From 472e523f0e3e9f2dbbd7dc8ebf37b19c0515c5ee Mon Sep 17 00:00:00 2001
From: Jimmy <jinghui@wayne.edu>
Date: Sat, 8 Feb 2025 19:02:43 +0800
Subject: [PATCH 1/4] add new NEP draft

---
 nep-recover.mediawiki | 135 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 nep-recover.mediawiki

diff --git a/nep-recover.mediawiki b/nep-recover.mediawiki
new file mode 100644
index 00000000..c3b602fc
--- /dev/null
+++ b/nep-recover.mediawiki
@@ -0,0 +1,135 @@
+  NEP: TBD
+  Title: SECP256K1 ECDSA Public Key Recovery Support
+  Author: Fernando Díaz Toledano <shargon@gmail.com>,Jimmy Liao <vvvincentvan@gmail.com>
+  Type: Draft
+  Status: Draft
+  Created: 2024-12-18
+  Requires: N/A
+  Supersedes: N/A
+  Hardfork: HF_Echidna
+
+==Abstract==
+
+This NEP adds SECP256K1 public key recovery to Neo N3's CryptoLib native contract. This feature enables recovery of signing addresses from signatures, improving interoperability with Bitcoin and Ethereum.
+
+==Motivation==
+
+Most blockchain platforms use addresses derived from SECP256K1 public keys. When verifying signatures from these chains, only the signature, message, and signer's address are available. Neo N3 currently lacks native support for SECP256K1 public key recovery, which limits:
+
+1. Cross-chain bridge implementations
+2. Multi-chain dApp development
+3. Signature verification with only addresses
+4. Advanced signature schemes
+
+==Specification==
+
+===Native Contract Interface===
+
+A method will be added to CryptoLib in <code>HF_Echidna</code>:
+
+====SECP256K1 Public Key Recovery====
+<pre>
+{
+    "name": "secp256k1Recover",
+    "safe": true,
+    "parameters": [
+        {
+            "name": "hash",
+            "type": "ByteArray"
+        },
+        {
+            "name": "signature",
+            "type": "ByteArray"
+        }
+    ],
+    "returntype": "ByteArray"
+}
+</pre>
+
+The method takes the following parameters:
+* hash: A 32-byte array containing the message hash
+* signature: A 64 or 65-byte array containing the ECDSA signature
+  - For 64-byte signatures: contains (r,s) in Compact Signature Representation (ERC-2098) format where the recovery bit is encoded in s
+  - For 65-byte signatures: contains (r,s,v) where v is the recovery ID
+
+The method returns:
+* A 33-byte array containing the recovered public key in compressed format
+
+===Input Requirements===
+
+The method <code>MUST</code> follow these rules:
+
+1. Input Requirements for secp256k1Recover:
+   * hash: A 32-byte array containing the message hash
+   * signature: A 64 or 65-byte array containing the ECDSA signature
+     - For 64-byte signatures: follows ERC-2098 Compact Signature Representation where the most significant bit of s encodes the recovery bit (0 or 1)
+     - For 65-byte signatures: contains (r,s,v) where v is the recovery ID
+
+2. Return Value:
+   * Success: 33-byte compressed public key in SEC format
+   * Failure: Returns null if:
+     - Invalid signature/component length
+     - Invalid recovery value (<code>v</code>)
+     - Invalid signature format
+     - Recovery failure
+
+===Technical Details===
+
+The recovery process <code>MUST</code> follow the SECP256K1 curve specifications:
+
+1. For concatenated signatures, split into <code>r</code>, <code>s</code>, and <code>v</code> components
+2. Apply SECP256K1 curve equation: <code>y² = x³ + 7</code> over field <code>F_p</code>
+   where <code>p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1</code>
+3. Use recovery ID <code>v</code> to determine the correct public key point
+4. Return the public key in compressed SEC format (33 bytes)
+
+==Test Vectors==
+
+The implementation <code>MUST</code> pass the following test vectors:
+
+<pre>
+-----TEST 1-----
+Hash: 14caf05a544c8547b52e97989892514ee8f2722e89f7dd5b99e0ba2160af0e4f
+r: 1c76e62e8d0b31bb188f3457ff0ea874a25814f1acb6df52af8445b1a2001f0a
+s: 7e53d3d0e96e6cbd0bebcf3d63b3c35b0e607a459f9cec52f6904b4f7f5e8ba
+v: 28
+Signature: 1c76e62e8d0b31bb188f3457ff0ea874a25814f1acb6df52af8445b1a2001f0a7e53d3d0e96e6cbd0bebcf3d63b3c35b0e607a459f9cec52f6904b4f7f5e8ba1b
+Public Key: 02c0dec04c7ccc57061f6d22d3c4e6e0d4ed742861a84c42bb65948ae4e2d67fcd
+
+-----TEST 2-----
+Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+r: 5f8499879ce281f6a15449e7458c96103a79c89f61979c0b3a8a61c88e7d8d5a
+s: 3cec0b839958ddb1458e46f7f8c865b7e0485137e5ce7617c8f4bd7f43bb88e
+v: 28
+Signature: 5f8499879ce281f6a15449e7458c96103a79c89f61979c0b3a8a61c88e7d8d5a3cec0b839958ddb1458e46f7f8c865b7e0485137e5ce7617c8f4bd7f43bb88e1c
+Public Key: 03e33b41f5dd1e3536f01f4646e747e739e9d104d2a21c2d30f161e3cefb26e5c7
+
+-----TEST 3 (Invalid Cases)-----
+# Invalid recovery ID
+r: 1c76e62e8d0b31bb188f3457ff0ea874a25814f1acb6df52af8445b1a2001f0a
+s: 7e53d3d0e96e6cbd0bebcf3d63b3c35b0e607a459f9cec52f6904b4f7f5e8ba
+v: 29
+Result: null
+
+# Invalid r length
+r: 1c76e62e8d0b31bb188f3457ff0ea874a25814f1acb6df52af8445b1a2001f
+s: 7e53d3d0e96e6cbd0bebcf3d63b3c35b0e607a459f9cec52f6904b4f7f5e8ba
+v: 28
+Result: null
+</pre>
+
+==Backwards Compatibility==
+
+This NEP introduces new functionality without modifying existing behavior. All existing signature verification methods will continue to work as before. The new methods will only be available after the HF_Echidna hardfork activation.
+
+==References==
+
+1. SEC 2: Recommended Elliptic Curve Domain Parameters
+2. Ethereum Yellow Paper (Appendix F: Signing Transactions)
+3. Bitcoin BIP-137: Signatures of Messages using Private Keys
+4. ERC-2098: Compact Signature Representation
+
+==Implementation==
+
+The implementation will be provided in the following pull request:
+[Implementation Link TBD]

From 69ae9f23f98e6fd2dca83ad0968c75b07af34d91 Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Sun, 9 Feb 2025 02:55:26 -0800
Subject: [PATCH 2/4] Update nep-recover.mediawiki

---
 nep-recover.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nep-recover.mediawiki b/nep-recover.mediawiki
index c3b602fc..3d6740b8 100644
--- a/nep-recover.mediawiki
+++ b/nep-recover.mediawiki
@@ -1,6 +1,6 @@
   NEP: TBD
   Title: SECP256K1 ECDSA Public Key Recovery Support
-  Author: Fernando Díaz Toledano <shargon@gmail.com>,Jimmy Liao <vvvincentvan@gmail.com>
+  Author: Fernando Díaz Toledano <shargon@gmail.com>, Jimmy Liao <vvvincentvan@gmail.com>
   Type: Draft
   Status: Draft
   Created: 2024-12-18

From 17b452727e9c303bd9998b1149f24e92abd8bfcc Mon Sep 17 00:00:00 2001
From: Jimmy <jinghui@wayne.edu>
Date: Sun, 9 Feb 2025 23:15:47 +0800
Subject: [PATCH 3/4] Update nep-recover.mediawiki

Co-authored-by: Shargon <shargon@gmail.com>
---
 nep-recover.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nep-recover.mediawiki b/nep-recover.mediawiki
index 3d6740b8..47a78f2e 100644
--- a/nep-recover.mediawiki
+++ b/nep-recover.mediawiki
@@ -6,7 +6,7 @@
   Created: 2024-12-18
   Requires: N/A
   Supersedes: N/A
-  Hardfork: HF_Echidna
+  Hardfork: Echidna
 
 ==Abstract==
 

From 4bb36ec8a61efd337a9b204a2136ee0200a1238c Mon Sep 17 00:00:00 2001
From: Jimmy <jinghui@wayne.edu>
Date: Sun, 9 Feb 2025 23:15:57 +0800
Subject: [PATCH 4/4] Update nep-recover.mediawiki

Co-authored-by: Shargon <shargon@gmail.com>
---
 nep-recover.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nep-recover.mediawiki b/nep-recover.mediawiki
index 47a78f2e..f398c454 100644
--- a/nep-recover.mediawiki
+++ b/nep-recover.mediawiki
@@ -25,7 +25,7 @@ Most blockchain platforms use addresses derived from SECP256K1 public keys. When
 
 ===Native Contract Interface===
 
-A method will be added to CryptoLib in <code>HF_Echidna</code>:
+A method will be added to CryptoLib with the hardfork <code>Echidna</code>:
 
 ====SECP256K1 Public Key Recovery====
 <pre>