Hi,

we can read in [https://en.bitcoin.it/wiki/Private_key] the following:


However, in reality even the full 256 bits range and beyond work.
For Example, using 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF, we get the address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm that is valid (even transacted before).

As far as I understood, in ECDSA calculations we use %N, therefore we loop, and there is also a prviate key < N that also gives the same address 1PRWyFKTsQSJaUdX9VKgQNw8JERPw2kMFm.

am I right ?

Thanks pooya87 and bitcoinbeto. It solved it.

Hello,

I would like to verify a signature for a given input of a transaction having multiple inputs and 1 output.
My calculations work in case of 1 input and 1 output.

My question is close to the one in this topic: https://bitcointalk.org/index.php?topic=5327054.0/ However, I still need help to know where I make errors.


For example, let's consider this TX=3c457f53a327aec79a851b19679bd9a2825d848f3bf11c2f9785375c9818b201
I tried to check the signature (s) for the first input.

From the raw transaction, I was able to fill the fields that make the message (m):

version                                                     01000000

Inputs count (=2*UTXO)                            02
1st UTXO
     previous TX hash                                  2cce4dc9e7a2de90bacf13073c1b256c714c73f5f42f8d28d291ae40c58b0f21
     index of UTXO in previous TX                 00000000
     scriptSig (with prev. TX scriptPubKey)    19+76a914+e3e67d92d6334b0274beb908067eddd09d37900d+88ac+ffffffff
2nd UTXO
     previous TX hash                                 1e4f4d473a0488f3afccecf7e4facb09f1ef67975c6901af001663c79823437c
     index of UTXO in previous TX                00000000
     scriptSig (empty)                                 01+00+ffffffff

Output count                                            01
Value of 1st UTXO (=14791 Satoshis)         C739000000000000
Output script                                            19+76a914+232fc87e0fb5171b82bace360eed8e35ae59f056+88ac
lock time + hash code type                        00000000+01000000

I'm not sure about the fields, nor about their contents, so I need confirmation or correction ! Assuming it's OK, than we concatenate all:

m=01000000022cce4dc9e7a2de90bacf13073c1b256c714c73f5f42f8d28d291ae40c58b0f21000000001976a914e3e67d92d6334b0274beb908067eddd09d37900d88acffffffff1e4f4d473a0488f3afccecf7e4facb09f1ef67975c6901af001663c79823437c000000000100ffffffff01C7390000000000001976a914232fc87e0fb5171b82bace360eed8e35ae59f05688ac0000000001000000

z=double_sha256(m)
 =b83840d74ed30ec294a62cb3606fb860630b1a675f73d8b31375c5bb2d97dd9a

and we know:
r=2b269ced03190b5933d84e3147b215ebb96e353aca78814af507633e6c0a06d8
s=731cf71abcd0f50640ba94751da00e4a101d22d2fa4ab4dc65821edacc99864401
Public key (calculated from compressed form)   X=5d88794d2312098c661a6d12d1cd423bc2e2f6cc309ebcd3d710270d50e30d7f
                                                                     Y=1d247221f5b6f08b1a7158def26407db1d766bba0b8a54c82c7941e043925cc1


r_calc= (h * s_inv) * G + (r * s_inv) * pubKey
         =106765858465750765076100522084960429065592682877327173698145890404372588967248 ≠r (NOK  )

I'm sure about the implementation of last formula using ecdsa bceause it works with a single input transaction. Thus, the probleme is in the fields and/or their filling.

Regards,

Akaki