7

I've skimmed through the https://en.bitcoin.it/wiki/Protocol_specification and it seems that when sending someone bitcoins, I would sign the transaction data (not quite sure which parts exactly) with my private key, so that people could verify it with my public key, but my address is a digest of my public key, so where do people get my public key from?

Phlexonance
  • 71
  • 2

1 Answers1

2

The transaction's INPUT has ScriptSig which is both the signature as well as the public key.

Stephen Gornick
  • 27,040
  • 12
  • 67
  • 141
  • The script contains two components, a signature and a public key. The public key belongs to the redeemer of the output transaction and proves the creator is allowed to redeem the outputs value.

    So it's the receiver's public key. How does that help?

     – Phlexonance Mar 19 '13 at 12:09
  • 3
    No, the script contains the spender's public key. It is like saying - "here is a check to address X. I own that address, here is a proof: I have a public key Y, it turns into address X, and here is a signature from my private key that can be verified with Y". The sender proves that they know the public key and that they posses the private key. An address is just a way of saving space. – ThePiachu Mar 19 '13 at 21:50
  • 1
    the input transactions i have looked at just contain the signature and no public key. i'm guessing that the public key comes from the output of the previous referenced transaction being spent (located using the previous output hash and index number). is this correct? – mulllhausen Dec 21 '13 at 05:41
  • @mulllhausen How could that possibly work? If the previous transaction were from A to B and C, it wouldn't contain the public keys for B and C, just the addresses. So when B wants to spend that input, they must put their public key in the transaction. – David Schwartz Jan 17 '14 at 04:32
  • @DavidSchwartz it seems to be the case when spending a coinbase transaction as i understand it. take a look at this question for an example - http://bitcoin.stackexchange.com/questions/19081/parsing-bitcoin-input-and-output-addresses-from-scripts - but please correct me if i am wrong. – mulllhausen Jan 18 '14 at 23:36