Greetings - I noticed every time I mash the ‘Sign Message’ button in the MPC Core Kit React Redirect Example a different signature value is produced when signing the static hard coded message in the code.
Why is this? Shouldn’t signing the same message with the same key produce the same signature every time?
@d-smith Thanks for your question.
Your request has been forwarded to our team and we will get back with further updates once more information becomes available.
No, not necessarily so. This is a nuance of Ethereum specific libraries.
ECDSA is probabilistic by default: ECDSA by default is a probabilistic signature scheme. This means that two signatures for the same message and key will be different with very high probability (i.e., practically always). (See Step 3 of section Signature generation algorithm of the ECDSA Wikipedia article.)
Deterministic ECDSA variant: As the Wikipedia article states further below, there is also a deterministic variant of ECDSA, which seems to be widely used in the Ethereum space. Here, the signing randomness is deterministically derived by hashing the message and the key, and therefore generating a signature for the same message and key will always produce the same result. Note that, however, the signing randomness must never be reused for different messages, as this would leak information about the secret key.
DKLS19 Multi-party ECDSA is probabilistic: For the case of multi-party ECDSA, Web3Auth uses the DKLS19 protocol. Here the randomness is generated distributedly between the shareholders, and is probabilistic by definition of the protocol. Hence, two signatures for the same message and key will be different with overwhelming probability.
Thank you for your reply - very helpful!