DeGate
Product Feature
Search…
⌃K
Links

Keys and Signatures

There are two signature types that are used in the DeGate protocol
  • The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. The elliptic curve cryptography can provide the same level of security as RSA. Read More
  • The Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. The signature creation with EdDSA is deterministic and its security is based on the difficulty of the discrete logarithm problem. Hence, it is safer than DSA & ECDSA where the latter requires high-quality randomness for each signature. Read More

Asset Private Key

Asset private key is the EdDSA private key generated from an Ethereum wallet private key signature that is used across operations in DeGate. Whenever a user logs into their DeGate account, they will be prompted to unlock their account. At this point, the asset private key is derived and temporarily stored in the session of the local browser.
Relationship of the ECDSA & EdDSA Signatures
Each time the ECDSA signature is required, users will be prompted to perform a signing from their wallet. For example, in the screenshot below, a metamask pop-up notification.

ECDSA Signature Types

DeGate protocol supports 3 types of ECDSA signature and verification methods
  1. 1.
    Open-ended signing (ETH_Sign)
  2. 2.
    Structure data signing (EIP-712): Read More
  3. 3.
    Smart contract support (EIP-1271): Read More

User Requests and Signatures

The node(s) verify both ECDSA and EdDSA signatures.
The circuit verifies only the EdDSA signatures.
The smart contract verifies only the ECDSA signatures.
Operation
User-Initiated Signature Types
Verification Party
Account Registration
ECDSA
Node -> Contract
Reset Asset Trading Key
ECDSA
Node -> Contract
Lock Account
ECDSA
Node
Withdrawal
ECDSA+EdDSA
Node -> Circiut -> Contract
Transfer
ECDSA+EdDSA
Node -> Circiut
Place Order
EdDSA
Node
Create Grid Strategy
EdDSA
Node
Trade
Using the placed order's EdDSA
Circuit
Register Trading Pair
ECDSA+EdDSA
Node -> Circiut
Processing Fee for Deposit
1
ECDSA+EdDSA
Node -> Circiut
Cancel Order
EdDSA
Node
On-Chain Order Cancellation
ECDSA+EdDSA
Node -> Circiut
On-Chain Grid Cancellation
ECDSA+EdDSA
Node -> Circiut
Claim Mining Rewards
ECDSA+EdDSA
Node -> Circiut
Note
1
: The payment for the processing fee for deposit supports both payment from the wallet and DeGate account. The table above represents the latter case.

Signature Validity Date

Each time an ECDSA signature or EdDSA signature request is submitted, it includes a validity date (ValidUntil) field. When verifying the signatures, the first condition is always to determine if the signature is valid.

Generating and Creating New Asset Private Key

When a user register for a DeGate account, they are required to perform two ECDSA signatures. The first signature generates the asset private key where the signature content includes DeGate's smart contract address and KeyNonce. The KeyNonce is stored off-chain in the DeGate node and begins with 1 and increments by 1 each time the account is reset.
Sign this message to access DeGate Exchange: 0xdac304791B7f53593C701980aa52087Ed7EC6649 with key nonce: 1
The second signature submits the AccountUpdate event which links the wallet address, AccountID, and asset private keypair together. These data will be updated in the merkle trees and have the generated zero-knowledge proof submitted to the smart contract for verification.
owner: 0x8465f0641187132873Dc204366C125CcCB1f591F
accountID: 13
feeTokenID: 9
maxFee: 224000000000000000
publicKey: 19751969071188309383411147255314514902438722385019108049538486649726264961725
validUntil: 4294967295
nonce: 1
The process of resetting the asset private key is the same as registering an account. The difference is the former results in the KeyNonce+1.

Private Keys Security

  1. 1.
    DeGate protocol and degate.com will never ask and cannot access the user's Ethereum wallet private key.
  2. 2.
    The asset private key is stored temporarily in the local browser's SessionStorage and closing the browser tab will automatically clear it. In addition, the SessionStorage does not support cross-domain and cross-session access
  3. 3.
    The front end of degate.com is divided into two codes – Business Code and Wallet code. The wallet code is used to interact with the Ethereum wallet, get the EdDSA private key signatures, deal with both ECDSA and EdDSA wallet methods, and communicate with the business code. As for the business code, it is only responsible for the website functions and is unable to directly interact with the private keys. There are plans in the future to deploy the wallet code onto a decentralized server to make it immutable and increase the security of the private keys.
Please protect your private keys
If a user's asset private keys are leaked, even though the attackers are unable to directly perform withdrawals or transfers, they can still use the means of selling a user's asset at a very low price on DeGate and profit as a counterparty.
If you deemed that your asset private key has been leaked, please use the Reset Asset Private Key feature immediately to terminate the validity of the leaked private key.