Bitcoin Forum
November 19, 2019, 04:44:04 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How to verify SegWit signature with Brainwallet ?  (Read 254 times)
lulucrypto
Full Member
***
Offline Offline

Activity: 566
Merit: 207


You need someone to develop your Web project ?


View Profile WWW
November 04, 2019, 03:09:07 PM
Last edit: November 08, 2019, 06:36:21 PM by lulucrypto
Merited by pooya87 (1), hugeblack (1), tbct_mt2 (1), DdmrDdmr (1), bitmover (1)
 #1

Hello !

Having put this method on my bot to check the Bitcoin signatures, I thought it would be useful to take the opportunity to share this method to everyone !

The purpose of this method is to convert the Bech32 address to a Legacy address.

For this example, I will use my signature.

We agree that if I try to check my signature with the address Bech32, it does not work.



So to start, paste your Bech32 address here and decode it :
-> https://slowli.github.io/bech32-buffer/

With my example, the returned data is "f0113389dea4d5abb74fe9fa4aaaa756f966c86d".



Now, go to this page, and paste the decoded data in the "Converts a BitCoin Hash160 (in Hex) to a valid BitCoin address." input and convert :
-> https://bitcoinvalued.com/tools.php

At this point, I copy the address "1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf".



And ... It's all, now, use the copied address in signed message like this :

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

You can now verify your signed message with Brainwallet :



Big thanks to @pooya87 and @hatshepsut93 who helped me understand how to set up this method :
-> https://bitcointalk.org/index.php?topic=5194216.msg52815008#msg52815008
-> https://bitcointalk.org/index.php?topic=5194216.msg52817898#msg52817898


And that's all for this little tutorial Smiley

1574138644
Hero Member
*
Offline Offline

Posts: 1574138644

View Profile Personal Message (Offline)

Ignore
1574138644
Reply with quote  #2

1574138644
Report to moderator
1574138644
Hero Member
*
Offline Offline

Posts: 1574138644

View Profile Personal Message (Offline)

Ignore
1574138644
Reply with quote  #2

1574138644
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574138644
Hero Member
*
Offline Offline

Posts: 1574138644

View Profile Personal Message (Offline)

Ignore
1574138644
Reply with quote  #2

1574138644
Report to moderator
bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1117



View Profile
November 04, 2019, 06:36:41 PM
 #2

Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalk.org/index.php?topic=2885058.msg29647827#msg29647827

lulucrypto
Full Member
***
Offline Offline

Activity: 566
Merit: 207


You need someone to develop your Web project ?


View Profile WWW
November 04, 2019, 08:41:11 PM
Last edit: November 16, 2019, 10:43:38 AM by mprep
 #3

Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalk.org/index.php?topic=2885058.msg29647827#msg29647827

Thank you for sharing, I was not aware of this topic Wink



How to verify SegWit signature with Brainwallet ?
And that's all for this little tutorial Smiley
Great guide/tutorial thanks Smiley
I would add to that only one warning. Brainwallet is dangerous to use because human mind is not that complicated in terms of creating passwords (brainwallet).
Because of that many many many brainwallets got hacked and will be hacked in future because people still using them.


Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?

bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1117



View Profile
November 05, 2019, 01:07:38 AM
 #4

Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?

No problem. It is a good tool for verification.
I don't like the idea of a brainwallet either, and I miss some other online tool for simple verification.

I would like to verify messages in block explores for example.

Sarah Azhari
Newbie
*
Offline Offline

Activity: 8
Merit: 1


View Profile
November 05, 2019, 03:10:43 AM
 #5

Website can’t be reached
nc50lc
Hero Member
*****
Online Online

Activity: 770
Merit: 743


Self-proclaimed Genius ㊙️


View Profile WWW
November 05, 2019, 03:39:27 AM
Merited by hugeblack (1), DroomieChikito (1), lulucrypto (1)
 #6

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

lulucrypto
Full Member
***
Offline Offline

Activity: 566
Merit: 207


You need someone to develop your Web project ?


View Profile WWW
November 05, 2019, 05:12:27 PM
 #7


It works well for me Wink

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Indeed, thank you for sharing, I was not aware of this method.

So I allowed myself to quote your message and more in my first post Wink

Krislaw
Sr. Member
****
Offline Offline

Activity: 770
Merit: 321



View Profile WWW
November 07, 2019, 05:12:33 PM
 #8

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Thanks for sharing this.
I have a question, can one receive BTC with the legacy address?

        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █

█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀

   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀

    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
HCP
Legendary
*
Offline Offline

Activity: 1148
Merit: 1860

<insert witty quote here>


View Profile
November 07, 2019, 07:07:51 PM
Merited by lulucrypto (1)
 #9

I have a question, can one receive BTC with the legacy address?
That's a bit Off topic, but of course you can...

It does not make a difference if it is PSPKH (aka Legacy), P2SH (or one of it's derivatives), P2WPKH or P2WSH. As long as it is a valid address, it will be accepted by the network and you'll be able to receive funds.

The thing to note is that then those funds are recorded as belonging to that address... it won't show up in your wallet as belonging to the native segwit (aka bc1) address.

pooya87
Legendary
*
Offline Offline

Activity: 1820
Merit: 2063


Remember tonight for it's the beginning of forever


View Profile
November 08, 2019, 05:35:17 AM
Merited by HCP (2), nc50lc (2), lulucrypto (1)
 #10

~

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.

here is the same exact signature with a different message which that site verifies!
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. blah blah
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

so now you have to fetch the address it gives you (18BLXDUbKDiMF34a1dm5hJ3mpCBwsDUowF) and see if it is the correct one while having bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7

nc50lc
Hero Member
*****
Online Online

Activity: 770
Merit: 743


Self-proclaimed Genius ㊙️


View Profile WWW
November 08, 2019, 09:43:53 AM
Merited by hugeblack (1)
 #11

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.
You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

Quote from: pooya87
here is the same exact signature with a different message which that site verifies!
I see, so those extra spaces and lines that usually added/missed can change the result.

@lulucrypto You should remove the quote from the OP as it won't be a reliable shortcut.
Anyways, it's still best to use the correct client since some may have used a different implementation on signing messages with SegWit addresses.

pooya87
Legendary
*
Offline Offline

Activity: 1820
Merit: 2063


Remember tonight for it's the beginning of forever


View Profile
November 08, 2019, 01:34:51 PM
Merited by hugeblack (1)
 #12

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.
You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

Quote from: pooya87
here is the same exact signature with a different message which that site verifies!
I see, so those extra spaces and lines that usually added/missed can change the result.

it is a bug in that tool's code! in fact if you remove the address there is a pretty good chance that the tool returns an invalid address for you since it is possible to derive more than 1 public key from an ECDSA signature.
basically:
Code:
byte[] message = UTF8.Decode("_message_here_")
int256 e = SHA256(SHA256(message)).ConvertToInt256()
for(j=0 to 1)
   int256 x = r + (j*N)
   int256 y = ModularSQRT(x^3 + a*x + b)
   for(k=1 to 2)
      point temp = r^−1(sR − eG)
      if (temp is on curve)
          AddToPossibleResults
      temp = -temp
when you remove the address, all you have is r, s and e. with them you can recover up to 4 possible public keys. but there is no address to compare it with.
when you change your "message" you are changing the hash so "e" changes and from that you get an entirely different public key hence the different address.

this is also why it is dangerous to trust tools like this! they have weird features like this in them.

lulucrypto
Full Member
***
Offline Offline

Activity: 566
Merit: 207


You need someone to develop your Web project ?


View Profile WWW
November 08, 2019, 06:37:38 PM
 #13

Thank you for this additional information.

So I edited the first post accordingly Wink

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!