Bitcoin
Algorithms

How does the signing transaction works in the bitcoin blockchain?

5 minutes

Public and Private Keys

Public and private keys provide a way to secure information in the blockchain. The public key is like the bank account number. Basically, you can receive coins on your public key, but you cannot send coins based on it. To send coins you have to sign your transaction using your private key, therefore you never ever cannot show anyone what is your private key, because someone could easily spend your bitcoins! These keys are based on mathematical functions which are widely called the trapdoor functions. What it means is they are quite easy to calculate but extremely hard to calculate their inverse. For instance, multiplying two large numbers is trivial, but if I gave you a product of two large primes, it would be immensely difficult to find the prime factors, ex. 2908187. What are the prime factors? It would be easier if I told you that one of the factors is 1237. Now you can easily calculate the second one: 2908187 / 1237 = 2351. So, in order to know the factors, you have to acquire some additional information.

The private key is basically a randomly generated, unsigned 256-bit or 32-bytes integer. As I said earlier, we use it to sign a transaction. It is used in pair with the public key - which can be generated from the private key.

Elliptic Curve

First and foremost, to understand how the public key is generated from the private key, we need to cover the elliptic curve concept. Elliptic curves are in form of y^2 = x^3+ax+b. Bitcoin network uses a special Secp256k1 type of elliptic curve to generate public keys y^2 = x^3 + 7. Let me talk you through the elliptic curve multiplication/addition.

Eliptic curve addition phase1
Eliptic curve addition phase1
Eliptic curve addition phase2
Eliptic curve addition phase2
Eliptic curve addition phase3
Eliptic curve addition phase3

So, an elliptic curve is an algebraic group F(G, +) where G is the point on a graph and + is a special points addition operation, which is presented above. We start by providing a tangent through the G. Then our new point is the inverse of the cross tangent and elliptic curve. To add two points, we simply provide a line through them and inverse the cross with elliptic curve. In the bitcoin network we actually use the combination of elliptic curves and finite fields which we get by simply adding mod p to our equation y^2 = x^3+ax+b mod p so, we can only get results between 0 and p.

Generating Public Key

As you know the private key is a random 256-bit number. The public key is the multiplication between the G and the private key, so the public key is just a point on the graph public_key = private_key * G = ⅀ G.

Signatures

To create a transaction, you have to provide a digital signature, that proves you are the owner of the public key without revealing the private key. This ensures that nobody except you will be able to spend your coins.

  • r - the random point on the elliptic curve computed by multiplying the generator point G by the random number k. We only use the x-coordinate of it.
  • s - unique number computed from combination of the private key, message hash and the r (x-coordinate)
  • z - the hash of the message we want to sign. The hashing algorithm used in the bitcoin network is SHA-256
  • k - cryptograrphicly secure random number, which is important for security. Every singature will be different, even if we sign the same message twice
  • p - 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1, prime number, quite big actually, approximately equal to all of the atoms in the visible universe :)
  • n - number of points on the curve that we can reach. It's based on the generator point and it's less than p
  • d - private key
  • Q - public key

Signing Algorithm

  • generate the random number k between 1 and n-1
  • (x, y) = k * G - generting random point on the graph using eliptic curve multiplication
  • r = x mod n
  • s = k⁻¹(z + r * d) mod n

r and s value are the digital signature we include them in the transaction to prove that we are the owners of our public key.

Verification Algorithm

So, we need to prove that provided signature matches our public key without revealing the private key.

  • verify that both r and s are between 1 and n-1

now we have to calculate two points on the curve to get the third one by adding them together:

  • u1 = z * s⁻¹ mod n
  • u2 = r * s⁻¹ mod n
  • u3 = u1*G + u2*Q

if the third point is equal to the random point given, the signature is valid

prove that equation u1*G + u2*Q has to be equal r as long as the signature is valid
prove that equation u1*G + u2*Q has to be equal r as long as the signature is valid

Resources

https://medium.com/@blairlmarshall/how-does-ecdsa-work-in-bitcoin-7819d201a3echttps://learnmeabitcoin.com/technical/ecdsahttps://iq.opengenus.org/ecdsa-in-bitcoin/
<-- Return to all articles

Latest Posts

4 minutes
easy
09-10-2022

Aptos - is it the next 500x Ethereum killer?

Aptos
-- Read --
6 minutes
intermediate
08-25-2022

What is the block consists of in the bitcoin blockchain?

Bitcoin
-- Read --