From 05bef571803ba0e511188fa980af2174da0add40 Mon Sep 17 00:00:00 2001
From: x-senpai-x <sharmautsav0531@gmail.com>
Date: Sun, 22 Mar 2026 13:30:16 +0530
Subject: [PATCH 1/2] fix: bind RSA public exponent to fixed values

---
 .../tbs_1300/t_add_dsc_verify_1300.toml       |   3 +-
 .../tbs_1300/t_add_id_data_1300.toml          |   3 +-
 .../tbs_720/t_add_dsc_720.toml                |   3 +-
 .../tbs_720/t_add_id_data_720.toml            |   3 +-
 .../t_add_dsc_720/src/main.nr                 |   9 +-
 .../t_add_dsc_verify_1300/Nargo.toml          |   1 +
 .../t_add_dsc_verify_1300/src/main.nr         |   8 +-
 .../t_add_id_data_1300/src/main.nr            |  12 +-
 .../t_add_id_data_720/src/main.nr             |  12 +-
 .../utils/data-check/tbs-pubkey/Nargo.toml    |   5 +-
 .../utils/data-check/tbs-pubkey/src/lib.nr    | 135 +++++++++++++++++-
 .../utils/sig-check/common/src/lib.nr         |  14 ++
 .../utils/sig-check/fragmented-rsa/Nargo.toml |   1 +
 .../utils/sig-check/fragmented-rsa/src/lib.nr |   6 +-
 .../utils/sig-check/rsa/Nargo.toml            |   1 +
 .../utils/sig-check/rsa/src/lib.nr            |  50 ++++++-
 16 files changed, 246 insertions(+), 20 deletions(-)

diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml
index bee50a8e5..a890a5a67 100644
--- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml
+++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_dsc_verify_1300.toml
@@ -1,11 +1,12 @@
 comm_in = "0x045433920bc35680c37f22815da747e86bf7974625da04b1f015af21e42446b1"
 csc_pubkey = [208, 127, 177, 234, 50, 75, 101, 18, 206, 250, 228, 33, 237, 90, 21, 227, 71, 98, 152, 19, 83, 127, 240, 191, 83, 173, 209, 187, 204, 60, 55, 28, 178, 233, 40, 5, 26, 161, 3, 42, 9, 148, 226, 21, 124, 212, 182, 17, 167, 231, 99, 128, 28, 250, 218, 14, 223, 217, 242, 124, 76, 41, 160, 20, 185, 228, 97, 210, 75, 124, 211, 41, 123, 229, 70, 248, 109, 185, 175, 88, 101, 3, 128, 57, 26, 13, 146, 228, 150, 23, 74, 10, 8, 201, 116, 10, 252, 113, 176, 23, 57, 44, 17, 23, 199, 168, 105, 179, 70, 248, 60, 188, 153, 245, 115, 154, 29, 195, 140, 35, 100, 139, 242, 7, 17, 105, 135, 171, 196, 62, 119, 6, 137, 47, 31, 125, 57, 43, 71, 93, 251, 142, 245, 144, 12, 110, 5, 41, 174, 83, 34, 125, 87, 11, 80, 87, 49, 218, 214, 94, 228, 182, 112, 118, 178, 152, 120, 51, 25, 174, 238, 149, 140, 67, 183, 97, 227, 45, 231, 191, 253, 19, 128, 181, 183, 234, 34, 233, 155, 72, 130, 155, 247, 178, 203, 11, 54, 129, 252, 122, 126, 54, 245, 227, 208, 128, 158, 19, 149, 120, 73, 235, 222, 79, 132, 79, 124, 86, 226, 45, 0, 162, 0, 181, 7, 169, 46, 150, 74, 171, 56, 166, 99, 236, 234, 160, 94, 37, 57, 195, 104, 119, 80, 182, 180, 153, 20, 108, 233, 58, 34, 50, 159, 117, 217, 178, 239, 49, 177, 197, 41, 79, 22, 119, 78, 141, 51, 152, 217, 137, 227, 212, 113, 201, 120, 179, 105, 110, 60, 68, 50, 216, 247, 16, 16, 171, 247, 226, 220, 94, 162, 14, 42, 47, 121, 89, 25, 139, 66, 94, 195, 168, 87, 126, 188, 68, 63, 106, 174, 121, 249, 100, 252, 109, 210, 159, 95, 78, 238, 52, 158, 64, 133, 84, 3, 111, 224, 12, 237, 101, 169, 103, 200, 155, 68, 58, 252, 30, 71, 203, 191, 0, 121, 242, 105, 77, 112, 25, 135, 189, 123, 132, 44, 173, 199, 176, 211, 77, 185, 13, 122, 158, 36, 214, 172, 5, 69, 161, 42, 214, 82, 74, 50, 127, 129, 65, 52, 169, 223, 167, 157, 9, 20, 185, 159, 200, 253, 140, 94, 131, 115, 134, 180, 174, 3, 101, 13, 114, 146, 180, 163, 157, 9, 152, 173, 8, 120, 245, 206, 101, 156, 181, 194, 105, 80, 143, 20, 85, 24, 142, 104, 41, 183, 185, 93, 150, 59, 226, 166, 155, 103, 239, 249, 251, 67, 173, 67, 84, 4, 120, 89, 186, 232, 45, 142, 143, 113, 255, 2, 30, 164, 102, 109, 23, 85, 54, 174, 131, 194, 168, 126, 143, 61, 219, 98, 90, 67, 52, 225, 72, 68, 51, 98, 183, 38, 200, 115, 23, 217, 81, 202, 0, 241, 182, 149, 36, 29, 193, 121, 181, 147, 52, 76, 245, 92, 42, 174, 244, 252, 43, 139, 8, 106, 30, 150, 55, 151, 43, 104, 249, 147, 101]
+csc_key_ne_hash = "0x04f3d97197eb2e5240c7699e3faf96c1617f24b039f8d515b290d7e928924740"
+csc_pubkey_redc_param = [19, 165, 43, 147, 243, 62, 245, 198, 16, 226, 76, 181, 11, 33, 122, 50, 8, 146, 184, 53, 157, 103, 217, 123, 12, 245, 111, 27, 121, 118, 147, 162, 61, 247, 152, 155, 102, 232, 126, 61, 244, 200, 5, 80, 102, 48, 32, 140, 144, 42, 210, 143, 10, 110, 82, 31, 155, 109, 240, 20, 37, 253, 18, 42, 212, 15, 119, 136, 208, 106, 8, 161, 39, 28, 142, 243, 211, 182, 159, 196, 20, 118, 120, 239, 161, 160, 111, 130, 89, 15, 25, 125, 45, 173, 199, 5, 251, 173, 171, 187, 15, 150, 84, 233, 168, 215, 245, 49, 58, 201, 10, 23, 42, 23, 103, 52, 166, 72, 33, 68, 151, 78, 90, 181, 143, 216, 76, 93, 210, 66, 109, 141, 126, 111, 20, 178, 1, 8, 84, 100, 10, 136, 22, 11, 112, 73, 87, 58, 190, 60, 241, 221, 145, 178, 144, 121, 119, 118, 78, 144, 149, 199, 110, 186, 255, 41, 78, 174, 77, 163, 171, 6, 98, 168, 106, 17, 106, 250, 165, 128, 195, 128, 55, 154, 152, 194, 95, 206, 157, 104, 5, 155, 203, 40, 77, 230, 108, 67, 83, 248, 67, 19, 116, 214, 205, 23, 253, 227, 97, 20, 42, 154, 63, 148, 52, 139, 189, 53, 46, 53, 232, 126, 221, 112, 154, 24, 186, 11, 136, 247, 76, 19, 208, 218, 103, 179, 86, 52, 140, 162, 176, 0, 208, 190, 69, 203, 245, 46, 131, 95, 167, 239, 135, 114, 201, 28, 182, 153, 206, 37, 75, 189, 189, 131, 193, 88, 193, 148, 56, 104, 10, 82, 180, 233, 127, 21, 102, 22, 60, 109, 198, 224, 219, 59, 192, 25, 132, 201, 222, 3, 201, 6, 175, 173, 90, 78, 94, 19, 140, 8, 178, 201, 152, 76, 158, 197, 156, 114, 124, 41, 130, 31, 112, 240, 132, 51, 120, 64, 84, 131, 3, 154, 87, 14, 13, 134, 198, 54, 197, 151, 230, 111, 184, 196, 181, 61, 118, 163, 35, 9, 88, 4, 184, 83, 229, 214, 179, 23, 215, 26, 85, 162, 181, 19, 112, 124, 153, 77, 36, 165, 18, 204, 12, 147, 240, 48, 74, 252, 215, 249, 68, 157, 28, 48, 82, 143, 44, 157, 228, 215, 162, 154, 255, 49, 36, 133, 150, 81, 182, 142, 148, 108, 17, 234, 161, 116, 9, 13, 245, 35, 187, 112, 90, 104, 136, 169, 243, 160, 139, 119, 191, 219, 41, 146, 81, 208, 188, 238, 136, 223, 113, 215, 231, 158, 30, 246, 143, 195, 156, 44, 236, 158, 235, 208, 223, 8, 233, 71, 68, 208, 244, 3, 40, 0, 30, 192, 39, 241, 121, 47, 133, 149, 27, 130, 99, 234, 24, 144, 199, 40, 160, 232, 251, 143, 213, 50, 26, 251, 100, 101, 9, 76, 7, 77, 171, 0, 39, 250, 162, 119, 14, 198, 87, 253, 191, 47, 42, 26, 225, 119, 79, 17, 108, 245, 196, 68, 84, 214, 34, 210, 229, 253, 172, 6, 180, 104, 65, 83, 6, 10, 164, 29, 155]
 salt = "0x1"
 country = "AUS"
 state1 = [3828948639, 4073271942, 433182166, 3811311365, 3566743306, 1923568254, 3109579459, 1110735471]
 tbs_certificate = [48, 130, 1, 10, 2, 130, 1, 1, 0, 175, 129, 169, 48, 75, 201, 148, 9, 44, 101, 74, 102, 208, 170, 80, 87, 167, 158, 254, 182, 81, 253, 14, 124, 113, 45, 48, 144, 36, 5, 248, 31, 93, 49, 75, 149, 184, 114, 188, 161, 128, 33, 61, 152, 20, 57, 11, 226, 80, 82, 80, 10, 209, 152, 144, 112, 231, 229, 31, 130, 146, 213, 195, 46, 163, 187, 24, 68, 79, 56, 124, 205, 49, 44, 70, 146, 221, 223, 68, 147, 89, 27, 16, 80, 111, 178, 109, 166, 123, 27, 29, 37, 120, 192, 202, 246, 6, 132, 249, 14, 254, 239, 204, 225, 127, 186, 207, 215, 178, 142, 60, 232, 125, 83, 126, 240, 68, 243, 79, 119, 91, 83, 101, 115, 122, 64, 30, 91, 221, 154, 108, 225, 93, 137, 17, 211, 26, 118, 192, 139, 66, 108, 134, 167, 187, 106, 71, 227, 24, 98, 192, 198, 153, 49, 239, 67, 212, 101, 101, 4, 76, 153, 212, 177, 159, 190, 78, 10, 224, 173, 157, 91, 210, 237, 178, 115, 123, 245, 116, 202, 34, 222, 78, 153, 81, 155, 248, 151, 112, 213, 128, 252, 173, 11, 165, 189, 128, 245, 216, 176, 34, 8, 89, 234, 4, 237, 161, 225, 16, 206, 84, 251, 235, 84, 100, 148, 53, 18, 159, 134, 159, 65, 197, 221, 254, 23, 118, 144, 109, 54, 163, 163, 137, 13, 21, 182, 72, 183, 104, 190, 89, 8, 248, 244, 38, 62, 248, 56, 97, 149, 68, 81, 218, 203, 203, 183, 2, 3, 1, 0, 1, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 tbs_certificate_len = 850
-csc_pubkey_redc_param = [19, 165, 43, 147, 243, 62, 245, 198, 16, 226, 76, 181, 11, 33, 122, 50, 8, 146, 184, 53, 157, 103, 217, 123, 12, 245, 111, 27, 121, 118, 147, 162, 61, 247, 152, 155, 102, 232, 126, 61, 244, 200, 5, 80, 102, 48, 32, 140, 144, 42, 210, 143, 10, 110, 82, 31, 155, 109, 240, 20, 37, 253, 18, 42, 212, 15, 119, 136, 208, 106, 8, 161, 39, 28, 142, 243, 211, 182, 159, 196, 20, 118, 120, 239, 161, 160, 111, 130, 89, 15, 25, 125, 45, 173, 199, 5, 251, 173, 171, 187, 15, 150, 84, 233, 168, 215, 245, 49, 58, 201, 10, 23, 42, 23, 103, 52, 166, 72, 33, 68, 151, 78, 90, 181, 143, 216, 76, 93, 210, 66, 109, 141, 126, 111, 20, 178, 1, 8, 84, 100, 10, 136, 22, 11, 112, 73, 87, 58, 190, 60, 241, 221, 145, 178, 144, 121, 119, 118, 78, 144, 149, 199, 110, 186, 255, 41, 78, 174, 77, 163, 171, 6, 98, 168, 106, 17, 106, 250, 165, 128, 195, 128, 55, 154, 152, 194, 95, 206, 157, 104, 5, 155, 203, 40, 77, 230, 108, 67, 83, 248, 67, 19, 116, 214, 205, 23, 253, 227, 97, 20, 42, 154, 63, 148, 52, 139, 189, 53, 46, 53, 232, 126, 221, 112, 154, 24, 186, 11, 136, 247, 76, 19, 208, 218, 103, 179, 86, 52, 140, 162, 176, 0, 208, 190, 69, 203, 245, 46, 131, 95, 167, 239, 135, 114, 201, 28, 182, 153, 206, 37, 75, 189, 189, 131, 193, 88, 193, 148, 56, 104, 10, 82, 180, 233, 127, 21, 102, 22, 60, 109, 198, 224, 219, 59, 192, 25, 132, 201, 222, 3, 201, 6, 175, 173, 90, 78, 94, 19, 140, 8, 178, 201, 152, 76, 158, 197, 156, 114, 124, 41, 130, 31, 112, 240, 132, 51, 120, 64, 84, 131, 3, 154, 87, 14, 13, 134, 198, 54, 197, 151, 230, 111, 184, 196, 181, 61, 118, 163, 35, 9, 88, 4, 184, 83, 229, 214, 179, 23, 215, 26, 85, 162, 181, 19, 112, 124, 153, 77, 36, 165, 18, 204, 12, 147, 240, 48, 74, 252, 215, 249, 68, 157, 28, 48, 82, 143, 44, 157, 228, 215, 162, 154, 255, 49, 36, 133, 150, 81, 182, 142, 148, 108, 17, 234, 161, 116, 9, 13, 245, 35, 187, 112, 90, 104, 136, 169, 243, 160, 139, 119, 191, 219, 41, 146, 81, 208, 188, 238, 136, 223, 113, 215, 231, 158, 30, 246, 143, 195, 156, 44, 236, 158, 235, 208, 223, 8, 233, 71, 68, 208, 244, 3, 40, 0, 30, 192, 39, 241, 121, 47, 133, 149, 27, 130, 99, 234, 24, 144, 199, 40, 160, 232, 251, 143, 213, 50, 26, 251, 100, 101, 9, 76, 7, 77, 171, 0, 39, 250, 162, 119, 14, 198, 87, 253, 191, 47, 42, 26, 225, 119, 79, 17, 108, 245, 196, 68, 84, 214, 34, 210, 229, 253, 172, 6, 180, 104, 65, 83, 6, 10, 164, 29, 155]
 dsc_signature = [134, 242, 235, 133, 124, 225, 36, 1, 12, 194, 232, 181, 146, 9, 71, 223, 30, 21, 228, 131, 0, 44, 65, 127, 139, 103, 111, 149, 167, 229, 79, 233, 180, 60, 166, 16, 34, 195, 92, 60, 46, 129, 60, 49, 39, 183, 212, 164, 89, 15, 123, 9, 97, 228, 61, 191, 127, 186, 188, 180, 79, 225, 19, 145, 0, 66, 36, 152, 22, 189, 125, 175, 3, 49, 191, 217, 76, 116, 10, 204, 17, 41, 49, 97, 79, 121, 59, 46, 157, 49, 245, 198, 228, 67, 118, 129, 1, 105, 161, 129, 88, 147, 128, 120, 36, 211, 218, 95, 190, 174, 121, 205, 91, 107, 186, 193, 63, 79, 204, 81, 126, 34, 64, 186, 24, 172, 186, 120, 215, 109, 82, 251, 0, 225, 13, 110, 110, 200, 175, 242, 197, 227, 1, 85, 43, 126, 29, 235, 18, 101, 182, 175, 19, 49, 128, 152, 54, 147, 250, 123, 233, 255, 35, 250, 21, 173, 37, 219, 141, 233, 34, 37, 18, 190, 37, 123, 244, 143, 5, 45, 86, 0, 82, 64, 190, 157, 96, 201, 121, 24, 113, 226, 168, 73, 17, 173, 65, 232, 111, 246, 34, 231, 0, 128, 149, 190, 55, 183, 234, 102, 142, 137, 60, 190, 193, 204, 86, 179, 249, 119, 244, 59, 160, 81, 107, 167, 35, 87, 90, 36, 183, 176, 203, 240, 8, 253, 71, 209, 120, 159, 190, 28, 126, 238, 180, 21, 32, 14, 213, 238, 44, 140, 152, 211, 36, 83, 229, 57, 143, 157, 37, 182, 163, 149, 241, 242, 39, 175, 128, 49, 175, 158, 209, 167, 131, 120, 128, 51, 238, 151, 114, 96, 118, 128, 231, 240, 246, 236, 215, 16, 50, 47, 248, 88, 211, 34, 15, 81, 180, 247, 254, 107, 182, 148, 243, 218, 16, 251, 7, 196, 231, 57, 69, 19, 123, 28, 43, 86, 192, 176, 30, 174, 135, 63, 150, 145, 210, 161, 244, 147, 13, 63, 204, 228, 241, 221, 208, 18, 158, 97, 57, 254, 50, 25, 215, 44, 102, 212, 47, 243, 15, 125, 253, 15, 29, 30, 38, 122, 209, 126, 121, 188, 174, 164, 131, 201, 100, 36, 232, 250, 168, 211, 49, 246, 20, 176, 171, 94, 11, 249, 172, 56, 185, 72, 132, 21, 163, 228, 6, 113, 204, 228, 49, 84, 126, 205, 161, 122, 155, 172, 102, 161, 185, 184, 238, 239, 176, 168, 194, 97, 205, 25, 191, 180, 221, 20, 174, 82, 143, 209, 110, 202, 31, 15, 224, 43, 45, 217, 134, 41, 124, 64, 135, 51, 81, 26, 188, 227, 227, 176, 0, 160, 107, 152, 105, 244, 51, 104, 147, 85, 158, 121, 155, 178, 31, 213, 35, 130, 109, 49, 16, 184, 55, 232, 199, 128, 103, 248, 0, 96, 124, 135, 189, 224, 188, 78, 35, 162, 156, 250, 170, 89, 167, 248, 90, 146, 187, 37, 166, 128, 225, 174, 63, 25, 236, 210, 97, 33, 161, 113, 111, 207, 28, 254, 47, 177, 1, 249, 211, 94, 96, 185]
 exponent = 65537
 salt_out = "0x2"
diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml
index 73f9c9067..a1f8527ed 100644
--- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml
+++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_1300/t_add_id_data_1300.toml
@@ -5,9 +5,10 @@ dg1 = [60, 60, 60, 60, 60, 60, 60, 65, 85, 83, 60, 60, 60, 60, 60, 60, 60, 60, 6
 dsc_pubkey = [175, 129, 169, 48, 75, 201, 148, 9, 44, 101, 74, 102, 208, 170, 80, 87, 167, 158, 254, 182, 81, 253, 14, 124, 113, 45, 48, 144, 36, 5, 248, 31, 93, 49, 75, 149, 184, 114, 188, 161, 128, 33, 61, 152, 20, 57, 11, 226, 80, 82, 80, 10, 209, 152, 144, 112, 231, 229, 31, 130, 146, 213, 195, 46, 163, 187, 24, 68, 79, 56, 124, 205, 49, 44, 70, 146, 221, 223, 68, 147, 89, 27, 16, 80, 111, 178, 109, 166, 123, 27, 29, 37, 120, 192, 202, 246, 6, 132, 249, 14, 254, 239, 204, 225, 127, 186, 207, 215, 178, 142, 60, 232, 125, 83, 126, 240, 68, 243, 79, 119, 91, 83, 101, 115, 122, 64, 30, 91, 221, 154, 108, 225, 93, 137, 17, 211, 26, 118, 192, 139, 66, 108, 134, 167, 187, 106, 71, 227, 24, 98, 192, 198, 153, 49, 239, 67, 212, 101, 101, 4, 76, 153, 212, 177, 159, 190, 78, 10, 224, 173, 157, 91, 210, 237, 178, 115, 123, 245, 116, 202, 34, 222, 78, 153, 81, 155, 248, 151, 112, 213, 128, 252, 173, 11, 165, 189, 128, 245, 216, 176, 34, 8, 89, 234, 4, 237, 161, 225, 16, 206, 84, 251, 235, 84, 100, 148, 53, 18, 159, 134, 159, 65, 197, 221, 254, 23, 118, 144, 109, 54, 163, 163, 137, 13, 21, 182, 72, 183, 104, 190, 89, 8, 248, 244, 38, 62, 248, 56, 97, 149, 68, 81, 218, 203, 203, 183]
 dsc_pubkey_redc_param = [23, 86, 146, 55, 63, 159, 232, 60, 221, 119, 124, 9, 188, 82, 165, 23, 158, 68, 5, 232, 168, 133, 63, 147, 86, 8, 2, 197, 30, 202, 6, 196, 129, 59, 244, 235, 113, 52, 51, 248, 98, 48, 137, 234, 84, 170, 65, 207, 33, 186, 6, 254, 161, 135, 119, 198, 104, 247, 24, 246, 156, 81, 61, 99, 126, 80, 216, 52, 161, 179, 129, 133, 173, 141, 134, 234, 156, 64, 79, 255, 61, 141, 190, 123, 205, 191, 152, 53, 145, 191, 77, 125, 60, 188, 104, 182, 169, 121, 230, 26, 1, 124, 62, 101, 28, 75, 250, 66, 171, 241, 231, 237, 225, 61, 249, 0, 117, 84, 60, 140, 51, 219, 193, 160, 77, 14, 253, 51, 64, 71, 45, 165, 162, 194, 117, 93, 144, 116, 178, 209, 189, 183, 77, 171, 54, 237, 113, 243, 114, 148, 21, 228, 165, 153, 19, 160, 227, 104, 59, 208, 214, 235, 96, 164, 133, 47, 251, 13, 59, 164, 129, 240, 105, 214, 104, 124, 12, 21, 255, 35, 85, 51, 170, 117, 71, 178, 214, 151, 127, 253, 71, 112, 209, 152, 120, 178, 174, 176, 58, 133, 236, 254, 22, 242, 94, 92, 52, 237, 195, 7, 135, 23, 202, 41, 67, 107, 115, 192, 105, 51, 59, 132, 59, 206, 91, 236, 171, 188, 82, 152, 31, 108, 101, 190, 85, 255, 129, 181, 133, 126, 193, 79, 106, 11, 58, 161, 68, 180, 115, 123, 0, 189, 63, 28, 219, 233, 56]
 dsc_pubkey_offset_in_dsc_cert = 9
+exponent = 65537
+exponent_offset_in_dsc_cert = 267
 sod_signature = [49, 82, 246, 122, 19, 59, 45, 0, 177, 1, 87, 120, 87, 11, 161, 239, 3, 249, 38, 76, 252, 218, 41, 186, 212, 255, 115, 93, 61, 126, 32, 45, 23, 213, 196, 108, 114, 169, 113, 7, 154, 18, 167, 25, 25, 27, 194, 114, 135, 8, 37, 84, 208, 23, 27, 57, 163, 118, 74, 6, 231, 69, 9, 217, 236, 137, 219, 240, 189, 26, 131, 1, 235, 7, 154, 43, 28, 206, 16, 186, 23, 101, 46, 95, 236, 154, 223, 150, 100, 20, 161, 29, 86, 197, 67, 93, 206, 196, 125, 105, 53, 145, 158, 61, 204, 142, 223, 173, 216, 92, 32, 103, 98, 195, 108, 15, 123, 238, 9, 7, 149, 47, 149, 249, 97, 112, 140, 53, 7, 173, 48, 226, 190, 242, 124, 83, 23, 84, 52, 101, 194, 21, 138, 178, 155, 243, 196, 72, 173, 74, 160, 87, 171, 165, 251, 137, 93, 34, 78, 37, 248, 131, 241, 134, 158, 12, 44, 0, 225, 80, 16, 3, 29, 30, 144, 38, 191, 129, 51, 186, 7, 125, 14, 87, 88, 158, 30, 6, 109, 47, 101, 202, 94, 215, 177, 113, 2, 148, 208, 150, 29, 57, 165, 123, 73, 103, 247, 176, 90, 74, 58, 214, 151, 149, 112, 198, 55, 27, 242, 91, 215, 74, 52, 244, 241, 51, 75, 142, 233, 181, 37, 113, 101, 113, 106, 164, 216, 83, 189, 110, 194, 226, 251, 61, 238, 86, 238, 228, 238, 254, 32, 95, 49, 100, 15, 179]
 tbs_certificate = [48, 130, 1, 10, 2, 130, 1, 1, 0, 175, 129, 169, 48, 75, 201, 148, 9, 44, 101, 74, 102, 208, 170, 80, 87, 167, 158, 254, 182, 81, 253, 14, 124, 113, 45, 48, 144, 36, 5, 248, 31, 93, 49, 75, 149, 184, 114, 188, 161, 128, 33, 61, 152, 20, 57, 11, 226, 80, 82, 80, 10, 209, 152, 144, 112, 231, 229, 31, 130, 146, 213, 195, 46, 163, 187, 24, 68, 79, 56, 124, 205, 49, 44, 70, 146, 221, 223, 68, 147, 89, 27, 16, 80, 111, 178, 109, 166, 123, 27, 29, 37, 120, 192, 202, 246, 6, 132, 249, 14, 254, 239, 204, 225, 127, 186, 207, 215, 178, 142, 60, 232, 125, 83, 126, 240, 68, 243, 79, 119, 91, 83, 101, 115, 122, 64, 30, 91, 221, 154, 108, 225, 93, 137, 17, 211, 26, 118, 192, 139, 66, 108, 134, 167, 187, 106, 71, 227, 24, 98, 192, 198, 153, 49, 239, 67, 212, 101, 101, 4, 76, 153, 212, 177, 159, 190, 78, 10, 224, 173, 157, 91, 210, 237, 178, 115, 123, 245, 116, 202, 34, 222, 78, 153, 81, 155, 248, 151, 112, 213, 128, 252, 173, 11, 165, 189, 128, 245, 216, 176, 34, 8, 89, 234, 4, 237, 161, 225, 16, 206, 84, 251, 235, 84, 100, 148, 53, 18, 159, 134, 159, 65, 197, 221, 254, 23, 118, 144, 109, 54, 163, 163, 137, 13, 21, 182, 72, 183, 104, 190, 89, 8, 248, 244, 38, 62, 248, 56, 97, 149, 68, 81, 218, 203, 203, 183, 2, 3, 1, 0, 1, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 signed_attributes = [211, 193, 250, 21, 235, 80, 39, 78, 193, 183, 135, 72, 121, 250, 28, 5, 52, 114, 247, 226, 239, 85, 157, 215, 111, 196, 53, 0, 194, 221, 150, 136, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 signed_attributes_size = 32
-exponent = 65537
 e_content = [253, 51, 11, 117, 232, 161, 148, 187, 21, 27, 187, 140, 18, 92, 136, 34, 182, 250, 146, 125, 141, 230, 22, 147, 205, 153, 108, 117, 179, 69, 32, 173, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml
index 5605156b5..fe871d929 100644
--- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml
+++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_dsc_720.toml
@@ -1,8 +1,9 @@
 csc_pubkey = [191, 56, 52, 58, 68, 102, 237, 183, 171, 195, 84, 11, 3, 233, 51, 203, 74, 37, 42, 68, 152, 19, 154, 192, 131, 19, 113, 213, 124, 239, 224, 225, 165, 80, 127, 141, 153, 142, 67, 27, 80, 195, 133, 114, 240, 90, 185, 199, 165, 202, 176, 89, 69, 36, 65, 105, 30, 110, 4, 208, 12, 242, 135, 138, 112, 0, 112, 23, 63, 255, 106, 101, 85, 230, 227, 208, 200, 233, 85, 158, 57, 216, 198, 32, 116, 4, 181, 10, 208, 243, 151, 165, 147, 187, 14, 133, 61, 31, 15, 146, 160, 16, 91, 221, 65, 81, 131, 77, 250, 8, 5, 30, 244, 110, 139, 157, 228, 250, 47, 54, 46, 153, 235, 164, 201, 64, 61, 171, 152, 23, 115, 253, 143, 134, 106, 100, 221, 126, 124, 29, 158, 68, 169, 153, 8, 134, 19, 141, 243, 173, 103, 176, 135, 248, 179, 254, 74, 187, 86, 47, 12, 204, 128, 145, 46, 121, 60, 229, 217, 220, 247, 135, 186, 158, 69, 91, 128, 116, 92, 152, 233, 139, 249, 106, 63, 203, 217, 86, 113, 2, 78, 165, 244, 86, 152, 213, 164, 36, 24, 179, 100, 67, 182, 69, 30, 5, 131, 11, 129, 211, 171, 52, 237, 148, 104, 197, 107, 44, 64, 38, 244, 242, 170, 3, 191, 182, 145, 129, 165, 236, 217, 97, 192, 75, 17, 254, 254, 33, 68, 205, 70, 79, 134, 69, 244, 176, 24, 133, 19, 70, 24, 170, 161, 72, 171, 48, 146, 75, 134, 119, 13, 39, 217, 189, 2, 173, 141, 136, 176, 140, 220, 230, 94, 151, 182, 4, 120, 218, 39, 115, 34, 78, 139, 102, 230, 227, 223, 78, 72, 133, 59, 224, 128, 79, 71, 67, 133, 171, 11, 66, 200, 133, 21, 76, 125, 126, 111, 212, 29, 7, 92, 4, 5, 189, 41, 21, 15, 96, 31, 28, 233, 156, 44, 254, 47, 121, 82, 71, 133, 69, 3, 135, 247, 237, 29, 140, 111, 2, 232, 200, 129, 234, 113, 146, 243, 148, 127, 227, 183, 110, 190, 65, 93, 136, 180, 104, 17, 121, 45, 128, 216, 192, 95, 111, 75, 47, 182, 96, 41, 126, 100, 40, 129, 43, 154, 14, 220, 192, 8, 64, 47, 153, 2, 244, 140, 51, 4, 212, 105, 249, 255, 60, 143, 2, 60, 86, 176, 65, 253, 132, 133, 84, 56, 165, 169, 121, 182, 176, 237, 210, 209, 119, 253, 138, 95, 127, 194, 72, 248, 212, 91, 87, 203, 173, 38, 80, 222, 101, 163, 252, 86, 186, 143, 161, 184, 70, 24, 248, 230, 196, 157, 35, 205, 39, 49, 136, 8, 204, 176, 116, 68, 167, 1, 10, 217, 82, 208, 215, 28, 231, 252, 203, 70, 240, 62, 4, 211, 209, 148, 141, 44, 246, 215, 112, 162, 20, 129, 94, 123, 230, 126, 128, 33, 41, 231, 119, 64, 51, 253, 166, 145, 64, 10, 158, 141, 43, 193, 20, 69, 15, 194, 35, 139, 233, 28, 240, 166, 131, 61, 187, 241, 129]
+csc_key_ne_hash = "0x1ca4af41d370d02b729b6a63b4aea3cf29242ad76ac8420c144d7558072ba172"
+csc_pubkey_redc_param = [21, 107, 159, 157, 72, 119, 18, 0, 27, 71, 177, 110, 89, 195, 140, 32, 0, 81, 204, 142, 10, 42, 57, 174, 56, 49, 20, 174, 40, 168, 13, 110, 119, 62, 130, 206, 113, 131, 163, 69, 216, 148, 52, 169, 100, 129, 114, 255, 46, 231, 61, 14, 80, 203, 136, 94, 50, 194, 33, 127, 20, 160, 234, 71, 20, 201, 8, 231, 223, 0, 192, 38, 138, 232, 188, 101, 68, 103, 102, 81, 27, 78, 37, 96, 11, 135, 61, 12, 158, 37, 141, 215, 151, 25, 176, 135, 41, 133, 163, 113, 221, 161, 175, 226, 9, 113, 252, 229, 239, 48, 55, 162, 33, 178, 224, 94, 18, 161, 220, 186, 163, 10, 133, 85, 127, 74, 95, 74, 192, 164, 69, 236, 121, 95, 224, 115, 181, 169, 156, 121, 161, 180, 127, 61, 26, 113, 65, 35, 241, 87, 67, 152, 40, 160, 29, 190, 249, 119, 178, 40, 99, 198, 222, 102, 162, 68, 138, 169, 237, 193, 199, 151, 159, 80, 118, 20, 141, 97, 224, 76, 212, 29, 80, 238, 32, 234, 172, 151, 141, 134, 227, 177, 61, 106, 9, 105, 194, 149, 232, 171, 165, 135, 244, 24, 214, 213, 28, 115, 68, 75, 160, 198, 129, 73, 238, 59, 59, 4, 45, 101, 235, 220, 224, 224, 5, 76, 13, 218, 137, 189, 174, 52, 38, 192, 245, 127, 138, 81, 96, 255, 162, 119, 44, 210, 247, 66, 99, 3, 202, 110, 26, 174, 27, 157, 15, 85, 81, 115, 162, 35, 217, 73, 84, 139, 198, 206, 205, 93, 221, 207, 182, 126, 20, 211, 178, 23, 232, 95, 253, 252, 254, 211, 143, 149, 130, 102, 69, 47, 230, 141, 23, 107, 148, 35, 98, 85, 98, 111, 238, 85, 148, 111, 251, 83, 220, 88, 156, 81, 27, 196, 8, 5, 66, 216, 111, 3, 226, 212, 80, 151, 38, 164, 172, 189, 112, 224, 225, 98, 165, 86, 180, 31, 32, 249, 202, 127, 244, 142, 127, 17, 239, 16, 41, 1, 191, 113, 134, 18, 66, 251, 227, 254, 73, 53, 180, 104, 27, 133, 32, 198, 218, 159, 226, 32, 79, 136, 115, 52, 110, 242, 239, 204, 109, 154, 29, 180, 85, 142, 244, 160, 90, 14, 37, 236, 159, 130, 229, 169, 11, 37, 132, 37, 49, 124, 225, 206, 164, 202, 94, 34, 8, 5, 49, 56, 17, 171, 65, 211, 126, 42, 109, 62, 176, 132, 107, 62, 190, 141, 214, 11, 217, 6, 52, 198, 157, 181, 22, 107, 245, 249, 222, 4, 71, 63, 54, 104, 23, 171, 180, 131, 16, 230, 23, 94, 39, 61, 149, 204, 15, 42, 7, 187, 147, 37, 55, 67, 188, 147, 194, 254, 154, 193, 95, 227, 162, 216, 3, 127, 116, 248, 115, 121, 126, 176, 253, 175, 7, 245, 175, 129, 254, 70, 151, 36, 174, 235, 172, 158, 244, 206, 119, 184, 231, 1, 14, 162, 152, 159, 97, 136, 82, 216, 75, 161, 36, 208, 59, 62, 13, 12, 35, 82, 236]
 salt = "0x2"
 country = "<<<"
 tbs_certificate = [48, 130, 1, 10, 2, 130, 1, 1, 0, 144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211, 2, 3, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
-csc_pubkey_redc_param = [21, 107, 159, 157, 72, 119, 18, 0, 27, 71, 177, 110, 89, 195, 140, 32, 0, 81, 204, 142, 10, 42, 57, 174, 56, 49, 20, 174, 40, 168, 13, 110, 119, 62, 130, 206, 113, 131, 163, 69, 216, 148, 52, 169, 100, 129, 114, 255, 46, 231, 61, 14, 80, 203, 136, 94, 50, 194, 33, 127, 20, 160, 234, 71, 20, 201, 8, 231, 223, 0, 192, 38, 138, 232, 188, 101, 68, 103, 102, 81, 27, 78, 37, 96, 11, 135, 61, 12, 158, 37, 141, 215, 151, 25, 176, 135, 41, 133, 163, 113, 221, 161, 175, 226, 9, 113, 252, 229, 239, 48, 55, 162, 33, 178, 224, 94, 18, 161, 220, 186, 163, 10, 133, 85, 127, 74, 95, 74, 192, 164, 69, 236, 121, 95, 224, 115, 181, 169, 156, 121, 161, 180, 127, 61, 26, 113, 65, 35, 241, 87, 67, 152, 40, 160, 29, 190, 249, 119, 178, 40, 99, 198, 222, 102, 162, 68, 138, 169, 237, 193, 199, 151, 159, 80, 118, 20, 141, 97, 224, 76, 212, 29, 80, 238, 32, 234, 172, 151, 141, 134, 227, 177, 61, 106, 9, 105, 194, 149, 232, 171, 165, 135, 244, 24, 214, 213, 28, 115, 68, 75, 160, 198, 129, 73, 238, 59, 59, 4, 45, 101, 235, 220, 224, 224, 5, 76, 13, 218, 137, 189, 174, 52, 38, 192, 245, 127, 138, 81, 96, 255, 162, 119, 44, 210, 247, 66, 99, 3, 202, 110, 26, 174, 27, 157, 15, 85, 81, 115, 162, 35, 217, 73, 84, 139, 198, 206, 205, 93, 221, 207, 182, 126, 20, 211, 178, 23, 232, 95, 253, 252, 254, 211, 143, 149, 130, 102, 69, 47, 230, 141, 23, 107, 148, 35, 98, 85, 98, 111, 238, 85, 148, 111, 251, 83, 220, 88, 156, 81, 27, 196, 8, 5, 66, 216, 111, 3, 226, 212, 80, 151, 38, 164, 172, 189, 112, 224, 225, 98, 165, 86, 180, 31, 32, 249, 202, 127, 244, 142, 127, 17, 239, 16, 41, 1, 191, 113, 134, 18, 66, 251, 227, 254, 73, 53, 180, 104, 27, 133, 32, 198, 218, 159, 226, 32, 79, 136, 115, 52, 110, 242, 239, 204, 109, 154, 29, 180, 85, 142, 244, 160, 90, 14, 37, 236, 159, 130, 229, 169, 11, 37, 132, 37, 49, 124, 225, 206, 164, 202, 94, 34, 8, 5, 49, 56, 17, 171, 65, 211, 126, 42, 109, 62, 176, 132, 107, 62, 190, 141, 214, 11, 217, 6, 52, 198, 157, 181, 22, 107, 245, 249, 222, 4, 71, 63, 54, 104, 23, 171, 180, 131, 16, 230, 23, 94, 39, 61, 149, 204, 15, 42, 7, 187, 147, 37, 55, 67, 188, 147, 194, 254, 154, 193, 95, 227, 162, 216, 3, 127, 116, 248, 115, 121, 126, 176, 253, 175, 7, 245, 175, 129, 254, 70, 151, 36, 174, 235, 172, 158, 244, 206, 119, 184, 231, 1, 14, 162, 152, 159, 97, 136, 82, 216, 75, 161, 36, 208, 59, 62, 13, 12, 35, 82, 236]
 dsc_signature = [71, 151, 90, 104, 225, 194, 204, 189, 133, 238, 99, 243, 154, 33, 179, 225, 16, 61, 209, 231, 178, 20, 10, 41, 218, 115, 35, 100, 165, 196, 140, 201, 144, 176, 84, 28, 141, 196, 127, 247, 234, 183, 55, 102, 230, 157, 209, 2, 35, 235, 82, 126, 131, 245, 25, 60, 149, 44, 150, 113, 186, 83, 136, 220, 43, 195, 6, 82, 238, 87, 88, 26, 60, 14, 243, 84, 14, 216, 239, 139, 152, 108, 134, 184, 173, 109, 237, 100, 24, 132, 38, 204, 127, 184, 90, 12, 227, 198, 79, 121, 169, 157, 218, 114, 132, 153, 147, 135, 226, 41, 192, 253, 62, 55, 119, 193, 65, 236, 77, 150, 118, 245, 136, 133, 203, 25, 230, 208, 134, 31, 17, 236, 182, 20, 70, 47, 91, 177, 122, 182, 76, 118, 84, 27, 190, 39, 67, 47, 52, 98, 17, 1, 150, 87, 160, 226, 171, 189, 227, 205, 208, 166, 141, 43, 118, 39, 191, 146, 241, 176, 225, 178, 255, 101, 1, 133, 35, 103, 203, 147, 147, 0, 113, 6, 206, 134, 199, 64, 203, 248, 203, 174, 35, 99, 123, 223, 212, 70, 122, 213, 0, 61, 125, 205, 220, 136, 58, 37, 190, 26, 19, 13, 37, 2, 221, 152, 255, 89, 57, 1, 157, 72, 232, 84, 206, 221, 206, 233, 94, 247, 117, 227, 208, 206, 13, 245, 63, 195, 75, 224, 26, 99, 230, 232, 223, 90, 87, 170, 117, 216, 105, 241, 124, 246, 47, 60, 221, 159, 152, 20, 196, 235, 232, 25, 135, 174, 18, 204, 240, 11, 146, 51, 210, 235, 198, 119, 167, 232, 219, 28, 70, 181, 132, 138, 192, 18, 42, 80, 147, 168, 185, 248, 224, 26, 70, 116, 133, 150, 215, 250, 195, 165, 232, 18, 157, 24, 179, 22, 109, 4, 201, 236, 206, 25, 153, 44, 208, 222, 136, 39, 38, 13, 141, 115, 72, 114, 49, 0, 61, 247, 155, 211, 23, 75, 229, 128, 29, 13, 80, 236, 170, 80, 70, 219, 165, 106, 2, 37, 84, 29, 12, 10, 201, 238, 100, 237, 79, 214, 192, 228, 170, 181, 160, 211, 210, 215, 220, 139, 100, 142, 13, 161, 118, 52, 92, 141, 84, 237, 130, 139, 203, 97, 153, 234, 43, 11, 106, 168, 246, 146, 82, 212, 6, 149, 196, 166, 223, 219, 24, 57, 187, 219, 3, 3, 216, 191, 187, 147, 172, 35, 226, 142, 231, 79, 180, 17, 78, 102, 57, 160, 169, 45, 233, 40, 195, 137, 241, 24, 151, 228, 107, 125, 154, 227, 25, 213, 59, 124, 200, 183, 64, 181, 82, 47, 227, 146, 95, 48, 65, 34, 165, 28, 66, 162, 46, 175, 59, 108, 183, 153, 205, 48, 95, 165, 78, 18, 88, 154, 121, 211, 8, 125, 152, 120, 225, 237, 37, 49, 215, 93, 174, 197, 33, 189, 51, 30, 225, 223, 26, 30, 39, 143, 49, 74, 95, 227, 205, 194, 79, 72, 94, 254, 55, 197, 85, 69, 148, 242, 124, 64, 251, 186]
 exponent = 65537
 tbs_certificate_len = 270
diff --git a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml
index 2b66c8bc5..c597d9d0b 100644
--- a/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml
+++ b/noir-examples/noir-passport/merkle_age_check/benchmark-inputs/tbs_720/t_add_id_data_720.toml
@@ -5,9 +5,10 @@ dg1 = [60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 6
 dsc_pubkey = [144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211]
 dsc_pubkey_redc_param = [28, 94, 216, 205, 130, 214, 187, 182, 58, 208, 228, 159, 128, 141, 147, 245, 68, 203, 236, 129, 99, 140, 108, 211, 245, 198, 71, 176, 2, 196, 241, 58, 221, 37, 54, 244, 93, 131, 148, 193, 87, 121, 38, 188, 142, 196, 4, 105, 26, 37, 150, 148, 152, 205, 235, 126, 184, 93, 105, 56, 44, 19, 57, 156, 74, 145, 52, 201, 54, 91, 218, 1, 26, 107, 219, 199, 28, 10, 57, 32, 22, 195, 131, 58, 46, 165, 57, 181, 53, 133, 182, 229, 180, 5, 229, 103, 172, 187, 96, 43, 14, 4, 151, 199, 136, 53, 224, 199, 167, 81, 240, 180, 174, 254, 87, 255, 239, 218, 1, 170, 8, 126, 189, 0, 83, 125, 173, 191, 84, 53, 29, 80, 88, 48, 59, 50, 243, 156, 221, 1, 81, 7, 140, 195, 28, 126, 195, 88, 226, 224, 141, 129, 220, 242, 189, 217, 16, 44, 163, 154, 247, 61, 237, 213, 56, 204, 14, 199, 251, 110, 139, 117, 142, 16, 234, 116, 47, 82, 226, 88, 40, 15, 104, 74, 12, 48, 224, 229, 64, 4, 157, 1, 124, 203, 51, 181, 191, 194, 149, 113, 225, 34, 173, 236, 206, 22, 80, 189, 181, 158, 100, 248, 60, 60, 68, 157, 169, 68, 26, 229, 226, 151, 181, 39, 197, 51, 51, 171, 197, 130, 196, 219, 115, 145, 84, 69, 157, 247, 71, 141, 198, 109, 219, 255, 149, 228, 19, 23, 56, 175, 123, 107, 192, 219, 175, 130, 60]
 dsc_pubkey_offset_in_dsc_cert = 9
+exponent = 65537
+exponent_offset_in_dsc_cert = 267
 sod_signature = [113, 231, 195, 7, 247, 11, 13, 57, 73, 228, 48, 151, 133, 177, 43, 142, 233, 232, 70, 198, 60, 147, 234, 31, 248, 165, 161, 227, 36, 157, 234, 192, 235, 66, 210, 134, 202, 126, 240, 251, 47, 94, 6, 66, 165, 99, 234, 225, 135, 175, 214, 112, 243, 5, 12, 58, 222, 45, 16, 140, 95, 199, 207, 243, 17, 141, 236, 227, 27, 183, 92, 45, 92, 117, 20, 139, 103, 240, 111, 189, 113, 164, 58, 126, 186, 35, 39, 145, 166, 239, 112, 202, 131, 158, 133, 248, 79, 243, 9, 0, 128, 80, 184, 109, 14, 4, 40, 173, 155, 206, 61, 0, 149, 194, 127, 58, 248, 183, 11, 117, 246, 66, 248, 251, 74, 141, 219, 83, 53, 11, 222, 95, 146, 140, 147, 135, 235, 177, 214, 35, 212, 87, 103, 117, 40, 147, 213, 173, 201, 2, 233, 69, 28, 152, 17, 217, 168, 186, 12, 39, 27, 118, 62, 66, 202, 18, 180, 191, 20, 14, 158, 218, 47, 227, 158, 150, 150, 69, 205, 76, 190, 201, 137, 71, 240, 190, 250, 180, 225, 107, 131, 18, 221, 210, 116, 127, 218, 219, 60, 166, 172, 0, 104, 115, 76, 65, 186, 6, 109, 66, 73, 156, 158, 248, 7, 30, 208, 69, 51, 242, 110, 193, 169, 240, 188, 19, 64, 161, 116, 211, 138, 136, 15, 100, 130, 251, 1, 243, 115, 185, 237, 30, 196, 110, 105, 193, 248, 56, 97, 213, 178, 105, 201, 134, 50, 102]
 tbs_certificate = [48, 130, 1, 10, 2, 130, 1, 1, 0, 144, 96, 22, 98, 202, 23, 238, 6, 187, 83, 246, 10, 141, 149, 39, 62, 150, 207, 25, 76, 254, 121, 159, 193, 25, 17, 64, 229, 112, 170, 152, 94, 212, 213, 4, 191, 8, 183, 225, 184, 213, 181, 211, 100, 210, 60, 155, 26, 13, 219, 11, 116, 84, 236, 33, 212, 47, 5, 187, 226, 120, 161, 57, 97, 200, 250, 174, 139, 216, 171, 95, 178, 148, 109, 3, 137, 151, 245, 142, 53, 177, 251, 74, 202, 2, 157, 33, 55, 30, 189, 239, 243, 101, 183, 43, 68, 245, 198, 9, 90, 109, 89, 109, 33, 98, 32, 173, 121, 203, 2, 79, 68, 150, 135, 158, 72, 76, 223, 55, 66, 30, 45, 33, 16, 91, 153, 158, 127, 64, 221, 31, 151, 241, 93, 105, 235, 153, 176, 146, 221, 20, 231, 141, 2, 146, 77, 209, 30, 90, 33, 33, 232, 176, 145, 244, 229, 221, 43, 101, 10, 210, 55, 50, 200, 103, 87, 18, 82, 53, 193, 130, 124, 69, 96, 179, 87, 245, 203, 181, 205, 57, 67, 181, 80, 198, 57, 101, 151, 179, 103, 201, 243, 52, 68, 91, 122, 137, 209, 141, 39, 68, 73, 244, 200, 211, 125, 2, 176, 12, 80, 77, 81, 225, 169, 34, 209, 187, 212, 47, 56, 92, 220, 159, 89, 236, 133, 200, 211, 11, 237, 217, 129, 115, 191, 208, 39, 198, 179, 16, 28, 59, 121, 160, 48, 239, 81, 144, 102, 168, 122, 158, 59, 83, 54, 91, 211, 2, 3, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 signed_attributes = [213, 19, 219, 127, 44, 247, 154, 190, 26, 122, 188, 163, 73, 227, 191, 71, 139, 129, 120, 193, 5, 130, 52, 127, 40, 83, 242, 75, 244, 200, 248, 159, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
 signed_attributes_size = 32
-exponent = 65537
 e_content = [54, 197, 174, 86, 62, 194, 237, 211, 184, 91, 92, 169, 195, 149, 233, 156, 60, 80, 224, 124, 161, 170, 204, 239, 154, 92, 165, 10, 81, 42, 90, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr
index 78bfb6d8b..6508fa057 100644
--- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr
+++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_720/src/main.nr
@@ -1,14 +1,15 @@
 // Verify CSCA signed DSC certificate (720-byte TBS)
 use commitment::hash_salt_country_tbs;
-use sig_check_rsa::verify_signature;
+use sig_check_rsa::{compute_key_ne_hash, verify_signature};
 use utils::types::Alpha3CountryCode;
 
 fn main(
     csc_pubkey: pub [u8; 512],
+    csc_key_ne_hash: pub Field,
+    csc_pubkey_redc_param: [u8; 513],
     salt: Field,
     country: Alpha3CountryCode,
     tbs_certificate: [u8; 720],
-    csc_pubkey_redc_param: [u8; 513],
     dsc_signature: [u8; 512],
     exponent: u32,
     tbs_certificate_len: u32,
@@ -18,6 +19,10 @@ fn main(
         tbs_certificate_len <= 720,
         "tbs_certificate_len must not exceed 720"
     );
+    assert(
+        csc_key_ne_hash == compute_key_ne_hash::<512>(csc_pubkey, exponent),
+        "CSC key hash does not match (n||e)",
+    );
 
     assert(
         verify_signature::<512, 0, 720, 32>(
diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml
index 5037fa836..9db3cdc45 100644
--- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml
+++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/Nargo.toml
@@ -6,6 +6,7 @@ compiler_version = ">=1.0.0"
 [dependencies]
 partial_sha256 = { path = "../../../partial_sha256" }
 fragmented_sig_check_rsa = { path = "../../utils/sig-check/fragmented-rsa" }
+sig_check_rsa = { path = "../../utils/sig-check/rsa" }
 utils = { path = "../../utils/utils" }
 commitment = { path = "../../utils/commitment/common" }
 poseidon = { tag = "v0.1.1", git = "https://github.com/noir-lang/poseidon" }
diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr
index 6f2eca888..d39e8936c 100644
--- a/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr
+++ b/noir-examples/noir-passport/merkle_age_check/t_add_dsc_verify_1300/src/main.nr
@@ -3,6 +3,7 @@ use partial_sha256::{
     SHA256State, sha256_continue, sha256_finalize, verify_sha256_state_and_data_commitment, commit_to_data_chunk,
 };
 use fragmented_sig_check_rsa::verify_rsa_signature;
+use sig_check_rsa::compute_key_ne_hash;
 use utils::types::{Alpha3CountryCode, SHA256Digest};
 
 global CHUNK1_SIZE: u32 = 640;
@@ -12,12 +13,13 @@ global TBS_CERT_SIZE: u32 = 1300;
 fn main(
     comm_in: pub Field,
     csc_pubkey: pub [u8; 512],
+    csc_key_ne_hash: pub Field,
+    csc_pubkey_redc_param: [u8; 513],
     salt: Field,
     country: Alpha3CountryCode,
     state1: SHA256State,
     tbs_certificate: [u8; TBS_CERT_SIZE],
     tbs_certificate_len: u32,
-    csc_pubkey_redc_param: [u8; 513],
     dsc_signature: [u8; 512],
     exponent: u32,
     salt_out: Field,
@@ -27,6 +29,10 @@ fn main(
         tbs_certificate_len <= TBS_CERT_SIZE,
         "tbs_certificate_len must not exceed TBS_CERT_SIZE (1300)"
     );
+    assert(
+        csc_key_ne_hash == compute_key_ne_hash::<512>(csc_pubkey, exponent),
+        "CSC key hash does not match (n||e)",
+    );
 
     let mut chunk1: [u8; CHUNK1_SIZE] = [0; CHUNK1_SIZE];
     for i in 0..CHUNK1_SIZE {
diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr
index 48617a5a6..4df83baae 100644
--- a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr
+++ b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_1300/src/main.nr
@@ -11,14 +11,22 @@ fn main(
     dsc_pubkey: [u8; 256],
     dsc_pubkey_redc_param: [u8; 257],
     dsc_pubkey_offset_in_dsc_cert: u32,
+    exponent: u32,
+    exponent_offset_in_dsc_cert: u32,
     sod_signature: [u8; 256],
     tbs_certificate: [u8; 1300],
     signed_attributes: SignedAttrsData,
     signed_attributes_size: u64,
-    exponent: u32,
     e_content: EContentData,
 ) -> pub Field {
-    verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate,dsc_pubkey_offset_in_dsc_cert);
+    // Verify DSC public key modulus and exponent are present in the authenticated TBS certificate.
+    verify_rsa_pubkey_in_tbs(
+        dsc_pubkey,
+        tbs_certificate,
+        dsc_pubkey_offset_in_dsc_cert,
+        exponent,
+        exponent_offset_in_dsc_cert,
+    );
 
     assert(
         verify_signature::<256, 0, 200, 32>(
diff --git a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr
index 6d44b7371..975336a2c 100644
--- a/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr
+++ b/noir-examples/noir-passport/merkle_age_check/t_add_id_data_720/src/main.nr
@@ -12,14 +12,22 @@ fn main(
     dsc_pubkey: [u8; 256],
     dsc_pubkey_redc_param: [u8; 257],
     dsc_pubkey_offset_in_dsc_cert: u32,
+    exponent: u32,
+    exponent_offset_in_dsc_cert: u32,
     sod_signature: [u8; 256],
     tbs_certificate: [u8; 720],
     signed_attributes: SignedAttrsData,
     signed_attributes_size: u64,
-    exponent: u32,
     e_content: EContentData,
 ) -> pub Field {
-    verify_rsa_pubkey_in_tbs(dsc_pubkey, tbs_certificate,dsc_pubkey_offset_in_dsc_cert);
+    // Verify DSC public key modulus and exponent are present in the authenticated TBS certificate.
+    verify_rsa_pubkey_in_tbs(
+        dsc_pubkey,
+        tbs_certificate,
+        dsc_pubkey_offset_in_dsc_cert,
+        exponent,
+        exponent_offset_in_dsc_cert,
+    );
     assert(
         verify_signature::<256, 0, 200, 32>(
             dsc_pubkey,
diff --git a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml
index a0b4d4c7d..048dc329e 100644
--- a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml
+++ b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/Nargo.toml
@@ -1,8 +1,9 @@
 [package]
-name = "data_check_integrity_lib"
+name = "data_check_tbs_pubkey"
 type = "lib"
 authors = ["Theo Madzou"]
 compiler_version = ">=0.22.0"
 
 [dependencies]
-utils = { path = "../../utils" }
\ No newline at end of file
+utils = { path = "../../utils" }
+common = { path = "../../sig-check/common" }
\ No newline at end of file
diff --git a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
index 90543f752..f72dd8718 100644
--- a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
+++ b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
@@ -1,17 +1,144 @@
+use common::assert_allowed_rsa_exponent;
+
+/// Verifies that `dsc_pubkey` and `exponent` are present at the specified offsets
+/// within the authenticated `tbs_certificate`. Note: No DER parsing is performed.
+/// The prover supplies the offsets directly for both modulus and exponent.
+///
+/// `pubkey_offset`   -- byte index in `tbs_certificate` where the modulus bytes start.
+/// `exponent_offset` -- byte index in `tbs_certificate` where the exponent value bytes
+///                      start (i.e. the first byte of the DER INTEGER value field,
+///                      including any DER sign byte for two's-complement encoding).
+// TODO: Enforce strict DER INTEGER encoding for RSA modulus and exponent.
 pub fn verify_rsa_pubkey_in_tbs<let DSC_KEY_SIZE: u32, let TBS_CERT_SIZE: u32>(
     dsc_pubkey: [u8; DSC_KEY_SIZE],
     tbs_certificate: [u8; TBS_CERT_SIZE],
     pubkey_offset: u32,
+    exponent: u32,
+    exponent_offset: u32,
 ) {
-    // Check that the public key of the DSC is the same as the one in the TBS certificate.
-    // And since the TBS certificate is the data signed by the private key of the CSCA certificate
-    // we can make sure the DSC, which signed the data of the passport, has been signed by the
-    // root certificate of the issuing State (i.e. CSCA certificate) by verifying the signature below
     assert(
         pubkey_offset + DSC_KEY_SIZE <= TBS_CERT_SIZE,
         "pubkey_offset + DSC_KEY_SIZE exceeds TBS certificate size",
     );
+
+    // Verify modulus bytes match what is in the authenticated TBS certificate.
     for i in 0..DSC_KEY_SIZE {
         assert(tbs_certificate[i + pubkey_offset] == dsc_pubkey[i]);
     }
+
+    // Validate exponent is in the allowed set.
+    assert_allowed_rsa_exponent(exponent);
+
+    // Verify exponent bytes match the authenticated TBS certificate at exponent_offset.
+    //
+    // All 8 allowed exponents are either 1 byte (exponent=3) or 3 bytes (all others).
+    //
+    // 3-byte exponents and their expected DER value bytes:
+    //   38129  (0x94B1)   -> [0x00, 0x94, 0xB1]  (sign byte needed, MSB >= 128)
+    //   56611  (0xDD23)   -> [0x00, 0xDD, 0x23]  (sign byte needed, MSB >= 128)
+    //   65537  (0x010001) -> [0x01, 0x00, 0x01]
+    //   107903 (0x01A57F) -> [0x01, 0xA5, 0x7F]
+    //   109729 (0x01AC61) -> [0x01, 0xAC, 0x61]
+    //   122125 (0x01DC0D) -> [0x01, 0xDC, 0x0D]
+    //   130689 (0x01FF01) -> [0x01, 0xFF, 0x01]
+    //
+    // For the 3-byte case, u32 >> 16 naturally gives 0x00 for exponents needing a sign byte,
+    // and the expected 3-byte sequence matches the DER value encoding directly.
+    if exponent < 0x100 {
+        // 1-byte exponent (only exponent=3 in the allowed list).
+        // exponent_offset must point to the single value byte in TBS.
+        assert(
+            tbs_certificate[exponent_offset] == exponent as u8,
+            "Exponent mismatch in TBS",
+        );
+    } else {
+        // 3-byte exponent. exponent_offset points to the first value byte (incl. sign byte).
+        assert(exponent_offset + 3 <= TBS_CERT_SIZE, "Exponent bytes out of bounds");
+        assert(
+            tbs_certificate[exponent_offset] == ((exponent >> 16) & 0xFF) as u8,
+            "Exponent byte 0 mismatch in TBS",
+        );
+        assert(
+            tbs_certificate[exponent_offset + 1] == ((exponent >> 8) & 0xFF) as u8,
+            "Exponent byte 1 mismatch in TBS",
+        );
+        assert(
+            tbs_certificate[exponent_offset + 2] == (exponent & 0xFF) as u8,
+            "Exponent byte 2 mismatch in TBS",
+        );
+    }
+}
+
+#[test]
+fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_65537() {
+    let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33];
+    let mut tbs: [u8; 32] = [0; 32];
+
+    // Modulus at offset 0 (no DER header needed, offset is provided directly)
+    for i in 0..4 {
+        tbs[i] = modulus[i];
+    }
+    // Exponent 65537 = [0x01, 0x00, 0x01] at offset 4
+    tbs[4] = 0x01;
+    tbs[5] = 0x00;
+    tbs[6] = 0x01;
+
+    verify_rsa_pubkey_in_tbs(modulus, tbs, 0, 65537, 4);
+}
+
+#[test]
+fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_3() {
+    let modulus: [u8; 4] = [0x10, 0x11, 0x22, 0x33];
+    let mut tbs: [u8; 32] = [0; 32];
+
+    for i in 0..4 {
+        tbs[i] = modulus[i];
+    }
+    // Exponent 3 = [0x03] at offset 4 (1 byte)
+    tbs[4] = 0x03;
+
+    verify_rsa_pubkey_in_tbs(modulus, tbs, 0, 3, 4);
+}
+
+#[test]
+fn test_verify_rsa_pubkey_in_tbs_with_allowed_exponent_56611() {
+    let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33];
+    let mut tbs: [u8; 32] = [0; 32];
+
+    for i in 0..4 {
+        tbs[i] = modulus[i];
+    }
+    // 56611 = 0xDD23, MSB >= 128, DER sign byte needed -> [0x00, 0xDD, 0x23]
+    tbs[4] = 0x00;
+    tbs[5] = 0xDD;
+    tbs[6] = 0x23;
+
+    verify_rsa_pubkey_in_tbs(modulus, tbs, 0, 56611, 4);
+}
+
+#[test(should_fail_with = "Unsupported RSA exponent")]
+fn test_verify_rsa_pubkey_in_tbs_rejects_exponent_1() {
+    let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33];
+    let mut tbs: [u8; 32] = [0; 32];
+
+    for i in 0..4 {
+        tbs[i] = modulus[i];
+    }
+    tbs[4] = 0x01;
+
+    verify_rsa_pubkey_in_tbs(modulus, tbs, 0, 1, 4);
+}
+
+#[test(should_fail_with = "Exponent mismatch in TBS")]
+fn test_verify_rsa_pubkey_in_tbs_rejects_wrong_exponent_bytes() {
+    let modulus: [u8; 4] = [0x90, 0x11, 0x22, 0x33];
+    let mut tbs: [u8; 32] = [0; 32];
+
+    for i in 0..4 {
+        tbs[i] = modulus[i];
+    }
+    // TBS has exponent byte = 0x07, but we claim exponent = 3
+    tbs[4] = 0x07;
+
+    verify_rsa_pubkey_in_tbs(modulus, tbs, 0, 3, 4);
 }
diff --git a/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr
index 84f53cfd9..cf5d25610 100644
--- a/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr
+++ b/noir-examples/noir-passport/utils/sig-check/common/src/lib.nr
@@ -3,6 +3,20 @@ use sha256::{sha224_var, sha256_var};
 use sha512::{sha384, sha512};
 use utils::check_zero_padding;
 
+pub fn assert_allowed_rsa_exponent(exponent: u32) {
+    assert(
+        (exponent == 3)
+            | (exponent == 56611)
+            | (exponent == 38129)
+            | (exponent == 109729)
+            | (exponent == 130689)
+            | (exponent == 122125)
+            | (exponent == 107903)
+            | (exponent == 65537),
+        "Unsupported RSA exponent",
+    );
+}
+
 pub fn sha1_and_check_data_to_sign<let DATA_TO_SIGN_MAX_LEN: u32>(
     data_to_sign: [u8; DATA_TO_SIGN_MAX_LEN],
     data_to_sign_len: u32,
diff --git a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml
index 3f79f5522..ad9b14667 100644
--- a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml
+++ b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/Nargo.toml
@@ -7,3 +7,4 @@ compiler_version = ">=1.0.0"
 rsa = { git = "https://github.com/zkpassport/noir_rsa", tag = "v0.9.2" }
 bignum = { git = "https://github.com/noir-lang/noir-bignum", tag = "v0.8.0" }
 utils = { path = "../../utils" }
+common = { path = "../common" }
diff --git a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr
index 11a290bfc..817b5eb8d 100644
--- a/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr
+++ b/noir-examples/noir-passport/utils/sig-check/fragmented-rsa/src/lib.nr
@@ -1,4 +1,5 @@
 use bignum::{params::BigNumParams, RuntimeBigNum};
+use common::assert_allowed_rsa_exponent;
 use rsa::rsa::verify_sha256_pkcs1v15;
 
 // Part 2 RSA verification - takes pre-computed hash (used in fragmented circuits)
@@ -6,9 +7,10 @@ use rsa::rsa::verify_sha256_pkcs1v15;
 pub fn verify_rsa_signature<let SIG_BYTES: u32>(
     pubkey_bytes: [u8; SIG_BYTES],
     sig_bytes: [u8; (((SIG_BYTES * 8) + 7) / 8)],
+    // NOTE: reverted to witness-supplied Barrett/redc parameter for compatibility with existing proving inputs.
     redc_param_bytes: [u8; SIG_BYTES + 1],
     exponent: u32,
-    msg_hash: [u8; 32]  // Pre-computed SHA256 hash
+    msg_hash: [u8; 32], // Pre-computed SHA256 hash
 ) -> bool {
     assert(
         (SIG_BYTES == 768)
@@ -18,6 +20,8 @@ pub fn verify_rsa_signature<let SIG_BYTES: u32>(
             | (SIG_BYTES == 128),
         "Only modulus of bit size 1024, 2048, 3072, 4096 and 6144 are supported",
     );
+    // TODO: Add support for more exponent values if needed for other countries. 
+    assert_allowed_rsa_exponent(exponent);
 
     let pubkey =
         utils::pack_be_bytes_into_u128s::<SIG_BYTES, (SIG_BYTES + 14) / 15, 15>(pubkey_bytes);
diff --git a/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml b/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml
index 48f80911a..fe6fedb3f 100644
--- a/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml
+++ b/noir-examples/noir-passport/utils/sig-check/rsa/Nargo.toml
@@ -9,3 +9,4 @@ rsa = { git = "https://github.com/zkpassport/noir_rsa", tag = "v0.9.2" }
 bignum = { git = "https://github.com/noir-lang/noir-bignum", tag = "v0.8.0"}
 utils = { path = "../../utils" }
 common = { path = "../common" }
+poseidon = { tag = "v0.1.1", git = "https://github.com/noir-lang/poseidon" }
diff --git a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
index 86a8c03d5..17470b1d2 100644
--- a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
+++ b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
@@ -1,13 +1,41 @@
 use bignum::{params::BigNumParams, RuntimeBigNum};
 use common::{
-    sha1_and_check_data_to_sign, sha256_and_check_data_to_sign, sha384_and_check_data_to_sign,
-    sha512_and_check_data_to_sign,
+    assert_allowed_rsa_exponent, sha1_and_check_data_to_sign, sha256_and_check_data_to_sign,
+    sha384_and_check_data_to_sign, sha512_and_check_data_to_sign,
 };
+use poseidon::poseidon2::Poseidon2;
 use rsa::rsa::{
     verify_sha1_pkcs1v15, verify_sha1_pss, verify_sha256_pkcs1v15, verify_sha256_pss,
     verify_sha384_pkcs1v15, verify_sha384_pss, verify_sha512_pkcs1v15, verify_sha512_pss,
 };
 
+global RSA_KEY_NE_HASH_DOMAIN: Field = 0x5253415f4e455f48; // "RSA_NE_H"
+
+fn exponent_to_be_bytes(exponent: u32) -> [u8; 4] {
+    [
+        (exponent / 16777216) as u8,
+        ((exponent / 65536) % 256) as u8,
+        ((exponent / 256) % 256) as u8,
+        (exponent % 256) as u8,
+    ]
+}
+
+pub fn compute_key_ne_hash<let SIG_BYTES: u32>(pubkey_bytes: [u8; SIG_BYTES], exponent: u32) -> Field {
+    assert_allowed_rsa_exponent(exponent);
+    let exponent_bytes = exponent_to_be_bytes(exponent);
+    let packed_pubkey: [Field; (SIG_BYTES + 30) / 31] =
+        utils::pack_be_bytes_into_fields::<SIG_BYTES, _, 31>(pubkey_bytes);
+    let packed_exponent: [Field; 1] = utils::pack_be_bytes_into_fields::<4, 1, 31>(exponent_bytes);
+
+    let mut hash_input: [Field; 2 + (SIG_BYTES + 30) / 31] = [0; 2 + (SIG_BYTES + 30) / 31];
+    hash_input[0] = RSA_KEY_NE_HASH_DOMAIN;
+    for i in 0..((SIG_BYTES + 30) / 31) {
+        hash_input[1 + i] = packed_pubkey[i];
+    }
+    hash_input[1 + ((SIG_BYTES + 30) / 31)] = packed_exponent[0];
+    Poseidon2::hash(hash_input, 2 + ((SIG_BYTES + 30) / 31))
+}
+
 pub fn verify_signature<let SIG_BYTES: u32, let IS_PSS: u32, let DATA_TO_SIGN_MAX_LEN: u32, let HASH_BYTE_SIZE: u32>(
     pubkey_bytes: [u8; SIG_BYTES],
     // This is equivalent to sig_bytes: [u8; SIG_BYTES] but because of
@@ -27,6 +55,8 @@ pub fn verify_signature<let SIG_BYTES: u32, let IS_PSS: u32, let DATA_TO_SIGN_MA
             | (SIG_BYTES == 128),
         "Only modulus of bit size 1024, 2048, 3072, 4096 and 6144 are supported",
     );
+    // TODO: Add support for more exponent values if needed for other countries. 
+    assert_allowed_rsa_exponent(exponent);
 
     let pubkey =
         utils::pack_be_bytes_into_u128s::<SIG_BYTES, (SIG_BYTES + 14) / 15, 15>(pubkey_bytes);
@@ -70,3 +100,19 @@ pub fn verify_signature<let SIG_BYTES: u32, let IS_PSS: u32, let DATA_TO_SIGN_MA
     }
 }
 
+#[test]
+fn test_allowed_rsa_exponents() {
+    assert_allowed_rsa_exponent(3);
+    assert_allowed_rsa_exponent(38129);
+    assert_allowed_rsa_exponent(56611);
+    assert_allowed_rsa_exponent(65537);
+    assert_allowed_rsa_exponent(107903);
+    assert_allowed_rsa_exponent(109729);
+    assert_allowed_rsa_exponent(122125);
+    assert_allowed_rsa_exponent(130689);
+}
+
+#[test(should_fail_with = "Unsupported RSA exponent")]
+fn test_rejects_exponent_one() {
+    assert_allowed_rsa_exponent(1);
+}

From 2886957a335d51cec0b7a85b1e17f0bfe9dd6f49 Mon Sep 17 00:00:00 2001
From: x-senpai-x <sharmautsav0531@gmail.com>
Date: Sun, 22 Mar 2026 13:52:16 +0530
Subject: [PATCH 2/2] addressed copilot comments

---
 .../utils/data-check/tbs-pubkey/src/lib.nr    |  1 +
 .../utils/sig-check/rsa/src/lib.nr            | 29 ++++++++++++++++---
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
index f72dd8718..7ff0fb905 100644
--- a/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
+++ b/noir-examples/noir-passport/utils/data-check/tbs-pubkey/src/lib.nr
@@ -47,6 +47,7 @@ pub fn verify_rsa_pubkey_in_tbs<let DSC_KEY_SIZE: u32, let TBS_CERT_SIZE: u32>(
     if exponent < 0x100 {
         // 1-byte exponent (only exponent=3 in the allowed list).
         // exponent_offset must point to the single value byte in TBS.
+        assert(exponent_offset < TBS_CERT_SIZE, "Exponent offset out of bounds");
         assert(
             tbs_certificate[exponent_offset] == exponent as u8,
             "Exponent mismatch in TBS",
diff --git a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
index 17470b1d2..7edf3451f 100644
--- a/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
+++ b/noir-examples/noir-passport/utils/sig-check/rsa/src/lib.nr
@@ -13,10 +13,10 @@ global RSA_KEY_NE_HASH_DOMAIN: Field = 0x5253415f4e455f48; // "RSA_NE_H"
 
 fn exponent_to_be_bytes(exponent: u32) -> [u8; 4] {
     [
-        (exponent / 16777216) as u8,
-        ((exponent / 65536) % 256) as u8,
-        ((exponent / 256) % 256) as u8,
-        (exponent % 256) as u8,
+        ((exponent >> 24) & 0xFF) as u8,
+        ((exponent >> 16) & 0xFF) as u8,
+        ((exponent >> 8) & 0xFF) as u8,
+        (exponent & 0xFF) as u8,
     ]
 }
 
@@ -116,3 +116,24 @@ fn test_allowed_rsa_exponents() {
 fn test_rejects_exponent_one() {
     assert_allowed_rsa_exponent(1);
 }
+
+#[test]
+fn test_compute_key_ne_hash_differs_by_exponent() {
+    // Same pubkey, different exponent must produce different hash.
+    // Catches regressions where the exponent is dropped from the hash input.
+    let pubkey: [u8; 4] = [0x01, 0x02, 0x03, 0x04];
+    let hash_65537 = compute_key_ne_hash::<4>(pubkey, 65537);
+    let hash_3 = compute_key_ne_hash::<4>(pubkey, 3);
+    assert(hash_65537 != hash_3);
+}
+
+#[test]
+fn test_compute_key_ne_hash_differs_by_pubkey() {
+    // Same exponent, different pubkey must produce different hash.
+    // Catches regressions where the pubkey is dropped from the hash input.
+    let pubkey_a: [u8; 4] = [0x01, 0x02, 0x03, 0x04];
+    let pubkey_b: [u8; 4] = [0x05, 0x06, 0x07, 0x08];
+    let hash_a = compute_key_ne_hash::<4>(pubkey_a, 65537);
+    let hash_b = compute_key_ne_hash::<4>(pubkey_b, 65537);
+    assert(hash_a != hash_b);
+}