Need a new function for a recovery(v) for HSM #107
Replies: 2 comments 1 reply
-
To produce As you can see from the code below, same r/s with different recovery ids will produce different public keys, all of which are VALID and pass verification test. So, I don't think it's possible to calculate v. import { secp256k1 } from '@noble/curves/secp256k1';
import { bytesToHex } from '@noble/curves/abstract/utils';
const priv = secp256k1.utils.randomPrivateKey();
const pub_original = bytesToHex(secp256k1.getPublicKey(priv));
const msgHash = 'cafecafecafecafecafecafecafecafecafecafecafecafecafecafecafecafe';
const signed = secp256k1.sign(msgHash, priv);
[0, 1, 2, 3].forEach(rec => {
const sig = new secp256k1.Signature(signed.r, signed.s);
const sig_v = sig.addRecoveryBit(rec);
let pub_recovered;
try {
pub_recovered = sig_v.recoverPublicKey(msgHash).toHex();
} catch (error) {
return;
}
console.log('recovered == original', pub_original === pub_recovered);
console.log('verify', secp256k1.verify(sig_v, msgHash, pub_recovered));
}) |
Beta Was this translation helpful? Give feedback.
-
Thanks for your comments.
I would be very grateful if you could advise me further on the three points above. Thanks. |
Beta Was this translation helpful? Give feedback.
-
Hello,
I am building a custodial wallet with AWS KMS for Polkadot blockchain (with ecdsa scheme). This research is motivated from AWS blockchain research (https://aws.amazon.com/blogs/database/part1-use-aws-kms-to-securely-manage-ethereum-accounts/) where a private key is created and stored HSM (Hardware Security Module), a private key never leaves HSM and a transaction payload is signed offline in HSM.
We can see clearly that Polkadot-JS heavily depends on Noble-curves:
https://github.com/polkadot-js/common/blob/1f8b573d811ebc00f078cc9ad0a96b0d5476b13d/packages/util-crypto/src/secp256k1/sign.ts#L19
https://github.com/polkadot-js/common/blob/1f8b573d811ebc00f078cc9ad0a96b0d5476b13d/packages/util-crypto/src/secp256k1/verify.ts#L16
https://github.com/polkadot-js/common/blob/1f8b573d811ebc00f078cc9ad0a96b0d5476b13d/packages/util-crypto/src/secp256k1/recover.ts#L7
So, I have very carefully looked at two Git repositories (here and https://github.com/paulmillr/noble-curves).
To sign a transaction payload offline with AWS KMS, I create a transaction object and pass it to AWS KMS, and then KMS returns "r" and "s" values. Next I need compose a signature from these “r” and "s” values with “recovery (v)” . But here my problem is that I myself have to calculate "v" value.
Using Noble-curves, Polkadot-JS gets "v" as well as “r” and "s” , as we see https://github.com/polkadot-js/common/blob/1f8b573d811ebc00f078cc9ad0a96b0d5476b13d/packages/util-crypto/src/secp256k1/sign.ts#L32
So, I have investigated the process of calculating "recovery" from here ( https://github.com/paulmillr/noble-curves/blob/d5de5d2659d5268f5731579b0cf0f48e3358ad37/src/abstract/weierstrass.ts#L968)
This recovery (v) value should be either 0 or 1. I have defined the function getRecovery which takes three areguments (encodedHash of transaction payload, "r" value and "s" value) where "r" and "s" are already provided by AWS KMS. This function is created from a little modification of the original code
This function returns either 0 or 1. We have a half-and-half chance to get a correct value, either 0 or 1. This function returns a wrong value sometimes, so I have failed to recover a correct a public Key.
I would be very grateful if you could advise me or correct the code above.
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions