0

I am trying to implement the OP_CHECKSIG opcode of Bitcoin and verify whether a signature is valid or not. I have the signature that I recieve from the transaction data and the public key(the hex field of a P2PKH transaction should contain both). I am trying to figure out what is the message digest itself that is signed. From what I know these are the required items -

1.The version number(4 bytes)
2.The number of Inputs(1 byte)
3.Transaction hash of the input being redeemed
4.Index of the output being redeemed (4 bytes)
5.ScriptPubKey of the output being redeemed prepended with the length of the script
6.Sequence Number(4 bytes)
7.No of outputs we are signing over(1 byte)
8.Total value of the output(8 bytes)
9.ScriptSig for the output prepended with the length
10.locktime field(4 bytes)
11.hashcode type(4 bytes)

So If I hash this data in byte format twice using the SHA256 Algorithm would my signature verification pass? I am trying to implement this using Java and this is my code -

public static boolean verifyUsingSecp256k1(byte[] pub, byte[] dataForSigning,
    BigInteger[] rs) throws Exception {
ECDSASigner signer = new ECDSASigner();
X9ECParameters params = SECNamedCurves.getByName("secp256k1");
ECDomainParameters ecParams = new ECDomainParameters(params.getCurve(),
        params.getG(), params.getN(), params.getH());
ECPublicKeyParameters pubKeyParams = new ECPublicKeyParameters(ecParams
        .getCurve().decodePoint(pub), ecParams);
signer.init(false, pubKeyParams);

return signer.verifySignature(dataForSigning, rs[0].abs(), rs[1].abs());}

However when I try to verify my Signature it returns as false. Am I missing something over here?

Shubham Saxena
  • 139
  • 1
  • 8
  • Read this answer first. For verification you have to take the same first 14 steps. – Coding Enthusiast Sep 09 '19 at 13:01
  • @CodingEnthusiast I want the answer more on Verifying a transaction rather than signing a transaction.With the 1st 14 steps I have tried everything but doesn't seem to work. – Shubham Saxena Sep 09 '19 at 13:02
  • Could you post the byte array (step 13) before you hash in step 14. Usually it is easy to miss endianness, CompactInt size of SignatureScript after you replace it with PubkeyScript,... As for verification, you have to check the code you are using, not sure what library that is. – Coding Enthusiast Sep 09 '19 at 13:07
  • @CodingEnthusiast Here is my byte array - 0200000001ce8310077e52959fc1046478629a1d7e522ba8445ff780d0229367ee48ac8146000000001976a9141c156160c943f58b30c1ff2be1cc225485f903bd88acffffffff01808900610d0000001976a914505ec67e233a71908713c500487307c59a6c5c1f88ac0000000081000000

    I am using the Sighash type as - ALLL|ANYONE_CAN_PAY hence 81 at the end. I hope that is not a problem on how we capture the message data.

     – Shubham Saxena Sep 09 '19 at 13:20
  • I don't see any problem with these bytes, and your hash (dataForSigning) should be double SHA256 of this, meaning c3b0386c0d990ab628ac505e8fb612f67d052c5f3cd0ac517854c2efc24ab3e7 – Coding Enthusiast Sep 09 '19 at 13:42
  • @CodingEnthusiast I am using the Bouncy Castle library for the verification procedure! So I have to pass the double SHA-256 hashed message data to the function above! – Shubham Saxena Sep 10 '19 at 10:19

1 Answers1

0

All the above steps are correct although. The only catch over here is that except for the Scripts, everything else is captured in the Little Endian format (for whatever reasons). So except for Step 5 and Step 9 all other data is stored in the Little Endian format. Took me a while to get to this answer! Just a small tip to keep in mind when implementing!

Shubham Saxena
  • 139
  • 1
  • 8