If you want to create a transaction on Ethereum mainnet, you need a private key to sign your transaction and get a valid signed transaction. However, do we really need that?

The answer is No. Let’s have a quick view at the mechanics of the transaction.

https://ethereum.org/en/developers/docs/transactions/

And here is a transaction object.

{
    "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
    "tx": {
      "nonce": "0x0",
      "maxFeePerGas": "0x1234",
      "maxPriorityFeePerGas": "0x1234",
      "gas": "0x55555",
      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
      "value": "0x1234",
      "input": "0xabcd",
      "v": "0x26",
      "r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
      "s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
      "hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
      }
}

the raw is the signed transaction in Recursive Length Prefix (RLP) encoded form

the tx is the signed transaction in JSON form

the v,r,s are three components of an ECDSA digital signature of the originating EOA

It’s important that you need to have the signature hash, then the transaction can be cryptographically proven that it came from the sender and submitted to the network.

To sign a transaction in Ethereum, the originator must:

1. Create a transaction data structure, containing nine fields: nonce, gasPrice, gasLimit, to, value, data, chainID, 0, 0. (before eip 1559)

2. Produce an RLP-encoded serialized message of the transaction data structure.

3. Compute the Keccak-256 hash of this serialized message.

4. Compute the ECDSA signature, signing the hash with the originating EOA’s private key.

5. Append the ECDSA signature’s computed v, r, and s values to the transaction.

Obviously, all you need is transaction data and your signature. What happens if we just use a random signature? We need to know how ethereum resolve signature.

There is a function called ‘ecrecover’ in ethereum which is used to validate signatures. It takes transaction data and signature as input, and returns a public key. You’re able to get address easily by taking the last 20 bytes of the Keccak-256 hash of the public key and adding 0x to the beginning. In most cases, a random signature is valid and it can be used to recover public key. But we have no control on this address because there is no private key at all. It’s just like we are sending a created transaction from random address. The raw data of this transaction is known and clearly, which means all of us could be sure that the transaction we sent from random address will only process the opcode from their raw data. And It’s hard to find another signature that recovers a same public key as before, the difficulty of which is not more difficult than find the private key of that random address.

1. It’s easy that we can prove that the funds sent to that random address will only be used by that transaction, and nothing else. (Deploy contract with constructor is fine well)

2. One of the most successful cases by using One-Time address is eip-1820, This operation can be done on any chain, guaranteeing that the contract address is always the same and nobody can use that address with a different contract.****

1. This transaction MUST NOT use EIP-155 in order to work on any chain.

2. If block.number >= FORK_BLKNUMand CHAIN_IDis available, then when computing the hash of a transaction for the purposes of signing, instead of hashing only six rlp encoded elements (nonce, gasprice, startgas, to, value, data), you SHOULD hash nine rlp encoded elements (nonce, gasprice, startgas, to, value, data, chainid, 0, 0). If you do, then the vof the signature MUST be set to

3. This transaction could only be broadcasted and mined into a block once, since the “nonce” field in transaction object is set to 0. In this case, if the transaction failed by mistake, you could never send the transaction anyway(the fund will be locked ). So, send enough fund to the address recovered to avoid “not enough value ” error.

4. Better giving a high gas price in case of long period gas war.

1. https://weka.medium.com/how-to-send-ether-to-11-440-people-187e332566b7

2. https://github.com/Arachnid/extrabalance/blob/master/multisend.py

3. https://eips.ethereum.org/EIPS/eip-1820

4. https://ethereum.org/en/developers/docs/transactions/

5. https://cypherpunks-core.github.io/ethereumbook/06transactions.html

Origin version on Notion

https://0xsilas.notion.site/One-Time-Address-c5615181392e45d391e13866371189b8

twitter: https://twitter.com/SilasYayoi github: https://github.com/SilasZhr

If you want to create a transaction on Ethereum mainnet, you need a private key to sign your transaction and get a valid signed transaction. However, do we really need that?

The answer is No. Let’s have a quick view at the mechanics of the transaction.

https://ethereum.org/en/developers/docs/transactions/

And here is a transaction object.

{
    "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
    "tx": {
      "nonce": "0x0",
      "maxFeePerGas": "0x1234",
      "maxPriorityFeePerGas": "0x1234",
      "gas": "0x55555",
      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
      "value": "0x1234",
      "input": "0xabcd",
      "v": "0x26",
      "r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
      "s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
      "hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
      }
}

the raw is the signed transaction in Recursive Length Prefix (RLP) encoded form

the tx is the signed transaction in JSON form

the v,r,s are three components of an ECDSA digital signature of the originating EOA

It’s important that you need to have the signature hash, then the transaction can be cryptographically proven that it came from the sender and submitted to the network.

To sign a transaction in Ethereum, the originator must:

1. Create a transaction data structure, containing nine fields: nonce, gasPrice, gasLimit, to, value, data, chainID, 0, 0. (before eip 1559)

2. Produce an RLP-encoded serialized message of the transaction data structure.

3. Compute the Keccak-256 hash of this serialized message.

4. Compute the ECDSA signature, signing the hash with the originating EOA’s private key.

5. Append the ECDSA signature’s computed v, r, and s values to the transaction.

Obviously, all you need is transaction data and your signature. What happens if we just use a random signature? We need to know how ethereum resolve signature.

There is a function called ‘ecrecover’ in ethereum which is used to validate signatures. It takes transaction data and signature as input, and returns a public key. You’re able to get address easily by taking the last 20 bytes of the Keccak-256 hash of the public key and adding 0x to the beginning. In most cases, a random signature is valid and it can be used to recover public key. But we have no control on this address because there is no private key at all. It’s just like we are sending a created transaction from random address. The raw data of this transaction is known and clearly, which means all of us could be sure that the transaction we sent from random address will only process the opcode from their raw data. And It’s hard to find another signature that recovers a same public key as before, the difficulty of which is not more difficult than find the private key of that random address.

1. It’s easy that we can prove that the funds sent to that random address will only be used by that transaction, and nothing else. (Deploy contract with constructor is fine well)

2. One of the most successful cases by using One-Time address is eip-1820, This operation can be done on any chain, guaranteeing that the contract address is always the same and nobody can use that address with a different contract.****

1. This transaction MUST NOT use EIP-155 in order to work on any chain.

2. If block.number >= FORK_BLKNUMand CHAIN_IDis available, then when computing the hash of a transaction for the purposes of signing, instead of hashing only six rlp encoded elements (nonce, gasprice, startgas, to, value, data), you SHOULD hash nine rlp encoded elements (nonce, gasprice, startgas, to, value, data, chainid, 0, 0). If you do, then the vof the signature MUST be set to

3. This transaction could only be broadcasted and mined into a block once, since the “nonce” field in transaction object is set to 0. In this case, if the transaction failed by mistake, you could never send the transaction anyway(the fund will be locked ). So, send enough fund to the address recovered to avoid “not enough value ” error.

4. Better giving a high gas price in case of long period gas war.

1. https://weka.medium.com/how-to-send-ether-to-11-440-people-187e332566b7

2. https://github.com/Arachnid/extrabalance/blob/master/multisend.py

3. https://eips.ethereum.org/EIPS/eip-1820

4. https://ethereum.org/en/developers/docs/transactions/

5. https://cypherpunks-core.github.io/ethereumbook/06transactions.html

Origin version on Notion

https://0xsilas.notion.site/One-Time-Address-c5615181392e45d391e13866371189b8

twitter: https://twitter.com/SilasYayoi github: https://github.com/SilasZhr