Skip to main content

EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:25

Constructors

new EcdsaSignature()

new EcdsaSignature(signature: {
r: number | bigint | Field3 | AlmostForeignField;
s: number | bigint | Field3 | AlmostForeignField;
}): EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:34

Create a new EcdsaSignature from an object containing the scalars r and s.

Note: Inputs must be range checked if they originate from a different field with a different modulus or if they are not constants. Please refer to the ForeignField constructor comments for more details.

Parameters

signature
r

number | bigint | Field3 | AlmostForeignField

s

number | bigint | Field3 | AlmostForeignField

Returns

EcdsaSignature

Properties

r

r: AlmostForeignField;

Defined in: lib/provable/crypto/foreign-ecdsa.ts:26


s

s: AlmostForeignField;

Defined in: lib/provable/crypto/foreign-ecdsa.ts:27


_Curve?

static optional _Curve: typeof ForeignCurve;

Defined in: lib/provable/crypto/foreign-ecdsa.ts:215


_provable?

static optional _provable: ProvablePureExtended<EcdsaSignature, {
r: bigint;
s: bigint;
}, {
r: string;
s: string;
}>;

Defined in: lib/provable/crypto/foreign-ecdsa.ts:216

Accessors

Constructor

Get Signature

get Constructor(): typeof EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:212

Returns

typeof EcdsaSignature


Curve

Get Signature

get static Curve(): typeof ForeignCurve

Defined in: lib/provable/crypto/foreign-ecdsa.ts:225

The ForeignCurve on which the ECDSA signature is defined.

Returns

typeof ForeignCurve


provable

Get Signature

get static provable(): ProvablePureExtended<EcdsaSignature, {
r: bigint;
s: bigint;
}, {
r: string;
s: string;
}>

Defined in: lib/provable/crypto/foreign-ecdsa.ts:232

Provable<EcdsaSignature>

Returns

ProvablePureExtended<EcdsaSignature, { r: bigint; s: bigint; }, { r: string; s: string; }>

Methods

toBigInt()

toBigInt(): {
r: bigint;
s: bigint;
}

Defined in: lib/provable/crypto/foreign-ecdsa.ts:62

Convert this signature to an object with bigint fields.

Returns

{
r: bigint;
s: bigint;
}
r
r: bigint;
s
s: bigint;

verify()

verify(message: Bytes, publicKey: FlexiblePoint): Bool

Defined in: lib/provable/crypto/foreign-ecdsa.ts:100

Verify the ECDSA signature given the message (an array of bytes) and public key (a Curve point).

Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.

Parameters

message

Bytes

publicKey

FlexiblePoint

Returns

Bool

Throws

if one of the signature scalars is zero or if the public key is not on the curve.

Example

// create classes for your curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Scalar extends Secp256k1.Scalar {}
class Ecdsa extends createEcdsa(Secp256k1) {}

let message = 'my message';
let messageBytes = new TextEncoder().encode(message);

// outside provable code: create inputs
let privateKey = Scalar.random();
let publicKey = Secp256k1.generator.scale(privateKey);
let signature = Ecdsa.sign(messageBytes, privateKey.toBigInt());

// ...
// in provable code: create input witnesses (or use method inputs, or constants)
let pk = Provable.witness(Secp256k1, () => publicKey);
let msg = Provable.witness(Provable.Array(Field, 9), () => messageBytes.map(Field));
let sig = Provable.witness(Ecdsa, () => signature);

// verify signature
let isValid = sig.verify(msg, pk);
isValid.assertTrue('signature verifies');

verifyEthers()

verifyEthers(message: Bytes, publicKey: FlexiblePoint): Bool

Defined in: lib/provable/crypto/foreign-ecdsa.ts:145

Verify an ECDSA signature generated by the ethers.js library, given the message (as a byte array) and a public key (a Curve point). The message digest used for signing follows the format defined in EIP-191, with the Ethereum-specific prefix.

Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.

Note: This method is specifically designed to verify signatures generated by ethers.js. Ensure that the curve being used is Secp256k1, as demonstrated in the example.

Parameters

message

Bytes

The original message as a byte array.

publicKey

FlexiblePoint

The public key as a point on the Secp256k1 elliptic curve.

Returns

Bool

  • A Bool indicating the validity of the signature.

Throws

An error will be thrown if one of the signature scalars is zero or if the public key does not lie on the curve.

Example

import { Wallet } from 'ethers';

// create the class for Secp256k1 curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Ecdsa extends createEcdsa(Secp256k1) {}

// outside provable code: create inputs
let message = 'my message';
let signatureRaw = await wallet.signMessage(message);
let compressedPublicKey = wallet.signingKey.compressedPublicKey;

// this also works for uncompressed public keys (wallet.signingKey.publicKey)
let publicKey = Secp256k1.fromEthers(compressedPublicKey.slice(2));
let signature = Ecdsa.fromHex(signatureRaw);

// ...
// in provable code: create input witnesses (or use method inputs, or constants)
// and verify the signature
let isValid = signature.verifyEthers(Bytes.fromString(message), publicKey);
isValid.assertTrue('signature verifies');

verifySignedHash()

verifySignedHash(msgHash: bigint | Bytes | AlmostForeignField, publicKey: FlexiblePoint): Bool

Defined in: lib/provable/crypto/foreign-ecdsa.ts:162

Verify the ECDSA signature given the message hash (a Scalar) and public key (a Curve point).

This is a building block of EcdsaSignature.verify, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar, or the output bytes of a hash function) as input, giving you flexibility in choosing the hashing algorithm.

Parameters

msgHash

bigint | Bytes | AlmostForeignField

publicKey

FlexiblePoint

Returns

Bool


check()

static check(signature: EcdsaSignature): void

Defined in: lib/provable/crypto/foreign-ecdsa.ts:204

Parameters

signature

EcdsaSignature

Returns

void


from()

static from(signature: FlexibleSignature): EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:45

Coerce the input to a EcdsaSignature.

Parameters

signature

FlexibleSignature

Returns

EcdsaSignature


fromHex()

static fromHex(rawSignature: string): EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:54

Create an EcdsaSignature from a raw 130-char hex string as used in Ethereum transactions.

Parameters

rawSignature

string

Returns

EcdsaSignature


sign()

static sign(message: Uint8Array | (number | bigint)[], privateKey: bigint): EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:181

Create an EcdsaSignature by signing a message with a private key.

Note: This method is not provable, and only takes JS bigints as input.

Parameters

message

Uint8Array | (number | bigint)[]

privateKey

bigint

Returns

EcdsaSignature


signHash()

static signHash(msgHash: bigint | Bytes, privateKey: bigint): EcdsaSignature

Defined in: lib/provable/crypto/foreign-ecdsa.ts:196

Create an EcdsaSignature by signing a message hash with a private key.

This is a building block of EcdsaSignature.sign, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar, or the output bytes of a hash function) as input, giving you flexibility in choosing the hashing algorithm.

Note: This method is not provable, and only takes JS bigints or constant Bytes as input.

Parameters

msgHash

bigint | Bytes

privateKey

bigint

Returns

EcdsaSignature