Signing Blockchain Transactions with ECDSA and EdDSA

Digital signatures are an integral part of how blockchains secure transactions and ensure only authorized parties can move assets. Let's walk through the process of signing a transaction in io.vault and broadcasting it to the blockchain.

Transaction Signing Flow

  1. Transaction Request: A user initiates a transaction from the io.vault web dashboard, specifying the asset, amount, and recipient.

  2. Signer Notification: io.vault notifies the vault's signing party of the pending transaction. Each signer receives the transaction details on their registered mobile device.

  3. Partial Signing: Each signer reviews the transaction and, if they approve, uses their key share to generate a partial signature. This is done using the vault's configured signature scheme (ECDSA or EdDSA).

    • For ECDSA, the signer's device generates a random nonce (k), computes r = k * G (where G is the curve's base point), and solves for s given the message hash, nonce, and signer's share of the private key. The partial signature is the pair (r, s).

    • For EdDSA, the process is similar but uses a deterministic nonce derived from the message and private key. The signer's device computes R = r * G (where r is the nonce), and solves for s given the message hash, R, and signer's share of the private key. The partial signature is the pair (R, s).

  4. Signature Combination: Once enough signers have provided partial signatures to meet the vault's threshold, io.vault combines the partial signatures into a final, valid signature.

    • For ECDSA, this involves adding the s values of the partial signatures to get the final s, and taking the r value from any of the partial signatures (they should all match).

    • For EdDSA, the R values are added to get the final R, and the s values are added to get the final s.

  5. Transaction Broadcast: io.vault packages the signed transaction and broadcasts it to the appropriate blockchain network.

  6. Blockchain Confirmation: The blockchain network's nodes verify the transaction signature and, if valid, include the transaction in a new block. Once the block is mined and confirmed, the transaction is considered complete.

Signature Verification

When a blockchain node receives a new transaction, it checks the validity of the signature before accepting the transaction into its mempool and propagating it to other nodes. The verification process differs slightly for ECDSA and EdDSA.


  1. Compute the message hash
  2. Recover the public key point from the signature (r, s) and message hash
  3. Check if the recovered point matches the transaction's stated public key

For EdDSA:

  1. Compute the message hash
  2. Calculate h = Hash(R || Public Key || Message)
  3. Check if s G = R + h Public Key

If the verification checks pass, the node considers the signature valid and the transaction authentic. This process ensures that only transactions signed by authorized private keys are accepted into the blockchain.

By leveraging ECDSA and EdDSA in a threshold signature scheme, io.vault ensures that transactions maintain the security properties of these signature algorithms while adding the benefits of distributed trust and fault tolerance. The signing and verification process remains largely the same, but is split across multiple parties in a secure MPC protocol.