How Bob prove his address?

[Frodek]

How Bob prove that his address is associated wih his private key?
In https://en.bitcoin.it/wiki/Help:Introduction we read:

Suppose Alice wants to send a bitcoin to Bob.

    Bob sends his address to Alice.
    Alice adds Bob’s address and the amount of bitcoins to transfer to a message: a 'transaction' message.
    Alice signs the transaction with her private key, and announces her public key for signature verification.
    Alice broadcasts the transaction on the Bitcoin network for all to see.

(Only the first two steps require human action. The rest is done by the Bitcoin client software.)

Looking at this transaction from the outside, anyone who knows that these addresses belong to Alice and Bob can see that Alice has agreed to transfer the amount to Bob, because nobody else has Alice's private key. Alice would be foolish to give her private key to other people, as this would allow them to sign transactions in her name, removing funds from her control.

Later on, when Bob wishes to transfer the same bitcoins to Charley, he will do the same thing:

    Charlie sends Bob his address.
    Bob adds Charlie's address and the amount of bitcoins to transfer to a message: a 'transaction' message.
    Bob signs the transaction with his private key, and announces his public key for signature verification.
    Bob broadcasts the transaction on the Bitcoin network for all to see.

Only Bob can do this because only he has the private key that can create a valid signature for the transaction.

Bob can sign, Alica can sign, but how to associate Bob address (given by Alice) with his private key? Anyone can compute public key->address, but how from sign compute public key?

[1715312705]

1715312705

[1715312705]

1715312705

[1715312705]

1715312705

[1715312705]

1715312705

[1715312705]

1715312705

[pooya87]

to understand how it works you need to first read and understand how public key cryptography works: https://en.wikipedia.org/wiki/Public-key_cryptography

in short, in asymmetric cryptography we have a key pair. a private key (that is kept private) and a public key (that can be revealed publicly). the operation that converts a private key to a public key is irreversible.
in this scheme you can create what is called a "signature" with the private key that can be verified by only having the public key and knowing the message that was signed.

Bob creates a key pair (d,Q) where d is the private key and Q is the public key. he then publishes his public key (Q) publicly. now every time he wants to prove he has access to the private key of that public key he creates a signature (r,s) and publishes the massage he signed alongside the signature.
anybody can use the signature + message + public key to verify if the signature was corrected created.

bitcoin addresses relate to hash of that public key. so when Bob wants to prove he owns an address, he signs a message using his private key and releases his signature. we already know the message (M) + signature (r,s) and can recover his public key (Q) and then hash it to see if it creates the correct address. if it did then the signature is valid and he proved he has access to the private key of the said address.

[Frodek]

In short:
Indeed is imposible get public key from signing, is possible check siging with known public key and it is enough.