mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Ethereum Improvement Proposals
  2. EIP-191

ECDSA

PreviousEIP-191NextABI Encode and Keccak256

Last updated 1 year ago

Watch until 08:50

In the context of ECDSA (Elliptic Curve Digital Signature Algorithm), which is used for generating signatures in Ethereum, a signature is often represented by two large numbers, r and s. Along with these, the v parameter is specific to Ethereum and represents the recovery id. Let's delve deeper into what these are:

  1. r and s:

    • These are outputs of the ECDSA signature. When you sign a piece of data, the signature algorithm produces two numbers as output. These numbers prove that the signer possessed a private key without revealing it.

    • Mathematically, r and s are values computed during the ECDSA signing process that, when combined with the public key, can prove the authenticity of a message. They are both 32 bytes long.

  2. v (Recovery ID):

    • In ECDSA, the same message and private key will always result in a unique r and s, but there's a quirk: for a given message and private key, there are two possible public keys that can be used to verify the signature (due to the mathematics of elliptic curves).

    • In Ethereum, to get around the ambiguity of which public key to use, the v value was introduced. It's a way to encode which of the two possible public keys is the correct one. This allows anyone with the signature and message to recover the correct public key (the Ethereum address) of the signer. In Ethereum, v can be 27 or 28 in most common cases, but with the introduction of EIP-155, it can be other values to prevent certain replay attacks.

To validate a signature, one would use the r, s, and v values along with the original message to prove that it was signed by the holder of a specific private key, without ever needing to know or see the private key itself. This verification process is fundamental to many cryptographic systems, ensuring the integrity and authenticity of messages.

Signing message example

  1. Setup:

    • Assume you have a private key: 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef.

    • The associated Ethereum address (derived from the public key) might be: 0x9876543210abcdef1234567890abcdef9876543210.

  2. Message:

    • You want to send a message: "Hello, Ethereum!" and prove that this message came from the Ethereum address above.

  3. Signing:

    • You sign "Hello, Ethereum!" with the private key.

    • The ECDSA signing algorithm, as applied in Ethereum's context, returns three values: r, s, and v.

    • Let's assume the resulting values are (these are made up for this example):

      • r: 0xabcdef1234567890abcdef1234567890abcdef12345678

      • s: 0x1234567890abcdef1234567890abcdef1234567890abcd

      • v: 28

  4. Verification:

    • Now, anyone who receives your message "Hello, Ethereum!" and your signature (r, s, and v values) can:

      1. Use the v, r, and s values to "recover" an Ethereum address.

      2. Check if the recovered Ethereum address matches 0x9876543210abcdef1234567890abcdef9876543210.

      3. If it matches, they can be confident that the message "Hello, Ethereum!" was indeed signed by the owner of the private key associated with that Ethereum address.

    • If someone tampered with the message or if it was signed by someone with a different private key, the recovered Ethereum address would not match.

This ability to verify the signer of a message without exposing the private key, just by using r, s, and v, is fundamental to the functioning of Ethereum transactions. When you send an Ethereum transaction, you're essentially signing a message (that represents the transaction details) and the Ethereum network verifies it in a similar way as described above.

📑
📄
📄
LogoElliptic Curve Cryptography ExplainedFang-Pen's coding note