Signing and verifying a message using ECDSA sometimes fails

[rjwebb]

• I'm submitting a ...

  • Bug report
  • Feature request
  • Support request
  • Other

• What is the current behavior and expected behavior?

Expected behaviour: I should be able to generate a KeyringPair that signs messages using the ECDSA algorithm and verify the signatures against the message + the KeyringPair's public key

Current behaviour: This works most of the time, approx 99/100 times, but sometimes the verification fails.

• What is the motivation for changing the behavior?

I'm working on a project that relies on being able to sign and verify data from the KeyringPair or from Polkadot wallets so I want to be able to rely on this functionality.

• Please tell us about your environment:

I'm using @polkadot/keyring, @polkadot/util and @polkadot/util-crypto at the latest version as of writing (12.6.1).

I've created a minimal repository here that reproduces the bug: https://github.com/rjwebb/polkadot-ecdsa-bug-reproduction

• Version: 12.6.1

• Environment: Node v18.17.1

  • Node.js
  • Browser
  • Other (limited support for other environments)

• Language:

  • JavaScript
  • TypeScript (include tsc --version) 5.2.2
  • Other

[TarikGul]

Thanks for the reproduction, I was able to reproduce it. Added to the project board as High, and putting a Help wanted tag on it to hopefully garner a little bit of attention. If bandwidth frees up I will investigate this further.

[valentinfernandez1]

I noticed that signatureVerify() occasionally identifies the signature as ed25519 or sr25519 instead of ecdsa. This results in random verification failures, even though the signing process works as expected.

const signAndVerify = (keyringPair: KeyringPair, message, publicKey) => {
  const encodedMessage = stringToU8a(message);
  const signature = keyringPair.sign(encodedMessage);

  const result = signatureVerify(encodedMessage, signature, publicKey);
  // -- Log the signature type that was used for verification --
  console.log(result.crypto);
  return result.isValid;
};

const main = async () => {
  const mnemonic = mnemonicGenerate();

  console.log(`generating a keypair with mnemonic: "${mnemonic}"`);
  const keyring = new Keyring({
    type: "ecdsa",
  });
  const keyringpair = keyring.addFromMnemonic(mnemonic);
  const publicKey = keyringpair.publicKey;

  // try signing a load of strings and verifying the signature
  for (let i = 0; i < 1000; i++) {
    const message = `message ${i}`;
    console.log(`signing "${message}"`);

    if (!signAndVerify(keyringpair, message, publicKey)) {
      throw new Error(`signature verification failed for message ${i}`);
    }
  }

  console.log("all signatures verified successfully!");
};

main();

The output was

signing "message 103"
ecdsa
signing "message 104"
ecdsa
signing "message 105"
ecdsa
signing "message 106"
ed25519
/Development/pjs-testing/dist/index.js:30
            throw new Error(`signature verification failed for message ${i}`);
                  ^

Error: signature verification failed for message 106

As shown, the first 105 signatures were correctly detected as ecdsa, but for message 106, the verification unexpectedly switched to ed25519, causing the failure.

[valentinfernandez1]

Addressed by #1973