Bitcoin Forum
October 17, 2017, 03:21:52 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Format of ECDSA signature  (Read 3229 times)
Shevek
Sr. Member
****
Offline Offline

Activity: 252



View Profile
May 24, 2013, 03:37:00 PM
 #1

The only information about how bitcoin handles ECDSA-signatures, I've found here: https://en.bitcoin.it/wiki/ECDSA

If your read the link, It is said that Signatures are are either 73, 72, or 71 bytes long, But it does not make sense: signatures are pair of numbers (r,s), each of 32 bytes; so, 64 byte total. Plus an eventual id. prefix, 65 bytes maximum. If you want to add extra CRC-like stuff, then 65+4=69 bytes (and length fixed, because all leading '0's in the binary chain of (r,s) should be counted up).

So where the numbres "73,72,71" come from!?

TIA

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
1508253712
Hero Member
*
Offline Offline

Posts: 1508253712

View Profile Personal Message (Offline)

Ignore
1508253712
Reply with quote  #2

1508253712
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
jackjack
Legendary
*
Offline Offline

Activity: 1120


May Bitcoin be touched by his Noodly Appendage


View Profile
May 24, 2013, 03:49:14 PM
 #2

Look for DER format

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Shevek
Sr. Member
****
Offline Offline

Activity: 252



View Profile
May 24, 2013, 06:00:08 PM
 #3

Look for DER format

Well, I've found the following: http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature

which gives an orientation of how this matter works.

Thanks!

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
jackjack
Legendary
*
Offline Offline

Activity: 1120


May Bitcoin be touched by his Noodly Appendage


View Profile
May 24, 2013, 07:03:34 PM
 #4

Sorry, I was on my mobile phone
It's 30 + len(z) + 02 + len(r) + r + 02 + len(s) + s, z being what follows its size, ie 02+len(r)+r+02+len(s)+s

Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r
Same for s
r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Shevek
Sr. Member
****
Offline Offline

Activity: 252



View Profile
May 24, 2013, 09:23:36 PM
 #5

Sorry, I was on my mobile phone
It's 30 + len(z) + 02 + len(r) + r + 02 + len(s) + s, z being what follows its size, ie 02+len(r)+r+02+len(s)+s

Wow, it make sense now.

Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r

 Shocked I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission....

Same for s
r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21

So, I guess 0x1F, 0x1E, 0x1D... are allowed.

Thanks a lot!  Cheesy

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
scintill
Sr. Member
****
Offline Offline

Activity: 448


View Profile WWW
May 24, 2013, 09:37:50 PM
 #6

Shocked I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission....

I think he means they are unsigned, but the encoding specifies signed if the most significant bit is 1.  So you have to make sure the MSB is never 1 and pad with a zero if it would be.

It might be worth a look at https://github.com/bitcoin/bitcoin/blob/ef9acc5124459b111d8643323a71d8198d0eaae8/src/script.cpp#L245 (which includes making sure the most significant bit is never 1) to make sure you are passing these checks.  My understanding is that they would otherwise be valid DER encodings but are considered non-standard and may eventually be invalid.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
jackjack
Legendary
*
Offline Offline

Activity: 1120


May Bitcoin be touched by his Noodly Appendage


View Profile
May 24, 2013, 10:26:08 PM
 #7

Beware: r and s are unsigned, so if first byte of r is > 7f: r='\x00'+r

 Shocked I don't see the logic behind this null addition. Unsigned is unsigned, so you can occupy the highest bit without permission....
It's a concatenation

Same for s
r and s are 32 bytes numbers, so, as it can one additional byte because of above, you have size(r)=0x20 or 0x21

So, I guess 0x1F, 0x1E, 0x1D... are allowed.

Thanks a lot!  Cheesy
I never thought about that, but now you mention it I think so

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!