Message Authenticity

A digital signature is a cryptographic proof that a message was created by a known sender (authentication) and was not altered in transit (integrity). It is generated using the sender's private key and can be verified by anyone with the corresponding public key. This is the primary mechanism for proving ownership and authorizing transactions on a blockchain.

• Key Components: Private key (sign), public key (verify), hash function.
• Example: An Ethereum transaction is signed with an ECDSA private key before being broadcast to the network.

A replay attack occurs when a valid, signed data transmission is maliciously or fraudulently repeated. On a blockchain, this could mean re-submitting a legitimate transaction to transfer assets a second time.

• Prevention Mechanisms: Blockchains use nonces (number used once) or chain IDs to make every transaction unique to a specific context.
• Example: Ethereum's EIP-155 introduced a chain ID to prevent transactions signed for one network (e.g., Mainnet) from being replayed on another (e.g., a testnet).

Message integrity ensures data has not been altered. This is achieved using cryptographic hash functions like SHA-256 or Keccak-256. The sender hashes the message, and the recipient independently hashes the received data; matching hashes confirm integrity.

• Properties: Deterministic, fast to compute, pre-image resistant, and sensitive to small changes (avalanche effect).
• Application: Block headers contain the hash of the previous block and the Merkle root of transactions, creating an immutable chain.

A Man-in-the-Middle attack involves an adversary secretly relaying and potentially altering communication between two parties who believe they are directly communicating. While the underlying blockchain protocol is resistant, MITM risks exist at the application layer.

• Vulnerable Points: Compromised RPC endpoints, malicious browser extensions, or fake wallet interfaces can intercept and modify transaction data before it is signed.
• User Defense: Verifying connection URLs, using hardware wallets for signing, and checking transaction details in the wallet UI before approving.

Signature malleability refers to the ability to alter a valid cryptographic signature without invalidating it, creating a different signature for the same message and key. This could be exploited to create a denial-of-service attack or confuse transaction tracking.

• Blockchain Impact: Historically, Bitcoin had a transaction malleability issue where the TXID could be changed, affecting unconfirmed transaction chains.
• Solution: Protocols adopt canonical signature formats (like Bitcoin's BIP-66 or Ethereum's strict ECDSA recovery) to ensure only one valid signature form exists.

On-chain verification is the process where network nodes cryptographically validate the authenticity of a message, such as a transaction or a state update. Smart contracts can also verify signatures and hashes to enable permissioned logic.

• Key Use Cases: Multi-signature wallets (e.g., Gnosis Safe), decentralized identity attestations, and bridge protocols that verify off-chain messages.
• Example: The ecrecover function in Solidity allows a smart contract to verify an ECDSA signature and extract the signer's address, enabling meta-transactions.

A digital signature is a cryptographic scheme for verifying the authenticity and integrity of a message. It uses a private key to sign a message hash, and a corresponding public key to verify it. This proves the message was created by a known sender and was not tampered with in transit. It is the primary mechanism for proving message authenticity on-chain.

• Process: Signer hashes the message, encrypts the hash with their private key.
• Verification: Recipient decrypts the signature with the signer's public key and compares it to a freshly computed hash of the message.
• Example: An EOA signing a transaction, or a smart contract verifying a signed message from a trusted oracle.

ECDSA is the specific asymmetric cryptography algorithm used by Ethereum and many other blockchains to generate digital signatures. It is based on the algebraic structure of elliptic curves over finite fields.

• Key Pair: Generates a mathematically linked private key (for signing) and public key (for verification).
• Ethereum Use: The Ethereum address is derived from the last 20 bytes of the Keccak-256 hash of the public key.
• Security: Relies on the computational difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP). A breach would compromise all message authenticity on the network.

Also known as asymmetric cryptography, public key cryptography is a framework that uses pairs of keys: a public key, which may be disseminated widely, and a private key, which is kept secret. This enables two core functions essential for message authenticity:

• Encryption: Anyone can encrypt with the public key, but only the private key holder can decrypt.
• Authentication/Signing: The private key holder can sign a message, and anyone with the public key can verify the signature's origin and integrity.
• Foundation: Underpins digital signatures (ECDSA), TLS/SSL, and PGP.

A message hash is a fixed-length alphanumeric string generated by a cryptographic hash function (like Keccak-256 or SHA-256) from an input message of any size. It is critical for message authenticity because:

• Integrity: Any change to the original message produces a completely different hash.
• Efficiency: Digital signatures sign the compact hash, not the entire (potentially large) message.
• Deterministic: The same input always produces the same hash.
• Pre-image Resistance: It is computationally infeasible to reverse the hash to find the original input.

ecrecover is a precompiled smart contract function in the Ethereum Virtual Machine (EVM) that recovers the signer's address from an ECDSA signature and the original message hash. It is the on-chain verification mechanism for message authenticity.

• Inputs: The message hash and the signature components (v, r, s).
• Output: The Ethereum address that signed the message.
• Use Case: Essential for meta-transactions, signature-based approvals (like EIP-712), and proving ownership without exposing a private key.

EIP-712 is a standard for hashing and signing typed, structured data instead of raw bytes or strings. It significantly improves message authenticity for users by providing human-readable signatures.

• User Clarity: Wallets display the structured data in a readable format before signing, preventing phishing.
• Domain Separation: Includes a domainSeparator to prevent signatures from one dApp from being replayed in another.
• Standardization: Defines a consistent way to encode data like orders, votes, or permissions, making signature verification predictable and secure across contracts.