ECDSA Node - Secure Transfer Application

A secure client-server web application implementing Elliptic Curve Digital Signature Algorithm (ECDSA) for authenticated fund transfers using public key cryptography.

🎓 Alchemy University Bootcamp - Week 1 Project

Original project repository: alchemyplatform/ecdsa-node

🔐 What This Project Does

This application demonstrates secure fund transfers between accounts using digital signatures. Users sign transactions with their private keys on the client-side, and the server verifies signatures by recovering the public key - without ever exposing private keys over the network.

Key Features

✅ Digital Signature Authentication - Only valid signature holders can move funds
✅ Public Key Recovery - Server derives sender identity from signature
✅ Secure Client-Side Signing - Private keys never leave the browser
✅ Real-time Balance Updates - Instant transaction feedback

🚀 Quick Start

Prerequisites

• Node.js installed
• npm or yarn package manager

Installation

1. Clone the repository

   git clone <your-repo-url>
   cd ecdsa-node

2. Install dependencies

   # Install server dependencies
   cd server
   npm install
   
   # Install client dependencies
   cd ../client
   npm install

3. Run the server

   cd server
   nodemon index
   # Server runs on http://localhost:3042

4. Run the client

   cd client
   npm run dev
   # Client runs on http://localhost:5173

🧪 Testing the Application

Use these pre-generated private keys to test transactions:

Account 1 (Balance: 100)

6b7ec9978b8bbc16ae2a1408932d3f2b5d95de692489b6311ee27ce3aca3f447

Account 2 (Balance: 50)

61b2a99760a81a3f5e20bb3ebbaf3e4affe1afaa0840d54c98b605fd4b782039

Account 3 (Balance: 75)

20610ff56e7527b1daec8dc7302c7c878cee8e0102b6c8a79330aef7d1dbe802

How to Transfer Funds

1. Paste a private key in the wallet input field
2. Your balance will display automatically
3. Enter recipient's public key (visible after they enter their private key)
4. Enter amount to transfer
5. Click "Transfer" - transaction is signed and verified!

🔧 Technical Implementation

Client Side (/client)

• React + Vite frontend
• ethereum-cryptography@1.2.0 for signing
• Signs transactions with secp256k1.sign() using keccak256 hashes
• Sends only signatures to server (never private keys)

Server Side (/server)

• Express.js backend
• Recovers public keys from signatures using secp256k1.recoverPublicKey()
• Validates sender identity cryptographically
• Maintains account balances in-memory

📚 Cryptographic Flow

1. User enters private key → Client derives public key
2. User initiates transfer → Client creates message hash
3. Client signs hash with private key
4. Client sends: { signature, recoveryBit, amount, recipient }
5. Server recreates message hash
6. Server recovers public key from signature
7. Server validates and processes transaction

🛡️ Security Features

• ✅ Private keys stay client-side only
• ✅ Signatures are transaction-specific
• ✅ Public key recovery ensures authenticity
• ✅ Server never stores or receives private keys

🎯 Learning Outcomes

This project demonstrates:

• Public key cryptography fundamentals
• Digital signature creation and verification
• Secure client-server communication
• ECDSA implementation with secp256k1 curve

📦 Dependencies

• ethereum-cryptography@1.2.0 - Cryptographic functions
• express - Server framework
• cors - Cross-origin resource sharing
• react - Frontend framework
• vite - Build tool

📖 Resources

• Original Project Repo
• Alchemy University
• ethereum-cryptography Documentation

---

Built with 🎯 as part of Alchemy University Blockchain Developer Bootcamp