How does ripple verify the signature?

1

As I understand, the client send the following information to server 1.the hash of the message, 2. public key 3. signature made by private key

And the server verified the signature with the public key and hash, to check if it belong to the certain private key, server also need to check if the public key correspond to the ripple address.

Am I right?

And I have seen that there is a public key recovery method for ECDSA signature.https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work

If my previous judgement is right, then is it possible for client only send the signature and the hash to the server? I guess there is a problem because we can't derive the curve from both the signature and the hash.

Haven

Posted 2015-11-17T07:20:42.010

Reputation: 113

Answers

1

You are correct about the first part.

Unfortunately, it's not quite possible to recover the public key from the signature. You can recover a public key that works for ECDSA purposes, but that doesn't guarantee it is byte-for-byte identical to the intended public key. That means it may not hash to the right address, which could cause the check whether the right public key was used to fail.

David Schwartz

Posted 2015-11-17T07:20:42.010

Reputation: 46 931

Asked: 2015-11-17T07:20:42.010

Viewed: 413 times

Active: 2015-11-19T00:39:16.593