Bug: the function 'deriveAddress' from a public key with ecdsa

[drhanlondon]

Hello,

Question 1: On Substrate-default (Westend testnet),

To derive an address from a publicKey with "sr25519", it works as below

import { deriveAddress } from "@substrate/txwrapper-polkadot";    

console.debug('build Keyring')
const drhan_keyring = new Keyring({ type: "sr25519"}); 

console.debug('Some mnemonic phrase, Add an account, straight mnemonic')
const drhan_substrateKeypair = drhan_keyring.addFromUri('world dutch flash motor outdoor major axis gloom rice pledge true suit'); 

console.debug(`publicKey: ${drhan_substrateKeypair.publicKey}`);

console.debug('derive account address');
const drhan_address = deriveAddress(drhan_substrateKeypair.publicKey, 42);
console.debug(`address: ${drhan_address}`);

The result is

publicKey: 214,165,91,166,6,98,81,50,52,109,162,10,132,145,143,208,63,192,99,231,139,235,101,167,8,118,60,226,18,171,165,30
address: 5Gv9E4mSjXJsicL4QAuRe8zq3MfGeTGp1cVmB24aRhSgrKqs 

But, next, to derive from a public key with "ecdsa", I did in the same way above with a different seed phrase

console.debug('build Keyring')
const shan_keyring = new Keyring({ type: "ecdsa" }); 

console.debug('Some mnemonic phrase, Add an account, straight mnemonic')
const shan_substrateKeypair = shan_keyring.addFromUri('asthma stereo budget skill frequent sunny enemy train kiwi word hold evil'); 

console.debug(`publicKey: ${shan_substrateKeypair.publicKey}`);

console.debug('derive account address');
const shan_address = deriveAddress(shan_substrateKeypair.publicKey, 42);
console.debug(`address: ${shan_address}`);

The result is

publicKey: 2,229,159,135,42,90,73,183,212,128,127,79,82,219,130,198,214,44,225,27,166,206,29,19,228,144,203,108,171,48,40,116,252
address: KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH

We can see that unexpectedly the returned value "KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH" is not an address (ss58), but just a public key (ss58).

By using Subkey tool, we can confirm that "KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH" is a public key(ss58).

#########################################################
from seed phrase

$ subkey inspect "asthma stereo budget skill frequent sunny enemy train kiwi word hold evil" --scheme Ecdsa

Secret phrase: asthma stereo budget skill frequent sunny enemy train kiwi word hold evil
Network ID: substrate
Secret seed: 0x67c9fddc7e706f33e3e20e4918e7e68abd986caade7c1d35e7596df4be9ca5bd
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: 5HpStbV2wnRhqiy8zsxeKYxJRLyKrsbH3Pyq9nrXtTeWXwcq

###################
from secret seed

$ subkey inspect 0x67c9fddc7e706f33e3e20e4918e7e68abd986caade7c1d35e7596df4be9ca5bd --scheme Ecdsa

Secret Key URI 0x67c9fddc7e706f33e3e20e4918e7e68abd986caade7c1d35e7596df4be9ca5bd is account:
Network ID: substrate
Secret seed: 0x67c9fddc7e706f33e3e20e4918e7e68abd986caade7c1d35e7596df4be9ca5bd
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: 5HpStbV2wnRhqiy8zsxeKYxJRLyKrsbH3Pyq9nrXtTeWXwcq

####################
from public key(hex)

$ subkey inspect --public 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc --scheme Ecdsa

Network ID/Version: substrate
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH

#####################
from public key (ss58)
$ subkey inspect KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH --scheme Ecdsa

Public Key URI KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH is account:
Network ID/Version: substrate
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH

############################

even with Substrate

$ cargo run --release -p subkey -- inspect "KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH" --scheme Ecdsa

Finished release [optimized] target(s) in 0.72s
Running target/release/subkey inspect KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH --scheme Ecdsa
Public Key URI KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH is account:
Network ID/Version: substrate
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH

##############################

$ cargo run --release -p subkey -- inspect "asthma stereo budget skill frequent sunny enemy train kiwi word hold evil" --scheme Ecdsa

Finished release [optimized] target(s) in 0.60s
Running target/release/subkey inspect 'asthma stereo budget skill frequent sunny enemy train kiwi word hold evil' --scheme Ecdsa
Secret phrase: asthma stereo budget skill frequent sunny enemy train kiwi word hold evil
Network ID: substrate
Secret seed: 0x67c9fddc7e706f33e3e20e4918e7e68abd986caade7c1d35e7596df4be9ca5bd
Public key (hex): 0x02e59f872a5a49b7d4807f4f52db82c6d62ce11ba6ce1d13e490cb6cab302874fc
Account ID: 0xfe8995168a62071594194772c371a72f1c57149273235556e2711f3a76dab5e0
Public key (SS58): KW87j6aqqJ8heTCTBeoxMLH1Yg2YmkeTz4Xwg4yHAmhmVX7wH
SS58 Address: 5HpStbV2wnRhqiy8zsxeKYxJRLyKrsbH3Pyq9nrXtTeWXwcq

##############################

As we see above, deriveAddress() returns a public key (ss58) in case of "ecdsa and Westend(42)" although we expect an address "5HpStbV2wnRhqiy8zsxeKYxJRLyKrsbH3Pyq9nrXtTeWXwcq"

But, this bug does not occur on Polkadot with "ecdsa"

const shan_address = deriveAddress(shan_substrateKeypair.publicKey, 0);

I would like to know whether this is a bug or not on Westend.

Question 2: as we see the above tests with Subkey and Substrate, I would like to know why "SS58 Address" does not show a proper ss58 address when inspecting with either a public key(hex) or a public key (ss58).

This report has been left on polkadot-js/common as well: polkadot-js/common#1822

Thank you

[TarikGul]

Thanks for the detailed explanation and examples. I'll have a look into this by tomorrow afternoon and respond!

[TarikGul]

@drhanlondon Yes to an extent it is a bug, and it fixed with the latest PR above. Thanks for bringing this up, and support for ecdsa will be given when that PR goes in.

[drhanlondon]

@TarikGul Thanks for your reply and effort to fix the bug. I would be grateful if you could advice me further on the Question 2 above.

[TarikGul]

In regards to question 2, honestly I am not completely sure. I would say that is a great question for substrate.stackexchange as I am not a total expert on subkey. I quickly tested the above and was able to reproduce it though.