Skip to main content

EcdsaSignature

o1js / Modules / EcdsaSignature

Class: EcdsaSignature

Table of contents

Constructors

Properties

Accessors

Methods

Constructors

constructor

new EcdsaSignature(signature)

Create a new EcdsaSignature from an object containing the scalars r and s.

Parameters

NameType
signatureObject
signature.rnumber | bigint | Field3 | AlmostForeignField
signature.snumber | bigint | Field3 | AlmostForeignField

Defined in

lib/foreign-ecdsa.ts:37

Properties

r

r: AlmostForeignField

Defined in

lib/foreign-ecdsa.ts:30


s

s: AlmostForeignField

Defined in

lib/foreign-ecdsa.ts:31


_Curve

Static Optional _Curve: typeof ForeignCurve

Defined in

lib/foreign-ecdsa.ts:164


_provable

Static Optional _provable: ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>

Defined in

lib/foreign-ecdsa.ts:165

Accessors

Constructor

get Constructor(): typeof EcdsaSignature

Returns

typeof EcdsaSignature

Defined in

lib/foreign-ecdsa.ts:161


Curve

Static get Curve(): typeof ForeignCurve

The ForeignCurve on which the ECDSA signature is defined.

Returns

typeof ForeignCurve

Defined in

lib/foreign-ecdsa.ts:173


provable

Static get provable(): ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>

Provable<EcdsaSignature>

Returns

ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>

Defined in

lib/foreign-ecdsa.ts:180

Methods

toBigInt

toBigInt(): Object

Convert this signature to an object with bigint fields.

Returns

Object

NameType
rbigint
sbigint

Defined in

lib/foreign-ecdsa.ts:65


verify

verify(message, publicKey): Bool

Verify the ECDSA signature given the message (an array of bytes) and public key (a Curve point).

Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.

Parameters

NameType
messageBytes
publicKeyFlexiblePoint

Returns

Bool

Throws

if one of the signature scalars is zero or if the public key is not on the curve.

Example

// create classes for your curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Scalar extends Secp256k1.Scalar {}
class Ecdsa extends createEcdsa(Secp256k1) {}

let message = 'my message';
let messageBytes = new TextEncoder().encode(message);

// outside provable code: create inputs
let privateKey = Scalar.random();
let publicKey = Secp256k1.generator.scale(privateKey);
let signature = Ecdsa.sign(messageBytes, privateKey.toBigInt());

// ...
// in provable code: create input witnesses (or use method inputs, or constants)
let pk = Provable.witness(Secp256k1.provable, () => publicKey);
let msg = Provable.witness(Provable.Array(Field, 9), () => messageBytes.map(Field));
let sig = Provable.witness(Ecdsa.provable, () => signature);

// verify signature
let isValid = sig.verify(msg, pk);
isValid.assertTrue('signature verifies');

Defined in

lib/foreign-ecdsa.ts:103


verifySignedHash

verifySignedHash(msgHash, publicKey): Bool

Verify the ECDSA signature given the message hash (a Scalar) and public key (a Curve point).

This is a building block of verify, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.

Parameters

NameType
msgHashbigint | AlmostForeignField
publicKeyFlexiblePoint

Returns

Bool

Defined in

lib/foreign-ecdsa.ts:116


check

Static check(signature): void

Parameters

NameType
signatureEcdsaSignature

Returns

void

Defined in

lib/foreign-ecdsa.ts:155


from

Static from(signature): EcdsaSignature

Coerce the input to a EcdsaSignature.

Parameters

NameType
signatureFlexibleSignature

Returns

EcdsaSignature

Defined in

lib/foreign-ecdsa.ts:48


fromHex

Static fromHex(rawSignature): EcdsaSignature

Create an EcdsaSignature from a raw 130-char hex string as used in Ethereum transactions.

Parameters

NameType
rawSignaturestring

Returns

EcdsaSignature

Defined in

lib/foreign-ecdsa.ts:57


sign

Static sign(message, privateKey): EcdsaSignature

Create an EcdsaSignature by signing a message with a private key.

Note: This method is not provable, and only takes JS bigints as input.

Parameters

NameType
messageUint8Array | (number | bigint)[]
privateKeybigint

Returns

EcdsaSignature

Defined in

lib/foreign-ecdsa.ts:135


signHash

Static signHash(msgHash, privateKey): EcdsaSignature

Create an EcdsaSignature by signing a message hash with a private key.

This is a building block of sign, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.

Note: This method is not provable, and only takes JS bigints as input.

Parameters

NameType
msgHashbigint
privateKeybigint

Returns

EcdsaSignature

Defined in

lib/foreign-ecdsa.ts:150