Util: use hedged signatures by default (#3873)

jochem-brouwer · web-flow · commit 58ac923d6e9b · 2025-02-21T00:37:23.000+01:00
* util: use hedged signatures by default

* client: add comment about defaulting to wasm

* tx: add extraEntropy params

* vm: fix vm tests by forcing non-extra-entropy

* util: fix and add tests for extraEntropy

* tx: fix tests and add tests for hedged signatures

* client: fix tests

* tx: fix tests

* vm: ensure 7702 authorization have no leading zeros

* tx: add more robust hedged signature test

* client: remove todo comment

* util: update sign() docs with more clear text

* util: pack chainId / extraEntropy into a single arg option

* util: add docs for better visual docs

* util: ecsign ban 2/3 recovery values
diff --git a/packages/client/bin/utils.ts b/packages/client/bin/utils.ts
@@ -647,11 +647,16 @@ export async function generateClientConfig(args: ClientOpts) {
         ),
       ).slice(1)
     cryptoFunctions.sha256 = wasmSha256
-    cryptoFunctions.ecsign = (msg: Uint8Array, pk: Uint8Array, chainId?: bigint) => {
+    cryptoFunctions.ecsign = (
+      msg: Uint8Array,
+      pk: Uint8Array,
+      ecSignOpts: { chainId?: bigint } = {},
+    ) => {
       if (msg.length < 32) {
         // WASM errors with `unreachable` if we try to pass in less than 32 bytes in the message
         throw new Error('message length must be 32 bytes or greater')
       }
+      const { chainId } = ecSignOpts
       const buf = secp256k1Sign(msg, pk)
       const r = buf.slice(0, 32)
       const s = buf.slice(32, 64)
diff --git a/packages/client/test/rpc/engine/getPayloadV3.spec.ts b/packages/client/test/rpc/engine/getPayloadV3.spec.ts
@@ -108,7 +108,7 @@ describe(method, () => {
         to: createZeroAddress(),
       },
       { common },
-    ).sign(pkey)
+    ).sign(pkey, false)
 
     await service.txPool.add(tx, true)
 
diff --git a/packages/client/test/rpc/engine/newPayloadV1.spec.ts b/packages/client/test/rpc/engine/newPayloadV1.spec.ts
@@ -186,7 +186,7 @@ describe(method, () => {
         gasLimit: 53_000,
       },
       { common },
-    ).sign(accountPk)
+    ).sign(accountPk, false)
     const transactions = [bytesToHex(tx.serialize())]
     const blockDataWithValidTransaction = {
       ...blockData,
@@ -230,7 +230,7 @@ describe(method, () => {
           gasLimit: 53_000,
         },
         { common },
-      ).sign(accountPk)
+      ).sign(accountPk, false)
 
       return bytesToHex(tx.serialize())
     })
diff --git a/packages/client/test/rpc/engine/newPayloadV2.spec.ts b/packages/client/test/rpc/engine/newPayloadV2.spec.ts
@@ -183,7 +183,7 @@ describe(`${method}: call with executionPayloadV1`, () => {
         gasLimit: 53_000,
       },
       { common },
-    ).sign(accountPk)
+    ).sign(accountPk, false)
     const transactions = [bytesToHex(tx.serialize())]
     const blockDataWithValidTransaction = {
       ...blockData,
diff --git a/packages/client/test/rpc/eth/getTransactionByBlockHashAndIndex.spec.ts b/packages/client/test/rpc/eth/getTransactionByBlockHashAndIndex.spec.ts
@@ -19,11 +19,11 @@ async function setUp() {
         to: '0x0000000000000000000000000000000000000000',
       },
       { common },
-    ).sign(dummy.privKey),
+    ).sign(dummy.privKey, false),
     createLegacyTx(
       { gasLimit: 21000, gasPrice: 50, nonce: 1, to: '0x0000000000000000000000000000000000000000' },
       { common },
-    ).sign(dummy.privKey),
+    ).sign(dummy.privKey, false),
   ]
 
   await runBlockWithTxs(chain, execution, txs)
diff --git a/packages/client/test/rpc/eth/sendRawTransaction.spec.ts b/packages/client/test/rpc/eth/sendRawTransaction.spec.ts
@@ -83,7 +83,7 @@ describe(method, () => {
       gasLimit: 21000,
       gasPrice: 0,
       nonce: 0,
-    }).sign(hexToBytes(`0x${'42'.repeat(32)}`))
+    }).sign(hexToBytes(`0x${'42'.repeat(32)}`), false)
 
     const txData = bytesToHex(transaction.serialize())
 
diff --git a/packages/client/test/util/wasmCrypto.spec.ts b/packages/client/test/util/wasmCrypto.spec.ts
@@ -50,8 +50,8 @@ describe('WASM crypto tests', () => {
     const common = new Common({ chain: Mainnet })
 
     const pk = randomBytes(32)
-    const tx = createLegacyTx({}, { common }).sign(pk)
-    const tx2 = createLegacyTx({}, { common: commonWithCustomCrypto }).sign(pk)
+    const tx = createLegacyTx({}, { common }).sign(pk, false)
+    const tx2 = createLegacyTx({}, { common: commonWithCustomCrypto }).sign(pk, false)
 
     assert.deepEqual(tx.getSenderPublicKey(), tx2.getSenderPublicKey())
     assert.deepEqual(tx.hash(), tx2.hash())
@@ -85,7 +85,7 @@ describe('WASM crypto tests', () => {
     await waitReady()
     const msg = hexToBytes('0x82ff40c0a986c6a5cfad4ddf4c3aa6996f1a7837f9c398e17e5de5cbd5a12b28')
     const pk = hexToBytes('0x3c9229289a6125f7fdf1885a77bb12c37a8d3b4962d936f7e3084dece32a3ca1')
-    const jsSig = ecsign(msg, pk)
+    const jsSig = ecsign(msg, pk, { extraEntropy: false })
     const wasmSig = wasmSign(msg, pk)
     assert.deepEqual(wasmSig, jsSig, 'wasm signatures produce same result as js signatures')
     assert.throws(
diff --git a/packages/common/src/types.ts b/packages/common/src/types.ts
@@ -91,7 +91,11 @@ export interface CustomCrypto {
     chainId?: bigint,
   ) => Uint8Array
   sha256?: (msg: Uint8Array) => Uint8Array
-  ecsign?: (msg: Uint8Array, pk: Uint8Array, chainId?: bigint) => ECDSASignature
+  ecsign?: (
+    msg: Uint8Array,
+    pk: Uint8Array,
+    ecSignOpts?: { chainId?: bigint; extraEntropy?: Uint8Array | boolean },
+  ) => ECDSASignature
   ecdsaSign?: (msg: Uint8Array, pk: Uint8Array) => { signature: Uint8Array; recid: number }
   ecdsaRecover?: (sig: Uint8Array, recId: number, hash: Uint8Array) => Uint8Array
   kzg?: KZG
diff --git a/packages/common/test/customCrypto.spec.ts b/packages/common/test/customCrypto.spec.ts
@@ -24,8 +24,16 @@ describe('[Common]: Custom Crypto', () => {
     return msg
   }
 
-  const customEcSign = (_msg: Uint8Array, _pk: Uint8Array, chainId?: bigint): ECDSASignature => {
-    return { v: chainId ?? 27n, r: Uint8Array.from([0, 1, 2, 3]), s: Uint8Array.from([0, 1, 2, 3]) }
+  const customEcSign = (
+    _msg: Uint8Array,
+    _pk: Uint8Array,
+    ecSignOpts?: { chainId?: bigint; extraEntropy?: Uint8Array | boolean },
+  ): ECDSASignature => {
+    return {
+      v: ecSignOpts?.chainId ?? 27n,
+      r: Uint8Array.from([0, 1, 2, 3]),
+      s: Uint8Array.from([0, 1, 2, 3]),
+    }
   }
 
   it('keccak256', () => {
@@ -77,7 +85,7 @@ describe('[Common]: Custom Crypto', () => {
       ecsign: customEcSign,
     }
     const c = new Common({ chain: Mainnet, customCrypto })
-    assert.equal(c.customCrypto.ecsign!(randomBytes(32), randomBytes(32), 0n).v, 0n)
+    assert.equal(c.customCrypto.ecsign!(randomBytes(32), randomBytes(32), { chainId: 0n }).v, 0n)
     assert.equal(c.customCrypto.ecsign!(randomBytes(32), randomBytes(32)).v, 27n)
   })
 })
diff --git a/packages/tx/src/1559/tx.ts b/packages/tx/src/1559/tx.ts
@@ -357,8 +357,8 @@ export class FeeMarket1559Tx implements TransactionInterface<TransactionType.Fee
     return Legacy.getSenderAddress(this)
   }
 
-  sign(privateKey: Uint8Array): FeeMarket1559Tx {
-    return <FeeMarket1559Tx>Legacy.sign(this, privateKey)
+  sign(privateKey: Uint8Array, extraEntropy: Uint8Array | boolean = true): FeeMarket1559Tx {
+    return <FeeMarket1559Tx>Legacy.sign(this, privateKey, extraEntropy)
   }
 
   public isSigned(): boolean {
diff --git a/packages/tx/src/2930/tx.ts b/packages/tx/src/2930/tx.ts
@@ -331,8 +331,8 @@ export class AccessList2930Tx implements TransactionInterface<TransactionType.Ac
     return Legacy.getSenderAddress(this)
   }
 
-  sign(privateKey: Uint8Array): AccessList2930Tx {
-    return <AccessList2930Tx>Legacy.sign(this, privateKey)
+  sign(privateKey: Uint8Array, extraEntropy: Uint8Array | boolean = true): AccessList2930Tx {
+    return <AccessList2930Tx>Legacy.sign(this, privateKey, extraEntropy)
   }
 
   isSigned(): boolean {
diff --git a/packages/tx/src/4844/tx.ts b/packages/tx/src/4844/tx.ts
@@ -438,8 +438,8 @@ export class Blob4844Tx implements TransactionInterface<TransactionType.BlobEIP4
     return Legacy.getSenderAddress(this)
   }
 
-  sign(privateKey: Uint8Array): Blob4844Tx {
-    return <Blob4844Tx>Legacy.sign(this, privateKey)
+  sign(privateKey: Uint8Array, extraEntropy: Uint8Array | boolean = true): Blob4844Tx {
+    return <Blob4844Tx>Legacy.sign(this, privateKey, extraEntropy)
   }
 
   public isSigned(): boolean {
diff --git a/packages/tx/src/7702/tx.ts b/packages/tx/src/7702/tx.ts
@@ -382,8 +382,8 @@ export class EOACode7702Tx implements TransactionInterface<TransactionType.EOACo
     return Legacy.getSenderAddress(this)
   }
 
-  sign(privateKey: Uint8Array): EOACode7702Tx {
-    return <EOACode7702Tx>Legacy.sign(this, privateKey)
+  sign(privateKey: Uint8Array, extraEntropy: Uint8Array | boolean = true): EOACode7702Tx {
+    return <EOACode7702Tx>Legacy.sign(this, privateKey, extraEntropy)
   }
 
   public isSigned(): boolean {
diff --git a/packages/tx/src/capabilities/legacy.ts b/packages/tx/src/capabilities/legacy.ts
@@ -226,7 +226,11 @@ export function getSenderAddress(tx: LegacyTxInterface): Address {
  * const signedTx = tx.sign(privateKey)
  * ```
  */
-export function sign(tx: LegacyTxInterface, privateKey: Uint8Array): Transaction[TransactionType] {
+export function sign(
+  tx: LegacyTxInterface,
+  privateKey: Uint8Array,
+  extraEntropy: Uint8Array | boolean = true,
+): Transaction[TransactionType] {
   if (privateKey.length !== 32) {
     // TODO figure out this errorMsg logic how this diverges on other txs
     const msg = errorMsg(tx, 'Private key must be 32 bytes in length.')
@@ -252,7 +256,7 @@ export function sign(tx: LegacyTxInterface, privateKey: Uint8Array): Transaction
 
   const msgHash = tx.getHashedMessageToSign()
   const ecSignFunction = tx.common.customCrypto?.ecsign ?? ecsign
-  const { v, r, s } = ecSignFunction(msgHash, privateKey)
+  const { v, r, s } = ecSignFunction(msgHash, privateKey, { extraEntropy })
   const signedTx = tx.addSignature(v, r, s, true)
 
   // Hack part 2
diff --git a/packages/tx/src/legacy/tx.ts b/packages/tx/src/legacy/tx.ts
@@ -389,8 +389,8 @@ export class LegacyTx implements TransactionInterface<TransactionType.Legacy> {
     return Legacy.getSenderAddress(this)
   }
 
-  sign(privateKey: Uint8Array): LegacyTx {
-    return <LegacyTx>Legacy.sign(this, privateKey)
+  sign(privateKey: Uint8Array, extraEntropy: Uint8Array | boolean = true): LegacyTx {
+    return <LegacyTx>Legacy.sign(this, privateKey, extraEntropy)
   }
 
   /**
diff --git a/packages/tx/src/types.ts b/packages/tx/src/types.ts
@@ -215,7 +215,7 @@ export interface TransactionInterface<T extends TransactionType = TransactionTyp
   verifySignature(): boolean
   getSenderAddress(): Address
   getSenderPublicKey(): Uint8Array
-  sign(privateKey: Uint8Array): Transaction[T]
+  sign(privateKey: Uint8Array, extraEntropy?: Uint8Array | boolean): Transaction[T]
   toJSON(): JSONTx
   errorStr(): string
 
diff --git a/packages/tx/test/eip1559.spec.ts b/packages/tx/test/eip1559.spec.ts
@@ -1,6 +1,6 @@
 import { Hardfork, Mainnet, createCustomCommon } from '@ethereumjs/common'
 import { RLP } from '@ethereumjs/rlp'
-import { TWO_POW256, ecsign, equalsBytes, hexToBytes } from '@ethereumjs/util'
+import { TWO_POW256, bytesToHex, ecsign, equalsBytes, hexToBytes } from '@ethereumjs/util'
 import { assert, describe, it } from 'vitest'
 
 import { createFeeMarket1559Tx } from '../src/index.js'
@@ -104,12 +104,12 @@ describe('[FeeMarket1559Tx]', () => {
     assert.throws(() => tx.getEffectivePriorityFee(BigInt(11)))
   })
 
-  it('sign()', () => {
+  it('sign() - deterministic', () => {
     for (let index = 0; index < eip1559Data.length; index++) {
       const data = eip1559Data[index]
       const pkey = hexToBytes(data.privateKey)
       const txn = createFeeMarket1559Tx(data, { common })
-      const signed = txn.sign(pkey)
+      const signed = txn.sign(pkey, false)
       const rlpSerialized = RLP.encode(Uint8Array.from(signed.serialize()))
       assert.ok(
         equalsBytes(rlpSerialized, hexToBytes(data.signedTransactionRLP)),
@@ -118,10 +118,24 @@ describe('[FeeMarket1559Tx]', () => {
     }
   })
 
+  it('sign() - should default to hedged signatures', () => {
+    const privKey = hexToBytes(eip1559Data[0].privateKey)
+    const txn = createFeeMarket1559Tx({}, { common })
+    // Verify 1000 signatures to ensure these have unique hashes (hedged signatures test)
+    const hashSet = new Set<string>()
+    for (let i = 0; i < 1000; i++) {
+      const hash = bytesToHex(txn.sign(privKey).hash())
+      if (hashSet.has(hash)) {
+        assert.ok(false, 'should not reuse the same hash (hedged signature test)')
+      }
+      hashSet.add(hash)
+    }
+  })
+
   it('addSignature() -> correctly adds correct signature values', () => {
     const privKey = hexToBytes(eip1559Data[0].privateKey)
     const tx = createFeeMarket1559Tx({})
-    const signedTx = tx.sign(privKey)
+    const signedTx = tx.sign(privKey, false)
     const addSignatureTx = tx.addSignature(signedTx.v!, signedTx.r!, signedTx.s!)
 
     assert.deepEqual(signedTx.toJSON(), addSignatureTx.toJSON())
@@ -132,9 +146,9 @@ describe('[FeeMarket1559Tx]', () => {
     const tx = createFeeMarket1559Tx({})
 
     const msgHash = tx.getHashedMessageToSign()
-    const { v, r, s } = ecsign(msgHash, privKey)
+    const { v, r, s } = ecsign(msgHash, privKey, { extraEntropy: false })
 
-    const signedTx = tx.sign(privKey)
+    const signedTx = tx.sign(privKey, false)
     const addSignatureTx = tx.addSignature(v, r, s, true)
 
     assert.deepEqual(signedTx.toJSON(), addSignatureTx.toJSON())
@@ -157,7 +171,7 @@ describe('[FeeMarket1559Tx]', () => {
     const data = eip1559Data[0]
     const pkey = hexToBytes(data.privateKey)
     let txn = createFeeMarket1559Tx(data, { common })
-    let signed = txn.sign(pkey)
+    let signed = txn.sign(pkey, false)
     const expectedHash = hexToBytes(
       '0x2e564c87eb4b40e7f469b2eec5aa5d18b0b46a24e8bf0919439cfb0e8fcae446',
     )
@@ -169,7 +183,7 @@ describe('[FeeMarket1559Tx]', () => {
       common,
       freeze: false,
     })
-    signed = txn.sign(pkey)
+    signed = txn.sign(pkey, false)
     assert.ok(
       equalsBytes(signed.hash(), expectedHash),
       'Should provide the correct hash when not frozen',
@@ -241,7 +255,7 @@ describe('[FeeMarket1559Tx]', () => {
     const data = eip1559Data[0]
     const pkey = hexToBytes(data.privateKey)
     const txn = createFeeMarket1559Tx(data, { common })
-    const signed = txn.sign(pkey)
+    const signed = txn.sign(pkey, false)
 
     const json = signed.toJSON()
     const expectedJSON: JSONTx = {
diff --git a/packages/tx/test/eip4844.spec.ts b/packages/tx/test/eip4844.spec.ts
@@ -67,9 +67,9 @@ describe('EIP4844 addSignature tests', () => {
     )
 
     const msgHash = tx.getHashedMessageToSign()
-    const { v, r, s } = ecsign(msgHash, privKey)
+    const { v, r, s } = ecsign(msgHash, privKey, { extraEntropy: false })
 
-    const signedTx = tx.sign(privKey)
+    const signedTx = tx.sign(privKey, false)
     const addSignatureTx = tx.addSignature(v, r, s, true)
 
     assert.deepEqual(signedTx.toJSON(), addSignatureTx.toJSON())
@@ -127,6 +127,16 @@ describe('EIP4844 constructor tests - valid scenarios', () => {
       sender,
       'signature and sender were deserialized correctly',
     )
+
+    // Verify 1000 signatures to ensure these have unique hashes (hedged signatures test)
+    const hashSet = new Set<string>()
+    for (let i = 0; i < 1000; i++) {
+      const hash = bytesToHex(tx.sign(pk).hash())
+      if (hashSet.has(hash)) {
+        assert.ok(false, 'should not reuse the same hash (hedged signature test)')
+      }
+      hashSet.add(hash)
+    }
   })
 })
 
diff --git a/packages/tx/test/eip7702.spec.ts b/packages/tx/test/eip7702.spec.ts
@@ -4,6 +4,7 @@ import {
   MAX_INTEGER,
   MAX_UINT64,
   bigIntToHex,
+  bytesToHex,
   createAddressFromPrivateKey,
   createZeroAddress,
   hexToBytes,
@@ -64,6 +65,16 @@ describe('[EOACode7702Transaction]', () => {
     assert.ok(signed.getSenderAddress().equals(addr))
     const txnSigned = txn.addSignature(signed.v!, signed.r!, signed.s!)
     assert.deepEqual(signed.toJSON(), txnSigned.toJSON())
+
+    // Verify 1000 signatures to ensure these have unique hashes (hedged signatures test)
+    const hashSet = new Set<string>()
+    for (let i = 0; i < 1000; i++) {
+      const hash = bytesToHex(txn.sign(pkey).hash())
+      if (hashSet.has(hash)) {
+        assert.ok(false, 'should not reuse the same hash (hedged signature test)')
+      }
+      hashSet.add(hash)
+    }
   })
 
   it('valid and invalid authorizationList values', () => {
diff --git a/packages/tx/test/legacy.spec.ts b/packages/tx/test/legacy.spec.ts
diff --git a/packages/tx/test/typedTxsAndEIP2930.spec.ts b/packages/tx/test/typedTxsAndEIP2930.spec.ts
diff --git a/packages/util/src/signature.ts b/packages/util/src/signature.ts
diff --git a/packages/util/test/signature.spec.ts b/packages/util/test/signature.spec.ts
diff --git a/packages/vm/test/api/EIPs/eip-4895-withdrawals.spec.ts b/packages/vm/test/api/EIPs/eip-4895-withdrawals.spec.ts
diff --git a/packages/vm/test/api/EIPs/eip-7702.spec.ts b/packages/vm/test/api/EIPs/eip-7702.spec.ts

Original file line number	Diff line number	Diff line change
`@@ -357,8 +357,8 @@ export class FeeMarket1559Tx implements TransactionInterface<TransactionType.Fee`
`357`	`357`	`return Legacy.getSenderAddress(this)`
`358`	`358`	`}`
`359`	`359`
`360`		`- sign(privateKey: Uint8Array): FeeMarket1559Tx {`
`361`		`- return <FeeMarket1559Tx>Legacy.sign(this, privateKey)`
	`360`	`+ sign(privateKey: Uint8Array, extraEntropy: Uint8Array \| boolean = true): FeeMarket1559Tx {`
	`361`	`+ return <FeeMarket1559Tx>Legacy.sign(this, privateKey, extraEntropy)`
`362`	`362`	`}`
`363`	`363`
`364`	`364`	`public isSigned(): boolean {`