signMessage returns different results

[h3ku]

Shouldn't a call to sign message with exactly the same message return the
same signature?

[rjchow]

My impression is that it shouldn’t but I’ll look into it. Do you have any other details that might be helpful?

…

On Mon, 22 Nov 2021 at 21:09, Hector Cuesta ***@***.***> wrote: Shouldn't a call to sign message with exactly the same message return the same signature? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#8>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGUNVSTXGAC33X2NPAQYAG3UNI6GNANCNFSM5IQ6LDHQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[h3ku]

For example when calling signMessage with ethers Wallet provider the results is always the same.

Same thing when using https://www.myetherwallet.com/wallet/ to sign a message.

[h3ku]

After having a look today it seems that the problem is the following.

When doing ECDSA a random k value is generated to do the multiplication of the elliptic curve, this means that signing the same message will return different values.
However some libraries (Not all, there is no a clear standard across the Ethereum ecosystem from what I know) implement RFC 6979 which generate a "constant" k value, effectively getting the same signature when signing the same message multiple times.

I contacted AWS to see if there is a way to make KMS use RFC 6979 but not sure if thats going to be possible.

More info: https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7