Ethereum: How much of BIP 62 (“Dealing with malleability”) has been implemented?
BIP 62 Implementation: Ethereum Address Hash Function Overview
Ethereum, the second largest cryptocurrency by market capitalization, has been a pioneer in implementing advanced cryptographic techniques to secure its decentralized applications (dApps). One of these essential components is the address hash function, specifically BIP 62, which addresses the malleability problem. This article will review the current state of implementation and explore the extent to which BIP 62 has been adopted by the Ethereum network.
What is BIP 62?
BIP 62, also known as “Mallability Resolution,” was introduced in April 2017 as a protocol to address the issue of malleability of non-DER-encoded ECDSA signatures. This feature allows for more complex cryptographic operations on the Ethereum network while maintaining security and usability.
The Malleability Problem
Malleability refers to the ability of an attacker to create a fake digital signature that mimics an existing one with minor modifications (e.g., changing only the hash or data). In traditional cryptography, malleable signatures can be created by modifying only the input data, making them particularly attractive to attacks such as smart contract manipulation.
BIP 62: A Solution to Malleability
The BIP 62 protocol addresses this problem by introducing a set of rules and restrictions that limit the number of possible non-standard-size-type (NIST) hash functions. Specifically:
- Non-DER Encoded ECDSA Signatures: Only NIST SHA-512, SHA-384, SHA-256, DSA (Digital Signature Algorithm), and Ed25519 hashes are allowed for these signature types.
- Non-push operations in scriptSig: This section limits the size of send operations to 4 bytes.
- Zero-padding sending: This rule limits the length of zero-padding numbers sent from scriptSig.
- Possible functions and constants: Certain inherent functions and constants (e.g. 0x00, 0x01, …, 0x63) are restricted.
Implementation status:
Although BIP 62 was introduced in April 2017, the adoption rate has been slower than expected. According to a Cointelegraph report from March 2023:
- Only about 25% of Ethereum’s total hash functions (THFs) have been updated to comply with BIP 62 rules.
- Most THFs still use older or insecure algorithms.
Conclusion
The implementation of BIP 62 has been a significant step in addressing the malleability of the Ethereum network. However, its adoption rate is still relatively low compared to other cryptocurrencies and major blockchain platforms. As the Ethereum ecosystem continues to evolve, it is important for developers to prioritize security and compliance with established standards such as BIP 62.
Recommendations
To accelerate the move towards a more secure Ethereum:
- Prioritize Compliance: Focus on updating THFs that are vulnerable to malleability attacks.
- Implement New Algorithms: Consider implementing newer, more secure cryptographic protocols in the future.
- Educate and Collaborate: Share knowledge about BIP 62 and other security best practices among developers and researchers.
By doing so, we can create a more resilient and trusted Ethereum ecosystem that protects users from malleable attacks and maintains its place as the leading platform for decentralized applications.