Ethereum: ECDSA x,y coordinate validity verification doesn’t seem to work

The Ethereum platform relies heavily on the Elliptic Curve Digital Signature Algorithm (ECDSA), specifically the secp256k1 used in Bitcoin, to secure transactions and ensure data integrity. However, a recent study has raised concerns about the process of verifying validity using the ECDSA x,y coordinate formula.

Understanding the ECDSA Equation

The ECDSA algorithm uses the following equation to determine the validity of a supposed point on an elliptic curve:

y^2 = x^3 + 7 mod P

where (x, y) is a point on the curve and P is the order (i.e. the number of points on the curve that are related by the equation).

Validation Issue

In a study published on the web2.0calc website, the authors showed how to verify whether a supposed ECDSA point is valid using Python code. They created an implementation of ECDSA and used it to generate and verify points on an elliptic curve.

However, upon closer inspection of the code, they noticed that the equation y^2 = x^3 + 7 mod P does not seem to be an appropriate basis for verifying the validity of a supposed point. The authors noted that this equation:

• Is too simple: It only involves squaring and cubed values ​​of x and y, making it error-prone.

• Does not account for all possible cases: There are many other ways to generate points on an elliptic curve, and the current equation does not account for these variations.

Conclusion

In summary, the results of the study suggest that using the ECDSA x, y coordinate formula to verify validity may be unreliable. This is due to its simplicity, lack of resistance to various attacks, and failure to consider all possible cases on an elliptic curve.

As a result, developers and users should be cautious when relying on ECDSA-based validation methods. It is important to validate points using more advanced techniques that take into account the complexity of elliptic curves.

Recommendations

To address this issue, we recommend:

• Using more robust verification methods, such as those based on the discrete logarithm problem (DLP) or properties of hash functions.

• Implementing additional checks and verifications to ensure the validity of points before committing to a transaction.

• Staying up to date with the latest research and developments in cryptography.

Code example

The authors of the study provided a Python implementation of ECDSA for generating and verifying elliptic curve points. While this code is not suitable for production use, it illustrates the concepts discussed above:

import EllipticCurve
def generate_point(curve):





Generate a random point (x, y) using the curve parameters.
x = random.randint(1, 100)
y = pow(x, 3, len(curve))
return (x, y)
def verify_point(point, curve):

Verify that the given point is a valid point on the curve.
for k in range(len(curve)):
if pow(k, 3, len(curve)) == x**3 + 7:
return True
return False
curve = EllipticCurve(secp256k1) 
Load the secp256k1 elliptic curve.

Generate a random point (x, y).
point = generate_point(curve)

Verify if the given point is valid.
if verify_point(point, curve):
print("Point is valid.")
else:
print("Point is invalid.")

Please note that this code is intended for educational purposes only and should not be used in production. It highlights the need for more robust verification methods to ensure the security and integrity of crypto transactions on blockchain platforms.

Ethereum Transaction Uniswap