Bitcoin Forum
November 23, 2017, 04:35:59 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: PubKey Transaction verification with python - Problem  (Read 407 times)
cz3kit
Sr. Member
****
Offline Offline

Activity: 378


View Profile
March 01, 2017, 12:54:33 AM
 #1

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work Sad

These are the values I extraced:
Code:
#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
   
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted. The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?

Is there someone who could help me and verify the values? I can|t find a good tutorial regarding that problem Sad




1511411759
Hero Member
*
Offline Offline

Posts: 1511411759

View Profile Personal Message (Offline)

Ignore
1511411759
Reply with quote  #2

1511411759
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1218


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
March 01, 2017, 04:25:20 AM
 #2

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16
That is a transaction, not a block.

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work Sad

These are the values I extraced:
Code:
#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
   
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted.
The r and s values look right to me.

The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?
The message that is signed is the sha256 of the sha256 of the transaction with the signing serialization (which is your second hash). Note that this is different from the transaction id which is the sha256 of the sha256 of the entire transaction.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
cz3kit
Sr. Member
****
Offline Offline

Activity: 378


View Profile
March 01, 2017, 08:37:25 AM
 #3

I see I had been in the wrong section, sorry.

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16
That is a transaction, not a block.
Yes, you are right. I mixed there something up.

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work Sad

These are the values I extraced:
Code:
#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
   
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted.
The r and s values look right to me.
Ok, that sounds good.

The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?
The message that is signed is the sha256 of the sha256 of the transaction with the signing serialization (which is your second hash). Note that this is different from the transaction id which is the sha256 of the sha256 of the entire transaction.
Ok, I hashed it 2 times with SHA256 but still it is not working. I guess I am doing something wrong.

An idea which code I could use to test and see how it exactly works?

cz3kit
Sr. Member
****
Offline Offline

Activity: 378


View Profile
March 01, 2017, 11:28:00 PM
 #4

After working on it I found a solution. Might be useful to others, maybe.

Code:
message = "0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000"
#this is the way to hash it in python
h = sha256(sha256(message.decode('hex')).digest()).digest()
#I casted it to an int, because my ecdsa verifier uses ints
h = int(h.encode('hex'), 16)


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!