feat(auth): add ECDSA single sig and multisig authentication component

[onurinanc]

This PR implements the ECDSA Authentication Component for both single and multisig accounts.

Next Steps:

• Implement the ECDSA Authentication Component in the rust-client withinmiden-client.
• Implement the ECDSA Authentication Component in the web-client within miden-client.

Future Improvements:
This PR currently shares similar code patterns with the RpoFalcon512 and RpoFalcon512Multisig authentication components. A more pluggable design that unifies these authentication mechanisms into a single, configurable component will be explored.

[bobbinth]

Thank you, @onurinanc! Once question (w/o having looked at the code): should this go into main rather than next? I think we wanted to include this into v0.12 release - and if so, it should go into main - but not sure if there are any significant breaking changes here.

[onurinanc]

@bobbinth I think there are no any breaking changes in this PR. I’ll update the base branch to main.

[mmagician]

Just a superficial review on the MASM structure for now - I think we can reduce the diff significantly

[mmagician]

AFAICS, this is the same logic as in the falcon file?

In that case, it would be best to reduce code duplication and move this file into a common file (see e.g. https://github.com/0xMiden/miden-base/blob/b160cabba65b6af4bbc6473e12bf0692dff7c855/crates/miden-lib/asm/miden/auth/mod.masm)

[bobbinth]

Yes, this and other similar procedures can probably go into miden::auth::multisig module. But also, in the interest of time, I'm also fine keeping this as is for this PR and addressing de-duplication in a follow-up.

[mmagician]

ditto

[mmagician]

ditto

[bobbinth]

Looks good! Thank you! I reviewed all non-test code and left some comments inline - most of them are small nits and thoughts for the future.

[bobbinth]

Not for this PR, but I believe we can now replace this with adv.insert_hqword instruction.

@Fumuran could you create an issue for this?

[bobbinth]

Not from this PR, but I'm not seeing NUM_OF_APPROVERS_LOC. Maybe worth creating an issue to remove it. cc @partylikeits1983.

[bobbinth]

Yes, this and other similar procedures can probably go into miden::auth::multisig module. But also, in the interest of time, I'm also fine keeping this as is for this PR and addressing de-duplication in a follow-up.

[bobbinth]

Not for this PR, but we should start thinking about how to reduce code duplication. Ideally, instead of have two (or more) identical components that differ only in signature scheme used, we would have something like AuthBasicSinglesig and AuthBasicMultisig and the signature scheme would be defined internally.

There are at least two ways to do this:

1. We could store the root of the signature procedure in the storage. In the case of single-sig authentication, the storage layout would be [PUB_KEY, VERIFY_PROC_ROOT]. Then, we'd just use dynexec instruction to execute the stored procedure.
2. We could still keep just the public key in the storage and add an event to retrieve the type of the public key. Then, we could have a set of if-else statements to figure out which verification procedure to run for a given public key.

Both of these have their prons and cons:

• The first approach is more extensible: we don't need to modify the code to add support for a new signature scheme. But, we can't easily "mix" different signature schemes (mostly relevant in the context of the multisig).
• The second approach avoids the use of dynexec (which feels a bit risky) and it allows us to easily mix different signature schemes (e.g., in the same multisig we could have both ECDSA and Falcon public keys) - but it is not as extensible: adding a new signature scheme would require MASM code changes. It is also a bit more work as we'll need to get the public key type from the authenticator (though, we may need to do this for other reasons anyways).

There may be other approaches to reducing code duplication as well - e.g., something along the lines of #1956. But I haven't thought about this too much.

We should create an issue to discuss this and ideally come up with the improved approach for v0.13.0 release.

[bobbinth]

Looks good! Thank you! As mentioned in the pervious comments, I'll merge this as is, and we can work on code de-duplication in follow-up PRs and try to wrap up with work for v0.13 release.