NethermindEth · benaadams · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025
@@ -40,7 +40,7 @@ public Signer(ulong chainId, IProtectedPrivateKey key, ILogManager logManager)
         public Signature Sign(in ValueHash256 message)
         {
             if (!CanSign) throw new InvalidOperationException("Cannot sign without provided key.");
-            byte[] rs = SpanSecP256k1.SignCompact(message.Bytes, _key!.KeyBytes, out int v);
+            byte[] rs = SecP256k1.SignCompact(message.Bytes, _key!.KeyBytes, out int v);
             return new Signature(rs, v);
         }
 

diff --git a/src/Nethermind/Nethermind.Core.Test/Crypto/SignatureTests.cs b/src/Nethermind/Nethermind.Core.Test/Crypto/SignatureTests.cs
@@ -41,7 +41,7 @@ public void can_recover_from_message()
         var signatureObject = new Signature(signatureSlice, recoveryId);
         var keccak = Keccak.Compute(Bytes.Concat(messageType, data));
         Span<byte> publicKey = stackalloc byte[65];
-        bool result = SpanSecP256k1.RecoverKeyFromCompact(publicKey, keccak.Bytes, signatureObject.Bytes.ToArray(), signatureObject.RecoveryId, false);
+        bool result = SecP256k1.RecoverKeyFromCompact(publicKey, keccak.Bytes, signatureObject.Bytes, signatureObject.RecoveryId, false);
         result.Should().BeTrue();
     }
 }
@@ -21,7 +21,7 @@ public Signature Sign(PrivateKey privateKey, in ValueHash256 message)
                 InvalidPrivateKey();
             }
 
-            byte[] signatureBytes = SpanSecP256k1.SignCompact(message.Bytes, privateKey.KeyBytes, out int recoveryId);
+            byte[] signatureBytes = SecP256k1.SignCompact(message.Bytes, privateKey.KeyBytes, out int recoveryId);
             Signature signature = new(signatureBytes, recoveryId);
 
 #if DEBUG
@@ -40,7 +40,7 @@ public Signature Sign(PrivateKey privateKey, in ValueHash256 message)
         public PublicKey? RecoverPublicKey(Signature signature, in ValueHash256 message)
         {
             Span<byte> publicKey = stackalloc byte[65];
-            bool success = SpanSecP256k1.RecoverKeyFromCompact(publicKey, message.Bytes, signature.Bytes, signature.RecoveryId, false);
+            bool success = SecP256k1.RecoverKeyFromCompact(publicKey, message.Bytes, signature.Bytes, signature.RecoveryId, false);
             if (!success)
             {
                 return null;
@@ -52,7 +52,7 @@ public Signature Sign(PrivateKey privateKey, in ValueHash256 message)
         public CompressedPublicKey? RecoverCompressedPublicKey(Signature signature, in ValueHash256 message)
         {
             Span<byte> publicKey = stackalloc byte[33];
-            bool success = SpanSecP256k1.RecoverKeyFromCompact(publicKey, message.Bytes, signature.Bytes, signature.RecoveryId, true);
+            bool success = SecP256k1.RecoverKeyFromCompact(publicKey, message.Bytes, signature.Bytes, signature.RecoveryId, true);
             if (!success)
             {
                 return null;

@@ -30,7 +30,7 @@ public class EthereumEcdsa(ulong chainId) : Ecdsa, IEthereumEcdsa
         private static Address? RecoverAddress(Span<byte> signatureBytes64, byte v, ReadOnlySpan<byte> message)
         {
             Span<byte> publicKey = stackalloc byte[65];
-            bool success = SpanSecP256k1.RecoverKeyFromCompact(
+            bool success = SecP256k1.RecoverKeyFromCompact(
                 publicKey,
                 message,
                 signatureBytes64,
@@ -41,7 +41,7 @@ public class EthereumEcdsa(ulong chainId) : Ecdsa, IEthereumEcdsa
         }
 
         public static bool RecoverAddressRaw(ReadOnlySpan<byte> signatureBytes64, byte v, ReadOnlySpan<byte> message, Span<byte> resultPublicKey65) =>
-            SpanSecP256k1.RecoverKeyFromCompact(
+            SecP256k1.RecoverKeyFromCompact(
                 resultPublicKey65,
                 message,
                 signatureBytes64,

@@ -3,6 +3,7 @@
 
 using System;
 using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
 using Nethermind.Core;
 using Nethermind.Core.Crypto;
 using Nethermind.Core.Extensions;
@@ -70,8 +71,13 @@ private Result<byte[]> RunInternal(ReadOnlySpan<byte> inputDataSpan)
             return Empty;
         }
 
-        byte[] result = ValueKeccak.Compute(publicKey.Slice(1, 64)).ToByteArray();
-        result.AsSpan(0, 12).Clear();
+        byte[] result = new byte[32];
+        KeccakHash.ComputeHashBytesToSpan(publicKey.Slice(1, 64), result);
+
+        ref byte refResut = ref MemoryMarshal.GetArrayDataReference(result);
+
+        // Clear first 12 bytes, as address is last 20 bytes of the hash
+        Unsafe.InitBlockUnaligned(ref refResut, 0, 12);
         return result;
     }
 }
@@ -153,7 +153,7 @@ private bool IsSignatureValid(ReadOnlySpan<byte> payloadData, Span<byte> signatu
         byte[] signedHash = KeccakHash.ComputeHashBytes(sequencerSignedData);
 
         Span<byte> publicKey = stackalloc byte[65];
-        bool success = SpanSecP256k1.RecoverKeyFromCompact(
+        bool success = SecP256k1.RecoverKeyFromCompact(
             publicKey,
             signedHash,
             signature.Slice(0, 64),

diff --git a/src/Nethermind/Nethermind.Wallet/DevKeyStoreWallet.cs b/src/Nethermind/Nethermind.Wallet/DevKeyStoreWallet.cs
@@ -100,7 +100,7 @@ public Signature Sign(Hash256 message, Address address, SecureString passphrase)
                 key = _keyStore.GetKey(address, passphrase).PrivateKey;
             }
 
-            var rs = SpanSecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
+            var rs = SecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
             return new Signature(rs, v);
         }
 
@@ -116,7 +116,7 @@ public Signature Sign(Hash256 message, Address address)
                 throw new SecurityException("Can only sign without passphrase when account is unlocked.");
             }
 
-            var rs = SpanSecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
+            var rs = SecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
             return new Signature(rs, v);
         }
     }

diff --git a/src/Nethermind/Nethermind.Wallet/DevWallet.cs b/src/Nethermind/Nethermind.Wallet/DevWallet.cs
@@ -117,7 +117,7 @@ private bool CheckPassword(Address address, SecureString passphrase)
 
         public Signature Sign(Hash256 message, Address address)
         {
-            var rs = SpanSecP256k1.SignCompact(message.Bytes, _keys[address].KeyBytes, out int v);
+            var rs = SecP256k1.SignCompact(message.Bytes, _keys[address].KeyBytes, out int v);
             return new Signature(rs, v);
         }
     }

diff --git a/src/Nethermind/Nethermind.Wallet/ProtectedKeyStoreWallet.cs b/src/Nethermind/Nethermind.Wallet/ProtectedKeyStoreWallet.cs
@@ -97,7 +97,7 @@ private Signature SignCore(Hash256 message, Address address, Func<PrivateKey> ge
         {
             var protectedPrivateKey = (ProtectedPrivateKey)_unlockedAccounts.Get(address.ToString());
             using PrivateKey key = protectedPrivateKey is not null ? protectedPrivateKey.Unprotect() : getPrivateKeyWhenNotFound();
-            var rs = SpanSecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
+            var rs = SecP256k1.SignCompact(message.Bytes, key.KeyBytes, out int v);
             return new Signature(rs, v);
         }
     }