Generating Keys and Signatures

The price oracle must securely store an HMAC_SECRET key (used to generate threshold keys), and SIGN_SECRET key (used to sign responses):

// Used to generate a unique secret key for each price quote:
HMAC_SECRET = 32 (or more) randomly generated bytes.

// Used to provide a signature with each price quote:
SIGN_SECRET = 32 randomly generated bytes (on the secp256k1 curve).

// Compressed public key of the signing secret key.
ORACLE_PK   = get_ecdsa_compressed_pubkey(SIGN_SECRET)// Some code

When the oracle receives a request, the thold_key and thold_hash can be generated using the following formula:

DOMAIN_LABEL  = utf8_to_bytes("bitcoin/usd_price_quote")
QUOTE_PRICE   = uint32_to_bytes(quote_price, size=4)
QUOTE_STAMP   = uint32_to_bytes(quote_stamp, size=4)
THOLD_PRICE   = uint32_to_bytes(thold_price, size=4)
THOLD_KEY     = hmac256(HMAC_SECRET, DOMAIN_LABEL, ORACLE_PK, QUOTE_PRICE, QUOTE_STAMP, THOLD_PRICE)
THOLD_HASH    = ripemd160(sha256(THOLD_KEY))

When providing a response, the contents of the price quote must be hashed and signed using the following formula:

PREIMAGE = json_to_utf8_bytes({
  expiry_price : number | null // Price of the first exchange record to cross threshold.
  expiry_stamp : number | null // Timestamp of the first exchange record to cross threshold. 
  is_expired   : boolean       // If the threshold has been crossed.
  oracle_pk    : string        // Public key belonging to the Price Oracle.
  quote_price  : number        // The exchange price of the quote.
  quote_stamp  : number        // The exchange timestamp of the quote.
  req_stamp    : number        // Timestamp of the latest exchange record.
  thold_hash   : string        // HASH160 hash of the threshold key.
  thold_key    : string | null // HMAC256 key controlling the stop-loss event.
  thold_price  : number        // Threshold price that was provided with the request.
})
REQUEST_ID  = sha256(PREIMAGE)
REQUEST_SIG = ecdsa_sign(SIGN_SECRET, PREIMAGE)

Last updated

Was this helpful?