composable icon indicating copy to clipboard operation
composable copied to clipboard

Published 20 hours ago verified publisher icon ComposableFi

`pallet-cosmwasm::crypto::do_secp256k1_verify()` fails for signatures with recovery ID 1

Open conr2d opened this issue 7 months ago • 1 comments

Description

The current implementation of do_secp256k1_verify() adds a dummy byte 0x00 to the end of the secp256k1 signature to convert a 64-byte signature to a 65-byte Substrate ECDSA signature.

For verifying a secp256k1 signature, the recovery ID is not needed when the public key is known. However, sp_io::crypto::ecdsa_verify_prehashed() internally recovers a public key from the signature, so it doesn't work as expected.

https://github.com/conr2d/composable/commit/49efc1af38562097e4002e0effc073ec8f9f37cf

In the attached example, the newly added test secp256k1_recover_pubkey_recovers() shows the given signature is valid, but it causes secp256k1_verify_verifies() to fail.

Possible Solutions

  • Submit a PR to polkadot-sdk to change the behavior of sp_io::crypto::ecdsa_verify_prehashed().
  • Add a new host function for secp256k1 signature verification.

If you would like, I can submit a pull request to resolve this issue.

conr2d avatar Jul 13 '24 03:07 conr2d