5

Is it possible to use a non-deterministic/probabilistic (choosing k randomly and not HMAC-derived from msgHash + privKey like RFC 6979 states) ECDSA signature scheme for Ethereum Signatures? If yes, are there libraries implementing such scheme? It was hard for me to find any information about this topic. It feels like all libraries are using deterministic ECDSA.

Thanks!

  • Yes, AWS sample shows it, but it does not include source code for ECDSA: https://aws.amazon.com/blogs/database/part2-use-aws-kms-to-securely-manage-ethereum-accounts/ – Jemshit Apr 20 '22 at 11:09
  • Maybe https://github.com/indutny/elliptic or https://github.com/paulmillr/noble-secp256k1 – Jemshit Apr 20 '22 at 11:43

1 Answers1

0

Yes, it's possible :)

Here's an example using python-ecdsa:

from ecdsa import SigningKey, SECP256k1

def encode_func(r, s, _):
    return f"0x{r:032x}", f"0x{s:032x}"


import the private key


sk = SigningKey.from_string(bytes.fromhex(f"{0x1337:064x}"), curve=SECP256k1)
h = bytes.fromhex("72a2f9e2793e59981dda4cf1d2cf376338f6b8276fdd87265bb67d6fe9c28279")
sk.sign_digest(h, sigencode=encode_func)


('0x63243daa85a924272df05336d1f8c48881aadc8812bbf778b9da6eaebab2eddf', '0x80bd3d3c4bb4919519215e95416727e0c978ddaa2fc6bbb13784147fd0511aff')

Then, set a proper v value to pass the ecrecover verification:

address addr = 0x71556C38F44e17EC21F355Bd18416155000BF5a6;
bytes32 h = 0x72a2f9e2793e59981dda4cf1d2cf376338f6b8276fdd87265bb67d6fe9c28279;
uint8 v = 27;
bytes32 r = 0x63243daa85a924272df05336d1f8c48881aadc8812bbf778b9da6eaebab2eddf;
bytes32 s = 0x80bd3d3c4bb4919519215e95416727e0c978ddaa2fc6bbb13784147fd0511aff;
require(addr == ecrecover(h, v, r, s));
Yanhu1
  • 21
  • 2