Bitcoin Forum
September 20, 2020, 11:52:55 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How Bob prove his address?  (Read 87 times)
Frodek
Member
**
Offline Offline

Activity: 133
Merit: 18


View Profile
January 15, 2020, 05:28:57 AM
Merited by Royse777 (3)
 #1

How Bob prove that his address is associated wih his private key?
In https://en.bitcoin.it/wiki/Help:Introduction we read:
Quote
Suppose Alice wants to send a bitcoin to Bob.

    Bob sends his address to Alice.
    Alice adds Bob’s address and the amount of bitcoins to transfer to a message: a 'transaction' message.
    Alice signs the transaction with her private key, and announces her public key for signature verification.
    Alice broadcasts the transaction on the Bitcoin network for all to see.

(Only the first two steps require human action. The rest is done by the Bitcoin client software.)

Looking at this transaction from the outside, anyone who knows that these addresses belong to Alice and Bob can see that Alice has agreed to transfer the amount to Bob, because nobody else has Alice's private key. Alice would be foolish to give her private key to other people, as this would allow them to sign transactions in her name, removing funds from her control.

Later on, when Bob wishes to transfer the same bitcoins to Charley, he will do the same thing:

    Charlie sends Bob his address.
    Bob adds Charlie's address and the amount of bitcoins to transfer to a message: a 'transaction' message.
    Bob signs the transaction with his private key, and announces his public key for signature verification.
    Bob broadcasts the transaction on the Bitcoin network for all to see.

Only Bob can do this because only he has the private key that can create a valid signature for the transaction.

Bob can sign, Alica can sign, but how to associate Bob address (given by Alice) with his private key? Anyone can compute public key->address, but how from sign compute public key?
AWARD-WINNING
CASINO
CRYPTO EXCLUSIVE
CLUBHOUSE
1500+
GAMES
2 MIN
CASH-OUTS
24/7
SUPPORT
100s OF
FREE SPINS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1600602775
Hero Member
*
Offline Offline

Posts: 1600602775

View Profile Personal Message (Offline)

Ignore
1600602775
Reply with quote  #2

1600602775
Report to moderator
1600602775
Hero Member
*
Offline Offline

Posts: 1600602775

View Profile Personal Message (Offline)

Ignore
1600602775
Reply with quote  #2

1600602775
Report to moderator
pooya87
Legendary
*
Online Online

Activity: 2114
Merit: 3105


Remember tonight for it's the beginning of forever


View Profile
January 15, 2020, 06:32:02 AM
Merited by Royse777 (2)
 #2

to understand how it works you need to first read and understand how public key cryptography works: https://en.wikipedia.org/wiki/Public-key_cryptography

in short, in asymmetric cryptography we have a key pair. a private key (that is kept private) and a public key (that can be revealed publicly). the operation that converts a private key to a public key is irreversible.
in this scheme you can create what is called a "signature" with the private key that can be verified by only having the public key and knowing the message that was signed.

Bob creates a key pair (d,Q) where d is the private key and Q is the public key. he then publishes his public key (Q) publicly. now every time he wants to prove he has access to the private key of that public key he creates a signature (r,s) and publishes the massage he signed alongside the signature.
anybody can use the signature + message + public key to verify if the signature was corrected created.

bitcoin addresses relate to hash of that public key. so when Bob wants to prove he owns an address, he signs a message using his private key and releases his signature. we already know the message (M) + signature (r,s) and can recover his public key (Q) and then hash it to see if it creates the correct address. if it did then the signature is valid and he proved he has access to the private key of the said address.

Frodek
Member
**
Offline Offline

Activity: 133
Merit: 18


View Profile
January 15, 2020, 05:16:15 PM
 #3

In short:
Indeed is imposible get public key from signing, is possible check siging with known public key and it is enough.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!