EcdsaSignature
Constructors
new EcdsaSignature()
new EcdsaSignature(signature: {
"r": number | bigint | Field3 | AlmostForeignField;
"s": number | bigint | Field3 | AlmostForeignField;
}): EcdsaSignature
Create a new EcdsaSignature from an object containing the scalars r and s.
Note: Inputs must be range checked if they originate from a different field with a different modulus or if they are not constants. Please refer to the ForeignField constructor comments for more details.
Parameters
• signature
• signature.r: number | bigint | Field3 | AlmostForeignField
• signature.s: number | bigint | Field3 | AlmostForeignField
Returns
Source
lib/provable/crypto/foreign-ecdsa.ts:39
Properties
r
r: AlmostForeignField;
Source
lib/provable/crypto/foreign-ecdsa.ts:31
s
s: AlmostForeignField;
Source
lib/provable/crypto/foreign-ecdsa.ts:32
_Curve?
static optional _Curve: typeof ForeignCurve;
Source
lib/provable/crypto/foreign-ecdsa.ts:220
_provable?
static optional _provable: ProvablePureExtended<EcdsaSignature, {
"r": bigint;
"s": bigint;
}, {
"r": string;
"s": string;
}>;
Source
lib/provable/crypto/foreign-ecdsa.ts:221
Accessors
Constructor
get Constructor(): typeof EcdsaSignature
Returns
typeof EcdsaSignature
Source
lib/provable/crypto/foreign-ecdsa.ts:217
Curve
get static Curve(): typeof ForeignCurve
The ForeignCurve on which the ECDSA signature is defined.
Returns
typeof ForeignCurve
Source
lib/provable/crypto/foreign-ecdsa.ts:230
provable
get static provable(): ProvablePureExtended<EcdsaSignature, {
"r": bigint;
"s": bigint;
}, {
"r": string;
"s": string;
}>
Provable<EcdsaSignature>
Returns
ProvablePureExtended\<EcdsaSignature, {
"r": bigint;
"s": bigint;
}, {
"r": string;
"s": string;
}>
Source
lib/provable/crypto/foreign-ecdsa.ts:237
Methods
toBigInt()
toBigInt(): {
"r": bigint;
"s": bigint;
}
Convert this signature to an object with bigint fields.
Returns
{
"r": bigint;
"s": bigint;
}
r
r: bigint;
s
s: bigint;
Source
lib/provable/crypto/foreign-ecdsa.ts:67
verify()
verify(message: Bytes, publicKey: FlexiblePoint): Bool
Verify the ECDSA signature given the message (an array of bytes) and public key (a Curve point).
Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.
Parameters
• message: Bytes
• publicKey: FlexiblePoint
Returns
Throws
if one of the signature scalars is zero or if the public key is not on the curve.
Example
// create classes for your curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Scalar extends Secp256k1.Scalar {}
class Ecdsa extends createEcdsa(Secp256k1) {}
let message = 'my message';
let messageBytes = new TextEncoder().encode(message);
// outside provable code: create inputs
let privateKey = Scalar.random();
let publicKey = Secp256k1.generator.scale(privateKey);
let signature = Ecdsa.sign(messageBytes, privateKey.toBigInt());
// ...
// in provable code: create input witnesses (or use method inputs, or constants)
let pk = Provable.witness(Secp256k1, () => publicKey);
let msg = Provable.witness(Provable.Array(Field, 9), () => messageBytes.map(Field));
let sig = Provable.witness(Ecdsa, () => signature);
// verify signature
let isValid = sig.verify(msg, pk);
isValid.assertTrue('signature verifies');
Source
lib/provable/crypto/foreign-ecdsa.ts:105
verifyEthers()
verifyEthers(message: Bytes, publicKey: FlexiblePoint): Bool
Verify an ECDSA signature generated by the ethers.js library, given the message (as a byte array) and a public key (a Curve point). The message digest used for signing follows the format defined in EIP-191, with the Ethereum-specific prefix.
Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.
Note: This method is specifically designed to verify signatures generated by ethers.js. Ensure that the curve being used is Secp256k1, as demonstrated in the example.
Parameters
• message: Bytes
The original message as a byte array.
• publicKey: FlexiblePoint
The public key as a point on the Secp256k1 elliptic curve.
Returns
- A Bool indicating the validity of the signature.
Throws
An error will be thrown if one of the signature scalars is zero or if the public key does not lie on the curve.
Example
import { Wallet } from 'ethers';
// create the class for Secp256k1 curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Ecdsa extends createEcdsa(Secp256k1) {}
// outside provable code: create inputs
let message = 'my message';
let signatureRaw = await wallet.signMessage(message);
let compressedPublicKey = wallet.signingKey.compressedPublicKey;
// this also works for uncompressed public keys (wallet.signingKey.publicKey)
let publicKey = Secp256k1.fromEthers(compressedPublicKey.slice(2));
let signature = Ecdsa.fromHex(signatureRaw);
// ...
// in provable code: create input witnesses (or use method inputs, or constants)
// and verify the signature
let isValid = signature.verifyEthers(Bytes.fromString(message), publicKey);
isValid.assertTrue('signature verifies');
Source
lib/provable/crypto/foreign-ecdsa.ts:151
verifySignedHash()
verifySignedHash(msgHash: bigint | AlmostForeignField, publicKey: FlexiblePoint): Bool
Verify the ECDSA signature given the message hash (a Scalar) and public key (a Curve point).
This is a building block of EcdsaSignature.verify, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.
Parameters
• msgHash: bigint | AlmostForeignField
• publicKey: FlexiblePoint
Returns
Source
lib/provable/crypto/foreign-ecdsa.ts:170
check()
static check(signature: EcdsaSignature): void
Parameters
• signature: EcdsaSignature
Returns
void
Source
lib/provable/crypto/foreign-ecdsa.ts:209
from()
static from(signature: FlexibleSignature): EcdsaSignature
Coerce the input to a EcdsaSignature.
Parameters
• signature: FlexibleSignature
Returns
Source
lib/provable/crypto/foreign-ecdsa.ts:50
fromHex()
static fromHex(rawSignature: string): EcdsaSignature
Create an EcdsaSignature from a raw 130-char hex string as used in Ethereum transactions.
Parameters
• rawSignature: string
Returns
Source
lib/provable/crypto/foreign-ecdsa.ts:59
sign()
static sign(message: Uint8Array | (number | bigint)[], privateKey: bigint): EcdsaSignature
Create an EcdsaSignature by signing a message with a private key.
Note: This method is not provable, and only takes JS bigints as input.
Parameters
• message: Uint8Array | (number | bigint)[]
• privateKey: bigint
Returns
Source
lib/provable/crypto/foreign-ecdsa.ts:189
signHash()
static signHash(msgHash: bigint, privateKey: bigint): EcdsaSignature
Create an EcdsaSignature by signing a message hash with a private key.
This is a building block of EcdsaSignature.sign, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.
Note: This method is not provable, and only takes JS bigints as input.
Parameters
• msgHash: bigint
• privateKey: bigint