secp256k1 - Incorrect public key derivation in React-Native

[alex-miller-0]

I posted this issue in ethjs-account: ethjs/ethjs-account#3

That module makes the following call from elliptic:

const elliptic = require('elliptic');
const secp256k1 = new (elliptic.ec)('secp256k1');

secp256k1.keyFromPrivate(privateKeyBuffer).getPublic(false, 'hex')

This produces the correct public key in Node V8, but produces a different result in React-Native.

Many Ethereum wallets will use RN if they don't already, so this could be pretty dangerous.

---

Reproducing using elliptic alone:

Code:

var elliptic = require('elliptic');
const secp256k1 = new (elliptic.ec)('secp256k1');

var pkey = '0x4735f8b1af5002ce677ae96bbf8958d7213a858f76166047346f89e5597f964d'
const privateKeyBuffer = new Buffer(/^0x/.test(pkey) ? pkey.slice(2) : pkey, 'hex');
const tmp = (new Buffer(secp256k1.keyFromPrivate(privateKeyBuffer).getPublic(false, 'hex'), 'hex')).slice(1).toString('hex')
console.log(tmp)

In Node V8 console (correct result):

'253caada10d4ffc3ad90a8b20658a524df51b884ab0c213fce48b024f6dce4661539d81e2f776a4b087298b66fa4a46b020a2eb46046aeec171548539bcc679b'

In React-Native (iOS emulator) (incorrect result):

'047a0b7043c722b88ab914b3e07a4d323ee689104673f89ccd7dd3efd3a8ea932f2e1e120ad525f4c6de93053280f7a8e820145a0091f733a082ed3f3429dd6cd5'

[iFA88]

#135

[iFA88]

Use the canonical option like:
elliptic.ec('secp256k1').sign(keccak_256(encode(rawTX)), privKey, 'hex', {canonical:true})