Namespace definitions
Cryptographic functions.
Since
0.10.6
Functions
Compute an Ethererum public key from a signature and a hash.
Similar to Solidity's ecrecover(), though differs in that:
This function takes
rec_id, rather thanv, whererec_id == v - 27.The parameter order is different.
This function returns a 64-byte public key, not a 20-byte address. An address can be obtained by taking the last 20 bytes of the
keccak256()digest of the returned public key, e.g.:
val address: byte_array = keccak256(eth_ecrecover(...)).sub(44);The signature (consisting of the r, s and rec_id components) will typically be obtained with a procedure equivalent to eth_sign(data_hash, privkey), where privkey and pubkey form a keypair (pubkey being returned form this method).
The signature component rec_id is an adjusted recovery identifier, equivalent to Ethereum's recovery identifier (usually denoted as v) minus 27, i.e. rec_id == v - 27.
The given 32-byte array data_hash is typically a cryptographic hash obtained from a larger data structure using a hashing function such as hash(), sha256() or keccak256().
Example
The following is a Node.js script which uses ecrecover() (the equivalent to crypto.eth_ecrecover()) from the Ethereum Web3 library:
const Web3 = require('web3');
const web3 = new Web3();
var r = '0xcf722a47bcf1da61967ccc6405e31db4d37bce153255a6937e5cceb222caead0';
var s = '0xcf722a47bcf1da61967ccc6405e31db4d37bce153255a6937e5cceb222caead0';
var h = '0x53d7b11e61a8059aa4bc3248d24b2936436c9796dfe7f18e414c181004f79427';
var v = '0x1c';
var address = web3.eth.accounts.recover({'r':r,'s':s,'messageHash':h,'v':v});
console.log(address); // prints 0x5b0c087542D5C1E66Df0041e179c4201675B1614An equivalent script in Rell is as follows:
val r = x'cf722a47bcf1da61967ccc6405e31db4d37bce153255a6937e5cceb222caead0';
val s = x'cf722a47bcf1da61967ccc6405e31db4d37bce153255a6937e5cceb222caead0';
val h = x'53d7b11e61a8059aa4bc3248d24b2936436c9796dfe7f18e414c181004f79427';
val v = 0x1c;
val pubkey = eth_ecrecover(r, s, v - 27, h);
val address = keccak256(pubkey).sub(12);
print(address); // prints 0x5b0c087542d5c1e66df0041e179c4201675b1614Note that in the Rell script, v is an integer, while in the Node.js script it is an 0x-prefixed hexadecimal string.
Compute a 20-byte Ethereum address from a 32-byte private key.
Compute a 20-byte Ethereum address from a public key.
Accepts valid public keys of size 33, 64 or 65 bytes. Note that not all byte arrays of acceptable length constitute valid public keys.
Compute an Ethereum signature.
The given 32-byte array data_hash is typically a cryptographic hash obtained from a larger data structure using a hashing function such as hash(), sha256() or keccak256().
The public key corresponding to the given private key can be computed from the original value of data_hash and the returned signature tuple (r, s, rec_id) using the eth_ecrecover() method:
val (r, s, rec_id) = eth_sign(data_hash, privkey);
val pubkey = eth_ecrecover(r, s, rec_id, data_hash);The returned signature component rec_id is an adjusted recovery identifier, equivalent to Ethereum's recovery identifier (usually denoted as v) minus 27, i.e. rec_id == v - 27.
Sign a 32-byte array with a 32-byte private key using the ECDSA (secp256k1) algorithm.
The given 32-byte array data_hash is typically a cryptographic hash obtained from a larger data structure using a hashing function such as hash(), sha256() or keccak256().
The returned value can be verified with verify_signature() using the public key belonging to the keypair of the given private key.
Compute the Keccak256 digest (hash) of the given byte array.
Compute a public key from a 32-byte private key.
The optional boolean flag compressed determines whether a compressed (33-byte), or uncompressed (65-byte) public key, is returned. Defaults to false (uncompressed) if not provided.
Convert between public key formats.
Accepts valid public keys of size 33, 64 or 65 bytes. Note that not all byte arrays of acceptable length constitute valid public keys.
The optional boolean flag compressed determines whether a compressed (33-byte), or uncompressed (65-byte) public key, is returned. Defaults to false (uncompressed) if not provided.
Examples:
// convert a 33-byte pubkey to a 65-byte pubkey:
crypto.pubkey_encode(my_33_byte_pubkey)
// convert a 65-byte pubkey to a 33-byte pubkey:
crypto.pubkey_encode(my_65_byte_pubkey, true)
// convert a 64-byte pubkey to a 65-byte pubkey:
crypto.pubkey_encode(my_64_byte_pubkey)
// convert a 64-byte pubkey to a 33-byte pubkey:
crypto.pubkey_encode(my_64_byte_pubkey, true)Note that this function cannot return a 64-byte public key. However a 64-byte public key can be obtained from a 65-byte public key by dropping the first byte with byte_array.sub(1):
// convert a 65-byte pubkey to a 64-byte pubkey:
my_65_byte_pubkey.sub(1)
// convert a 33-byte pubkey to a 64-byte pubkey:
crypto.pubkey_encode(my_33_byte_pubkey).sub(1)Extract the x and y coordinates from an EC point public key. The extracted point is a tuple containing two big_integers, which are the x and y coordinates of the given public key, a point on the secp256k1 elliptic curve.
Inverse of crypto.xy_to_pubkey().
Accepts valid 33, 64 or 65 byte public keys. Note that not all byte arrays of acceptable length constitute valid public keys.
Compute the SHA-256 digest (hash) of the given byte array.
Verify a signature against a message and public key.
More precisely, verify that signature was obtained with a procedure equivalent to get_signature(data_hash, privkey), where privkey and pubkey form a keypair.
Accepts valid public keys of size 33 or 65 bytes. Note that not all byte arrays of acceptable length constitute valid public keys.
Construct a public key from EC point x and y coordinates. The given x and y coordinates must encode a point on the secp256k1 elliptic curve in order to constitute a public key.
Inverse of crypto.pubkey_to_xy().
The optional boolean flag compressed determines whether a compressed (33-byte), or uncompressed (65-byte) public key, is returned. Defaults to false (uncompressed) if not provided.