How Digital Signatures in Ethereum Work

Digital signatures in Ethereum rely on the mathematics of elliptic curves, known as the Elliptic Curve Digital Signature Algorithm (ECDSA). It is similar to the signature in Bitcoin but different as well. In ECDSA, a finite field is created by picking a curve equation, a public point A on the curve, and a prime number as the maximum. The curve equation used in ECDSA is of this nature: y² = x³ + ax + b

Elliptical Curve Field

When any two points, A and B, are selected on the curve and a line drawn through them, that line will intersect the curve again at one more point only. Now, you can create a dot product by following a simple process on the curve.

For instance, you can shoot a ball straight from point A to point B until it hits the third point on the curve. It then bounces towards the X-axis. Therefore, if the third point is above the X-axis, it bounces downwards; if it’s below it, it bounces upwards.

You can do this a number of N times, but this time bouncing the initial point A upon itself until you arrive at a final point. But computing the value of N when you only know the initial point A and final point is difficult.

However, it is easier to bounce the point until you arrive at that final point and get the number of bounces N.

In an elliptic curve system, the N is the private key, while the public key is the initial point A, which is bounced upon itself N times. The difficulty of computing N (private key) is what makes ECDSA a better encryption technology.

In Ethereum, each account has a public key and a private key. The Ethereum address is the hashed public key. Accounts can use their private key to sign the data and output the signature of the data.

Anyone can verify the generated signature to extract the public key, which gives them the address of the signer. And anyone can verify the generated signature to verify the integrity of the signed message.

How to Sign Ethereum Messages

Ethereum network allows users to sign messages off the network and verify them. The ECDSA-signed messages have the same security they would get on the blockchain. The eth_sign method is used to sign Ethereum messages, using an Ethereum client such as web3.js is used as follows:

// Create a SHA3 hash of the message ‘Shares’

const messageHash = web3.sha3(‘Shares’);

// Signs the messageHash with a given account

const signature = await web3.eth.personal.sign(messageHash, web3.eth.defaultAccount);

The Ethereum client uses the eth_sign method to calculate a signature that is specific to Ethereum, using the expression:

eth_sign(keccak256(“\x19Ethereum Signed Message:\n” + len(message) + message))).

The prefix identifies the message as an Ethereum message, and the messages can be signed fully from the client side.

Mitigating Attacks on Ethereum

In order to prevent double spending, the Ethereum signed messages include tracking of the nonces that the transacting parties have seen. This following code is used to include the nonces:

mapping(address => mapping(uint256 => bool)) seenNonces;

function submitOrder(uint256 nonce, bytes sig) public {

  address signer = // recover signer address from sig

  require(!seenNonces[signer][nonce]);

  seenNonces[signer][nonce] = true;

  …

}

Ethereum Message Arguments

The Ethereum messages can be encoded with details specific to each transaction. This makes it easy to understand what the transaction was about. This is done using the “ethereumjs.ABI.soliditySHA3” to calculate the “sha3”.

Ethereum Signature Verification

Each ECDSA signature in Ethereum has three parameters that can be used to verify it. The three parameters are r, s, and v.

Solidity’s ecrecover method uses the three parameters to output an address from an Ethereum message. If the recovered address matches the signer’s address, the signature is verified. If it is different, then it is invalid.

The final step is validating the message hash by providing the smart contract with the signed parameters. The signer submits the parameters along with the message’s signature.

The smart contract recreates the message hash from those parameters and compares it to the message hash. If it checks out, the integrity of the signer and message is fully verified. The order can then be processed.

Check out our useful articles: