Jump to content

Signed Message Verification Library


chelahmy
 Share

Recommended Posts

I've extracted the code to verify signed messages and make a standalone library https://github.com/chelahmy/dnrverify/

My intention is to implement a signed message verification function in PHP. I've tried https://github.com/BitcoinPHP/BitcoinECDSA.php and https://github.com/scintill/php-bitcoin-signature-routines but both failed to verify Denarius signed messages. They used the technique from this link https://crypto.stackexchange.com/a/18106 which seems to be different from the one used in Denarius. I noticed modular arithmetic is applied in Denarius code.

So, I just extract the signed-message verification code from Denarius and see if I can make a PHP version.

Digital signature has wide applications which should be initiated by the cryptocurrency world. Every digital wallet has private keys which are ready to be used to digitally sign anything, other than just to sign spending transactions. The other side of the applications just need to verify the signed something without necessarily going through wallets. 

  • Like 5
Link to comment
Share on other sites

Actually Denarius only made a simple change in the original Bitcoin code by replacing

const string strMessageMagic = "Bitcoin Signed Message:\n";

with

const string strMessageMagic = "Denarius Signed Message:\n";

In fact, the verification process ignores address prefix. Thus, any Bitcoin or Bitcoin-based Altcoin can also use the same code to verify its signed messages by just setting the proper strMessageMagic.

Anyway, I'll maintain my GitHub repo as dnrverify and keep highlighting Denarius. 

Another thing, both the PHP repos above can actually verify Denarius signed messages. However, they hard-coded the strMessageMagic, and just replacing it with "Denarius" simply doesn't work because of the following original Bitcoin code

    CDataStream ss(SER_GETHASH, 0);
    ss << strMessageMagic;
    ss << strMessage;

where each time a string is appended to the ss the internal data structure keeps it as string length + string. Thus, the final data will be strMessageMagic length + strMessageMagic + strMessage length + strMessage.

Both the PHP repos above  implement something like the following

$messageHash = hash('sha256', hash('sha256', "\x18Bitcoin Signed Message:\n" . numToVarIntString(strlen($message)).$message, true), true);

The "\x18" is actually the length of "Bitcoin Signed Message:\n" which can be calculated with the following function

numToVarIntString(strlen("Bitcoin Signed Message:\n"))

"Denarius Signed Message:\n" is just one byte longer and can be pasted as "\x19Denarius Signed Message:\n".

Hence, the technique of that link https://crypto.stackexchange.com/a/18106 is valid for Denarius and Bitcoin-based Altcoins. However, the modular arithmetic technique in Bitcoin code is more efficient. 

I'm going to patch one of the PHP repo.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...