under dependency:
+
+```
+[dependencies]
+noir_rsa = { tag = "v0.2", git = "https://github.com/noir-lang/noir_rsa" }
+```
+
+## Usage
 
 See tests in `lib.nr` for examples.
 
-To construct a `BigNumInstance` objects, both the bignum modulus (the public key) and a Barrett reduction parameter are required as arrays of Field elements, with each element representing a 120-bit slice of the number.
+## End-to-end example
 
-See `signature_gen/src/main.rs` for how these parameters can be derived. The rust crate `noir-bignum-paramgen` contains both libraries and an executable that performs this formatting (https://crates.io/crates/noir-bignum-paramgen).
+### Generate RSA signature
 
-## Example Use
+To verify an RSA signature, you first need a signature.
 
-See tests in `lib.nr` for additional examples. The `pubkey_redc_param` parameter can be derived via the `noir-bignum-paramgen` tool and provided as a witness via Prover.toml
+Depending on the application you are building, you might be expecting user signatures from existing signing services (e.g. emails, passports, git commits), or you might be building the ability for users to sign directly in your application.
 
-```rust
-    use dep::noir_rsa::bignum::BigNum;
-    use dep::noir_rsa::bignum::runtime_bignum::BigNumInstance;
-    use dep::noir_rsa::bignum::fields::Params2048;
-    use dep::noir_rsa::RSA;
+Either way, you are free to choose how you collect / generate the signatures as long as they comply with the PKCS#1 v1.5 RSA cryptography specifications (ex. by following <https://docs.rs/rsa/latest/rsa/#pkcs1-v15-signatures>).
 
-    type BN2048 = BigNum<18, Params2048>;
-    type BNInstance = BigNumInstance<18, Params2048>;
-    type RSA2048 = RSA<BN2048, BNInstance, 256>;
+You need to install Rustup and run it in order to install Rust:
 
-    fn verify_signature(pubkey: [u8; 256], signature: [u8; 256], pubkey_redc_param: BN2048)
-        let sha256_hash: [u8; 32] = dep::std::hash::sha256("hello world".as_bytes());
-        let modulus: BN2048 = BigNum::from_byte_be(pubkey);
-        let signature: BN2048 = BigNum::from_byte_be(signature);
+```bash
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+rustup
+```
 
-        let instance: BNInstance = BigNumInstance::new(modulus, pubkey_redc_param);
+Then clone this repo, move into the `signature_gen` folder, and run `cargo run`, optionally with the message to sign:
 
-        let rsa: RSA2048 = RSA {};
-        assert(rsa.verify_sha256_pkcs1v15(BNInstance, sha256_hash, signature));
-    }
+```bash
+cd signature_gen
+cargo run # or cargo run -- --msg "hello world!"
 ```
 
-# Costs
+The program prints the hash of the message, the RSA signature, and the BigNumber instance you should use. These are parsed to a compatible format, ready to be used in the Noir RSA library.
+
+#### Use it in your Noir test
 
-Rough cost:
+Move into the `example` folder. Replace the hardcoded values with result of the previous step. Since you know the size of your key, you can import those types from the rsa lib:
 
-- 2,048 bit RSA: 26,888 gates per verification
-- 1,024 bit RSA: 11,983 gates per verification
+```diff
+-    let hash: [u8; 32] = etc...
+-    let signature: BN2048 = etc...
+-    let bn = etc...
++    let hash: [u8; 32] = paste from terminal...
++    let signature: BN2048 = paste from terminal...
++    let bn = paste from terminal...
+```
 
-A circuit that verifies 1 signature (and does nothing else) will cost ~32k due to initialization costs of lookup tables
+Run the test:
+
+```bash
+nargo test
+```
+
+#### Prove it
+
+Run `nargo check` to initialize `Prover.toml`:
+
+```bash
+nargo check
+```
+
+Run the same `cargo` command, but with the `--toml` flag:
+
+```bash
+cargo run -- --msg "hello world!" --toml
+```
+
+Copy and paste it to Prover.toml. Example:
+
+```toml
+bn = [
+    [
+        "0xcba7415fa9d2192d5cdac144f95f75",
+        "0x2b46305b91eeed9e9a992076172b46",
+        "0x76c9e6e0a407e67bc0a3ee276927d7",
+        "0x0d0eaa3b10ab266755ea20c44619f6",
+        "0x4b040e9ab1acb761b1ab9a60309ee4",
+        "...etc"
+    ]
+]
+```
+
+Then execute it, and prove it i.e. with barretenberg:
+
+```bash
+nargo execute rsa
+bb prove -b ./target/example.json -w ./target/rsa.gz -o ./target/proof
+```
+
+### Verify it
+
+To verify, we need to export the verification key:
+
+```bash
+bb write_vk -b ./target/example.json -o ./target/vk
+```
+
+And verify:
+
+```bash
+bb verify -k ./target/vk -p ./target/proof
+```

example/Nargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "example"
+type = "bin"
+authors = [""]
+compiler_version = ">=0.31.0"
+
+[dependencies]
+rsa = { path = "../lib" }
+bignum = { tag = "v0.3.0", git = "https://github.com/noir-lang/noir-bignum" }

example/Prover.toml

@@ -0,0 +1,97 @@
+bn = [
+    [
+        '0xab88f7a360f88fd0782e4c8f749bb5',
+        '0xc4df70a6920b9bc866e6f6b2e32c55',
+        '0x29d74e3996e0669887d453eaa7e722',
+        '0x5e46b505c0067332878ccc5ce1745b',
+        '0xa24be548a41edc60c2476388aa79fa',
+        '0x2f6b76f137bfc5a5ea6ee25378faa5',
+        '0xad6db5af4521b0d05fc2c462857ef6',
+        '0x2d2a256b3ceef4946487989942c112',
+        '0xff87818701decef601d143ad536e75',
+        '0x506c7dc017de18ebe07d40e5692be1',
+        '0x56d47f8f1c1fdb3e6d687a876773f9',
+        '0x2683a784665e910d9017b94dc74b4d',
+        '0x522b5736042a326f8654c32be14ffe',
+        '0xe0351aa5ef4567f5f02110a215def2',
+        '0x46324a74609f07d86e6fffe0c327da',
+        '0x462ab654703f35cdacbba7c9049941',
+        '0xfc6ee90b277b12c6946001652ae11a',
+        '0xf2',
+    ],
+    [
+        '0xb80936623ea38314b69abad164724b',
+        '0x9b4b8b47d45823815eec4f81df519c',
+        '0xe2a236b6e5bd64cf4fa2c421fcef5b',
+        '0x283dd152b19fbf8392bd77ef112819',
+        '0x5a7193fa497343fc66fdecacb11673',
+        '0xad28a77b9a15484a0912469c065e12',
+        '0x24e2dc41a8e07f30000d1441168080',
+        '0x3a9c86d7352fcd56c36f479bc6dd0d',
+        '0x36f95b26a2135734a919589da7df5a',
+        '0x4b73efbdf065bb6e3e209933c2a81b',
+        '0x9ab2788e486374b5407a2915dee603',
+        '0xff78ebdac2927df46eb09670d99286',
+        '0xc6c73cf9baa421664e3035e6e03204',
+        '0xa07bacdb33341dcb13233cbae690c0',
+        '0xf3533ab7e32063aa7bfcde28a30c2c',
+        '0x1b304126870b2ebc20f00071899dfc',
+        '0xb5fffe2de7dd683141a659fb879f97',
+        '0x10d',
+    ],
+]
+hash = [
+    44,
+    242,
+    77,
+    186,
+    95,
+    176,
+    163,
+    14,
+    38,
+    232,
+    59,
+    42,
+    197,
+    185,
+    226,
+    158,
+    27,
+    22,
+    30,
+    92,
+    31,
+    167,
+    66,
+    94,
+    115,
+    4,
+    51,
+    98,
+    147,
+    139,
+    152,
+    36,
+]
+[signature]
+limbs = [
+    "0x3c1f7a6bdac9d799975076bb401622",
+    "0x1662d29b2f99dcc51d320c17818a16",
+    "0x752fb8b42585d53998776c97573b5",
+    "0xf06107ff8fae798a1c5cf8792274d3",
+    "0xcfd3b6b58942ac7b6baaf3d5740661",
+    "0xbdf7adc8288e78c1488e99483e74bd",
+    "0xd86bc4ebc1e450f6810b24f9d53e37",
+    "0xf2b6a14967c86bf2d9699c14d8edaa",
+    "0x3844199077a4324c3fdd2c0319b868",
+    "0xbdd8679b0d51a763a74c7575debda1",
+    "0x99c612a61d1466e87d4abeee4379ee",
+    "0xb6c445ac3aa2cc5ec36505fddfcf8c",
+    "0xe9d3e597c2e8a1290f5485df403bb3",
+    "0x3e34cc6ce3f3e266645c8725ac911",
+    "0x7b9f2ea85922ba5f2b9e74ce5c9dd",
+    "0x260652f8a7cc82376455e5882eaac0",
+    "0x221b8273f727efb358b3cf49f94c87",
+    "0x99",
+]