|
Title: Format of ECDSA signature Post by: Shevek on May 24, 2013, 03:37:00 PM The only information about how bitcoin handles ECDSA-signatures, I've found here: https://en.bitcoin.it/wiki/ECDSA
If your read the link, It is said that Signatures are are either 73, 72, or 71 bytes long, But it does not make sense: signatures are pair of numbers (r,s), each of 32 bytes; so, 64 byte total. Plus an eventual id. prefix, 65 bytes maximum. If you want to add extra CRC-like stuff, then 65+4=69 bytes (and length fixed, because all leading '0's in the binary chain of (r,s) should be counted up). So where the numbres "73,72,71" come from!? TIA Title: Re: Format of ECDSA signature Post by: jackjack on May 24, 2013, 03:49:14 PM Look for DER format
Title: Re: Format of ECDSA signature Post by: Shevek on May 24, 2013, 06:00:08 PM Look for DER format Well, I've found the following: http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature which gives an orientation of how this matter works. Thanks! Title: Re: Format of ECDSA signature Post by: jackjack on May 24, 2013, 07:03:34 PM Sorry, I was on my mobile phone
It's 30 + len(z) + 02 + len(r) + r + 02 + len(s) + s, z being what follows its size, ie 02+len(r)+r+02+len(s)+s Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r Same for s r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21 Title: Re: Format of ECDSA signature Post by: Shevek on May 24, 2013, 09:23:36 PM Sorry, I was on my mobile phone It's 30 + len(z) + 02 + len(r) + r + 02 + len(s) + s, z being what follows its size, ie 02+len(r)+r+02+len(s)+s Wow, it make sense now. Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r :o I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission.... Same for s r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21 So, I guess 0x1F, 0x1E, 0x1D... are allowed. Thanks a lot! :D Title: Re: Format of ECDSA signature Post by: scintill on May 24, 2013, 09:37:50 PM :o I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission.... I think he means they are unsigned, but the encoding specifies signed if the most significant bit is 1. So you have to make sure the MSB is never 1 and pad with a zero if it would be. It might be worth a look at https://github.com/bitcoin/bitcoin/blob/ef9acc5124459b111d8643323a71d8198d0eaae8/src/script.cpp#L245 (which includes making sure the most significant bit is never 1) to make sure you are passing these checks. My understanding is that they would otherwise be valid DER encodings but are considered non-standard and may eventually be invalid. Title: Re: Format of ECDSA signature Post by: jackjack on May 24, 2013, 10:26:08 PM Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r :o I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission.... Same for s r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21 So, I guess 0x1F, 0x1E, 0x1D... are allowed. Thanks a lot! :D |