1

I'm trying to figure out how you find the public key used to sign a transaction from v, r, and s. Before someone says so, this isn't a duplicate of Get public key of any ethereum account. That question asks how you do it just from the address, not from a transactions. The responses to that question just say that it can be done with some libraries, but don't explain how the math actually works.

I'm trying to follow the steps in the Wikipedia article on ECDSA (https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). I'm good up to step 6 of the signature verification algorithm. We can get u1 and u2 from r, s, and the transaction itself. The generator point is part of the secp256k1 specification, but I don't see where the public key (Q_A in the Wikipedia article) comes from. We haven't used v yet (not clear to me what it is), but it's only one byte and we lost more than one byte when we went from public key to Ethereum address (Keccak-256 hash, then drop 12 bytes), so I don't see how that can get us back to the public key.

To be clear, I'm trying to figure out how the math actually works. I know there are some black box methods in Python, JavaScript, etc, but I can't figure out how they work. Thanks.

John Stanford
  • 223
  • 1
  • 7
  • Do you have the transaction hash? – Dorian Lee Feb 04 '18 at 03:22
  • I'm not talking about a specific transaction, but in general, yes. – John Stanford Feb 04 '18 at 04:13
  • and you dont mean the address(public key hash)? – Dorian Lee Feb 04 '18 at 04:30
  • No, I can find the address in the block explorer or Geth console. I have that. I want to do the ECDSA math myself and I need the public key for that. – John Stanford Feb 04 '18 at 05:09
  • Once the public key has been hashed into the address, its close to impossible to find. Also, the transaction is not signed with the public key, its signed with the private key. – Dorian Lee Feb 04 '18 at 05:21
  • 1
    @JohnStanford The mathematical details are explained in https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work – Ismael Feb 04 '18 at 05:38
  • I don’t want to sign. I want to verify the signature. Ismael, that’s exactly what I was looking for. Thanks! Post it as an answer instead of just a comment and I’ll mark it as the answer. – John Stanford Feb 04 '18 at 06:05

1 Answers1

1

The originator’s public key can be computed directly from the ECDSA signature. Once you have the public key, you can compute the address easily. The process of recovering the signer’s public key is called public key recovery.

Sachin Sawant
  • 11
  • 1