Hi, I’ve been trying to get my head around the threshold ECDSA implementation, and a concern came to mind about rogue node operators potentially creating fake signed messages that could be submitted to e.g. an ECDSA-enabled blockchain.
When canisters send requests for message hashes to be signed, when that signature is returned, is it always identical on each canister and node?
If it’s not necessarily identical for each request, in order for the signed message_hash to be sent off with a message for another purpose (e.g. to make a transaction on an ECDSA-compatible blockchain like Ethereum), is a single signed message sufficient, or do you need to combine the signatures from multiple nodes?
Note: I’m assuming here that the same parameters (canister_id, message_hash, derivation_path, curve and key_id) are used.
I ask because if the signatures returned to each node are identical - or at least if they are sufficient to fully sign messages to another blockchain - it appears that this would be a potential security risk.
For example, a rogue node operator could create an arbitrary message (e.g. to send ETH from a canister-controlled address on Ethereum to the node operators wallet address), send the hash of that message on behalf of a canister it hosted to the signature canister/subnet, get a signed message back, which it could then submit to the Ethereum network.
This would require the node operator knowing that its canister controlled an Ethereum wallet that had ETH (or whatever) in it, but that wouldn’t be hard to find out.
Is there some other mechanism in place to prevent this kind of abuse?
Any clarification on this would be appreciated.