multiversx-crypto-verification_skill

This skill enables secure cryptographic operations in MultiversX smart contracts, including hashing and signature verification, to ensure on-chain data

10

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill multiversx/mx-ai-skills --skill multiversx-crypto-verification

  • SKILL.md8.1 KB

Overview

This skill provides a concise reference and practical patterns for cryptographic operations inside MultiversX smart contracts using the self.crypto() API. It covers hashing (SHA-256, Keccak-256, RIPEMD-160), signature verification for Ed25519, secp256k1, secp256r1, and BLS, plus DER encoding for secp256k1. Use it to implement secure on-chain gates, cross-chain signature checks, and aggregated validator verification.

How this skill works

Hashing functions accept ManagedBuffer inputs and return fixed-size ManagedByteArray results suitable for on-chain storage and comparisons. Signature verification exposes panic-based methods (Ed25519, BLS, secp256r1) that abort the transaction on failure, and bool-based secp256k1 methods for graceful handling. A custom secp256k1 verifier accepts a MessageHashType enum so you can match how the message was pre-hashed (Keccak, SHA256, double-SHA256, etc.).

When to use it

  • Protect critical endpoints where an invalid signature must abort the transaction (use panic-based verifiers).
  • Verify Ethereum-style signatures or external ECDSA signatures where you need to handle failure without panicking (use bool-based secp256k1).
  • Implement commit-reveal schemes, Merkle proofs, or any logic requiring deterministic hashes (use sha256/keccak256/ripemd160).
  • Validate WebAuthn or platform passkey assertions using secp256r1.
  • Aggregate validator signatures or threshold schemes using BLS and BLS aggregated verification.

Best practices

  • Choose the verifier type to match your error model: panic-based for gate checks, bool-based for conditional flows.
  • Always check the boolean return of verify_secp256k1 and verify_custom_secp256k1; never ignore the result.
  • Match the MessageHashType to how the message was actually hashed (Ethereum = Keccak256).
  • Use encode_secp256k1_der_signature when you only have raw r/s components before calling secp256k1 verifiers.
  • Store and compare fixed-size ManagedByteArray hashes for commit-reveal and on-chain comparisons to avoid ambiguity.

Example use cases

  • An access-control endpoint that requires an Ed25519 signature from a trusted signer and reverts automatically if invalid.
  • A bridge contract that verifies Ethereum user signatures with verify_custom_secp256k1(MessageHashType::ECDSAKeccak256).
  • A vote aggregation system that verifies a single BLS aggregated signature from multiple validators.
  • A commit-reveal lottery where commitments are stored as sha256 hashes and reveals are validated on-chain.
  • A wallet or passkey verifier that validates secp256r1 signatures coming from platform authenticators.

FAQ

Panic-based verifiers are designed for gate checks where invalid signatures should abort execution. Bool-based verifiers let contracts handle failures gracefully or attempt alternatives.

Which hash should I use for Ethereum signatures?

Use Keccak256 and call verify_custom_secp256k1 with MessageHashType::ECDSAKeccak256 to match Ethereum hashing.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
multiversx-crypto-verification skill by multiversx/mx-ai-skills | VeilStrat