Certificate chain verification in circom

[0xturboblitz]

The electronic passports trust chain has two levels:

• top-level certificates (CSCAs) are used to sign intermediate certificates (DSCs)
• intermediate certificates (DSCs) are used to sign passports

Right now, we get the list of DSCs from the ICAO website and check if passports are signed by any of them. However, we strongly suspect this list is incomplete as countries have no obligation to transmit these intermediate certificates, and the top ones are supposed to be the authoritative source.

We should work on verifying the whole certificate chain, which follows the X.509 format. The MynaWallet team has a circuit in which they are parsing one with fixed indexes, but we should build a more modular chain certificate verifier that supports multiple signature algorithms and parsing any data from certificates. This would also be super useful to projects like zk AppAttest and zk DNS trust chain verification that also require X.509 chain verification.

Some work has been done by Richard and Sachin in halo2.

The endgame for us would be having only the root of a merkle tree containing the CSCAs from the masterlist on chain, then verifying the whole chain in the circuit.

[mdabir1203]

From what I understood I have two questions :

• by root of merkle tree means its the hash of all the documents from csca , right ?
• Can you tell me what is the structure of the merkle tree for CSCA master list ?

[remicolin]

update on the issue:

sha256 rsa ✅ -> code
sha1 rsa ✅ -> code
sha256 rsapss 🚧 -> issue (help wanted)

TODO: (help wanted)
sha384 ecdsa (secpr1)

[zarah-s]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

With my strong background in Rust, Solidity and JavaScript, I can apply my expertise in solving this issue

[HumbertoTM10]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

I have 4 years working in development environments, have encountered several challenges, requests and teams focusing in reusable and efficient code, so that gives me a better understanding of the code and how to solve problems efficiently.

How I plan on tackling this issue

I would focus in a comprehensive solution involving several key components: a certificate parsing module to extract relevant fields, a signature verification module supporting multiple cryptographic algorithms, and a chain building and verification module to validate the entire chain from end-entity certificates to root CSCAs. Additionally, we plan to integrate a Merkle tree for storing CSCAs on-chain, facilitating secure and efficient verification. The approach also includes leveraging existing work in halo2 for circuit implementation, ensuring scalability and performance. By prioritizing security, including certificate revocation checks and algorithm agility, this solution will also support related projects like zk AppAttest and zk DNS, providing a robust and future-proof certificate verification system.