unable to pass construction/combine... until i noticed

Question

unable to pass construction/combine... until i noticed

Closed this issue 4 years ago · 1 comments

Describe the bug

The secp256k1 library used by rosetta-sdk-go produces a slightly different signature than the Javascript elliptic one.

To Reproduce

Private key: 50ff238ce1138727ccc5415cdd70d2e6a0dc7c54ad00590d771267bddc2b1b16
Message: a5d26ccff972f4ff7434bcc81e145fa3936480053440910fcfe9aa7ac9857d91

What do you get when you sign it? With elliptic, I get
016e484f4d7c8e1ccd198a898975b37983693cbceb9b412bd97469b6f4f437bbab07cca226861e240326d6aa51d2a66f55fc593ce7755d38508dd1cf29ab4a310e

Rosetta-cli generated instead
6e484f4d7c8e1ccd198a898975b37983693cbceb9b412bd97469b6f4f437bbab07cca226861e240326d6aa51d2a66f55fc593ce7755d38508dd1cf29ab4a310e01

It took me hours of trying all sorts of things before I noticed the bytes were slightly off.

Expected behavior

I expected the same signatures. Maybe this can go into the docs somewhere?

Answer 1 · 2020-10-22T16:00:17.000Z

👋 Sorry for the confusion here, @fariedt!

When running this code:

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/coinbase/rosetta-sdk-go/keys"
	"github.com/coinbase/rosetta-sdk-go/types"
)

func main() {
	kp, _ := keys.ImportPrivateKey(
		"50ff238ce1138727ccc5415cdd70d2e6a0dc7c54ad00590d771267bddc2b1b16",
		types.Secp256k1,
	)

	signer, _ := kp.Signer()
	msg, _ := hex.DecodeString("a5d26ccff972f4ff7434bcc81e145fa3936480053440910fcfe9aa7ac9857d91")
	sig, _ := signer.Sign(&types.SigningPayload{
		Bytes: msg,
	}, types.Ecdsa)

	fmt.Println("ECDSA:", hex.EncodeToString(sig.Bytes))

	sig, _ = signer.Sign(&types.SigningPayload{
		Bytes: msg,
	}, types.EcdsaRecovery)

	fmt.Println("ECDSA Recovery:", hex.EncodeToString(sig.Bytes))
}

I get (adheres to the spec signatures):

ECDSA: 6e484f4d7c8e1ccd198a898975b37983693cbceb9b412bd97469b6f4f437bbab07cca226861e240326d6aa51d2a66f55fc593ce7755d38508dd1cf29ab4a310e

ECDSA Recovery: 6e484f4d7c8e1ccd198a898975b37983693cbceb9b412bd97469b6f4f437bbab07cca226861e240326d6aa51d2a66f55fc593ce7755d38508dd1cf29ab4a310e01

The 01 is only appended when using ecdsa_recovery (the v byte). I'm not sure what elliptic is doing with the prepended 01 (v) but you can find the format of all allowed signatures and their expected formats here: https://github.com/coinbase/rosetta-specifications#supported-signaturetypes

I'm going to add a note to the common mistakes section of the website warning people that the elliptic library produces signatures that aren't in an "allowed" format (i.e. prepended v).