Reputation: 148
Is it possible to create an account on Hedera that has both Ed25519 keys and ECDSA keys?
When visiting the Hedera portal, it generates 2 sets of keys for me: an ED25519 key and an ECDSA key.
However, these correspond to different accounts.
I would like to be able to operate a single account which may be signed by either an ED25519 or an ECDSA key.
Is this possible? If so how?
Upvotes: 6
Views: 237
Answers (1)
Reputation: 28587
The same account cannot have 2 sets of keys, that will not work for the underlying cryptography. While both EdDSA and ECDSA both use elliptic curve cryptography, they have different underlying algorithms, and they use different configurations for their elliptic curves (Ed25519 and secp256k1), and therefore it will not work at that level.
However, despite this, you can accomplish your objective,
of being able to "operate a single account which may be signed by either an ED25519 or an ECDSA key".
This is possible to do on Hedera, because the network supports
m-of-n multisig at a protocol level,
as an Account is separate from a Key.
Note that this is different from other EVM-compatible networks, where an EOA (externally owned account) can have exactly one key only, which means that multisig functionality needs to be custom-programmed using smart contracts.
Here is how you can accomplish this using the Hedera JavaScript SDK:
(1) Create a 1-of-2 multisig KeyList,
comprised of one Ed25519 key and one ECDSA secp256k1 key.
const edKey = PrivateKey.generateED25519();
const ecKey = PrivateKey.generateECDSA();
const multisigPublicKeys = [edKey.publicKey, ecKey.publicKey];
const multisigKeyList = new KeyList(multisigPublicKeys, 1);
(2) Next create multisigAccountId using
either edKey or ecKey from above,
and fund it with some HBAR.
(3) Update multisigAccountId using AccountUpdateTransaction
to change its key from the single key that was used during account creation,
to the 1-of-2 multisig KeyList instance created above.
const makeMultisigTx = new AccountUpdateTransaction()
.setAccountId(multisigAccountId)
.setKey(multisigKeyList)
.freezeWith(client);
const makeMultisigTxSignedByOneKey = await makeMultisigTx.sign(edKey);
const makeMultisigTxSignedByAllKeys = await makeMultisigTxSignedByOneKey.sign(ecKey);
const makeMultisigTxSubmitted = await makeMultisigTxSignedByAllKeys.execute(client);
Note that this AccountUpdateTransaction needs to be signed by both
of the keys in the KeyList (both edKey and ecKey).
(4) Now multisigAccountId can be signed using:
- either
edKeywhich is an Ed25519 key - or
ecKey, which is an ECDSA key
Refs
Upvotes: 7
Related Questions
- Is it possible to update an existing (ECDSA) account on Hedera to use Multisig & Threshold Keys for Signing?
- How do I use `PrivateKey` and `PublicKey` from Hedera SDK to encrypt and decrypt data?
- How do i create Account on hedera testnet?
- How to create a Hedera transaction signed by one account but paid for with another account
- How can I use Hedera JS SDK to generate a set of ECDSA key-pairs based on a BIP-39 seed phrase and a custom derivation path?
- Is there a one to one correlation between pub/priv key pairs and account IDs on the Hedera Network?