ecdsa-quirks 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Artem Chystiakov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,23 @@
+# ECDSA Quirks
+
+A simple command line tool to generate the same ECDSA signature for two different messages.
+
+## Install
+
+```bash
+npm install -g ecdsa-quirks
+```
+
+## How to use
+
+To generate the signatures, run:
+
+```bash
+ecdsa-quirks --m1 "<some message>" --m2 "<some other message>" [--eip191]
+```
+
+The tool will log the private key and generated signatures via that private key.
+
+## Disclaimer
+
+The tool is based on [this research paper](https://www.di.ens.fr/david.pointcheval/Documents/Papers/2002_cryptoA.pdf). Please check it out to understand the math behind.

package/dist/src/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/index.js

@@ -0,0 +1,77 @@
+#!/usr/bin/env node
+import { ethers } from "ethers";
+// eslint-disable-next-line
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { modInv } from "bigint-mod-arith";
+import { Command } from "commander";
+import { expect } from "chai";
+// based on https://www.di.ens.fr/david.pointcheval/Documents/Papers/2002_cryptoA.pdf
+function quirk(message1, message2, eip191) {
+    // EIP-191 hash
+    if (eip191) {
+        message1 = ethers.hashMessage(message1);
+        message2 = ethers.hashMessage(message2);
+    }
+    else {
+        message1 = ethers.hexlify(ethers.toUtf8Bytes(message1));
+        message2 = ethers.hexlify(ethers.toUtf8Bytes(message2));
+    }
+    const n = secp256k1.Point.CURVE().n;
+    const k = ethers.hexlify(ethers.randomBytes(32));
+    const r = "0x" + ethers.hexlify(secp256k1.getPublicKey(Buffer.from(k.slice(2), "hex"))).slice(4); // take x coordinate
+    // x = -((h1 + h2) / 2r) (mod n)
+    const numer = BigInt(message1) + BigInt(message2);
+    const denom = BigInt(modInv(2n * BigInt(r), BigInt(n)));
+    const x = BigInt(n) - ((numer * denom) % BigInt(n));
+    // regular ECDSA signature
+    let s = (BigInt(modInv(BigInt(k), BigInt(n))) * (BigInt(message1) + x * BigInt(r))) % BigInt(n);
+    // make s be from the lower part of the curve
+    if (s > n / 2n) {
+        s = n - s;
+    }
+    const wallet = new ethers.Wallet(ethers.toBeHex(x, 32));
+    let sig1 = ethers.toBeHex(r, 32) + ethers.toBeHex(s, 32).slice(2) + "1b";
+    let sig2 = ethers.toBeHex(r, 32) + ethers.toBeHex(s, 32).slice(2) + "1c";
+    if (ethers.verifyMessage(message1, sig1) != wallet.address) {
+        const tmp = sig1;
+        sig1 = sig2;
+        sig2 = tmp;
+    }
+    // sanity check
+    expect(ethers.verifyMessage(message1, sig1) == wallet.address);
+    expect(ethers.verifyMessage(message2, sig2) == wallet.address);
+    return {
+        privateKey: ethers.toBeHex(x, 32),
+        address: wallet.address,
+        signature1: sig1,
+        signature2: sig2,
+    };
+}
+function printQuired(message1, message2, quirked) {
+    console.log("Private key: " + quirked.privateKey);
+    console.log("Address: " + quirked.address);
+    console.log();
+    console.log("Message1: " + message1);
+    console.log("Signature1: " + quirked.signature1);
+    console.log();
+    console.log("Message2: " + message2);
+    console.log("Signature2: " + quirked.signature2);
+}
+async function main() {
+    const program = new Command();
+    program
+        .name("ecdsa-quirks")
+        .description("Generate the same ECDSA signature for two different messages")
+        .option("--m1, --message1 <MSG>", "The first message")
+        .option("--m2, --message2 <MSG>", "The second message")
+        .option("--eip191", "Whether to EIP-191 hash the messages before signing", false)
+        .showHelpAfterError();
+    const parsed = await program.parseAsync(process.argv);
+    const opts = parsed.opts();
+    if (!opts.message1 || !opts.message2) {
+        throw new Error("Specify both messages to generate the signature for");
+    }
+    const quirked = quirk(opts.message1, opts.message2, opts.eip191);
+    printQuired(opts.message1, opts.message2, quirked);
+}
+void main();

package/package.json

@@ -0,0 +1,68 @@
+{
+  "name": "ecdsa-quirks",
+  "description": "Generate the same ECDSA signature for two different messages",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "bin": {
+    "ecdsa-quirks": "dist/src/index.js"
+  },
+  "exports": {
+    ".": "./dist/src/index.js"
+  },
+  "files": [
+    "dist/src/",
+    "src/",
+    "LICENSE",
+    "README.md"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/arvolear/ecdsa-quirks.git"
+  },
+  "keywords": [
+    "ecdsa",
+    "quirks",
+    "ethereum"
+  ],
+  "author": "Artem Chystiakov",
+  "license": "MIT",
+  "bugs": {
+    "url": "git+https://github.com/arvolear/ecdsa-quirks.gitissues"
+  },
+  "homepage": "git+https://github.com/arvolear/ecdsa-quirks.git#readme",
+  "scripts": {
+    "prepare": "husky",
+    "prepack": "npm run build",
+    "build": "tsc --build .",
+    "lint": "prettier --check . && node --import tsx/esm ./node_modules/eslint/bin/eslint.js .",
+    "test": "node --import ./tests/loader-bootstrap.mjs --no-deprecation ./node_modules/mocha/bin/mocha.js \"tests/**/*.test.ts\" -t 120000",
+    "lint-fix": "prettier --write . && node --import tsx/esm ./node_modules/eslint/bin/eslint.js . --fix",
+    "publish": "npm run build && npm publish --access public"
+  },
+  "dependencies": {
+    "@noble/curves": "2.0.1",
+    "bigint-mod-arith": "3.3.1",
+    "chai": "6.2.0",
+    "commander": "14.0.1",
+    "ethers": "6.16.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.13.0",
+    "@types/chai": "^5.2.3",
+    "@types/mocha": "^10.0.10",
+    "@types/node": "^24.9.1",
+    "eslint": "^9.13.0",
+    "eslint-plugin-n": "^17.10.3",
+    "globals": "^15.11.0",
+    "husky": "^9.1.7",
+    "jiti": "^2.0.0",
+    "mocha": "^11.7.4",
+    "prettier": "^3.3.3",
+    "ts-node": "^10.9.2",
+    "tsx": "^4.19.2",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.12.2"
+  }
+}

package/src/index.ts

@@ -0,0 +1,110 @@
+#!/usr/bin/env node
+
+import { ethers } from "ethers";
+
+// eslint-disable-next-line
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { modInv } from "bigint-mod-arith";
+
+import { Command } from "commander";
+import { expect } from "chai";
+
+type Quirked = {
+  privateKey: string;
+  address: string;
+  signature1: string;
+  signature2: string;
+};
+
+// based on https://www.di.ens.fr/david.pointcheval/Documents/Papers/2002_cryptoA.pdf
+function quirk(message1: string, message2: string, eip191: boolean): Quirked {
+  // EIP-191 hash
+  if (eip191) {
+    message1 = ethers.hashMessage(message1);
+    message2 = ethers.hashMessage(message2);
+  } else {
+    message1 = ethers.hexlify(ethers.toUtf8Bytes(message1));
+    message2 = ethers.hexlify(ethers.toUtf8Bytes(message2));
+  }
+
+  const n = secp256k1.Point.CURVE().n;
+  const k = ethers.hexlify(ethers.randomBytes(32));
+  const r = "0x" + ethers.hexlify(secp256k1.getPublicKey(Buffer.from(k.slice(2), "hex"))).slice(4); // take x coordinate
+
+  // x = -((h1 + h2) / 2r) (mod n)
+  const numer = BigInt(message1) + BigInt(message2);
+  const denom = BigInt(modInv(2n * BigInt(r), BigInt(n)));
+  const x = BigInt(n) - ((numer * denom) % BigInt(n));
+
+  // regular ECDSA signature
+  let s = (BigInt(modInv(BigInt(k), BigInt(n))) * (BigInt(message1) + x * BigInt(r))) % BigInt(n);
+
+  // make s be from the lower part of the curve
+  if (s > n / 2n) {
+    s = n - s;
+  }
+
+  const wallet = new ethers.Wallet(ethers.toBeHex(x, 32));
+
+  let sig1 = ethers.toBeHex(r, 32) + ethers.toBeHex(s, 32).slice(2) + "1b";
+  let sig2 = ethers.toBeHex(r, 32) + ethers.toBeHex(s, 32).slice(2) + "1c";
+
+  if (ethers.verifyMessage(message1, sig1) != wallet.address) {
+    const tmp = sig1;
+    sig1 = sig2;
+    sig2 = tmp;
+  }
+
+  // sanity check
+  expect(ethers.verifyMessage(message1, sig1) == wallet.address);
+  expect(ethers.verifyMessage(message2, sig2) == wallet.address);
+
+  return {
+    privateKey: ethers.toBeHex(x, 32),
+    address: wallet.address,
+    signature1: sig1,
+    signature2: sig2,
+  };
+}
+
+function printQuired(message1: string, message2: string, quirked: Quirked) {
+  console.log("Private key: " + quirked.privateKey);
+  console.log("Address: " + quirked.address);
+
+  console.log();
+
+  console.log("Message1: " + message1);
+  console.log("Signature1: " + quirked.signature1);
+
+  console.log();
+
+  console.log("Message2: " + message2);
+  console.log("Signature2: " + quirked.signature2);
+}
+
+async function main(): Promise<void> {
+  const program = new Command();
+  program
+    .name("ecdsa-quirks")
+    .description("Generate the same ECDSA signature for two different messages")
+    .option("--m1, --message1 <MSG>", "The first message")
+    .option("--m2, --message2 <MSG>", "The second message")
+    .option("--eip191", "Whether to EIP-191 hash the messages before signing", false)
+    .showHelpAfterError();
+
+  const parsed = await program.parseAsync(process.argv);
+  const opts = parsed.opts<{
+    message1: string;
+    message2: string;
+    eip191: boolean;
+  }>();
+
+  if (!opts.message1 || !opts.message2) {
+    throw new Error("Specify both messages to generate the signature for");
+  }
+
+  const quirked = quirk(opts.message1, opts.message2, opts.eip191);
+  printQuired(opts.message1, opts.message2, quirked);
+}
+
+void main();