Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Broken MultiSignature verification for ECDSA keys #4498

Closed
akru opened this issue Dec 25, 2019 · 0 comments · Fixed by #4502
Closed

Broken MultiSignature verification for ECDSA keys #4498

akru opened this issue Dec 25, 2019 · 0 comments · Fixed by #4502

Comments

@akru
Copy link
Contributor

akru commented Dec 25, 2019

Looks like Verify instance will not works for ECDSA because this instance recover the compressed public key:

https://github.com/paritytech/substrate/blob/master/primitives/runtime/src/lib.rs#L311

(MultiSignature::Ecdsa(ref sig), who) => {
	let m = sp_io::hashing::blake2_256(msg.get());
	match sp_io::crypto::secp256k1_ecdsa_recover_compressed(sig.as_ref(), &m) {
		Ok(pubkey) =>
			&sp_io::hashing::blake2_256(pubkey.as_ref())
				== <dyn AsRef<[u8; 32]>>::as_ref(who),

But ecdsa module uses the uncompressed public key for AccountId derivation:

https://github.com/paritytech/substrate/blob/master/primitives/core/src/ecdsa.rs#L51
https://github.com/paritytech/substrate/blob/master/primitives/runtime/src/lib.rs#L249
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make MultiSigner use compressed ECDSA public key paritytech/substrate
1 participant
@akru