Create and sign Ethereum transactions

The author of this article is Jose Aguinaga, translated and proofread by Min Min and A Jian.

In our previous articles, we have explained the purpose of creating a private key and how to create one. Specifically, in the first part, we learned that a key is just a large random number, nothing more; and in the second part, we learned how to create an Ethereum wallet that can hold assets using a large random number. In this final part, we will learn how to use such random numbers to sign and manage your own virtual assets.

1. Transactions ------ Old out, new in

Blockchain transactions are not particularly different from bank transactions. Nowadays, most banks support you to complete most operations digitally: transferring money to others, depositing money into your own savings account, and even borrowing, etc. Internet technology allows us to complete most operations without being physically present.

Although these operations are easy for you, they are neither easy nor cheap for banks. Behind the scenes, multiple third parties are involved in the settlement, verification, and confirmation of your banking operations. If that’s not enough, to comply with banking regulations, financial institutions must also implement cumbersome measures to ensure that you (the person initiating the operation) are indeed the one authorized to operate your account.

All these layers incur heavy costs, which is why gateways like Visa and Mastercard charge fees every time they provide services, usually based on the amount transferred. And, of course, any operation you initiate can be frozen or even reversed at any time.

In 2017, the European Union required financial institutions to implement the Payment Services Directive 2 (Directive 2015/2366), which mandates that banks must implement security regulations including SCA (Strong Customer Authentication). Due to the costs associated with PSD2+SCA, by March 2019, only 59% of European banks had successfully met regulatory requirements, leading to a one-year extension of the deadline.

2. The rules of blockchain transactions are different

Due to the distributed and permissionless nature of public chains, anyone can sign and broadcast transactions on the network. Based on the characteristics of blockchain, you need to set aside a portion of funds as a transaction fee so that your transaction can be "mined" (i.e., packaged by a miner onto the blockchain), but the amount of the fee depends on the user's demand for using the blockchain, unrelated to the value being transferred.

For example, transferring $1 from one Ethereum account to another incurs the same transaction fee as transferring $1 million. As long as the fees are the same, both transactions are treated equally by miners and will be packaged into valid blocks and propagated across the network.

A block contains a series of transactions, and blocks are added one after another, only increasing. Because part of the data in a new block comes from the previous block, these "blocks" form an ordered chain, which is where the name "blockchain" comes from.

Blockchain also uses a data structure that is easy to process and verify, called a "Merkle tree," which is part of the reason why it is nearly impossible to forge a transaction or a block on the blockchain—it's just too easy to verify.

Moreover, blockchain transactions do not require validation from any authoritative body. To issue a valid transaction, you only need to use the private key corresponding to the blockchain system's digital signature algorithm (DSA) to generate a signature for the transaction. Ethereum and Bitcoin blockchains use the ECDSA algorithm, while Cardano and Polkadot use the EdDSA algorithm.

Both algorithms rely on elliptic curve cryptography, but the latter uses the twisted Edwards curve, which is an improvement for general digital signatures. Any account can initiate a transaction using a private key signature, but only transactions initiated by addresses with sufficient balance can be successfully executed.

The elliptic curve signature algorithm is based on the "discrete logarithm problem," whose classic form is to find k given an integer k such that a^k ≡ b (mod p), where p is a prime number. Unlike other public key cryptography algorithms like RSA, which is based on the factorization problem of large exponents (which has recently become a target for lattice-based cryptography attacks).

To date, no efficient method has been found to compute k (which can be described as given points P and Q on the elliptic curve). This is also why, although different blockchains use different curves and signature algorithms, they all rely on elliptic curves.

Once a transaction has a signature, is sent to the network along with the signature, and is packaged into a successfully mined block, that transaction cannot be reversed. Unlike bank operations, successfully packaged on-chain transactions cannot be undone or restored to the state before the transaction was executed. Most public chains make the content of transactions completely visible, so the blockchain used for these transactions is the ultimate source of truth for these assets.

3. The structure of Ethereum transactions

Now that we fully understand the characteristics of blockchain transactions, we are ready to create an Ethereum transaction. We will start with a simple transfer transaction:

Transfer 0.1 ETH to address 0x17A98d2b11Dfb784e63337d2170e21cf5DD04631.

Transactions can be expressed in JavaScript Object Notation (JSON) format, and when creating this transaction, we can see this information on MyEtherWallet (using send offline after logging in):

(Note: The main use of the MyEtherWallet website is to help you generate an Ethereum account, but using it directly to send transactions may require you to expose your private key or mnemonic phrase, which is a very unsafe practice and is highly discouraged. If you want to use MyEtherWallet, please use it in conjunction with their browser extension or mobile wallet, rather than directly using their website.)

Here, several values will pop up: nonce, gasLimit, gasPrice, data, and chainId. None of these are related to the content of the transaction, but they are all related to how the transaction is executed. This is because, to send a transaction on Ethereum, you need to define some additional parameters in advance to tell miners how to handle your transaction.

Two parameters of the transaction are related to "gas." Gas itself is a unit used to measure the computational burden of a transaction, serving as the basis for paying Ethereum miners. One parameter is gasPrice, which indicates the price the user is willing to pay per unit of gas, measured in Gwei (Gwei is 1/10^9 of ETH);

The other is gasLimit, which is the maximum amount of gas the user specifies their transaction can consume. These parameters can be estimated to a reasonable value by Ethereum nodes, and generally, they are filled in by wallet service providers.

Value on Ethereum is usually measured in wei. Wei is the smallest unit of value on the Ethereum blockchain, equal to 1/10^18 of ETH. Gas Price is usually measured in giga wei (abbreviated as Gwei).

Gas Price is a complex issue on the Ethereum network because it often fluctuates. EIP-1559 is a recent network change that may be introduced by the end of this year, potentially alleviating the severe fluctuations in Gas Price. Besides wei and Gwei, there are other units used to represent value. To learn about these units, please visit eth-converter.com.

(Note: The author published this article in April 2021. It has since been confirmed that Ethereum core developers decided to include 1559 in the "London" upgrade in August 2021. The change in user experience due to 1559 is that users no longer directly specify Gas Price; instead, they specify two values: MaxFeePerGas and MaxPriorityFeePerGas, where the former indicates the maximum price you are willing to pay per unit of gas, and the latter indicates the maximum price you are willing to pay to miners per unit of gas;

In fact, the price you pay for gas is min(MaxFeePerGas, MaxPriorityFeePerGas + BaseFee) (i.e., the smaller of the two), where BaseFee is a value that automatically fluctuates based on the previous block's load rate. The price miners receive is your Gas price minus BaseFee; the BaseFee portion will be burned.

It is worth noting that in the foreseeable future, users can still use the traditional transaction format to send transactions, but this format may eventually be deprecated at the protocol level, meaning that the Ethereum transaction format discussed in this article may one day become obsolete.)

In addition to the gas parameters, you also need to specify which network to execute this transaction on. The Ethereum network includes both the mainnet with chainId 1 and other test networks (testnets). You can also send transactions on testnets without losing any money, as testnet ETH can be obtained for free.

Generally speaking, if you want to deploy a dApp, the first step should be to debug it on a local network, then deploy it to a testnet, and finally deploy it to the mainnet.

Finally, it is also important that we have data and nonce. If you want to add extra data to the transaction, you will need to use the data field. When interacting with a smart contract, the data field can contain instructions you give to the contract.

Nonce ("number used once") is a value used by the Ethereum network to track your account status, prevent double spending, and avoid replay attacks (it can be understood as a serial number).

When your transaction cannot be packaged temporarily due to a low gas fee, you can use the same nonce but specify a higher gas price to "replace" your stuck transaction; once this "faster" transaction is packaged on-chain, your originally signed transaction (because it used the same nonce) will be discarded by Ethereum nodes.

4. Signing an Ethereum transaction

Once we have formed the JSON encoding mentioned above, we can proceed to the signing process. As we mentioned, this process uses the ECDSA algorithm. Here we will use a commonly used library, ethers.js, which has encapsulated the elliptic curve needed to generate signatures using the ECDSA algorithm on the secp256k1 curve.

You can use Runkit to test this code online and compare it with the results on MyEtherWallet. The private key used here is:

0x616E6769652E6A6A706572657A616775696E6167612E6574682E6C696E6B0D0A

(Note: The private key is exposed here for educational purposes only. Exposing your private key at any time is an extremely unsafe act that may lead to the loss of all assets in your account! Please avoid exposing your private key and mnemonic phrase at all costs.)

The result is:

0xf86b80843b9aca008252089417a98d2b11dfb784e63337d2170e21cf5dd0463188016345785d8a00008025a02e47aa4c37e7003af4d3b7d20265691b6c03baba509c0556d21acaca82876cb4a01b5711b8c801584c7875370ed2e9b60260b390cdb63cf57fa6d77899102279a0.

This indicates that you have signed the transaction, which can now be sent to the Ethereum network. You can directly use MEW or Alchemy's online tool Composer to transmit your signed transaction to the Ethereum network. The principle is to interact with an Ethereum node using RPC methods like eth_sendRawTransaction.

5. Sign now, send later

The signing process described above can be referred to as "offline signing." Because we create the signature first and then find a way to broadcast it. However, many online wallets combine signing and broadcasting together (like Metamask and Portis), broadcasting immediately after signing. Nevertheless, offline signing is very practical for many applications (like state channels).

A state channel is a smart contract that monitors the accounts of both parties and settles funds between them based on the signed transactions submitted by both accounts. Offline signing is also a common practice on decentralized exchanges: buy and sell orders are stored off-chain and only settled on-chain when matched successfully. It also plays an important role in Layer 2 solutions like zkRollup and Optimistic Rollup.

Using Portis, you can interact with the Gas Station Network (GSN) using signed transactions. Portis has subscribed to a group of relayers in GSN who can help pay the gas fees for your transactions.

These relayers are associated with a decentralized contract (like this one on the Ropsten testnet), and Portis can request them to relay your transaction. You still need to sign your transaction, but Portis will take care of everything else, so even if you are using a brand new wallet with no balance to pay gas fees, you can still interact with smart contracts. Try it out on our cryptopuppers application!

If you want to learn more, here is the specification for GSN (EIP-1613). Also, you can see a demo of the interaction between the TabooKey team and Portis's beloved cryptopuppers application.

Having completed the signing process, we must say goodbye to you in this series explaining private keys. If you have followed along, you should now understand how Ethereum accounts are created and what Ethereum transactions are all about.

Original link: https://medium.com/portis/part-three-creating-and-signing-ethereum-transactions-e9cca44d7e2d