EcdsaSignature
o1js / Modules / EcdsaSignature
Class: EcdsaSignature
Table of contents
Constructors
Properties
Accessors
Methods
Constructors
constructor
• new EcdsaSignature(signature)
Create a new EcdsaSignature from an object containing the scalars r and s.
Parameters
| Name | Type |
|---|---|
signature | Object |
signature.r | number | bigint | Field3 | AlmostForeignField |
signature.s | number | bigint | Field3 | AlmostForeignField |
Defined in
Properties
r
• r: AlmostForeignField
Defined in
s
• s: AlmostForeignField
Defined in
_Curve
▪ Static Optional _Curve: typeof ForeignCurve
Defined in
_provable
▪ Static Optional _provable: ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>
Defined in
Accessors
Constructor
• get Constructor(): typeof EcdsaSignature
Returns
typeof EcdsaSignature
Defined in
Curve
• Static get Curve(): typeof ForeignCurve
The ForeignCurve on which the ECDSA signature is defined.
Returns
typeof ForeignCurve
Defined in
provable
• Static get provable(): ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>
Provable<EcdsaSignature>
Returns
ProvablePureExtended\<EcdsaSignature, { r: string ; s: string }>
Defined in
Methods
toBigInt
▸ toBigInt(): Object
Convert this signature to an object with bigint fields.
Returns
Object
| Name | Type |
|---|---|
r | bigint |
s | bigint |
Defined in
verify
▸ verify(message, publicKey): Bool
Verify the ECDSA signature given the message (an array of bytes) and public key (a Curve point).
Important: This method returns a Bool which indicates whether the signature is valid. So, to actually prove validity of a signature, you need to assert that the result is true.
Parameters
| Name | Type |
|---|---|
message | Bytes |
publicKey | FlexiblePoint |
Returns
Throws
if one of the signature scalars is zero or if the public key is not on the curve.
Example
// create classes for your curve
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
class Scalar extends Secp256k1.Scalar {}
class Ecdsa extends createEcdsa(Secp256k1) {}
let message = 'my message';
let messageBytes = new TextEncoder().encode(message);
// outside provable code: create inputs
let privateKey = Scalar.random();
let publicKey = Secp256k1.generator.scale(privateKey);
let signature = Ecdsa.sign(messageBytes, privateKey.toBigInt());
// ...
// in provable code: create input witnesses (or use method inputs, or constants)
let pk = Provable.witness(Secp256k1.provable, () => publicKey);
let msg = Provable.witness(Provable.Array(Field, 9), () => messageBytes.map(Field));
let sig = Provable.witness(Ecdsa.provable, () => signature);
// verify signature
let isValid = sig.verify(msg, pk);
isValid.assertTrue('signature verifies');
Defined in
verifySignedHash
▸ verifySignedHash(msgHash, publicKey): Bool
Verify the ECDSA signature given the message hash (a Scalar) and public key (a Curve point).
This is a building block of verify, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.
Parameters
| Name | Type |
|---|---|
msgHash | bigint | AlmostForeignField |
publicKey | FlexiblePoint |
Returns
Defined in
check
▸ Static check(signature): void
Parameters
| Name | Type |
|---|---|
signature | EcdsaSignature |
Returns
void
Defined in
from
▸ Static from(signature): EcdsaSignature
Coerce the input to a EcdsaSignature.
Parameters
| Name | Type |
|---|---|
signature | FlexibleSignature |
Returns
Defined in
fromHex
▸ Static fromHex(rawSignature): EcdsaSignature
Create an EcdsaSignature from a raw 130-char hex string as used in Ethereum transactions.
Parameters
| Name | Type |
|---|---|
rawSignature | string |
Returns
Defined in
sign
▸ Static sign(message, privateKey): EcdsaSignature
Create an EcdsaSignature by signing a message with a private key.
Note: This method is not provable, and only takes JS bigints as input.
Parameters
| Name | Type |
|---|---|
message | Uint8Array | (number | bigint)[] |
privateKey | bigint |
Returns
Defined in
signHash
▸ Static signHash(msgHash, privateKey): EcdsaSignature
Create an EcdsaSignature by signing a message hash with a private key.
This is a building block of sign, where the input message is also hashed. In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in choosing the hashing algorithm.
Note: This method is not provable, and only takes JS bigints as input.
Parameters
| Name | Type |
|---|---|
msgHash | bigint |
privateKey | bigint |