Home

ecrecover

ecrecover is an Ethereum virtual machine (EVM) opcode that recovers the address associated with an elliptic‑curve digital signature. It is used primarily in smart contracts to verify that a message was signed by the holder of a particular private key without requiring the private key itself. The opcode takes four inputs: a 32‑byte message hash and the three components of an ECDSA signature – v (the recovery identifier), r and s – and returns a 20‑byte address if the signature is valid, otherwise it returns zero.

In Solidity the function is exposed as ecrecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) public pure

ecrecover enables patterns such as meta‑transactions, off‑chain approvals, and decentralized identity verification. Because the opcode performs

The opcode is gas‑efficient compared with full signature verification libraries, but developers should remain aware of

returns
(address).
Developers
typically
hash
a
structured
message
with
keccak256
before
calling
the
function,
ensuring
that
the
signed
data
cannot
be
misinterpreted
as
a
transaction.
The
v
value
is
usually
27
or
28,
though
chain‑specific
replay
protection
(EIP‑155)
adds
an
offset
that
must
be
subtracted
before
passing
to
ecrecover.
only
the
elliptic‑curve
recovery
step,
it
does
not
check
signature
malleability;
contracts
must
enforce
additional
constraints,
for
example
requiring
s
to
be
in
the
lower
half
of
the
curve
order.
Incorrect
handling
can
lead
to
replay
attacks
or
acceptance
of
forged
signatures.
its
limitations
and
combine
it
with
proper
hashing,
domain
separation,
and
replay‑attack
mitigations
to
maintain
security.