Recover Message Hash – Can a Message Hash Be Recovered from a Signature Using Web3js?

ecrecoversignatureweb3js

A message can be signed and its signing public key recovered given the signature and message hash…

signature = web3.personal.sign(<account>,<message hash>)

pubKey = web3.personal.ecRecover(<message hash>, <signature>)

Is there a way of recovering the message hash given a signature and public key?

Best Answer

No, you cannot recover the message hash from an ECDSA signature. The siagnture is calculated by generating (x, y) = kG where k is the secret nonce and G is the generator for the curve. Then r = x and s = k^(-1)(z + rd) where z is the message and d is the private key. We can retrieve the public key dG by seeing that r^(-1) (kGs - zG) = dG. But trying to do the same for z will only ever result in zG, since we do not know k, only kG. Finding z given zG is exactly the DLP on the elliptic curve and is not feasible to compute.

Edit 2: It should be noted that while computing the message hash is infeasible, it is possible to check guesses, if the message was not salted before hashing (which it usually isn't). So if the message comes from a small set of possibilities then it can be recovered.

Edit: links for further reading

https://en.m.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work

Related Solutions

Public Key – How to Recover for Signature Verification

The public key is recovered from the signature. The address can then be derived from the recovered public key.

See this post for why that is possible.

Web3.py – Recovering JavaScript Signed Messages in Python

This is what ended up working:

async function create_signature(message, accounts) {
    var hex = ''
    for(var i=0;i<message.length;i++) {
        hex += ''+message.charCodeAt(i).toString(16)
    }
    var hexMessage = "0x" + hex
    var signature = web3.eth.personal.sign(hexMessage, accounts[0])
    return signature
}

And on the Python side, we recovered the address like this:

def recover_address(message, signature):
    message_hash = defunct_hash_message(text=message)
    address = w3.eth.account.recoverHash(message_hash, signature=signature)
    return address

If anyone knows a better way to calculate the hexMessage in the JavaScript code, please respond with a comment!

Best Answer

Related Solutions

Public Key – How to Recover for Signature Verification

Web3.py – Recovering JavaScript Signed Messages in Python

Related Topic