In Solidity, verifying a signature is a process used to ensure that a message was signed by a specific address, confirming that the signer acknowledges the content of the message. Common use cases include verifying transactions, authenticating actions, etc.
Principle
Signing Process:
- The sender signs a message with their private key to generate a signature, which consists of three components:
r, s, and v.
- The signature is sent along with the message.
Verification Process:
- The recipient (verifier) needs to verify the signature by using the message, signature data, and public key.
- In Solidity, the function
ecrecover is commonly used to recover the signer's address from the signature. The recovered address is then compared with the expected signer address.
ecrecover Function
ecrecover is a built-in function in Solidity that allows recovering the signer's address. Its parameters include:
messageHash: The hash of the message.v, r, s: The three components of the signature.
Signature Verification Process
- Signature Generation: The user signs a message with their private key to generate the signature (
r, s, v).
- Signature Verification: In Solidity, the signature is verified using
ecrecover to recover the signer's address and compare it with the expected address.
Solidity Example Code
Let's say we want to verify the signature of a message signed by a specific address.
Step 1: Generate the Signature
The signature generation typically happens off-chain (e.g., in the front end). Here’s an example using web3.js to sign a message.
const Web3 = require('web3');
const web3 = new Web3('https://mainnet.infura.io/v3/YOUR_INFURA_KEY');
// The message to sign
const message = "I am signing this message";
// Sign the message using a private key
const privateKey = 'YOUR_PRIVATE_KEY';
const signature = web3.eth.accounts.sign(message, privateKey);
console.log(signature);
// The signature object contains { message, signature, v, r, s }
Step 2: Verify the Signature in Solidity
Now, you can verify the signature in Solidity using ecrecover.
pragma solidity ^0.8.0;
contract SignatureVerifier {
// Verify if the signature is from the expected address
function verifySignature(
bytes32 messageHash,
uint8 v,
bytes32 r,
bytes32 s,
address signer
) public pure returns (bool) {
// Recover the signer's address using ecrecover
address recoveredSigner = ecrecover(messageHash, v, r, s);
// Compare the recovered address with the expected signer address
return recoveredSigner == signer;
}
// Get the hash of the message
function getMessageHash(string memory message) public pure returns (bytes32) {
return keccak256(abi.encodePacked(message));
}
}
Step 3: Verification Process
- On the frontend, use
web3.js or ethers.js to sign the message and get the r, s, and v values.
- Pass the signed message and signature data to the smart contract, where
ecrecover will recover the signer's address, and you can compare it with the expected signer address.
Example Explanation
Message Hashing: In Solidity, it is common to hash the message before signing it, since directly signing the message could lead to inconsistencies. Using keccak256 to hash the message into a fixed-size value is the standard approach.
ecrecover to Recover Address: The ecrecover function is used to recover the signer's address using the message hash and the three signature components (r, s, v).
Signature Verification: By comparing the recovered address with the expected signer address, we can verify if the signature is valid.
Message Standardization: To prevent discrepancies in the signing process, messages may need to be standardized before signing (e.g., by adding a prefix like "\x19Ethereum Signed Message:\n").
Security: While ecrecover is a powerful tool, caution must be taken to prevent replay attacks and ensure message consistency.
By using ecrecover in Solidity, you can verify whether a signature was indeed generated by the expected address, providing security and trust for off-chain signed messages.