[Ethereum] How to recover public from tx signature(r,s) and verify signature

hashprivate-keypublic-keySecuritysignature

My first question is how to verify signature using only r,s and elliptic curve paramete, and an address (which is hashed of public key, so cannot retrieve public key from the address)?

Next question is that, why ethereum (also bitcoin I think) uses hashed public key as an address instead of directly use public key as an address?

Best Answer

Maybe this answer can help you - https://ethereum.stackexchange.com/a/33346/16729

Ethereum security model relies on elliptic curve cryptography (ECC) to sign and validate transactions. In ECC public and private key are used to sign and verify. It has no concept of addresses. When signing and verifying transactions you do not need addresses. The original bitcoin paper do not mention addresses at all. They appear later in an effort to make them easier to remember (compressed public key are 32 bytes vs address 20 bytes). Now you can completely hide public key from the user interaction and only have private key and addresses. But internaly ethereum keeps using them to validate transactions.

Related Solutions

[Ethereum] EthereumJS: How to get public key from private key

ethereumjs-wallet can be used to get public key from private key:

> const hdkey = require('ethereumjs-wallet/hdkey')
> const privateKey = hdkey.fromMasterSeed('random')._hdkey._privateKey
> const Wallet = require('ethereumjs-wallet')
> const wallet = Wallet.fromPrivateKey(privateKey)
> wallet.getPublicKeyString()
'0x11f2b30c9479ccaa639962e943ca7cfd3498705258ddb49dfe25bba00a555e48cb35a79f3d084ce26dbac0e6bb887463774817cb80e89b20c0990bc47f9075d5'
> wallet.getPublicKey()
<Buffer 11 f2 b3 0c 94 79 cc aa 63 99 62 e9 43 ca 7c fd 34 98 70 52 58 dd b4 9d fe 25 bb a0 0a 55 5e 48 cb 35 a7 9f 3d 08 4c e2 6d ba c0 e6 bb 88 74 63 77 48 ... >

Another option is to use ethereumjs-util (which is used by ethereumjs-wallet internally):

> const util = require('ethereumjs-util')
> util.privateToPublic(privateKey)
<Buffer 11 f2 b3 0c 94 79 cc aa 63 99 62 e9 43 ca 7c fd 34 98 70 52 58 dd b4 9d fe 25 bb a0 0a 55 5e 48 cb 35 a7 9f 3d 08 4c e2 6d ba c0 e6 bb 88 74 63 77 48 ... >

Yet another option is secp256k1:

> const secp256k1 = require('secp256k1')
> secp256k1.publicKeyCreate(privateKey, false).slice(1)
<Buffer 11 f2 b3 0c 94 79 cc aa 63 99 62 e9 43 ca 7c fd 34 98 70 52 58 dd b4 9d fe 25 bb a0 0a 55 5e 48 cb 35 a7 9f 3d 08 4c e2 6d ba c0 e6 bb 88 74 63 77 48 ... >

slice(1) is to drop type byte which is hardcoded as 04 ethereum.

[Ethereum] How public key is recovered for signature verification

The public key is recovered from the signature. The address can then be derived from the recovered public key.

See this post for why that is possible.

Best Answer

Related Solutions

[Ethereum] EthereumJS: How to get public key from private key

[Ethereum] How public key is recovered for signature verification

Related Topic