Compatibility Problems with high R and high S signatures #11
Comments
|
Potential Solution A: accepting the problem: Potential Solution B: working with Nonces: |
|
so if i understand correct if he gets a unlucky above 32byte signature (how he dedects that? its more then 32 letters? he just try to sign again a little different message? then i propose we make message body so for check signature u use the wohle message body and for parse the target address u just ignore # and anything past the # |
|
yes, that would be essentially "Potential Solution B" prefix + address + postfix |
traditionally bitcoin signatures were able to produce high R and S values that are too big to fit into a 32 byte Array.
Later optimizations reduced that possibility and made sure that R and S always fits into 32 bytes. see: bitcoin/bitcoin#13666
This saves a little bit of blockchain data, and also makes development interfaces easier, by working with maximum 32 bytes.
Ethereum seems to have included this limitation already early on.
Solidities ecrevover also expects bytes32: https://docs.soliditylang.org/en/latest/units-and-global-variables.html#mathematical-and-cryptographic-functions
OpenZeppelins recover function, does not solve the problem either, because it also relies on R and S being less then 32 bytes:
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/cryptography/ECDSA.sol
The text was updated successfully, but these errors were encountered: