nRF9160 DK Ethereum Ecdsa "s problem"

Hello!
We are trying to sign our data using ECDSA (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/ecdsa/README.html)
We are comparing the results with signs of other projects and we see that our program computes the same sign but we ascertain that our "s" is wrong.
What should we do?
The ECDSA sample doesn't provide the Keccak256 algorithm so we implemented it ourselves. We think that there is a mistake with the procedure to obtain the "s value".
Please help us.

Parents Reply Children
  • static uint8_t keccak256[32] = {
    0x99, 0x68, 0x3d, 0xfd, 0x16, 0xa3, 0x65, 0xb2,
    0xf1, 0x45, 0x82, 0x59, 0xd7, 0xaf, 0x30, 0x6d,
    0xb5, 0x74, 0xa3, 0x4b, 0xe7, 0xf8, 0x6d, 0x21,
    0x02, 0xca, 0xb0, 0x47, 0xb0, 0xee, 0x4c, 0xf3
    };
    
    static uint8_t m_priv_key[32] = {
    0x1d, 0x68, 0xd6, 0x4b, 0xa9, 0x19, 0x60, 0x41,
    0x1e, 0x4b, 0xb8, 0x5d, 0xd7, 0xd4, 0x61, 0x02,
    0x2f, 0x70, 0x6c, 0x6d, 0xbe, 0x67, 0x6b, 0xf1,
    0x3b, 0xdb, 0xfc, 0x3f, 0x7e, 0x1c, 0x13, 0x38
    };
    
    
    
    status = psa_import_key(&key_attributes, m_priv_key, sizeof(m_priv_key), &keypair_handle);
    if (status != PSA_SUCCESS) {
    LOG_INF("psa_import_private_key failed! (Error: %d)", status);
    return APP_ERROR;
    }
    
    
    status = psa_sign_hash(keypair_handle,
    PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
    keccak256,
    sizeof(m_plain_text),
    m_signature,
    sizeof(m_signature),
    &output_len);
    if (status != PSA_SUCCESS) {
    LOG_INF("psa_sign_hash failed! (Error: %d)", status);
    return APP_ERROR;
    }

    This is the code of the ECDSA example by Nordic and this gives us an incorrect "s value".

    signed_tx = web3.eth.account.signTransaction(tx, private_key)
    tx = {
    'nonce': nonce,
    'to': to_acc,
    'value': web3.toWei(1, 'ether'),
    'gas': 2000000,
    'gasPrice': web3.toWei('50', 'gwei')
    }
    
    private_key = '1d68d64ba91960411e4bb85dd7d461022f706c6dbe676bf13bdbfc3f7e1c1338'

    This is the code in python that give us the correct "s value".

  • Hi,

    Do you get the same signature every time you run your python script? Do you use deterministic ECDSA in your python project?

    Best regards,
    Dejan

  • We are using deterministic ECDSA in both. For some values the ECDSA result is wrong related to the "s value".
    We noticed that when we make the Keccak256 of a standard number or a text the "r and s values" are correct, but when we make the keccack256 of RLP only the "r value" is correct.

  • Hi,

    I have made an internal inquiry on this topic. 
    Since you try to implement Ethereum ECDSA, use keccak256 with secp256k1, and since it is hash algorithm we do not currently provide, we cannot provide full support related to your question. 

    I would suggest that you engage more with Ethereum  crypto and developer communities.
    There is a list of software resources  implementing keccak.

    Best regards,
    Dejan

Related