Modular exponentiation precompile wrapper

[frangio]

EIP 198 introduced the modular exponentiation precompile, also known as "modexp".

It's a useful primitive for cryptographic operations, which we would like to wrap in a library so that developers can use it without having to write assembly.

One of the challenges is the fact that the precompile receives and returns bignums, i.e. numbers of arbitrary size. In order to provide a good interface, we might need to define a struct to represent bignum types.

[mw2000]

Is anyone still working on this? If not I'd like to have a crack at this.

[mw2000]

I found this useful function on StackExchange that could be the solution to this: https://ethereum.stackexchange.com/questions/71565/verifying-modular-exponentiation-operation-in-etherum

[ernestognw]

I'm not sure if https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3298 's implementation is actually useful in the majority of the cases. The main reason why I see developers using modexp is because they're working with RSA signatures (not sure if there are other use cases).

When working with RSA signatures, a private key consists of a modulus m and an exponent e. So for producing a signature, a signer should get a digest of the signed message and then do modexp(digest, e, m) in order to get a signature.

Similarly, for verifying it's needed to do modexp(signature, e, m).

Both operations don't fit in an uint256 since the values of both e and m are typically 3072 bits (for 128-bit security).

Although RSA signatures have never been popular on Ethereum, with the new Account Abstraction trend it can be used as an alternative authorization mechanism. So, I'm afraid that this implementation wouldn't solve that particular use case. If there's another use case justifying this current implementation, we can consider merging it.