Bitcoin Asked by theruss on December 15, 2020
This question appears many times on SO, but there’s something in the answers I’m not getting.
I’m designing a system predicated upon API calls made to blockchain.info, but I’m having real trouble getting my head around the relationship between Pubkey, Address and digital signatures for my use-case.
Say user Jane has previously transacted using Bitcoin and we assume the transaction is confirmed on the Bitcoin blockchain. Jane now makes a request from her app-based wallet software for some metadata concerning that specific transaction via the system’s web-service.
The web-service requires Jane to prove that her wallet really instigated that transaction in order to permit her wallet access to the data, but here I get a bit hazy: From all my reading over the last 6 or 7 days, I gather the wallet software would need to sign some pre-determined message containing e.g. the TXID using the wallet’s private key, sign it and send it to the system along with the public key, but once the system receives the data, and can verify the message using the public key, so what? How does that prove the txid (or address or whatever) in that signed message, was signed by the same private key from which the transaction in question is indirectly derived? There’s some part missing for me that “reconciles” remote blockchain data with the data sent from the wallet app.
I understand basic PKI and that addresses are hashed derivations of a public key, but the digital signature part is messing with my head.
Thanks for reading. Any help would be greatly appreciated.
I opened random transaction for this example: https://blockchain.info/tx/c929454d6c83c15ecd9931c005a5a7fbacb1faba69f0a49538ab334d2848c5a1
Input scripts:
ScriptSig:
PUSHDATA(72)[3045022100eb1d36c6fe6c201e5594d90a7bdc73dd9a33d291e7e58ba74fec46ab2139c9c602207a7124819f9a004a36a0a2ac494603cfeecf38b8c12b3c6e3ff6dea74053706101]
PUSHDATA(33)[033f2223c8f6b74e75e4afd05811b8c9f55c8584abef768336e6ad61d931bef548]
First hex-value is signature of transaction. Second value is public key (elliptic curve point). And from this value we can derive address.
If you have another signature that signs something, and this signature has the same public key, that proves, that this is the same guy, who did transaction. Only one who have private key can sign something.
Elliptic cryptography works in the next way: we choose random number, and this will be private key. Then we multiply this number and EC point called generator, and we get public key.
Answered by Zergatul on December 15, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP