Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [signature]

A digital signature proves that the owner of a private key produced or endorsed a given message. These are used in transactions to prove that an output can be spent in a transaction.

Digital signatures are used in Bitcoin to prove that a transaction is allowed to spend from a given output. Bitcoin uses the Elliptic Curve Digital Signature Algorithm over the secp256k1 curve for producing signatures. The message that a private key signs and is used for validation is the hash of a special version of the transaction.

462 questions
7
votes
1 answer

Can you always derive a public Bitcoin address from a message and a random signature?

Let's say my Bitcoin address is 1Nu5mzpUD9A7daZ76QJEsBfkBjCWVLh7pJ and I sign the message random-challenge with its private key. The result is : IAjU1mpvy70Li2Q1jDaNJKaQudaAJia1oF9SYJ8HGGuNffT9ERmc77WgPMONPLHKAhO8d0bhDF5Nvn+AUzS6R04= Bitcoin uses a…
EricLarch
  • 195
  • 5
6
votes
1 answer

Why Do Compact Signatures Need To Start With a Byte 27-35?

There's a hard-coded 27 value in Bitcoin's encoding of Compact Signatures that I don't understand: https://github.com/bitcoin/bitcoin/blob/v0.7.1/src/key.cpp#L333 I get that the need to encode the nRecId to disambiguate the correct recovered key,…
rentzsch
  • 163
  • 4
5
votes
2 answers

What should I say when I "sign" a message, to prove that I own an address?

This reddit thread discusses a user who lost some coins and is trying to prove that he owns that address. There was a question in how he signed, and what he signed in the message fields, since it's easy to become an imposter the way he did…
makerofthings7
  • 12,726
  • 11
  • 62
  • 130
3
votes
1 answer

What does signing a transaction mean?

What do people exactly mean when they say the person "signs" the transaction to transfer bitcoins? Is it decrypting the previous output with your private key and encrypting it with the new recipient's public key? Thanks for your time and efforts.
Ayush
  • 127
  • 4
3
votes
1 answer

Test (r,s) values for signature generation?

I have some RFC6979 test vectors, but they do not simply give me the (r,s) values before DER encoding (or so it looks?), and I haven't reached that point yet. Where could I find some (r,s) values to test against? My "expected k" values are passing…
user31364
3
votes
1 answer

How many Secp256k1 signatures exist for a piece of data?

ECDSA signatures are not deterministic. That is, random information is used in calculating the signature for a piece of data. Approximately how many unique signatures exist for a piece of data? Another way this question might be phrased is: if I…
morsecoder
  • 14,168
  • 2
  • 42
  • 94
2
votes
2 answers

Handling negative "s" values for signatures?

In comparing these test vectors to my own results, for tests #2 and #5, I end up with negative s values. My results show that for test #2, test_s = my_s * -1, as an integer, yet the hexadecimal representation matches up correctly with the test,…
user31364
2
votes
1 answer

Calculating Z value in a tx with 1 input and 2 outputs

After reading this: ECDSA Signature and the "z" value I'm still confused about the 'Z' value, for this transaction: https://blockchain.info/tx/ea6aa5d49b8e351e307bf9220f2d7cd31d41e640683539e00580e17cb4cf3e36?show_adv=true the signature is in the…
prof.Zoom
  • 99
  • 1
  • 11
1
vote
1 answer

How the Recipient's public key is used in bitcoin transaction

In the second paragraph the white paper by Nakatomo, we have this image: It says a coin is a set of digital signature. For what I understand the whole process is the following: Hash together the previous transaction hash plus the recipient…
xcsob
  • 13
  • 1
  • 4
1
vote
1 answer

Double Counting SigOps to Prevent CPU Exhaustion Attacks

In the bitcoin v0.9.3 source: https://github.com/bitcoin/bitcoin/blob/v0.9.3/src/main.cpp ConnectBlock() calls CheckBlock() as one of the first things it does. https://github.com/bitcoin/bitcoin/blob/v0.9.3/src/main.cpp#L1756. And CheckBlock() does…
morsecoder
  • 14,168
  • 2
  • 42
  • 94
1
vote
2 answers

Can someone explain how to get from SigScript to something readable

In the transaction https://blockchain.info/tx/32e8677c968981549acc25f46641c74a3055d949c90bd22c15a5236bf92a622d the first input has the following…
user2334659
  • 313
  • 7
0
votes
1 answer

How to check a signature on an arbitrary message?

I'm looking to have a p2sh transaction that inside the redeem script there is OP_CHECKSIG (or any other op-code) that verifies a signature on an arbitrary message (not a transaction). I have been looking, but all I could find is that OP_CHECKSIG…
Mohsen
  • 1
0
votes
2 answers

How to extract raw 64 byte EC signature from an ASN1/DER encoded signature (which ranges from 70 - 72 bytes)

I see that my ASN1/DER signature contains the individual r and s values, is there a way to derive the generic 64byte signature? edit: Ive looked through the DER/ASN1 spec, seems that what Im looking for is simply s appended to r. BUT both r and s…
Bo Byrd
  • 103
  • 5
0
votes
1 answer

When the transaction been signed?

I understand that if Bob gets a transaction (BTC) from Alice and want to send it to Charlie he must provide a key which proof that he is the owner of the transaction. But in what stage Bob actually signed the transaction? Can it be that Alice was…
Arik Malachi
  • 41
  • 2
0
votes
2 answers

How Bitcoin system prevents the previous owner of a Bitcoin to spend it?

I am a Bitcoin noob. As per my knowledge, a Bitcoin is a digital signature. Owner of a bitcoin knows the private key of it. If I spend my bitcoin, I still know the private key of it, using which I can spend it later despite not owning it. Surely…
Lakshay Dulani
  • 105
  • 4
1
2