-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCryptography.sol
More file actions
468 lines (399 loc) · 15.3 KB
/
Cryptography.sol
File metadata and controls
468 lines (399 loc) · 15.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;
// ============================================================================
// SOLIDITY CRYPTOGRAPHY - Complete Reference
// From Zero to Professional
// ============================================================================
contract Cryptography {
// ============================================================================
// 1. KECCAK256 - Most Common Hash in Ethereum
// ============================================================================
// - SHA-3 (Keccak) family
// - Returns bytes32 (256 bits)
// - Most widely used in Ethereum
// - Deterministic: same input = same output
function keccak256Examples()
public
pure
returns (bytes32 hash1, bytes32 hash2, bytes32 hash3)
{
// Hash a string
hash1 = keccak256("Hello World");
// Hash bytes
hash2 = keccak256(bytes("Hello World"));
// Hash multiple values with abi.encodePacked
hash3 = keccak256(abi.encodePacked("Hello", "World"));
return (hash1, hash2, hash3);
}
// Hash numbers
function hashNumber(uint256 num) public pure returns (bytes32) {
return keccak256(abi.encodePacked(num));
}
// Hash address
function hashAddress(address addr) public pure returns (bytes32) {
return keccak256(abi.encodePacked(addr));
}
// Hash multiple values
function hashMultiple(
address addr,
uint256 amount,
uint256 nonce
) public pure returns (bytes32) {
return keccak256(abi.encodePacked(addr, amount, nonce));
}
// ============================================================================
// 2. ABI.ENCODE VS ABI.ENCODEPACKED
// ============================================================================
function encodingComparison(
address addr,
uint256 amount
)
public
pure
returns (
bytes memory encoded,
bytes memory encodePacked,
bytes32 hashEncoded,
bytes32 hashEncodePacked
)
{
// abi.encode: Pads to 32 bytes, includes type info
encoded = abi.encode(addr, amount);
hashEncoded = keccak256(encoded); // Safe, no collisions
// abi.encodePacked: No padding, tightly packed
// WARNING: Can cause hash collisions!
encodePacked = abi.encodePacked(addr, amount); // Potential collisions
hashEncodePacked = keccak256(encodePacked); // Potential collisions
return (encoded, encodePacked, hashEncoded, hashEncodePacked);
}
// ⚠️ Hash collision with encodePacked
function hashCollisionExample() public pure returns (bool) {
// These produce THE SAME hash (collision!)
bytes32 hash1 = keccak256(abi.encodePacked("aa", "bb"));
bytes32 hash2 = keccak256(abi.encodePacked("a", "abb"));
return hash1 == hash2; // true - DANGEROUS!
}
// ✅ Safe: Use abi.encode to prevent collisions
function safeHashing() public pure returns (bool) {
bytes32 hash1 = keccak256(abi.encode("aa", "bb"));
bytes32 hash2 = keccak256(abi.encode("a", "abb"));
return hash1 == hash2; // false - SAFE
}
// ============================================================================
// 3. SHA256
// ============================================================================
// - Bitcoin uses SHA256
// - Returns bytes32
// - More expensive than keccak256 in EVM
function sha256Examples()
public
pure
returns (bytes32 hash1, bytes32 hash2)
{
hash1 = sha256("Hello World");
hash2 = sha256(abi.encodePacked("Hello", "World"));
return (hash1, hash2);
}
// ============================================================================
// 4. RIPEMD160
// ============================================================================
// - Returns bytes20 (160 bits)
// - Used in Bitcoin addresses
// - Less common in Ethereum
function ripemd160Examples() public pure returns (bytes20) {
return ripemd160("Hello World");
}
// ============================================================================
// 5. ECRECOVER - Signature Verification
// ============================================================================
// Recovers signer address from signature
// Used for verifying signatures off-chain
function recoverSigner(
bytes32 messageHash,
uint8 v,
bytes32 r,
bytes32 s
) public pure returns (address) {
// Recover the signer's address
return ecrecover(messageHash, v, r, s);
}
// Verify signature
function verifySignature(
address signer,
bytes32 messageHash,
uint8 v,
bytes32 r,
bytes32 s
) public pure returns (bool) {
address recoveredSigner = ecrecover(messageHash, v, r, s);
return recoveredSigner == signer;
}
// ============================================================================
// 6. EIP-191 SIGNED DATA STANDARD
// ============================================================================
// Ethereum Signed Message standard
// Prevents signatures being used across different contexts
function getEthSignedMessageHash(
bytes32 messageHash
) public pure returns (bytes32) {
// Prefix: "\x19Ethereum Signed Message:\n32"
return
keccak256(
abi.encodePacked(
"\x19Ethereum Signed Message:\n32",
messageHash
)
);
}
function verifyEthSignedMessage(
address signer,
string memory message,
uint8 v,
bytes32 r,
bytes32 s
) public pure returns (bool) {
// 1. Hash the message
bytes32 messageHash = keccak256(bytes(message));
// 2. Create Ethereum Signed Message
bytes32 ethSignedMessageHash = getEthSignedMessageHash(messageHash);
// 3. Recover signer
address recoveredSigner = ecrecover(ethSignedMessageHash, v, r, s);
return recoveredSigner == signer;
}
// ============================================================================
// 7. EIP-712 TYPED DATA SIGNING
// ============================================================================
// Structured data signing (more complex but safer)
bytes32 public constant DOMAIN_TYPEHASH =
keccak256(
"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
);
bytes32 public constant PERMIT_TYPEHASH =
keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
);
function getDomainSeparator() public view returns (bytes32) {
return
keccak256(
abi.encode(
DOMAIN_TYPEHASH,
keccak256(bytes("MyContract")),
keccak256(bytes("1")),
block.chainid,
address(this)
)
);
}
function getStructHash(
address owner,
address spender,
uint256 value,
uint256 nonce,
uint256 deadline
) public pure returns (bytes32) {
return
keccak256(
abi.encode(
PERMIT_TYPEHASH,
owner,
spender,
value,
nonce,
deadline
)
);
}
function getTypedDataHash(
address owner,
address spender,
uint256 value,
uint256 nonce,
uint256 deadline
) public view returns (bytes32) {
bytes32 structHash = getStructHash(
owner,
spender,
value,
nonce,
deadline
);
return
keccak256(
abi.encodePacked("\x19\x01", getDomainSeparator(), structHash)
);
}
// ============================================================================
// 8. MERKLE PROOFS
// ============================================================================
// Verify membership in a Merkle tree
function verifyMerkleProof(
bytes32[] memory proof,
bytes32 root,
bytes32 leaf
) public pure returns (bool) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
bytes32 proofElement = proof[i];
if (computedHash < proofElement) {
computedHash = keccak256(
abi.encodePacked(computedHash, proofElement)
);
} else {
computedHash = keccak256(
abi.encodePacked(proofElement, computedHash)
);
}
}
return computedHash == root;
}
// ============================================================================
// 9. COMMIT-REVEAL SCHEME
// ============================================================================
// Two-phase process to prevent front-running
mapping(address => bytes32) public commitments;
mapping(address => bool) public revealed;
// Phase 1: Commit
function commit(bytes32 commitment) external {
require(commitments[msg.sender] == bytes32(0), "Already committed");
commitments[msg.sender] = commitment;
}
// Phase 2: Reveal
function reveal(uint256 value, bytes32 salt) external {
bytes32 commitment = keccak256(abi.encodePacked(value, salt));
require(commitments[msg.sender] == commitment, "Invalid reveal");
require(!revealed[msg.sender], "Already revealed");
revealed[msg.sender] = true;
// Process the revealed value
}
// Generate commitment (off-chain)
function generateCommitment(
uint256 value,
bytes32 salt
) public pure returns (bytes32) {
return keccak256(abi.encodePacked(value, salt));
}
// ============================================================================
// 10. RANDOM NUMBER GENERATION
// ============================================================================
// ⚠️ WARNING: These are NOT truly random on blockchain!
// BAD: Predictable randomness
function badRandomness() public view returns (uint256) {
// Miners can manipulate these values
return
uint256(
keccak256(
abi.encodePacked(
block.timestamp,
block.difficulty,
msg.sender
)
)
);
}
// ✅ BETTER: Use Chainlink VRF or similar oracle
// This is just a demonstration
function betterRandomness(uint256 nonce) public view returns (uint256) {
// Include more variables, but still not truly random
return
uint256(
keccak256(
abi.encodePacked(
block.timestamp,
block.prevrandao,
msg.sender,
nonce,
blockhash(block.number - 1)
)
)
);
}
// ============================================================================
// 11. PRACTICAL EXAMPLES
// ============================================================================
// Generate unique ID
function generateUniqueId(
address user,
uint256 timestamp,
uint256 nonce
) public pure returns (bytes32) {
return keccak256(abi.encodePacked(user, timestamp, nonce));
}
// Verify whitelist proof
mapping(bytes32 => bool) public whitelist;
function addToWhitelist(address[] memory addresses) external {
for (uint256 i = 0; i < addresses.length; i++) {
bytes32 hash = keccak256(abi.encodePacked(addresses[i]));
whitelist[hash] = true;
}
}
function isWhitelisted(address addr) external view returns (bool) {
bytes32 hash = keccak256(abi.encodePacked(addr));
return whitelist[hash];
}
// Password verification (NEVER store plain passwords!)
mapping(address => bytes32) private passwordHashes;
function setPassword(string memory password, bytes32 salt) external {
bytes32 hash = keccak256(abi.encodePacked(password, salt));
passwordHashes[msg.sender] = hash;
}
function verifyPassword(
string memory password,
bytes32 salt
) external view returns (bool) {
bytes32 hash = keccak256(abi.encodePacked(password, salt));
return passwordHashes[msg.sender] == hash;
}
// ============================================================================
// 12. SIGNATURE SPLITTING
// ============================================================================
function splitSignature(
bytes memory signature
) public pure returns (uint8 v, bytes32 r, bytes32 s) {
require(signature.length == 65, "Invalid signature length");
assembly {
r := mload(add(signature, 32))
s := mload(add(signature, 64))
v := byte(0, mload(add(signature, 96)))
}
// Adjust v if necessary
if (v < 27) {
v += 27;
}
return (v, r, s);
}
// ============================================================================
// 13. HASH COMPARISON
// ============================================================================
function compareHashes()
public
pure
returns (bool same1, bool same2, bool same3)
{
// String comparison using hashes
same1 = keccak256(bytes("hello")) == keccak256(bytes("hello"));
same2 = keccak256(bytes("hello")) == keccak256(bytes("world"));
// Multiple values
same3 =
keccak256(abi.encode(1, 2, 3)) == keccak256(abi.encode(1, 2, 3));
return (same1, same2, same3);
}
// ============================================================================
// KEY TAKEAWAYS FOR PROFESSIONAL DEVELOPERS:
// ============================================================================
// 1. keccak256 is most common hash in Ethereum
// 2. Use abi.encode (not encodePacked) to prevent hash collisions
// 3. ecrecover verifies signatures, returns signer address
// 4. EIP-191 for standard signed messages
// 5. EIP-712 for structured typed data (safer, more complex)
// 6. Merkle proofs for efficient membership verification
// 7. Commit-reveal prevents front-running
// 8. ⚠️ block.timestamp/difficulty NOT secure for randomness
// 9. Use Chainlink VRF for true randomness
// 10. Never store plain passwords, always hash with salt
// 11. Signatures are 65 bytes: v (1 byte) + r (32 bytes) + s (32 bytes)
// 12. sha256 and ripemd160 available but less common
// 13. Hash collisions possible with abi.encodePacked
// 14. Signature verification requires proper message formatting
// 15. Domain separators prevent cross-contract signature replay
// ============================================================================
}