How to verify SegWit signature with Brainwallet ?

[lulucrypto]

Hello !

Having put this method on my bot to check the Bitcoin signatures, I thought it would be useful to take the opportunity to share this method to everyone !

The purpose of this method is to convert the Bech32 address to a Legacy address.

For this example, I will use my signature.

We agree that if I try to check my signature with the address Bech32, it does not work.



So to start, paste your Bech32 address here and decode it :
-> https://slowli.github.io/bech32-buffer/

With my example, the returned data is "f0113389dea4d5abb74fe9fa4aaaa756f966c86d".



Now, go to this page, and paste the decoded data in the "Converts a BitCoin Hash160 (in Hex) to a valid BitCoin address." input and convert :
-> https://bitcoinvalued.com/tools.php

At this point, I copy the address "1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf".



And ... It's all, now, use the copied address in signed message like this :

-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

You can now verify your signed message with Brainwallet :



Big thanks to @pooya87 and @hatshepsut93 who helped me understand how to set up this method :
-> https://bitcointalk.org/index.php?topic=5194216.msg52815008#msg52815008
-> https://bitcointalk.org/index.php?topic=5194216.msg52817898#msg52817898

This post in other Language :

• Pilipinas -> https://bitcointalk.org/index.php?topic=5253812.0

And that's all for this little tutorial

[1715031687]

1715031687

[1715031687]

1715031687

[1715031687]

1715031687

[bitmover]

Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalk.org/index.php?topic=2885058.msg29647827#msg29647827

[lulucrypto]

Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalk.org/index.php?topic=2885058.msg29647827#msg29647827

Thank you for sharing, I was not aware of this topic

How to verify SegWit signature with Brainwallet ?
And that's all for this little tutorial

Great guide/tutorial thanks
I would add to that only one warning. Brainwallet is dangerous to use because human mind is not that complicated in terms of creating passwords (brainwallet).
Because of that many many many brainwallets got hacked and will be hacked in future because people still using them.

Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?

[bitmover]

Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?

No problem. It is a good tool for verification.
I don't like the idea of a brainwallet either, and I miss some other online tool for simple verification.

I would like to verify messages in block explores for example.

[nc50lc]

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

[lulucrypto]

https://bitcoinvalued.com/tools.php

Website can’t be reached

It works well for me

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Indeed, thank you for sharing, I was not aware of this method.

So I allowed myself to quote your message and more in my first post

[Krislaw]

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Thanks for sharing this.
I have a question, can one receive BTC with the legacy address?

[HCP]

I have a question, can one receive BTC with the legacy address?

That's a bit Off topic, but of course you can...

It does not make a difference if it is PSPKH (aka Legacy), P2SH (or one of it's derivatives), P2WPKH or P2WSH. As long as it is a valid address, it will be accepted by the network and you'll be able to receive funds.

The thing to note is that then those funds are recorded as belonging to that address... it won't show up in your wallet as belonging to the native segwit (aka bc1) address.

[pooya87]

~

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.

here is the same exact signature with a different message which that site verifies!

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. blah blah
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

so now you have to fetch the address it gives you (18BLXDUbKDiMF34a1dm5hJ3mpCBwsDUowF) and see if it is the correct one while having bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7

[nc50lc]

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.

You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

here is the same exact signature with a different message which that site verifies!

I see, so those extra spaces and lines that usually added/missed can change the result.

@lulucrypto You should remove the quote from the OP as it won't be a reliable shortcut.
Anyways, it's still best to use the correct client since some may have used a different implementation on signing messages with SegWit addresses.

[pooya87]

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.

You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

here is the same exact signature with a different message which that site verifies!

I see, so those extra spaces and lines that usually added/missed can change the result.

it is a bug in that tool's code! in fact if you remove the address there is a pretty good chance that the tool returns an invalid address for you since it is possible to derive more than 1 public key from an ECDSA signature.
basically:

Code:

byte[] message = UTF8.Decode("_message_here_")
int256 e = SHA256(SHA256(message)).ConvertToInt256()
for(j=0 to 1)
   int256 x = r + (j*N)
   int256 y = ModularSQRT(x^3 + a*x + b)
   for(k=1 to 2)
      point temp = r^−1(sR − eG)
      if (temp is on curve)
          AddToPossibleResults
      temp = -temp

when you remove the address, all you have is r, s and e. with them you can recover up to 4 possible public keys. but there is no address to compare it with.
when you change your "message" you are changing the hash so "e" changes and from that you get an entirely different public key hence the different address.

this is also why it is dangerous to trust tools like this! they have weird features like this in them.

[lulucrypto]

Thank you for this additional information.

So I edited the first post accordingly

[lulucrypto]

Hello,

I revive this somewhat old subject to thank @Baofeng.

Indeed he translated this subject in the Pilipinas category, and for that I thank him !

You can see its translation here :
- https://bitcointalk.org/index.php?topic=5253812.0

Thanks again for his help !