Newbie Tech question - Bitcoin payments send and confirm

[kittucrypt]

Hi,

I am a technical noob trying to understand the tech aspects of Bitcoin(wallets, transactions, security etc).

My questions are in RED below and it would be reallyhelpful if someone can direct me to relevant resoruces to learn more.

I learnt the technical mechanics behind generating a hot wallet recently from my readings.

The next step is to understand how does the ownership of bitcoins is transferred. I read up the white paper and came up with this:

Suppose A wants to send Bitcoins to B. pubA,pubB be the public keys of A and B. privA,privB be the private keys of A and B.
Bitcoin is the transaction that was received by A. Let it be m.
G is the base point

privA is a random number in [1,n-1] and pubA =privA X G , X is ECC multiplication

A does the following:

Signs the bitcoin transaction as follows

1. Calculate e=SHA256(m)
2. Let Z be the Ln leftmost bits of e, where Ln is the bit length of group order n.
Now I understand n as defined in the specifications and is a very large number, then are we picking the leftmost n bits of e here?
 I am kinda confused here...Any help  
3.Select a random integer k from [1,n-1]
4. Calculate (x1,y1)=k X G  
5. Calculate r1=x1 mod(n). If r1=0 go to step 3.
6. Calculate s1=k^(-1) * (z+r1(privA)) mod(n) . If s1=0 go to step 3.
7. The signature is pair (r1,s1)

A also signs the pubB using the same method above to produce (r2,s2).

A then transmits m appended with r1,s1,r2,s2 to the network. Let this transaction be represented as M1.

How are the signatures appended to the original transactions? Are these just bitwise appends? I am not sure at all

Now once B receives this message from the network, it should be able to use privB to verify the incoming transaction.


B does the following:

1. Verify r1,s1,r2,s2 are valid integers in [1,n-1].
2. Calculate e=SHA256(m)
3. Let Z be the Ln leftmost bits of e, where Ln is the bit length of group order n.
4. Calculate w1=s1^(-1)  mod n
5. Calculate u11=zw1 mod n and u12=r1w1 mod n.
6. Calculate curve point (x1,y1)= u11 X G + u12 X pubA
7. Signature is valid if r1=x1 mod(n)

Repeat steps 4-7 for r2,s2.

If both signatures match, then M1 is the new transaction and new bitcoin.


This is my understanding so far. Please help me understand this better by pointing mistakes.

Thanks a ton.

Kittu

[Altoidnerd]

Suppose A wants to send Bitcoins to B....
Bitcoin is the transaction that was received by A.

What happened there?

You can restate this keeping in mind the privkey of the recipient is irrelevant.

[kittucrypt]

Suppose A wants to send Bitcoins to B....
Bitcoin is the transaction that was received by A.

What happened there?

You can restate this keeping in mind the privkey of the recipient is irrelevant.

I am sorry...I did not understand your question. I guess what I was saying was that the Bitcoins owned by A is essentially the signed transaction received by A. It has nothing to do with privA.

[Altoidnerd]

You say

"A sends to B...  are the BTC received by A."

This seems to be a contradiction, what do you mean?

[kittucrypt]

You say

"A sends to B...  are the BTC received by A."

This seems to be a contradiction, what do you mean?

Oh I meant the existing balance of A. So lets say A has 1 BTC and it is sending all BTC to B, which it received from someone before. this BTC is just a transaction hash.

[Altoidnerd]

You wish to know how signatures are actually appended to tx's.  Perhaps this may help.

https://en.bitcoin.it/wiki/Script#Crypto

ECDSA does not seem to be your problem if I'm not mistaken.

[kittucrypt]

You wish to know how signatures are actually appended to tx's.  Perhaps this may help.

https://en.bitcoin.it/wiki/Script#Crypto

ECDSA does not seem to be your problem if I'm not mistaken.

yeah I believe I do understand the ECDSA bit. Let me go through the link provided. Thanks for the reference.