Proving and verifying WebAuthn with Halo2, specifically the ES256 algorithm variant with the P-256 curve, which is present on Apple's Face/Touch ID devices, Intel secure enclaves, Yubikey authenticators, and more.
The repository is structured into three main directories:
halo2-circuits/
, which contains the Halo2 circuit for P-256 ECDSA, ES256, and WebAuthnproving-server/
, which is the Rust webserver for generating proofscontracts/
, which includes the on-chain verifier and associated ERC-4337 contracts
The proving server API has a few endpoints for proving, verifying, and other relevant functions.
POST /setup
- set up proving / verifying keys and srs paramsPOST /prove
- generate a proof using the the Blake2b transcriptPOST /prove_evm
- generate a proof using the the EVM transcriptPOST /verify
- generate a proof using the the Blake2b transcriptPOST /verify_evm
- generate a proof using the the EVM transcriptPOST /generate_evm_verifier
- generate an EVM verifier and save to raw bytecode and Solidity
# Test P-256 circuit correctness
cd halo2-circuits/
cargo test -- --nocapture test_secp256r1_ecdsa
# Benchmarks for P-256 proving and verification
cd halo2-circuits/
cargo test -- --nocapture bench_secp256r1_ecdsa
# Benchmarks for sending a userOp via ERC-4337
cd contracts/
forge test --gas-report
Benchmarks for a 16GB Macbook Pro with an M1 Pro chip are available at ecdsa_bench.csv.
The primary application of this project is to implement a ERC-4337 "smart contract wallet" that verifies WebAuthn signatures. No wallet extensions or wallet apps are needed – users could send stablecoins, mint POAPs, or sign any other transactions purely within their browser. This is especially powerful for mobile devices with fingerprint / facial scans, where users can sign transactions within a mobile browser like Safari or Chrome.