Cryptography

​

Hashing Algorithms

​

Keccak-256 (legacy SHA-3 variant)

• Where it is used: EVM state (Merkle-Patricia tries), log topics, transaction and message hashing for signatures, address derivation, and EIP-55 address checksums.
• Why: Exact parity with Ethereum behavior and tooling.

​

SHA-256

• Where it is used: Native chain commitments such as IAVL sub-trees and the top-level Merkle commitments described in the State Model.
• Why: Efficient, widely audited, and standard for Merkleized structures outside the EVM.
• Note: Keccak-256 and NIST SHA3-256 are not bit-for-bit identical. OpenGDP uses Keccak-256 for all EVM-compatible paths to preserve compatibility.

​

The secp256k1 Elliptic Curve

• Private key: 32-byte integer $d \in [1, n-1]$, where $n$ is the curve order.
• Public key: Point $Q = d \cdot G$ on the curve. For EVM operations, we use the uncompressed 65-byte form 0x04 || X || Y.
• Signatures: Tuple $(r, s)$ plus a 1-byte recovery id $v$ that enables public-key recovery (ecrecover). OpenGDP enforces low-S normalization $s \leq n/2$ to prevent malleability.

​

Address Generation from Public Keys

​

Externally Owned Account (EOA) address

• Take the uncompressed public key bytes without the 0x04 prefix: pubkey[1:] (64 bytes).
• Compute keccak256(pubkey[1:]).
• The address is the last 20 bytes of that hash.
• Display as hex with 0x prefix and optional EIP-55 mixed-case checksum.

address = last20( keccak256( uncompressed_pubkey[1:] ) )

​

Contract address

• CREATE: address = last20( keccak256( RLP(sender_address, sender_nonce) ) )
• CREATE2: address = last20( keccak256( 0xff || sender_address || salt || keccak256(init_code) ) )

​

The Two Types of Address

• Externally Owned Accounts (EOA)
  • Controlled by a private key on secp256k1.
  • Can send transactions, pay gas, and initiate contract calls.
  • Nonce increases with each successful transaction.
• Contract Accounts
  • Code lives at the address and is executed when called.
  • Have persistent storage and can hold balances.
  • Cannot initiate transactions by themselves; they react to calls from EOAs or other contracts.

​

Signing Methods

​

Transaction Signing (with replay protection)

• Hash to sign: keccak256( tx_signing_payload )
• Signature: $(r,s,v)$ where:
  • $r,s$ are ECDSA scalars with low-S normalization.
  • $v$ encodes parity and the chain id. Wallets may present $v$ as $0/1$, $27/28$, or $35 + 2 \times chainId + parity$ depending on type; OpenGDP accepts standard encodings.
• Submission: The signed blob is sent via eth_sendRawTransaction.
• Recovery): Nodes use ecrecover(hash, v, r, s) to recover the public key and verify the sender address.

​

Security properties

• Replay protection: Chain-id binding prevents cross-chain replays.
• Non-malleability: Low-S rule plus consensus validation rejects malleated signatures.

​

Personal Message Signing (EIP-191)

• Prefixing (domain separation): "\x19Ethereum Signed Message:\n" || len(msg) || msg
• Hash to sign: keccak256( prefixed_message )
• Verify/recover: Same ecrecover flow as transactions.