Ed25519 verification in Algorand

I have an ed25519 public key: a960039af2fc59f2b1bb181495922cb5b470f09796908785a6c3f39e6dc57827

I have a message which I have signed:
“CONTEXT STRING”+“this a test”

Which produces the following signature:
92d97b9c60fb67e815ac4f35009a73e3bca0355685505537082554b71b0c94bd30f0d6b020433847fe134041fa065cd6cd7f37c49e292465045c56f8475f120a

I can verify this signature with any library which supports standard ed25519 signatures which includes: GitHub - paulmillr/noble-ed25519: Fastest JS implementation of ed25519, x25519 & ristretto255. Independently audited, high-security, 0-dependency EDDSA signatures and ECDH key agreement
GitHub - dalek-cryptography/ed25519-dalek: Fast and efficient ed25519 signing and verification in Rust.

How do I verify this signature on the Algorand blockchain and/or what changes do I need to make to the data/signature scheme to make it compatible with ed25519Verify?

Algorand ed25519Verify is non-standard in the sense it enforces hash_of_current_program.

Currently ed25519verify requires indeed that the message to be signed is prefixed properly for security (i.e., proper domain separation).

You can see details there:

Many use cases still work with minimal changes.
See for example Using a Smart Contract for Advanced Approvals: Hierarchical Thresholds | Algorand Developer Portal

If you cannot prefix your message as expected, I have good news: there should soon be an opcode that will allow you to verify any ed25519 signature without the domain separation.

2 Likes