Keys and Signatures
There are two signature types that are used in the DeGate protocol
- The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. The elliptic curve cryptography can provide the same level of security as RSA. Read More
- The Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. The signature creation with EdDSA is deterministic and its security is based on the difficulty of the discrete logarithm problem. Hence, it is safer than DSA & ECDSA where the latter requires high-quality randomness for each signature. Read More
Asset private key is the EdDSA private key generated from an Ethereum wallet private key signature that is used across operations in DeGate. Whenever a user logs into their DeGate account, they will be prompted to unlock their account. At this point, the asset private key is derived and temporarily stored in the session of the local browser.
Relationship of the ECDSA & EdDSA Signatures
Each time the ECDSA signature is required, users will be prompted to perform a signing from their wallet. For example, in the screenshot below, a metamask pop-up notification.
DeGate protocol supports 3 types of ECDSA signature and verification methods
The node(s) verify both ECDSA and EdDSA signatures.
The circuit verifies only the EdDSA signatures.
The smart contract verifies only the ECDSA signatures.
Operation | User-Initiated Signature Types | Verification Party |
|---|---|---|
Account Registration | ECDSA | Node -> Contract |
Reset Asset Trading Key | ECDSA | Node -> Contract |
Lock Account | ECDSA | Node |
Withdrawal | ECDSA+EdDSA | Node -> Circiut -> Contract |
Transfer | ECDSA+EdDSA | Node -> Circiut |
Place Order | EdDSA | Node |
Create Grid Strategy | EdDSA | Node |
Trade | Using the placed order's EdDSA | Circuit |
Register Trading Pair | ECDSA+EdDSA | Node -> Circiut |
Processing Fee for Deposit 1 | ECDSA+EdDSA | Node -> Circiut |
Cancel Order | EdDSA | Node |
On-Chain Order Cancellation | ECDSA+EdDSA | Node -> Circiut |
On-Chain Grid Cancellation | ECDSA+EdDSA | Node -> Circiut |
Claim Mining Rewards | ECDSA+EdDSA | Node -> Circiut |
Note : The payment for the processing fee for deposit supports both payment from the wallet and DeGate account. The table above represents the latter case.
1
Each time an ECDSA signature or EdDSA signature request is submitted, it includes a validity date (ValidUntil) field. When verifying the signatures, the first condition is always to determine if the signature is valid.
When a user register for a DeGate account, they are required to perform two ECDSA signatures. The first signature generates the asset private key where the signature content includes DeGate's smart contract address and KeyNonce. The KeyNonce is stored off-chain in the DeGate node and begins with 1 and increments by 1 each time the account is reset.
Sign this message to access DeGate Exchange: 0xdac304791B7f53593C701980aa52087Ed7EC6649 with key nonce: 1
The second signature submits the
AccountUpdate event which links the wallet address, AccountID, and asset private keypair together. These data will be updated in the merkle trees and have the generated zero-knowledge proof submitted to the smart contract for verification.owner: 0x8465f0641187132873Dc204366C125CcCB1f591F
accountID: 13
feeTokenID: 9
maxFee: 224000000000000000
publicKey: 19751969071188309383411147255314514902438722385019108049538486649726264961725
validUntil: 4294967295
nonce: 1
The process of resetting the asset private key is the same as registering an account. The difference is the former results in the KeyNonce+1.
- 1.DeGate protocol and degate.com will never ask and cannot access the user's Ethereum wallet private key.
- 2.The asset private key is stored temporarily in the local browser's SessionStorage and closing the browser tab will automatically clear it. In addition, the SessionStorage does not support cross-domain and cross-session access
- 3.The front end of degate.com is divided into two codes – Business Code and Wallet code. The wallet code is used to interact with the Ethereum wallet, get the EdDSA private key signatures, deal with both ECDSA and EdDSA wallet methods, and communicate with the business code. As for the business code, it is only responsible for the website functions and is unable to directly interact with the private keys. There are plans in the future to deploy the wallet code onto a decentralized server to make it immutable and increase the security of the private keys.
Please protect your private keys
If a user's asset private keys are leaked, even though the attackers are unable to directly perform withdrawals or transfers, they can still use the means of selling a user's asset at a very low price on DeGate and profit as a counterparty.
If you deemed that your asset private key has been leaked, please use the Reset Asset Private Key feature immediately to terminate the validity of the leaked private key.
Last modified 29d ago