Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [signature]

A digital signature proves that the owner of a private key produced or endorsed a given message. These are used in transactions to prove that an output can be spent in a transaction.

Digital signatures are used in Bitcoin to prove that a transaction is allowed to spend from a given output. Bitcoin uses the Elliptic Curve Digital Signature Algorithm over the secp256k1 curve for producing signatures. The message that a private key signs and is used for validation is the hash of a special version of the transaction.

437 questions
48
votes
4 answers

ECDSA: (v, r, s), what is v?

Deterministically signing a Tx with RFC6979 returns v, r, s, where r and s are the 2 values used in standard ECDSA signatures. v = 27 + (y % 2), so 27 + the parity of r, as pybitcointools indicates. So for even r, we get v = 27, odd r we get v =…
Wizard Of Ozzie
  • 5,268
  • 4
  • 30
  • 63
29
votes
1 answer

Signing Bitcoin transactions

There is a part of the Bitcoin protocol that I don't quite understand. When you make a transaction, and spend the output of a previous transaction for say 1 BTC, you provide a signature using the private key matching the public key (or address) that…
Flavien
  • 1,017
  • 1
  • 9
  • 17
26
votes
3 answers

What are the implications of Schnorr signatures?

Adam Back (adam3us) explained in March, 2014, but it is all math. There's another short post with advantages, though. This answer on crypto.SE claims that Bitcoin considered using Ed25519 which is based on Schnorr signatures, but decided against it.…
Janus Troelsen
  • 899
  • 8
  • 26
25
votes
1 answer

Why the signature is always 65 (1+32+32) bytes long?

A signature created by the Bitcoin-Qt client can always be decoded (base64) to a 65-byte array. This array seems (according to https://github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L217) to contain a header byte, a 32-byte R part, and a 32-byte…
Ning
  • 2,741
  • 3
  • 18
  • 16
18
votes
3 answers

How to sign a transaction with multiple inputs?

I have been able to program an application in python that sends valid transactions that spend 1 input, but I really can't get it to work with 2 or more inputs. So my question is, how exactly is the hash that has to be signed for each input…
Nathan Parker
  • 758
  • 1
  • 5
  • 15
18
votes
2 answers

ECDSA r, s encoding as a signature

An ECDSA algorithm when signing a given messages produces a pair of outputs, r and s. How, given a sigStr from a Tx can one extract r and s? Are they just concatenated byte arrays of a specific length, or is there more to it?
ThePiachu
  • 42,931
  • 25
  • 138
  • 347
17
votes
1 answer

Why use DER encoding for signatures?

A signature in secp256k1 is two 32 byte numbers. DER encoding a signature adds about 6-7 bytes. It also needlessly complicates things (is DER encoding used anywhere else?). In a transaction format that seems to try to squeeze every byte out, this…
user3243135
  • 295
  • 1
  • 7
16
votes
1 answer

How does "Sign Message" work?

How does "Sign Message" option in the Bitcoin QT client work? I can't find any description or documentation of it. Do I have to use this option to sign some message when I receive bitcoins? If so, how do I do that and what should I write? This is…
Janman
  • 263
  • 1
  • 2
  • 5
14
votes
3 answers

What is a step by step way to insert data in OP_RETURN?

I was following https://bitcointalk.org/index.php?topic=453086.0 for creating a message in OP_RETURN. I am able to decode my raw transaction, but on signrawtransaction it gives error: {"code":-22,"message":"TX decode failed"} I validated the…
wizgot
  • 333
  • 2
  • 7
13
votes
3 answers

How to verify Bitcoin Core Release Signing Keys

I use Gpg4win but I don't know the step to verify the Bitcoin Core Release. can you give me the instruction how to verify released? I got this result C:\WINDOWS\system32>gpg2 --keyserver pgp.mit.edu --recv-keys 0x90C8019E36C2E964 gpg: conversion…
Hamad Aziz
  • 133
  • 1
  • 1
  • 6
13
votes
1 answer

Is any 256-bit combination a Bitcoin private key?

I've recently been implementing a simple Bitcoin wallet and some libraries seem to disagree with address derivation from the same WIF private key, and thus wouldn't sign transactions. After that, I used different libraries to implement the same…
kuco 23
  • 255
  • 1
  • 7
12
votes
3 answers

Tx Malleability: Why is the Script not included in the Signed Hash?

Sipa lists sources of tx malleability here: https://gist.github.com/sipa/8907691 It is clear to me how a change in the signature itself or the signature formating leads to a different tx hash (1. & 2.). But why is it allowed to modify the rest (may…
kermit
  • 2,009
  • 1
  • 17
  • 26
11
votes
1 answer

Problems with deterministic ECDSA based on RFC6979 in Bitcoin

Generating random number k in elliptic curve is crucial and in any transactions signature in Bitcoin, random number k is required to compute a point k*G. If this k is chosen not randomly, it instantly leaks the private key. Therefore, they came up…
abeikverdi
  • 854
  • 8
  • 21
11
votes
2 answers

How does the ECDSA verification algorithm work during transaction?

I understand the basic concept ECDSA where if Bob wants to sign a message it generates a random number n, multiply it with the secp256k1, r = the x value , s = (H(x)dr)*n^-1 mod q. Also the verification is done by P=u1(G)+u2(P), where G is the…
Kuriz
  • 113
  • 1
  • 4
10
votes
2 answers

What are the DER signature and SEC format

I often see those 2 elements in bitcoin documentations and tutorials but I have not yet find a proper definition on the internet for DER signature and SEC format.
Saxtheowl
  • 2,760
  • 8
  • 16
  • 34
1
2 3
29 30