0

Most crowdsales now require users to verify their ETH address before purchasing tokens, to do this they require the user to sign up and perform KYC via their website.

The back-end then adds this address to a whitelist which then allows this participant to purchase tokens.

However, how is this possible? Does the backend require its own eth account which then pays for each verification transaction?

I've seen some contracts use an eliptic curve signature against a 'signer address' by supplying the users hashed address, along with r, s and v and checking if it then equals the signers address.

Again, how does this work? Does it mean that on the back-end, servers will calculate the hash of a users address, calculate the EC sig against the signer and then store the EC sig in the whitelist?

Jack Pickering
  • 107
  • 12
  • 1
    It's like you recorded a fragment of a conversation and then transcribed it here. No context at all. Stackoverflow is for [programming questions](https://stackoverflow.com/help/on-topic).Questions about **general computing hardware and software** are off-topic for Stack Overflow unless they directly involve tools used primarily for programming. You may be able to get help on [Bitcoin](https://bitcoin.stackexchange.com/). – President James K. Polk Jan 11 '18 at 17:15
  • Thanks for such an ignorant response to a question regarding development techniques. It is a programming question, its a question regarding how one would go about this and I figured I could ask it in the biggest software development forum on earth to see if anyone would mind helping. Ive asked on bitcoin talk as well, in future if you dont like a question please just ingore it rather than leaving a pointless comment. – Jack Pickering Jan 12 '18 at 16:11

1 Answers1

1

So to answer my own question, the standard method for verifying that users are on your whitelist without having to store unnecessary data on your contract is to use the eliptic curve digital signature algorithm for signing users addresses.

You should ask for your users ETH address upon registration, and then you can sign that ETH address using a specified ethereum private key using ecdsa against a known public address (stored on the contract).

This then supplies 3 values, v, r and s which are sent to the contract and can be recovered via an ecrecover function. If the function then returns the known public address, you can verify that you're backend must have signed the eth address with the backends private key therefore, proving the user is a whitelisted participant.

Jack Pickering
  • 107
  • 12