Expand description
ECDSA signature verification precompile for the Miden VM.
This module provides both execution-time and verification-time support for ECDSA signature verification using the secp256k1 curve with Keccak256 hashing.
§Architecture
§Event Handler (Execution-Time)
When the VM emits an ECDSA verification event requesting signature validation, the processor
calls EcdsaPrecompile which reads the public key, message digest, and signature from
memory, performs the verification, provides the boolean result via the advice stack, and logs
the request data for deferred verification.
§Precompile Verifier (Verification-Time)
During verification, the PrecompileVerifier receives the stored request data (public key,
digest, signature), re-performs the ECDSA verification, and generates a commitment
Rpo256(Rpo256(Rpo256(pk) || Rpo256(digest)) || Rpo256(sig)) with a tag containing the
verification result that validates the computation was performed correctly. Here pk,
digest, and sig are hashed as u32‑packed field elements before being merged.
§Commitment Tag Format
Each request is tagged as [event_id, result, 0, 0] where result is 1 for valid signatures
and 0 for invalid ones. This allows the verifier to check that the execution-time result
matches the verification-time result.
§Data Format
- Public Key: 33 bytes (compressed secp256k1 point)
- Message Digest: 32 bytes (Keccak256 hash of the message)
- Signature: 66 bytes (implementation‑defined serialization used by
miden_crypto::dsa::ecdsa_k256_keccak::Signature). When packed into u32 elements for VM memory, the final word contains 2 zero padding bytes (since 66 ≡ 2 mod 4).
Structs§
- Ecdsa
Precompile - ECDSA signature verification precompile handler.
- Ecdsa
Request - ECDSA signature verification request containing all data needed to verify a signature.
Constants§
- ECDSA_
VERIFY_ EVENT_ NAME - Qualified event name for the ECDSA signature verification event.