PubKey Transaction verification with python - Problem

[cz3kit]

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work

These are the values I extraced:

Code:

#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, 
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
    
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted. The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?

Is there someone who could help me and verify the values? I can|t find a good tutorial regarding that problem

[1714769159]

1714769159

[1714769159]

1714769159

[1714769159]

1714769159

[1714769159]

1714769159

[1714769159]

1714769159

[1714769159]

1714769159

[achow101]

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16

That is a transaction, not a block.

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work

These are the values I extraced:

Code:

#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, 
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
    
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted.

The r and s values look right to me.

The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?

The message that is signed is the sha256 of the sha256 of the transaction with the signing serialization (which is your second hash). Note that this is different from the transaction id which is the sha256 of the sha256 of the entire transaction.

[cz3kit]

I see I had been in the wrong section, sorry.

Hey everyone, I hope this is the right place to ask this question.

I am currently working on a blockchain parser. It is just for me to get a better understanding on how everything works. I am currently stuck on pubkey verification and maybe someone would be able to help me out. I am currently working on the following block : https://blockchain.info/tx/f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16

That is a transaction, not a block.

Yes, you are right. I mixed there something up.

I would like to verify the non-coinbase  input. I wrote therefore a small python script with a ECDSA Verification function. I tested it with several signatures and it seems to work. As another resource I use https://en.bitcoin.it/wiki/OP_CHECKSIG where it describes the process of verification. I wanted to download the code, but it got moved and I was not able to find the files in order to make it work

These are the values I extraced:

Code:

#bitcoin curve
E = (0, 7, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
#base point = 04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 
#                483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
A = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, 
        0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
    
r = 0x4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41
s = 0x181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09
B = (0x11db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5c,
        0xb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3)
message = '0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000'

print '1: ', sha256(message.decode('hex'))  => 4c98270a2b3254564210678c6edff42b5f62c71123387f75f227e04fa6391f3b
print '2: ', sha256(message)                         => 3618b5ca5f210808075f3e6765f3b12d933e5dacd3be1e66b4ef615547a9ef59

I am not 100% sure if the r and s value are correct extracted.

The r and s values look right to me.

Ok, that sounds good.

The value of the message is from the second link. Another problem I am facing is, which hash of the message is the correct one? Maye both are wrong?

The message that is signed is the sha256 of the sha256 of the transaction with the signing serialization (which is your second hash). Note that this is different from the transaction id which is the sha256 of the sha256 of the entire transaction.

Ok, I hashed it 2 times with SHA256 but still it is not working. I guess I am doing something wrong.

An idea which code I could use to test and see how it exactly works?

[cz3kit]

After working on it I found a solution. Might be useful to others, maybe.

Code:

message = "0100000001c997a5e56e104102fa209c6a852dd90660a20b2d9c352423edce25857fcd37040000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104ae1a62fe09c5f51b13905f07f06b99a2f7159b2225f374cd378d71302fa28414e7aab37397f554a7df5f142c21c1b7303b8a0626f1baded5c72a704f7e6cd84cac00286bee0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000"
#this is the way to hash it in python
h = sha256(sha256(message.decode('hex')).digest()).digest()
#I casted it to an int, because my ecdsa verifier uses ints
h = int(h.encode('hex'), 16)