We recommend spartan-ecdsa as a replacement
The code in this repo is unaudited and not recommended for production use.
Please refer to this blog post for details. The circuits in this repo uses circuits from circom-ecdsa.
yarn
yarn run build:ecdsaverify
yarn run run:ecdsaverify
cd ./bench
open ./index.html
The full proof and the proving time will be displayed in the browser console.
Disclaimer: the following benchmarks are to give an intuition about the proving time of this method. We hope to run a more comprehensive benchmark across many devices soon.
We include details on the circuit implementing the rearranged formula without precomputed multiples for comparison. The more precomputed multiples one uses, the larger the input size but the fewer the # of constraints. This tradeoff is relevant for any on-chain applications of this work:
| Circuit | Constraints | zKey size |
|---|---|---|
| ecdsa_verify | 163,239 | 119MB |
| ecdsa_verify_pubkey_to_addr | 315,175 | 197MB |
| ecdsa_verify_no_precompute | 1,401,956 | 874MB |
The setup:
- M1 Pro Macbook Pro
- Internet speed: 40Mbps
- Browser: Chrome browser
| Circuit | Proving time |
|---|---|
| ecdsa_verify | 39.4s |
| ecdsa_verify_pubkey_to_addr | 58.2s |
The setup:
- M1 Pro Macbook Pro
| Circuit | Proving time |
|---|---|
| ecdsa_verify | 18s |
| ecdsa_verify_pubkey_to_addr | 30s |