What makes an Ethereum keypair valid

cryptographypublic-keysecp256k1

As I understand Ethereum (and Bitcoin) use the ECDSA algorithm which relies on the secp256k1 curve. The secp256k1 curve is what generates the public keys given a private key.

However, recently, I encountered a library implementing bip32, but instead of using secp256k1, it uses ed25519 (another curve I believe) to generate the public keys. Upon first glance, these public keys look the same as any generated by secp256k1. They can both be serialized to 32 byte values.

However, I'm worried this will have unintended consequences. It doesn't seem right that using a different curve to generate one of the most fundamental properties in Ethereum will yield the same results. But as the keys look the same, how can clients tell the difference anyways? Is there any danger in this?

Best Answer

It won't work.

Nodes expect a specific signature format to validate your transaction, if you give them a format they are not expecting their transaction will fail.

Eth inherited a lot of stuff from BTC, including it's signing algorithm secp256k1, Edwards would be marginally faster, but it's just not the one we use.

Geth (Eth's most popular node) implements compatibility for other signing algorithms but afaik that's for future protection, right now you can only use secp256k1.

Here is a cool article talking about how lucky choosing that algorithm was: http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

Using a Library

Libraries like web3.js and ethers have isAddress().

Examples:

ethers.utils.isAddress('0x8ba1f109551bd432803012645ac136ddd64dba72'); // true
web3.utils.isAddress('blah'); // false

The following is an answer from 2016.

Regular Address

EIP 55 added a "capitals-based checksum" which was implemented by Geth by May 2016. Here's Javascript code from Geth:

/**
 * Checks if the given string is an address
 *
 * @method isAddress
 * @param {String} address the given HEX adress
 * @return {Boolean}
*/
var isAddress = function (address) {
    if (!/^(0x)?[0-9a-f]{40}$/i.test(address)) {
        // check if it has the basic requirements of an address
        return false;
    } else if (/^(0x)?[0-9a-f]{40}$/.test(address) || /^(0x)?[0-9A-F]{40}$/.test(address)) {
        // If it's all small caps or all all caps, return true
        return true;
    } else {
        // Otherwise check each case
        return isChecksumAddress(address);
    }
};

/**
 * Checks if the given string is a checksummed address
 *
 * @method isChecksumAddress
 * @param {String} address the given HEX adress
 * @return {Boolean}
*/
var isChecksumAddress = function (address) {
    // Check each case
    address = address.replace('0x','');
    var addressHash = sha3(address.toLowerCase());
    for (var i = 0; i < 40; i++ ) {
        // the nth letter should be uppercase if the nth digit of casemap is 1
        if ((parseInt(addressHash[i], 16) > 7 && address[i].toUpperCase() !== address[i]) || (parseInt(addressHash[i], 16) <= 7 && address[i].toLowerCase() !== address[i])) {
            return false;
        }
    }
    return true;
};

ICAP Address

ICAP has a checksum which can be verified. You can review Geth's icap.go and here's a snippet from it:

// https://en.wikipedia.org/wiki/International_Bank_Account_Number#Validating_the_IBAN
func validCheckSum(s string) error {
    s = join(s[4:], s[:4])
    expanded, err := iso13616Expand(s)
    if err != nil {
        return err
    }
    checkSumNum, _ := new(big.Int).SetString(expanded, 10)
    if checkSumNum.Mod(checkSumNum, Big97).Cmp(Big1) != 0 {
        return ICAPChecksumError
    }
    return nil
}

Calculate a valid signature

The problem was the wrongly calculated address.

signerPrivKey = eth_keys.keys.PrivateKey(priv_key.to_bytes(32, "big"))
signerPubKey = signerPrivKey.public_key
print("address: ", signerPubKey.to_checksum_address())
#address:  0xE144236EFb7932bDaE617eBAAFD24aF962152c77

Best Answer

Related Solutions

[Ethereum] How to check if an Ethereum address is valid

Using a Library

Regular Address

ICAP Address

Calculate a valid signature

Related Topic