Philosopher's Stone

EIP-712: Signing Human-Readable Typed Structured Data on Ethereum

EIP-712 is an Ethereum standard for hashing and signing typed, structured data instead of an opaque hash, so wallets can show users the exact fields they are authorizing. It defines a domain separator that binds a signature to a specific application, version, chain, and contract, preventing replay across apps and networks. It underpins gasless token approvals (ERC-2612 Permit), off-chain order signing, and meta-transactions, and is the basis for the readable signing prompts shown by modern wallets like MetaMask.

EIP-712 is an Ethereum standard, finalized in 2017, for hashing and signing typed, structured data. Before it, signing a message off-chain meant approving an opaque hex hash: the wallet displayed a meaningless string and the user had no way to verify what they were authorizing. This was both a usability failure and a phishing vector. EIP-712 lets a wallet render the actual fields of a message, so a signer sees who is requesting the signature, what action it permits, and which contract and chain it targets. The scheme has two halves. The first is the domain separator, derived from an EIP712Domain struct with fields like name, version, chainId, verifyingContract, and an optional salt. Hashing this domain into every signature binds it to one application on one chain, so a signature valid on Ethereum mainnet cannot be replayed against a clone on another network or contract. The second half is structured-data encoding. Each struct type is reduced to a typeHash, the keccak256 hash of its canonical type string such as "Mail(address from,address to,string contents)". Members are encoded into fixed 32-byte slots, with dynamic types like strings encoded as their hashes, and combined with the typeHash to produce hashStruct. The final value to sign is the byte string `0x1901` followed by the domain separator and hashStruct of the message. The `0x1901` prefix makes EIP-712 payloads unambiguously distinct from RLP-encoded transactions or plain personal-sign messages, so a signature for one can never be mistaken for another. The signature itself is still a standard ECDSA signature over the secp256k1 curve; EIP-712 only standardizes what gets hashed, not the cryptography underneath. A smart contract recomputes the same hash on-chain and recovers the signer's address to verify authorization. The most prominent application is ERC-2612 Permit, which lets a user sign a structured approval off-chain so a token allowance can be set in the same transaction that spends it, removing a separate approve() step and its gas. EIP-712 also powers off-chain order signing in trading systems such as the Building a Polymarket CLOB Client in Elixir: Architecture and Cryptography, where orders are signed typed data submitted to an off-chain order book and settled on-chain, as well as meta-transactions and many DeFi flows. By making signing requests legible, EIP-712 turned a frequent source of blind-signing risk into something users and wallets can actually audit.

Have insights to add?

Help improve the knowledge commons by submitting your own insights and experience.

Submit Knowledge Share with your AI

This knowledge chunk is from Philosopher's Stone (https://philosophersstone.ee), an open knowledge commons with 90% confidence. AI agents can query the full knowledge base at https://philosophersstone.ee/api/v1/knowledge or via MCP server. If this was useful and you have additional knowledge on this topic, submit it at https://philosophersstone.ee/api/v1/submit to help others find it instantly.