refactor: sig verification into library (#1455)

**Motivation:**

*Explain here the context, and why you're making that change. What is
the problem you're trying to solve.*

**Modifications:**

*Describe the modifications you've done.*

**Result:**

*After your change, what will change.*

Author: eigenmikem

src/contracts/libraries/BN254SignatureVerifier.sol

@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.27;
+
+import {BN254} from "./BN254.sol";
+
+/**
+ * @title BN254SignatureVerifier
+ * @notice Library for BN254 signature verification
+ * @dev Provides unified signature verification with consistent gamma calculation and hash-to-G1 conversion
+ */
+library BN254SignatureVerifier {
+    using BN254 for BN254.G1Point;
+
+    /**
+     * @notice Core BN254 signature verification function with optional gas limiting
+     * @param msgHash The message hash that was signed
+     * @param signature The BLS signature to verify (G1 point)
+     * @param pubkeyG1 The G1 component of the public key
+     * @param pubkeyG2 The G2 component of the public key
+     * @param useGasLimit Whether to use gas-limited safe pairing
+     * @param pairingGas Gas limit for pairing (ignored if useGasLimit is false)
+     * @return success True if verification succeeded (always true if useGasLimit=false due to revert)
+     * @return pairingSuccessful True if pairing operation completed (only relevant when useGasLimit=true)
+     */
+    function verifySignature(
+        bytes32 msgHash,
+        BN254.G1Point memory signature,
+        BN254.G1Point memory pubkeyG1,
+        BN254.G2Point memory pubkeyG2,
+        bool useGasLimit,
+        uint256 pairingGas
+    ) internal view returns (bool success, bool pairingSuccessful) {
+        BN254.G1Point memory messagePoint = BN254.hashToG1(msgHash);
+        uint256 gamma = _calculateGamma(msgHash, pubkeyG1, pubkeyG2, signature);
+
+        // Calculate pairing inputs
+        BN254.G1Point memory leftG1 = signature.plus(pubkeyG1.scalar_mul(gamma));
+        BN254.G1Point memory rightG1 = messagePoint.plus(BN254.generatorG1().scalar_mul(gamma));
+
+        if (useGasLimit) {
+            // Use safe pairing with gas limit
+            (pairingSuccessful, success) =
+                BN254.safePairing(leftG1, BN254.negGeneratorG2(), rightG1, pubkeyG2, pairingGas);
+        } else {
+            success = BN254.pairing(leftG1, BN254.negGeneratorG2(), rightG1, pubkeyG2);
+            if (success) {
+                pairingSuccessful = true;
+            }
+        }
+    }
+
+    /**
+     * @notice Internal function to calculate gamma value for signature verification
+     * @param msgHash The message hash
+     * @param pubkeyG1 The G1 component of the public key
+     * @param pubkeyG2 The G2 component of the public key
+     * @param signature The signature point
+     * @return gamma The calculated gamma value
+     */
+    function _calculateGamma(
+        bytes32 msgHash,
+        BN254.G1Point memory pubkeyG1,
+        BN254.G2Point memory pubkeyG2,
+        BN254.G1Point memory signature
+    ) internal pure returns (uint256 gamma) {
+        gamma = uint256(
+            keccak256(
+                abi.encodePacked(
+                    msgHash,
+                    pubkeyG1.X,
+                    pubkeyG1.Y,
+                    pubkeyG2.X[0],
+                    pubkeyG2.X[1],
+                    pubkeyG2.Y[0],
+                    pubkeyG2.Y[1],
+                    signature.X,
+                    signature.Y
+                )
+            )
+        ) % BN254.FR_MODULUS;
+    }
+}

src/contracts/multichain/BN254CertificateVerifier.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8.27;
 import "@openzeppelin-upgrades/contracts/proxy/utils/Initializable.sol";
 
 import {BN254} from "../libraries/BN254.sol";
+import {BN254SignatureVerifier} from "../libraries/BN254SignatureVerifier.sol";
 import {Merkle} from "../libraries/Merkle.sol";
 import {OperatorSet} from "../libraries/OperatorSetLib.sol";
 
@@ -162,27 +163,12 @@ contract BN254CertificateVerifier is Initializable, BN254CertificateVerifierStor
         BN254.G2Point memory apkG2,
         BN254.G1Point memory signature
     ) internal view returns (bool pairingSuccessful, bool signatureValid) {
-        uint256 gamma = uint256(
-            keccak256(
-                abi.encodePacked(
-                    msgHash,
-                    aggPubkey.X,
-                    aggPubkey.Y,
-                    apkG2.X[0],
-                    apkG2.X[1],
-                    apkG2.Y[0],
-                    apkG2.Y[1],
-                    signature.X,
-                    signature.Y
-                )
-            )
-        ) % BN254.FR_MODULUS;
-
-        (pairingSuccessful, signatureValid) = BN254.safePairing(
-            signature.plus(aggPubkey.scalar_mul(gamma)), // sigma + apk*gamma
-            BN254.negGeneratorG2(), // -G2
-            BN254.hashToG1(msgHash).plus(BN254.generatorG1().scalar_mul(gamma)), // H(m) + g1*gamma
-            apkG2, // apkG2
+        return BN254SignatureVerifier.verifySignature(
+            msgHash,
+            signature,
+            aggPubkey,
+            apkG2,
+            true, // use gas limit
             PAIRING_EQUALITY_CHECK_GAS
         );
     }

src/contracts/permissions/KeyRegistrar.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8.27;
 import "@openzeppelin-upgrades/contracts/proxy/utils/Initializable.sol";
 import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import "../libraries/BN254.sol";
+import "../libraries/BN254SignatureVerifier.sol";
 import "../mixins/PermissionControllerMixin.sol";
 import "../mixins/SignatureUtilsMixin.sol";
 import "../interfaces/IPermissionController.sol";
@@ -193,9 +194,14 @@ contract KeyRegistrar is KeyRegistrarStorage, PermissionControllerMixin, Signatu
         );
         bytes32 signableDigest = _calculateSignableDigest(structHash);
 
-        // hash to g1
-        BN254.G1Point memory messagePoint = BN254.hashToG1(signableDigest);
-        _verifyBN254Signature(messagePoint, signature, g1Point, g2Point);
+        // Decode signature from bytes to G1 point
+        (uint256 sigX, uint256 sigY) = abi.decode(signature, (uint256, uint256));
+        BN254.G1Point memory signaturePoint = BN254.G1Point(sigX, sigY);
+
+        // Verify signature
+        (, bool pairingSuccessful) =
+            BN254SignatureVerifier.verifySignature(signableDigest, signaturePoint, g1Point, g2Point, false, 0);
+        require(pairingSuccessful, InvalidSignature());
 
         // Calculate key hash and check global uniqueness
         bytes32 keyHash = _getKeyHashForKeyData(keyData, CurveType.BN254);
@@ -242,56 +248,6 @@ contract KeyRegistrar is KeyRegistrarStorage, PermissionControllerMixin, Signatu
         revert InvalidCurveType();
     }
 
-    /**
-     * @notice Verifies a BN254 signature
-     * @param messagePoint The G1 point representing the hashed message
-     * @param signature The signature bytes
-     * @param pubkeyG1 The G1 component of the public key
-     * @param pubkeyG2 The G2 component of the public key
-     */
-    function _verifyBN254Signature(
-        BN254.G1Point memory messagePoint,
-        bytes memory signature,
-        BN254.G1Point memory pubkeyG1,
-        BN254.G2Point memory pubkeyG2
-    ) public view {
-        // Decode signature
-        BN254.G1Point memory sigPoint;
-        {
-            (uint256 sigX, uint256 sigY) = abi.decode(signature, (uint256, uint256));
-            sigPoint = BN254.G1Point(sigX, sigY);
-        }
-
-        // gamma = h(sigma, P, P', H(m)) - exact same pattern as BLSApkRegistry
-        uint256 gamma = uint256(
-            keccak256(
-                abi.encodePacked(
-                    sigPoint.X,
-                    sigPoint.Y,
-                    pubkeyG1.X,
-                    pubkeyG1.Y,
-                    pubkeyG2.X[0],
-                    pubkeyG2.X[1],
-                    pubkeyG2.Y[0],
-                    pubkeyG2.Y[1],
-                    messagePoint.X,
-                    messagePoint.Y
-                )
-            )
-        ) % BN254.FR_MODULUS;
-
-        // e(sigma + P * gamma, [1]_2) = e(H(m) + [1]_1 * gamma, P')
-        require(
-            BN254.pairing(
-                sigPoint.plus(pubkeyG1.scalar_mul(gamma)),
-                BN254.negGeneratorG2(),
-                messagePoint.plus(BN254.generatorG1().scalar_mul(gamma)),
-                pubkeyG2
-            ),
-            InvalidSignature()
-        );
-    }
-
     /**
      *
      *                         VIEW FUNCTIONS

src/test/unit/KeyRegistrarUnit.t.sol

@@ -7,6 +7,7 @@ import "forge-std/Test.sol";
 import "src/contracts/permissions/KeyRegistrar.sol";
 import "src/contracts/interfaces/IKeyRegistrar.sol";
 import "src/contracts/libraries/BN254.sol";
+import "src/contracts/libraries/BN254SignatureVerifier.sol";
 import "src/contracts/interfaces/IPermissionController.sol";
 import "src/contracts/mixins/PermissionControllerMixin.sol";
 import "src/test/utils/EigenLayerUnitTestSetup.sol";
@@ -663,20 +664,23 @@ contract KeyRegistrarUnitTests is EigenLayerUnitTestSetup {
 
         // Generate signature with private key
         BN254.G1Point memory msgPoint = BN254.hashToG1(messageHash);
-        BN254.G1Point memory signature = msgPoint.scalar_mul(bn254PrivKey1);
-        bytes memory signatureBytes = abi.encode(signature.X, signature.Y);
+        BN254.G1Point memory signature = msgPoint.scalar_mul(bn254PrivKey2);
 
-        // Should not revert for valid signature
-        keyRegistrar._verifyBN254Signature(msgPoint, signatureBytes, bn254G1Key1, bn254G2Key1);
+        (bool success, bool pairingSuccessful) =
+            BN254SignatureVerifier.verifySignature(messageHash, signature, bn254G1Key2, bn254G2Key2, false, 0);
+        assertTrue(success && pairingSuccessful);
     }
 
     function testVerifyBN254Signature_RevertInvalid() public {
         bytes32 messageHash = keccak256("test message");
-        bytes memory invalidSignature = abi.encode(uint(1), uint(2));
+
+        // Use a signature generated with the wrong private key - this should fail verification
         BN254.G1Point memory msgPoint = BN254.hashToG1(messageHash);
+        BN254.G1Point memory invalidSignature = msgPoint.scalar_mul(bn254PrivKey1); // Wrong private key
 
-        vm.expectRevert(ISignatureUtilsMixinErrors.InvalidSignature.selector);
-        keyRegistrar._verifyBN254Signature(msgPoint, invalidSignature, bn254G1Key1, bn254G2Key1);
+        (bool success, bool pairingSuccessful) =
+            BN254SignatureVerifier.verifySignature(messageHash, invalidSignature, bn254G1Key2, bn254G2Key2, false, 0);
+        assertFalse(success && pairingSuccessful);
     }
 
     function testRegisterBN254Key_RevertGloballyRegistered() public {