Digital signatures in Ethereum rely on the mathematics of elliptic curves, known as the Elliptic Curve Digital Signature Algorithm (ECDSA). It is similar to the signature in Bitcoin but different as well. In ECDSA, a finite field is created by picking a curve equation, a public point A on the curve, and a prime number as the maximum. The curve equation used in ECDSA is of this nature: y² = x³ + ax + b
Elliptical Curve Field
When any two points, A and B, are selected on the curve and a line drawn through them, that line will intersect the curve again at one more point only. Now, you can create a dot product by following a simple process on the curve.
For instance, you can shoot a ball straight from point A to point B until it hits the third point on the curve. It then bounces towards the X-axis. Therefore, if the third point is above the X-axis, it bounces downwards; if it’s below it, it bounces upwards.
You can do this a number of N times, but this time bouncing the initial point A upon itself until you arrive at a final point. But computing the value of N when you only know the initial point A and final point is difficult.
However, it is easier to bounce the point until you arrive at that final point and get the number of bounces N.
In an elliptic curve system, the N is the private key, while the public key is the initial point A, which is bounced upon itself N times. The difficulty of computing N (private key) is what makes ECDSA a better encryption technology.
In Ethereum, each account has a public key and a private key. The Ethereum address is the hashed public key. Accounts can use their private key to sign the data and output the signature of the data.
Anyone can verify the generated signature to extract the public key, which gives them the address of the signer. And anyone can verify the generated signature to verify the integrity of the signed message.
How to Sign Ethereum Messages
Ethereum network allows users to sign messages off the network and verify them. The ECDSA-signed messages have the same security they would get on the blockchain. The eth_sign method is used to sign Ethereum messages, using an Ethereum client such as web3.js is used as follows:
// Create a SHA3 hash of the message ‘Shares’
const messageHash = web3.sha3(‘Shares’);
// Signs the messageHash with a given account
const signature = await web3.eth.personal.sign(messageHash, web3.eth.defaultAccount);
The Ethereum client uses the eth_sign method to calculate a signature that is specific to Ethereum, using the expression:
eth_sign(keccak256(“\x19Ethereum Signed Message:\n” + len(message) + message))).
The prefix identifies the message as an Ethereum message, and the messages can be signed fully from the client side.
Mitigating Attacks on Ethereum
In order to prevent double spending, the Ethereum signed messages include tracking of the nonces that the transacting parties have seen. This following code is used to include the nonces:
mapping(address => mapping(uint256 => bool)) seenNonces;
function submitOrder(uint256 nonce, bytes sig) public {
address signer = // recover signer address from sig
require(!seenNonces[signer][nonce]);
seenNonces[signer][nonce] = true;
…
}
Ethereum Message Arguments
The Ethereum messages can be encoded with details specific to each transaction. This makes it easy to understand what the transaction was about. This is done using the “ethereumjs.ABI.soliditySHA3” to calculate the “sha3”.
Ethereum Signature Verification
Each ECDSA signature in Ethereum has three parameters that can be used to verify it. The three parameters are r, s, and v.
Solidity’s ecrecover method uses the three parameters to output an address from an Ethereum message. If the recovered address matches the signer’s address, the signature is verified. If it is different, then it is invalid.
The final step is validating the message hash by providing the smart contract with the signed parameters. The signer submits the parameters along with the message’s signature.
The smart contract recreates the message hash from those parameters and compares it to the message hash. If it checks out, the integrity of the signer and message is fully verified. The order can then be processed.
Check out our useful articles:
- How to Merge PDF Online
- How to Split PDF Online
- How to Convert PDF to Image Online
- How to Convert PDF to Text Online
- How to Convert PDF to JSON Online
- How to Convert Image to Text Online
- How to Convert Image to PDF Online
- How to Protect PDF Online
- How to Sign and Fill PDF Online
- How to Become a Minimalist Remote Worker
- How to Protect Your Business from Cyber Attacks in 2022
- How to Extract Pages from PDF
- How to Separate Pages from PDF
- TOP-10 Virtual Classroom Tools in 2022
- Ways to Secure Your PDF File
- Cyber Security 101 for Businesses in 2022
- Improve Your Daily Work Productivity
- How to Lead Your Team in Times of Crisis
- Optimize Your Website for SEO
- TOP-11 Businesses that Switched to Remote Work in 2022
- What is PDF and PDF/A
- Beginner’s Guide to Office to PDF
- How to Convert JPEG Format to PDF using PDFlite.co
- PDFlite.co Can be Used as Desktop Apps
- Must-Have PDF Tools for Professionals
- OCR Explained, Why You Need it
- TOP-10 PDF Tools for Remote Workers
- How to Add Page Numbers to PDF using PDFlite.co
- How to Split PDF to Single Pages using PDFlite.co
- TOP-10 PDF Tools for Students
- How to Go Paperless in 2022
- Why Sign with Digital Signature
- TOP-10 Time-Saving Tips for a Productive Day
- How a Digital Signature Works to Secure Documents Online
- How to Hire Generation Z
- How to Onboard Someone Remotely in 5 Steps
- 1040 Schedule C - How the IRS Works for Small Businesses
- How to Digitize School Paperwork in 2022
- How to File a Sales Tax Return in California
- How to Get a Divorce in California
- How to Start Your Own Nonprofit
- Top-Ten Charitable Organizations in 2022
- US Tax Forms in 2022 vs 2021 - What Changed?
- Get Public Assistance for the U.S. Individuals under Major Disaster Declarations
- What PDF Tools Digitally Transform Financial Sector
- Use Simplified PDF Viewer with Coordinates
- How to Convert Any Image to Base64
- How to Convert Scanned Document to PDF and Sign It
- How to Draw a Signature and Save It
- Digital Signatures in Japan
- How Digital Signatures in Ethereum Work