Why Ethereum Classic Transactions Do Not Specify Who They Are From
Ethereum Classic (ETC) transactions do not specify sending accounts! These can nevertheless be determined from the special properties of ETC digital signatures which I will discuss.
Basics
ETC transactions are digitally signed using the Elliptic Curve Digital Signature Algorithm (ECDSA). Users generate secret random numbers referred to as private keys. From these, users derive pairs of numbers referred to as public keys. Private keys are used for signing and public keys are used for creating account addresses. Account addresses are simply the least significant 20 bytes of the Keccak 256 hashes of public keys.
ETC users sign the Keccak 256 hashes of transactions rather than the transactions themselves. All transactions contain their digital signatures but do not contain public or private keys.
Code
Here is code to sign hashes as well as extract public keys. Note that the v element in the sign function below is not absolutely necessary. That is the recovery identifier. Without recovery identifiers, public keys could still be determined to be one of two possibilities:
#!/usr/bin/env python3
import random
N = 115792089237316195423570985008687907852837564279074904382605163141518161494337
P = 115792089237316195423570985008687907853269984665640564039457584007908834671663
Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
def invert(number, modulus):
"""
Finds the inverses of natural numbers.
"""
inverse = 1
power = number
for e in bin(modulus - 2)[2:][::-1]:
if int(e):
inverse = (inverse * power) % modulus
power = (power ** 2) % modulus
return inverse
def add(pair_1, pair_2):
"""
Finds the sums of two pairs of natural numbers.
"""
if pair_1 == [0, 0]:
sum_ = pair_2
elif pair_2 == [0, 0]:
sum_ = pair_1
else:
if pair_1 == pair_2:
temp = 3 * pair_1[0] ** 2
temp = (temp * invert(2 * pair_1[1], P)) % P
else:
temp = pair_2[1] - pair_1[1]
temp = (temp * invert(pair_2[0] - pair_1[0], P)) % P
sum_ = (temp ** 2 - pair_1[0] - pair_2[0]) % P
sum_ = [sum_, (temp * (pair_1[0] - sum_) - pair_1[1]) % P]
return sum_
def multiply(number, pair):
"""
Finds the products of natural numbers and pairs of natural numbers.
"""
product = [0, 0]
power = pair[:]
for e in bin(number)[2:][::-1]:
if int(e):
product = add(product, power)
power = add(power, power)
return product
def sign(hash_, private_key):
"""
Signs the hashes of transactions.
"""
v, r, s = 0, 0, 0
while (0 in [v, r, s]) or (s > N / 2):
rand_1 = random.randint(1, N - 1)
rand_2 = multiply(rand_1, (Gx, Gy))
v = 27 + (rand_2[1] % 2)
r = rand_2[0] % N
s = (invert(rand_1, N) * (hash_ + private_key * r)) % N
signature = [v, r, s]
return signature
def extract(signature, hash_):
"""
Extracts public keys from signatures and hashes.
"""
x = signature[1]
y = pow(x ** 3 + 7, (P + 1) // 4, P)
if not ((signature[0] == 27) ^ (y % 2 != 0)):
y = P - y
pair_1 = multiply(N - hash_, (Gx, Gy))
pair_2 = multiply(signature[2], (x, y))
public_key = multiply(invert(x, N), add(pair_1, pair_2))
return public_key
Example
Here is a sample session. Note that public keys are derived from private keys. Note also that public keys can be extracted from just digital signatures and hashes:
>>> import random
>>> private_key = random.randint(1, N - 1)
>>> private_key
35636539346190372582315692516374242719103073333795075326298350689544837734965
>>> public_key = multiply(private_key, (Gx, Gy))
>>> public_key
[10757423063503191043103820533877053013000279578405346773342154037103409266674, 7381758142671922835737972540968321852940615069452568240305754718379589332809]
>>> hash_ = 0xf62d00f14db9521c03a39c20e94aa10a82ff5f5a614772b25e36757a95a71048
>>> signature = sign(hash_, private_key)
>>> signature
[27, 98724900145462879751706452062533342220571445052703717184348248131619990530523, 32577540995538717464732386398395311288498952178867441186019143827849301542010]
>>> result = extract(signature, hash_)
>>> result
[10757423063503191043103820533877053013000279578405346773342154037103409266674, 7381758142671922835737972540968321852940615069452568240305754718379589332809]
>>> result == public_key
True
Conclusion
ETC transactions do not specify who they are from but the mathematics of ECDSA reveals a method to find sending account public keys and addresses. Not explicitly storing this information makes the ETC blockchain smaller.
Feedback
Feel free to leave any comments or questions below. You can also contact me by email at [email protected] or by clicking any of these icons:
Acknowledgements
I would like to thank IOHK (Input Output Hong Kong) for funding this effort.
License
This work is licensed under the Creative Commons Attribution ShareAlike 4.0 International License.
Congratulations @cseberino! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
Click here to view your Board
If you no longer want to receive notifications, reply to this comment with the word
STOP
To support your work, I also upvoted your post!