feat: verifySignature function

[Villaquiranm]

related to #2777

Contributors' checklist...

• Added new tests, or not needed, or not feasible
• Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
• Updated the official documentation or not needed
• No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
• Added references to related issues and PRs
• Provided any useful hints for running manual tests
• Added new benchmarks to generated graphs, if any. More info here.

[codecov]

Codecov Report

Attention: Patch coverage is 89.47368% with 4 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
gnovm/stdlibs/std/native.go	60.00%	2 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

[notJoon]

CI failed. could you please check and fix this?

[Villaquiranm]

CI failed. could you please check and fix this?

I think it is ok just one does not want to finish do not know why
@notJoon

[notJoon]

I checked it purely through test runs, it executed well without any significant issues.

Although I also looked into related issues, it might be better to conduct a more detailed review in the next stage.

remove: review/triage-pending

[thehowl]

I'm still not convinced by this approach. I think we should have verification happen at the protol level rather than happen at the Gno level. Can we not use the message signers as I pointed out in the discussion on #2777?

[zivkovicmilos]

I like the direction, but we need better naming and more tests 🙏

Thinking about this a bit, let's discuss if it's even required, and why

[zivkovicmilos]

Why not add multiple stdlib tests for valid and invalid signature verification?

[zivkovicmilos]

assert.Equal

[zivkovicmilos]

assert.True

[zivkovicmilos]

You don't need to use the keybase to generate a key, you can just use something like ed25519.GenPrivKey() or even better secp256k1.GenPrivKey(), which will mimic what the keybase is doing under the hood

Not to mention it is exponentially faster 🚀

[zivkovicmilos]

Should be named TestVerifyECSignature or something similar

[zivkovicmilos]

Please, let's rename this method to something more descriptive, since this is the sig verification method for both ed25519 and secp256k1. What do you think about VerifyECSignature, as the name for the native method?

Also, I'd rename the args here:

• pubKeySigner -> bech32PubKey (to be explicit)
• msg -> rawData (and please make this a []byte)
• change the type of signature to []byte

[zivkovicmilos]

Check my comment below for the rename 🙏

[zivkovicmilos]

Please, drop this

[zivkovicmilos]

I'm still not convinced by this approach. I think we should have verification happen at the protol level rather than happen at the Gno level. Can we not use the message signers as I pointed out in the discussion on #2777?

@thehowl
I think what @Villaquiranm is aiming at is having generic signature verification, the signature doesn't have to originate from a message / transaction, but can be arbitrary data we sign and push to the chain (not sure what this use case would be, and why we'd verify sigs on chain).

I'm not necessarily for or against this idea, but I'd like to hear why @Villaquiranm would need signature verification on-chain through native methods 👀

For reference, Ethereum has native methods in Solidity for deriving the address from the ECDSA signature, but not for verifying it (there are library contracts that people can import and use) -- which supports the argument that sig verification is something that should be done off-chain

[Gno2D2]

🛠 PR Checks Summary

🔴 Maintainers must be able to edit this pull request (more info)

Manual Checks (for Reviewers):

• IGNORE the bot requirements for this PR (force green CI check)

Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🔴 Maintainers must be able to edit this pull request (more info)

☑️ Contributor Actions:

1. Fix any issues flagged by automated checks.
2. Follow the Contributor Checklist to ensure your PR is ready for review.
   • Add new tests, or document why they are unnecessary.
   • Provide clear examples/screenshots, if necessary.
   • Update documentation, if required.
   • Ensure no breaking changes, or include BREAKING CHANGE notes.
   • Link related issues/PRs, where applicable.

☑️ Reviewer Actions:

1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.

📚 Resources:

• Report a bug with the bot.
• View the bot’s configuration file.

Debug

Automated Checks

Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 The pull request was created from a fork (head branch repo: TERITORI/gno)

Then

🔴 Requirement not satisfied
└── 🔴 Maintainer can modify this pull request

Manual Checks

**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

• Any user with comment edit permission