From 8e800885fbf63939d614ae25c6da8e1e47b0d960 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Wed, 30 Oct 2024 21:36:31 -0400 Subject: [PATCH] Simplify deterministic signing process in serai-processor-ethereum-primitives This should be easier to specify/do an alternative implementation of. --- processor/ethereum/primitives/src/lib.rs | 25 ++++++++++++------------ 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/processor/ethereum/primitives/src/lib.rs b/processor/ethereum/primitives/src/lib.rs index ccf41344..1fbf2834 100644 --- a/processor/ethereum/primitives/src/lib.rs +++ b/processor/ethereum/primitives/src/lib.rs @@ -3,7 +3,7 @@ #![deny(missing_docs)] use group::ff::PrimeField; -use k256::{elliptic_curve::ops::Reduce, U256, Scalar}; +use k256::Scalar; use alloy_core::primitives::{Parity, Signature}; use alloy_consensus::{SignableTransaction, Signed, TxLegacy}; @@ -15,20 +15,21 @@ pub fn keccak256(data: impl AsRef<[u8]>) -> [u8; 32] { /// Deterministically sign a transaction. /// -/// This function panics if passed a transaction with a non-None chain ID. +/// This signs a transaction via setting `r = 1, s = 1`, and incrementing `r` until a signer is +/// recoverable from the signature for this transaction. The purpose of this is to be able to send +/// a transaction from a known account which no one knows the private key for. +/// +/// This function panics if passed a transaction with a non-None chain ID. This is because the +/// signer for this transaction is only singular across any/all EVM instances if it isn't binding +/// to an instance. pub fn deterministically_sign(tx: &TxLegacy) -> Signed { - pub fn hash_to_scalar(data: impl AsRef<[u8]>) -> Scalar { - >::reduce_bytes(&keccak256(data).into()) - } - assert!( tx.chain_id.is_none(), - "chain ID was Some when deterministically signing a TX (causing a non-deterministic signer)" + "chain ID was Some when deterministically signing a TX (causing a non-singular signer)" ); - let sig_hash = tx.signature_hash().0; - let mut r = hash_to_scalar([sig_hash.as_slice(), b"r"].concat()); - let mut s = hash_to_scalar([sig_hash.as_slice(), b"s"].concat()); + let mut r = Scalar::ONE; + let s = Scalar::ONE; loop { // Create the signature let r_bytes: [u8; 32] = r.to_repr().into(); @@ -42,8 +43,6 @@ pub fn deterministically_sign(tx: &TxLegacy) -> Signed { return tx; } - // Re-hash until valid - r = hash_to_scalar(r_bytes); - s = hash_to_scalar(s_bytes); + r += Scalar::ONE; } }