Ethereum Classic (ETC) transactions are authenticated using digital signatures. Communications between ETC nodes are authenticated using a different method involving hashes and secret numbers or hash based message authentication codes (HMACs).

Details

HMACs provide authentication by proving knowledge of secrets known only to the senders and receivers of messages. HMACs of messages are hashes involving those messages and a secret. ETC HMACs are not just hashes of concatenations of messages and secrets. That would make them vulnerable to certain attacks. Instead, a procedure is followed involving two hashes. Specifically, two keys are derived from a secret. The SHA256 hash of the concatenation of one of these keys and the message is found. The ETC HMAC is the SHA256 hash of the concatenation of the other key and this hash.

Implementation

An example Python ETC HMAC implementation is provided below. Note that twice the SHA256 hash length is referred to as the SHA256 block size (64 bytes):

#!/usr/bin/env python3 import hashlib BLOCK_SIZE = 64 def etc_hmac(secret, message):

"""

Calculates hash based message authenticaion codes (HMACs).

""" if len(secret) > BLOCK_SIZE:

secret = hashlib.sha256(secret).digest()

secret = secret.ljust(BLOCK_SIZE, b"\x00")

ipad = BLOCK_SIZE * bytes.fromhex("36")

opad = BLOCK_SIZE * bytes.fromhex("5c")

key_1 = bytes([x ^ y for x, y in zip(secret, ipad)])

key_2 = bytes([x ^ y for x, y in zip(secret, opad)])

hash_ = hashlib.sha256(key_1 + message).digest()

hmac = hashlib.sha256(key_2 + hash_).digest() return hmac

Here is an example calculation in a Python shell:

>>> secret = b"This is the secret." >>> message = b"This is the message." >>> etc_hmac(secret, message)

b'\xe0m;\x16\x1dB\xd1LW\xb5\x84\xc7\x9b\xa8\x8d\x0e\xef\r\x02\xfb;\xc7s#U\x9c\x19Py%\xa9\x97' >>> etc_hmac(secret, message).hex()

'e06d3b161d42d14c57b584c79ba88d0eef0d02fb3bc77323559c19507925a997'

Feedback

Feel free to leave any comments or questions below. You can also contact me by email at cs@etcplanet.org or by clicking any of these icons:

Acknowledgements

I would like to thank IOHK (Input Output Hong Kong) for funding this effort.

License

This work is licensed under the Creative Commons Attribution ShareAlike 4.0 International License.