o1js-rsa/REPORT.md

This repository exposes the API from the [o1js RSA example](https://github.com/o1-labs/o1js/tree/main/src/examples/crypto/rsa), making it importable and enabling RSA65537 signature verification on the Mina blockchain across various projects that utilize [

### Monday March 18th
- Adapt the o1js RSA implementation to be compilable.
- Add test cases for `rsaVerify65537` verification
    - It seems that only parameters of length upto 64 bits work for rsa
    - The 116-bit limbs provability overflow proning an error
- Try and play around with nodejs crypto package to generate rsa signature parameters.
- Debug and asses the integrity of the rsa implementation.

### Tuesday March 19th
- Verify `rsaVerify65537` integrity
    - Refactor `rangerangeCheck128Signed` function to use ```Gadgets.isInRangeN(128, x)``` instead.
    - If `multiply` function assertions are ignored then the rsa verification works perfectly fine.
        - It seems there is a bug in the limbs & carry computation.
- Add `utils.ts` file that contains helpers for testing purposes
    - `generateDigestBigint` to hash a string message and return the digest as native `bigint`
    - `toBigInt` to convert from `bigInt` to native `bigint`
    - `generateRandomPrime` to generate a random big prime number needed for the rsa parameters
    - `generateRsaParams` to generate all of the rsa parameters needed
    - `rsaSign` to geneerate rsa signature give a `bigint` message and rsa parameters
    - `parseKey` to parse the **pem** encoded key generated using **node:crypto** to bigint
- Add test case for `rsaVerify65537` given randomly generated rsa parameters

### Wednesday March 20th
- Worked full time on **ZK Regex**
- Good new: The ZK regex is working in o1js
    - A simple regex example is proven correct with a bunch of tests :)

### Thursday March 21th
- Debug and log the exact error source
- It seems the carry overflows when shifted 116 bits right.
- The implementation imported from the o1js PR handled it by subtracting with `Field.ORDER` in case of overflow but it's not correct.
- Fix `rangeCheck128Signed`
    - The function used to return the correct check but it wasn't constraining the check to be true!
- The **bigint** circuit might need a deep-dive on the technical side to solve this problem.
- Understand the mechanics of **bigint** circuit by converting existing implementation from circom --> o1js
    - There are many additional operations in circom but it's clear that it handles the limb bits and carry quite delicately.
    - Convert **bigint multiplication with no carry** from circom to o1js
    
#### Feedback
- Today I added more tests to zk-regex and it works well :)
- As for RSA, the implementation seems to work fine if it's underconstrained 
  - I am planning to add tests accordingly, document if I have time and push it to a different branch so that you can extend it to DKIM.
  - For DKIM, it is the same, it just gets the hash of an email.
  - It is still important for you to deep dive into the input format 
  - Accordingly, you can further examine & develop the needed utilities.
- I will work further on the implementation to make it secure by fixing these buggy assertions.

### Friday March 22nd
- Add more explicit RSA tests
    - Test with simple RSA parameters
    - Test with hardcoded valid large-size parameters
    - Test with paramaters of size 256, 512, 1024, and 2048 bits (skipped iterations).
    - Test rejected signatures in case of non-compliance including:
        - message
        - modulus
        - private key
        - signature modulus
    - These tests would also prove useful when adding correct assertions to the bigint circuit
- Document helper functions in `utils.ts`.
- Clean main `rsa.ts` file and push to a different branch

### Saturday March 23rd
- full time zk-regex + half day off