Verifying Blockchain crypto signature Elixir/erlang

Questions / Help
,
1

There are a few questions about this but not specific to blockchain. I have a Ravencoin wallet (bitcoin fork) written in python that I want to talk to my Elixir server. The wallet has a pubkey and an address (derived from the pubkey) and the ability to sign things. The server needs the ability to verify the signature.

I’ve tried to consult these resources but am unable to get it to work
Right way to use :crypto.verify(...)
GitHub - ntrepid8/ex_crypto: Wrapper around the Erlang crypto module for Elixir.
Web3x.Wallet — web3x v0.6.3 eth
How to calculate Bitcoin address in Elixir | by Kamil Lelonek | Kamil Lelonek - Software Engineer
Curvy — Curvy v0.3.0

Has anyone had to do this specifically with blockchain signatures?

:crypto.verify(
    :ecdsa,
    :sha256,
    "message",
    signature,
    [public_key, :secp256k1]
)
1 Like
2

Can you provide any additional information?
For example, the signature and the key.

Because, the call looks correct, so the problem is with padding or something like this

1 Like
3

Yes, sorry, I put additional detail here:

4
  1. Base.decode64! the signature
  2. Base.decode16! the public key
  3. Find the right encoding options
5

It would help if you could share the source of this python library

6 
iex(4)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), ["034e328758d422ce5c3a17c15528df1216ef0eaf845147876eea82d139755129a0", :secp256k1])
false

iex(5)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), [Base.decode64!("034e328758d422ce5c3a17c15528df1216ef0eaf845147876eea82d139755129a0"), :secp256k1])
** (ArgumentError) incorrect padding
    (elixir 1.13.4) lib/base.ex:1110: Base.do_decode64/2

iex(5)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), ["RMK1yBucDCJXjppB7bkZ4dMoZqr3ZKgztN", :secp256k1])
false

iex(6)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), [Base.decode16!("034e328758d422ce5c3a17c15528df1216ef0eaf845147876eea82d139755129a0"), :secp256k1])
** (ArgumentError) non-alphabet digit found: "e" (byte 101)
    (elixir 1.13.4) lib/base.ex:881: Base.dec16_upper/1
    (elixir 1.13.4) lib/base.ex:898: Base."-do_decode16/2-lbc$^0/2-1-"/2
    (elixir 1.13.4) lib/base.ex:893: Base.do_decode16/2

It seems the public_key isn’t hex? How does base58 encoding play into this?

7

Here’s the entire wallet object:

import os
from satori import config
from satori.lib.apis.ravencoin import Ravencoin
from satori.lib.apis.disk import WalletApi
from satori.lib.wallet import sign
import ravencoin.base58
from ravencoin.wallet import P2PKHRavencoinAddress, CRavencoinSecret
import mnemonic

class Wallet():
    
    def __init__(self):
        self._entropy = None
        self._privateKeyObj = None
        self._addressObj = None
        self.publicKey = None
        self.privateKey = None
        self.words = None
        self.address = None
        self.scripthash = None
        self.stats = None
        self.banner = None
        self.rvn = None
        self.balance = None
        self.transactionHistory = None
        self.transactions = [] # TransactionStruct
    
    def __repr__(self):
        return f'''Wallet(
    publicKey: {self.publicKey}
    privateKey: {self.privateKey}
    words: {self.words}
    address: {self.address}
    scripthash: {self.scripthash}
    balance: {self.balance}
    stats: {self.stats}
    banner: {self.banner})'''
    
    def init(self):
        ''' try to load, else generate and save '''
        if self.load():
            self.regenerate()
        else:
            self.generate()
            self.save()
        self.get()

    def load(self):
        wallet = WalletApi.load(
            walletPath=config.walletPath('wallet.yaml'))
        if wallet == False:
            return False
        self._entropy = wallet.get('entropy')
        self.publicKey = wallet.get('publicKey')
        self.privateKey = wallet.get('privateKey')
        self.words = wallet.get('words')
        self.address = wallet.get('address')
        self.scripthash = wallet.get('scripthash')
        if self._entropy is None:
            return False
        return True

    def save(self):
        WalletApi.save(
            wallet={
                'entropy': self._entropy,
                'publicKey': self.publicKey,
                'privateKey': self.privateKey,
                'words': self.words,
                'address': self.address,
                'scripthash': self.scripthash,
                },
            walletPath=config.walletPath('wallet.yaml'))

    def regenerate(self):
        self.generate()
        
    def generate(self):
        self._entropy = self._entropy or self._generateEntropy()
        self._privateKeyObj = self._generatePrivateKey()
        self._addressObj = self._generateAddress()
        self.words = self.words or self._generateWords()
        self.privateKey = self.privateKey or str(self._privateKeyObj)
        self.publicKey = self.publicKey or self._privateKeyObj.pub.hex()
        self.address = self.address or str(self._addressObj)
        self.scripthash = self.scripthash or self._generateScripthash()


    def _generateScripthash(self):
        # possible shortcut:
        #self.scripthash = '76a914' + [s for s in self._addressObj.to_scriptPubKey().raw_iter()][2][1].hex() + '88ac'
        from base58 import b58decode_check
        from binascii import hexlify
        from hashlib import sha256
        import codecs
        OP_DUP = b'76'
        OP_HASH160 = b'a9'
        BYTES_TO_PUSH = b'14'
        OP_EQUALVERIFY = b'88'
        OP_CHECKSIG = b'ac'
        DATA_TO_PUSH = lambda address: hexlify(b58decode_check(address)[1:])
        sig_script_raw = lambda address: b''.join((OP_DUP, OP_HASH160, BYTES_TO_PUSH, DATA_TO_PUSH(address), OP_EQUALVERIFY, OP_CHECKSIG))
        scripthash = lambda address: sha256(codecs.decode(sig_script_raw(address), 'hex_codec')).digest()[::-1].hex()
        return scripthash(self.address);

    def _generateEntropy(self):
        #return m.to_entropy(m.generate())
        return os.urandom(32)

    def _generateWords(self):
        return mnemonic.Mnemonic('english').to_mnemonic(self._entropy)

    def _generatePrivateKey(self):
        ravencoin.SelectParams('mainnet')
        return CRavencoinSecret.from_secret_bytes(self._entropy)

    def _generateAddress(self):
        return P2PKHRavencoinAddress.from_pubkey(self._privateKeyObj.pub)

    def showStats(self):
        ''' returns a string of stats properly formatted '''
        def invertDivisibility(divisibility:int):
            return (16 + 1) % (divisibility + 8 + 1);
        
        divisions = self.stats.get('divisions', 8)
        circulatingSats = self.stats.get('sats_in_circulation', 100000000000000) / int('1' + ('0'*invertDivisibility(int(divisions))))
        headTail = str(circulatingSats).split('.')
        if headTail[1] == '0' or headTail[1] == '00000000':
            circulatingSats = f"{int(headTail[0]):,}"
        else:
            circulatingSats = f"{int(headTail[0]):,}" + '.' + f"{headTail[1][0:4]}" + '.' + f"{headTail[1][4:]}"
        return f'''
    Circulating Supply: {circulatingSats}
    Decimal Points: {divisions}
    Reissuable: {self.stats.get('reissuable', False)}
    Issuing Transactions: {self.stats.get('source', {}).get('tx_hash', 'a015f44b866565c832022cab0dec94ce0b8e568dbe7c88dce179f9616f7db7e3')}
    '''
        
    def showBalance(self, rvn=False):
        ''' returns a string of balance properly formatted '''
        def invertDivisibility(divisibility:int):
            return (16 + 1) % (divisibility + 8 + 1);
        
        if rvn:
            balance = self.rvn / int('1' + ('0'*8))
        else:
            balance = self.balance / int('1' + ('0'*invertDivisibility(int(self.stats.get('divisions', 8)))))
        headTail = str(balance).split('.')
        if headTail[1] == '0':
            return f"{int(headTail[0]):,}"
        else:
            return f"{int(headTail[0]):,}" + '.' + f"{headTail[1][0:4]}" + '.' + f"{headTail[1][4:]}"
        
    def get(self, allWalletInfo=False):
        ''' gets data from the blockchain, saves to attributes '''
        x = Ravencoin(self.address, self.scripthash)
        x.get(allWalletInfo)
        self.balance = x.balance
        self.stats = x.stats
        self.banner = x.banner
        self.rvn = x.rvn
        self.transactionHistory = x.transactionHistory
        self.transactions = x.transactions
    
    def sign(self, message:str):
        return sign.signMessage(self._privateKeyObj, sign.Message(message))
    
    def verify(self, message:str, sig:bytes):
        return sign.verifyMessage(self.address, sign.Message(message), sig)

and the entire sign functioanlity:

import sys
_bchr = lambda x: bytes([x])
_bord = lambda x: x[0]
from io import BytesIO as _BytesIO
import ravencoin
from ravencoin import signmessage
from ravencoin.wallet import CRavencoinSecret

class Message(str):   
    '''
    a Message is just a string with these monkey patched functions
    since python-ravencoinlib expects them to be present.
    '''
    
    def GetHash(self):
        return ravencoin.core.Serializable.GetHash(self)
    
    def serialize(self, params={}):
        f = _BytesIO()
        return f.getvalue()

def makeMessage(message:str):
    return Message(message)

def signMessage(key:CRavencoinSecret, message:Message):
    ''' returns binary signature '''
    return signmessage.SignMessage(key, message)

def verifyMessage(address:str, message:Message, sig:bytes):
    ''' returns success bool '''
    return signmessage.VerifyMessage(address, message, sig)
8

Public key is hex, just use Base.decode16(key, case: :lower)

9 
iex(6)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), [Base.decode16("034e328758d422ce5c3a17c15528df1216ef0eaf845147876eea82d139755129a0", case: :lower), :secp256k1])
** (ArgumentError) argument error
    (crypto 5.0.4) :crypto.pkey_verify_nif(:ecdsa, :sha256, "message", <<32, 87, 70, 
119, 58, 136, 245, 242, 73, 13, 180, 192, 72, 102, 218, 152, 113, 80, 238, 25, 72, 79, 78, 227, 44, 2, 225, 97, 24, 76, 173, 22, 55, 66, 242, 137, 184, 189, 170, 242, 136, 237, 192, 171, 46, 110, 61, 4, 86, 213, ...>>, {{{:prime_field, <<255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 254, 255, 255, 252, 47>>}, {<<0>>, "\a", :none}, <<4, 121, 190, 102, 126, 249, 220, 187, 172, 85, 160, 98, 149, 206, 135, 11, 7, 2, 155, 
252, 219, 45, 206, 40, 217, 89, 242, 129, 91, 22, 248, 23, 152, 72, 58, 218, 119, 38, 163, 196, 101, 93, 164, 251, 252, 14, ...>>, <<255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 254, 186, 174, 220, 230, 175, 72, 160, 59, 191, 210, 94, 140, 208, 54, 65, 65>>, <<1>>}, {:ok, <<3, 78, 50, 135, 88, 212, 34, 206, 92, 58, 23, 193, 85, 40, 223, 18, 22, 239, 14, 175, 132, 81, 71, 135, 110, 234, 130, 209, 57, 117, 81, 41, 160>>}}, [])
    (crypto 5.0.4) crypto.erl:1420: :crypto.verify/6
iex(6)> :crypto.verify(:ecdsa, :sha256, "message", Base.decode64!("IFdGdzqI9fJJDbTASGbamHFQ7hlIT07jLALhYRhMrRY3QvKJuL2q8ojtwKsubj0EVtWJtlM8MbgmpvIaKwpjc04="), [Base.decode16!("034e328758d422ce5c3a17c15528df1216ef0eaf845147876eea82d139755129a0", case: :lower), :secp256k1])
false
10

That’s nice, but could you please share a link to the sources?

11

sure

and the server

12

I noticed one thing in my efforts that seems strange. the private key created by the erlang code is of a different length than that created by the ravencoin wallet. but they should both be using secp256k1:

iex(1)> {public_key, private_key} = :crypto.generate_key(:ecdh, :secp256k1) 
iex(2)>  private_key                                                                 
<<231, 49, 181, 107, 209, 99, 246, 12, 213, 213, 34, 123, 69, 214, 136, 98, 210,
  64, 135, 54, 173, 132, 143, 107, 5, 122, 131, 26, 33, 238, 154, 188>>
iex(3)> Base.encode64(private_key) 
"5zG1a9Fj9gzV1SJ7RdaIYtJAhzathI9rBXqDGiHumrw="
iex(3)> python_private_key
"L16mQdokXV8hVxGc8su2z9xNkavWPdGGM92B6nt2bMj8yhjTCF8Z"

same is true for the public keys and signatures

13

in the python version it’s a base58 encoded so I thought that was the reason, so I converted it to hex encoding and it still wasn’t the same…

codecs.encode(
  codecs.decode(
    base58_to_hex('L16mQdokXV8hVxGc8su2z9xNkavWPdGGM92B6nt2bMj8yhjTCF8Z'), 
    'hex'), 
  'base64'
).decode()
'gHPG8PzA12Hj9NHZD8aBzJHvb+5OguAKw62jTN3EFhCtAQ==\n'

which is 48 characters rather than 44 like the elixir version.

14

I appreciate the help you’ve offered me so far. I have to move on to another part of the system, but if anyone sees this, who can solve the issue, we made a bounty out of it:

1 Like
15

The problem is that this ravencoin and satori use non-standard encoding

For example, ravencoin prepends some data to the signature, it signs the hash of the message and the public key is also prefixed by some magic bytes

1 Like
16

And the ravencoin code is some spaghetti I’ve never seen with login in object constructor. sheeeesh

1 Like
17

Maybe the correct approach then, instead of implementing the corresponding magic in elixir is to write my own signing logic on the python side instead of using the python-ravencoinlib.

I’ll try that next, thanks for your help!