-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to verify signatures generated by polkadot-js
#77
Comments
You've handled the key derivation path somehow? We stupidly split that between schnorrkel and other libraries. If not @jacogr can tell you where the other code is. I'd happily argue in favor of W3F giving a grant to bring the full key derivation code stuff into schnorrkel, or a connected crate, which should simply problems like this. |
Wrapping the message with Could you give me more context about the key derivation path solution? |
I'm unsure about where the key derivation path decoding happens outside this create. Jaco should know, but I'll ask someone else too. They write:
|
I still don't understand how this code can fail - did anyone here figure it out?
|
I'd need to track down someone to answer, since this winds up more on the substrate side, so.. Can you ask this on https://substrate.stackexchange.com/ ? It'll likely be answered quickly there. Again I'm not adverse to someone doing a PR that puts a bit more of the required substrate functionality here, if that's the best thing to do. I donno.. |
@burdges respectfully, how is this related to substrate? The code generates a keypair, signs it and then verifies the signature. Shouldn't that work regardless or the message? |
I'd assumed we stayed on the same topic, and did not read the question, sorry.
Afaik there is no reason to use the ed25519 functions here, maybe they should be feature gated. |
Would you kindly expand on that? I'm clueless as to what "changed by the cofactor" means. IMO, it's more about having method name and/or documentation that can prevent such user errors. |
ed25519 is not prime order, but has order the cofactor 8 times a prime l. In theory schnorr keys exist mod l, but ed25519 uses scalars mode 8*l and zeros the low bits to clear the cofactor when used. A real ed25519 key has high bits set too, which is impossible here, but these ed25519 methods exist to make it possible to translate to some internal ed25519-dalek types using unsafe code. Just never use them for anything or you'll have problems like this. In future, I might remove them, feature gate them, or mark them unsafe, even though they're not unsafe themselves. |
I can't say that I understood what you said, but thank you for elaborating :) |
Description
Hello! I'm trying to use the repository
https://github.com/w3f/schnorrkel
, more specifically the function verify_simple to verify signatures generated by polkadot-js using thesignRaw
function and unforunately it's not working. However the functionsignatureVerify
from@polkadot/util-crypto
verify correctly the same signature.Steps to reproduce
scren-record.mov
https://github.com/w3f/schnorrkel
cloned at my machine I created the following test case (which fails) atsrc/sign.rs
file:Debugging the polkadot-js
signatureVerify
function I noticed that this function calls the rust functionext_sr_verify
under the hoods by a WASM biding (very interestingly 😄 ) and the rust function uses the samew3f/schnorrkel
repository, then I assumed the functionext_sr_sign
is used to generate the signature so I decided to create the following test case that uses these 2 functions to generate and verify a signature:And unfortunately, this test case fails. The same thing happens with the
https://github.com/ChainSafe/go-schnorrkel
package, the original issue was reported into Gossamer discord channel.Thanks in advance!
The text was updated successfully, but these errors were encountered: