nRF9160 DK Ethereum Ecdsa "s problem"

Hello!
We are trying to sign our data using ECDSA (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/ecdsa/README.html)
We are comparing the results with signs of other projects and we see that our program computes the same sign but we ascertain that our "s" is wrong.
What should we do?
The ECDSA sample doesn't provide the Keccak256 algorithm so we implemented it ourselves. We think that there is a mistake with the procedure to obtain the "s value".
Please help us.

Parents
  • Hi,

    We are comparing the results with signs of other projects and we see that our program computes the same sign but we ascertain that our "s" is wrong.

    Could you elaborate on this?

    We think that there is a mistake with the procedure to obtain the "s value".

    Could you elaborate on this as well?

    Best regards,
    Dejan

  • static uint8_t keccak256[32] = {
    0x99, 0x68, 0x3d, 0xfd, 0x16, 0xa3, 0x65, 0xb2,
    0xf1, 0x45, 0x82, 0x59, 0xd7, 0xaf, 0x30, 0x6d,
    0xb5, 0x74, 0xa3, 0x4b, 0xe7, 0xf8, 0x6d, 0x21,
    0x02, 0xca, 0xb0, 0x47, 0xb0, 0xee, 0x4c, 0xf3
    };
    
    static uint8_t m_priv_key[32] = {
    0x1d, 0x68, 0xd6, 0x4b, 0xa9, 0x19, 0x60, 0x41,
    0x1e, 0x4b, 0xb8, 0x5d, 0xd7, 0xd4, 0x61, 0x02,
    0x2f, 0x70, 0x6c, 0x6d, 0xbe, 0x67, 0x6b, 0xf1,
    0x3b, 0xdb, 0xfc, 0x3f, 0x7e, 0x1c, 0x13, 0x38
    };
    
    
    
    status = psa_import_key(&key_attributes, m_priv_key, sizeof(m_priv_key), &keypair_handle);
    if (status != PSA_SUCCESS) {
    LOG_INF("psa_import_private_key failed! (Error: %d)", status);
    return APP_ERROR;
    }
    
    
    status = psa_sign_hash(keypair_handle,
    PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
    keccak256,
    sizeof(m_plain_text),
    m_signature,
    sizeof(m_signature),
    &output_len);
    if (status != PSA_SUCCESS) {
    LOG_INF("psa_sign_hash failed! (Error: %d)", status);
    return APP_ERROR;
    }

    This is the code of the ECDSA example by Nordic and this gives us an incorrect "s value".

    signed_tx = web3.eth.account.signTransaction(tx, private_key)
    tx = {
    'nonce': nonce,
    'to': to_acc,
    'value': web3.toWei(1, 'ether'),
    'gas': 2000000,
    'gasPrice': web3.toWei('50', 'gwei')
    }
    
    private_key = '1d68d64ba91960411e4bb85dd7d461022f706c6dbe676bf13bdbfc3f7e1c1338'

    This is the code in python that give us the correct "s value".

  • Hi,

    Do you get the same signature every time you run your python script? Do you use deterministic ECDSA in your python project?

    Best regards,
    Dejan

  • We are using deterministic ECDSA in both. For some values the ECDSA result is wrong related to the "s value".
    We noticed that when we make the Keccak256 of a standard number or a text the "r and s values" are correct, but when we make the keccack256 of RLP only the "r value" is correct.

Reply Children
Related