search

semaphore-protocol / semaphore

A zero-knowledge protocol for anonymous interactions.
https://semaphore.pse.dev
MIT License
883 stars 193 forks source link

signMessage / verifySignature fails in a specific use-case #733

Closed brianblank closed 5 months ago

brianblank commented 5 months ago

Describe the bug The Identity.verifySignature method is returning a FALSE when it should return a TRUE when the identity is created from a private key. If the identity from a secret value, the Identity.verifySignature method works correctly.

To Reproduce The following script can reproduce the error.

import { Identity } from "@semaphore-protocol/identity"

// Create new identities
const { privateKey, publicKey, commitment } = new Identity()
const identity1 = new Identity(privateKey)
console.log(`KEY 0: Private key: ${privateKey}, Commitment: ${commitment}`)
console.log(`KEY 1: Private key: ${identity1.privateKey}, Commitment: ${identity1.commitment}`)

// Create deterministic identities
const identity2 = new Identity("secret-value")
console.log(`KEY 2: Private key: ${identity2.privateKey}, Commitment: ${identity2.commitment}`)

// Sign and verify messages
const message = "Hello World"

// ** FAILS  -- ERROR **
const signature1 = identity1.signMessage(message)
console.log(`Signature Verification 1: ${Identity.verifySignature(message, signature1, identity1.publicKey)}`)

// ** PASSES **
const signature2 = identity2.signMessage(message)
console.log(`Signature Verification 2: ${Identity.verifySignature(message, signature2, identity2.publicKey)}`)

Expected behavior It is expected that both calls to Identity.verifySignature should return TRUE.

Screenshots Here is the output from the sample script.

brian@PC2024:~/dev/semaphore/my-semaphore$ npm exec semaphore-test
KEY 0: Private key: ffa84cb22118cdf5ad1c59399bfc9916aacd90db96fd76a906f9b0c5c186f38f, Commitment: 11547763333390345121776248782596790258736061158833261356159608551684019727816
KEY 1: Private key: ffa84cb22118cdf5ad1c59399bfc9916aacd90db96fd76a906f9b0c5c186f38f, Commitment: 11547763333390345121776248782596790258736061158833261356159608551684019727816
KEY 2: Private key: secret-value, Commitment: 6077414137425862104098811282698228425542745523189859648518379324503541561174
Signature Verification 1: false
Signature Verification 2: true
brian@PC2024:~/dev/semaphore/my-semaphore$

Technologies (please complete the following information):

Additional context All code was derived from documentation found here: https://docs.semaphore.pse.dev/guides/identities

cedoor commented 5 months ago

@brianblank Good catch, thank you!! I just opened a PR for it: https://github.com/semaphore-protocol/semaphore/pull/734.