mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Ethereum Improvement Proposals
  2. EIP-7212

Elliptic Curve Signature Verification Steps

This section describes how signature verification works for the "secp256r1" elliptic curve. In the context of digital signatures, verification is the process of determining whether a signature is valid for a given message and public key. The steps provided here outline how the verification process works mathematically using elliptic curve cryptography.

h (message hash)

  • Message Hash: Before the verification process begins, the original message is hashed, usually using a cryptographic hash function like SHA-256. The hash output, often denoted h, ensures a fixed size, and it abstracts the content of the message.

pubKey = (public key of the signer private key)

  • Public Key: This is a point on the elliptic curve that corresponds to the signer's private key. In asymmetric cryptography, the private key is kept secret by the signer and the corresponding public key is shared with others.

Calculate the modular inverse of the signature proof:

  • s1 = s^(−1)(modn)

    • Here, s is one of the two components of the digital signature (the other being r). The operation s^(−1)(modn) computes the modular inverse of s. This means that (s * s^(−1)) % n = 1, where n is the order of the elliptic curve group.

Recover the random point used during the signing:

  • R' = (h * s1) * G + (r * s1) * pubKey

    • This step reconstructs the random point R' that was used during the signing process. The equation involves multiple operations:

      • Scalar multiplication: h * s1 and r * s1.

      • Elliptic curve point multiplication: (h * s1) * G and (r * s1) * pubKey.

      • Elliptic curve point addition: The sum of the two previously computed points.

    • G is the generator point of the elliptic curve, a predefined point used in all operations for a given curve.

Take from R' its x-coordinate:

  • r' = R'.x

    • From the reconstructed random point R', extract its x-coordinate, denoted r'.

Calculate the signature validation result by comparing whether:

  • r' == r

    • Finally, the verification process checks if the extracted x-coordinate r' is equal to r (the other component of the digital signature). If they match, the signature is considered valid for the given message and public key. If they don't, the signature is invalid.

In essence, these steps ensure that the signature was generated with the private key corresponding to the provided public key and for the specified message. This verification process ensures the authenticity and integrity of the message.

PreviousMotivationNextVerification and Sepecification

Last updated 1 year ago

📑
📄
📄