Transaction signing confusion

[titus]

I'm trying to wrap my mind about how transactions are secured. I've read through the wiki and I grasp how inputs/outputs work, I'm still confused about how signing does.

This is a representation of a bitcoin transaction that I've seen all over the place:
http://www.techinasia.com/techinasia/wp-content/uploads/2011/07/bitcoin-transaction.jpg


Since, I believe, most transactions are sent to a bitcoin address so the recipient's public key is not known in advance, how does the recipient claim the coins?

To use a reddit-ism, please explain it like I'm five

[twobitcoins]

The diagram presents a simplified picture where transactions include the public key of the recipient.  In reality, transactions include a script which specifies the conditions required for the funds to be claimed.  Various types of scripts are possible.

For payments sent to a public key, the script includes the public key and specifies that funds may be claimed by presenting a signature created with the corresponding private key.

More commonly, payments are sent to an address, which is essentially a hash of a public key.  In that case, the script includes the hash and specifies that funds may be claimed by presenting a public key that has the correct hash and a signature created with the corresponding private key.  Thus the sender does not need to know the public key, but the recipient does.

[titus]

I think I found my own answer:
https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

An address is a hash of the public key, so when a recipient claims the coins in a future transaction they both provide their public key (which can be hashed to prove it links to the address) and they sign the previous transaction (which can be decrypted with the public key) to prove they're the valid owner of that address.

Does that make sense, and is it correct?

[Zeilap]

The script takes as input a public key, and performs these steps:

1) creates the address hash from the given public key
2) compares this hash to the hash value embedded in the script itself
3)
 a) If they match, then it means that the public key provided was indeed the one which corresponds to the address hash embedded in the script
 b) if they don't match, the transaction is invalid
4) checks the signature to make sure that the person who created the transaction is authorized to do so (has it been signed by the private key).

[DannyHamilton]

An address is a hash of the public key, so when a recipient claims the coins in a future transaction they both provide their public key (which can be hashed to prove it links to the address) and they sign the previous transaction (which can be decrypted with the public key) to prove they're the valid owner of that address.

Does that make sense, and is it correct?

Yes it is correct.

[titus]

Thanks everyone.  The more I learn about Bitcoin, the more amazed I am at how well designed it is.  I know it builds off of some previous work, but there's just so many little details in the system are so well thought out and future-proof that I'm convinced that "Satoshi" must have been a group of people, and not just one guy.