Transaction Privatekey Signature Verification

[greludo]

I use my private key to sign a transaction than blockchain uses my public key to verify transaction signature.
If I sign a transaction with a fake private key but I send to the blockchain the hash 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF.
As blockchain uses the public key to verify the signature how it would know if I signed with the correct private key?

[1714777764]

1714777764

[1714777764]

1714777764

[1714777764]

1714777764

[1714777764]

1714777764

[Zaguru12]

You can’t even get access to that transaction without the right private key of the transaction. There is nothing like a fake private key.

Verification of a transaction is done by combining the digital signature transaction data and the public key. The digital signature is created by the combination of both the transaction data and the private key. So you see from the digital signature the nodes can verify the private key was use to create it. The digital signature is what is revealed to the nodes and the private key hidden.

The creation of the digital signature also signifies the uniqueness of bitcoin where each transaction has its own digital signature

[greludo]

Ok, is a combination of priv key + public key but how the nodes know if the priv key was the correct? If you dont know the priv key how do you verify it? It makes a unic signature but how the nodes knows the signature was created with the correct combination of priv key and public key, only the sender node know but the others dont.

[Zaguru12]

Ok, is a combination of priv key + public key but how the nodes know if the priv key was the correct? If you dont know the priv key how do you verify it? It makes a unic signature but how the nodes knows the signature was created with the correct combination of priv key and public key, only the sender node know but the others dont.

The first thing that is created is the digital signature which as explained above is from the private key and the transaction data. Then when nodes wants to verify they use the digital signature with the transaction and then the corresponding public key to verify the transaction. Note that it is only the right public key that can decrypt (if that’s the right word to use) or say read the message from its private key. So for the public to unlock that message then it simply means that the public key is from that private key use to create the digital signature

[greludo]

The public key turn into a private key to verify the signature.
Still not clear on my cognition, but I understand the concept. Both priv key and public key created 1 way encryption that can be verified for the public key but I still dont see how it can not be attacked by fake priv key mix

[Churchillvv]

Ok, is a combination of priv key + public key but how the nodes know if the priv key was the correct? If you dont know the priv key how do you verify it? It makes a unic signature but how the nodes knows the signature was created with the correct combination of priv key and public key, only the sender node know but the others dont.

First you can never sign a transaction without the correct private key.

This how transactions works; public key cryptography depends on asymmetric encryption, that means only one key (the private key) can encrypt the transaction to generate a script (cypher text), which can only be decrypted by the public key. So anyone (nodes, miner or Blockchain as specified by you) that wishes to to know if the private key is valid or not fake must use the public key that is generated to decrypt the transaction hence know if it's true or not.

You can learn more on how private keys and public keys works from learnmeabitcoin.com

[greludo]

script (cypher text) is created by the combination of privkey and pub key and this combination generates the script that can only be decripted by public key.

So if create a fake script that is decrypted by the hash it somehow wont allow me create a fake script text because it can be only be created with the real private key, I still think there is ways to attack it, fake a cypher text with a valueble public key to extract the BTC from it.

[Zaguru12]

script (cypher text) is created by the combination of privkey and pub key and this combination generates the script that can only be decripted by public key.

So if create a fake script that is decrypted by the hash it somehow wont allow me create a fake script text because it can be only be created with the real private key, I still think there is ways to attack it, fake a cypher text with a valueble public key to extract the BTC from it.

I think you just answer yourself here, without both the right the private key and public the script text wouldn’t be created anyways. And after the creation of the script you can see the logic where when verifying the transaction the public key to that particular address which the transaction needs to spend from is also attached, so that it will decrypt the script text because a fake one will definitely not be able to do that since it is not even the one used to create it in the first place. This way the private key which is represented during the verification by the digital signature is hidden.

[vjudeu]

As blockchain uses the public key to verify the signature how it would know if I signed with the correct private key?

For every 257-bit public key, there is only one valid 256-bit private key. For 160-bit hash of some 257-bit public key, there are potentially a lot of valid public keys, but as long as hash functions are safe, nobody knows, how to produce those preimages.

but how the nodes know if the priv key was the correct?

A signature is a combination of public key addition and multiplication. If you have two valid secp256k1 points, then you have to demonstrate a way, to get from one point to another. The first point is your public key. The second one is your "signature public key", called also "signature nonce", which should be random, and generated every time you want to sign something.

So, you have two public keys: one from your coin, and one from your signature. If you can connect them with addition and multiplication, and if numbers behind it, can match transaction hash, then that signature is valid.

Still not clear on my cognition, but I understand the concept.

Some explanation on smaller numbers: https://www.coindesk.com/markets/2014/10/19/the-math-behind-the-bitcoin-protocol/

but I still dont see how it can not be attacked by fake priv key mix

1. If you have public key in your output script, then it cannot, because then there is only one matching 256-bit private key, for each and every 257-bit public key.
2. If you have any hash of your public key, then it is safe, as long as that hash function is safe. But yes, in this case, it is possible to use a different key, but nobody knows, how to do that.

I still think there is ways to attack it

Of course there are ways to attack. But they are non-standard, or as hard as breaking a given private key, so we are safe, as long as someone will not invent some better attack (but then, it is possible to upgrade the network into some other, not-yet-broken algorithm).

For example: nobody knows the private key to this public key, but it was spent on testnet3, because of SIGHASH_SINGLE bug: https://mempool.space/testnet/address/032baf163f5e27261ab3228e61fb86dc98054abd514751fce93d7444e8fbc6a293

[BitMaxz]

The public key turn into a private key to verify the signature.
Still not clear on my cognition, but I understand the concept. Both priv key and public key created 1 way encryption that can be verified for the public key but I still dont see how it can not be attacked by fake priv key mix

No, a public key will not be able to turn into a private key it's a one-way function the process looks like this below


Image source: https://sherminvoshmgir.medium.com/cryptography-blockchain-part-2-eb57ebb778d6

The algorithm that Bitcoin uses is the Elliptic Curve Digital Signature Algorithm(ECDSA) to retrieve the public key/bitcoin address from the private key It's a one-way function that can't able to reversed.

[vjudeu]

it's a one-way function the process looks like this below

This picture is wrong, because private key to public key conversion is not done through any "one way hash function". It is rather secp256k1 point multiplication.

And also note that public key to address doesn't have to use "one way hash function". For example, Taproot does not use that.

It's a one-way function that can't able to reversed.

Wrong. When it comes to secp256k1, then it is fully bijective, which means, that it can be reversed. But nobody knows, how to do that.

Edit: Some example (written in Sage) on smaller numbers:

Code:

p=79
K=GF(p)
a=K(0)
b=K(7)
E=EllipticCurve(K,(a,b))
G=E.random_element()
H=E.random_element()
n=E.order()
d=1
while d<n:
    P=d*G
    #if P[0]==H[0]:
    if P[0]==H[0] and P[1]==H[1]:
        print("first public key:",G[0],G[1])
        print("second public key:",H[0],H[1])
        print("private key:",d)
    d+=1

See? For each pair of points on elliptic curve, there is only one correct answer. And if you use commented out "if" instead, you will always get only two answers. Which means, that conversion from private to public key is reversible, but the numbers used in Bitcoin are just much bigger than 79, and for that reason it is safe.

[Nheer]

OP what are you trying to achieve using a fake private key to sign a transaction? You just a newbie and you already having negative thoughts in mind and thinking of how deceive people.

Still not clear on my cognition, but I understand the concept. Both priv key and public key created 1 way encryption that can be verified for the public key but I still dont see how it can not be attacked by fake priv key mix

When a bitcoin transaction is created the person is required to prove ownership by verifying the authenticity of the transaction and as such a digital signature is required which acts as a stand in for the private key so it is not possible to have a digital signature with an incorrect private key. If an incorrect private key is used the digital signature will not match thee correct value and also will lead to failed transaction ownership verification which will make the transaction to be invalid thereby making the transaction fail the cryptographic verification process.

I believe all this must have been considered before the verification process was setup so bypassing with a fake private key will be difficult.

[Charles-Tim]

It's a one-way function that can't able to reversed.

Wrong. When it comes to secp256k1, then it is fully bijective, which means, that it can be reversed. But nobody knows, how to do that.

I do not really understand what you meant. That it can be reversed but nobody knows how to do that. If no one knows how to do that, does that not mean it is not reversible. According to what I have read before, it is not reversible. Or the book is not correct?

Public Keys
The public key is calculated from the private key using elliptic curve multiplication, which is irreversible: K = k * G, where k is the private key, G is a constant point called the generator point, and K is the resulting public key. The reverse operation, known as "finding the discrete logarithm"—calculating k if you know K—is as difficult as trying all possible values of k, i.e., a brute-force search. Before we demonstrate how to generate a public key from a private key, let’s look at elliptic curve cryptography in a bit more detail.

Okay if the book is wrong, can you explain better what you meant as bijective and also give a clear explanation how it is reversible.

[vjudeu]

what you meant as bijective

https://en.wikipedia.org/wiki/Bijection

If you have a bijective function, then it means, that for some "y=f(x)", you can build a function "x=g(y)", which will reverse that operation.

Which means, that if you have this:

Code:

publicKey=privateToPublicKey(privateKey,generator)

Then, you can create this:

Code:

privateKey=publicToPrivateKey(generator,publicKey)

And you can confirm, that the above is true, if you use some small numbers.

Which means, the only reason why secp256k1 is not yet broken, is that the numbers used in Bitcoin are not as low as 79, but as huge as 115792089237316195423570985008687907853269984665640564039457584007908834671663 instead. But the math behind it is the same, as it is on those smaller numbers.

and also give a clear explanation how it is reversible

See my code example above. And read this link, which I also shared previously: https://www.coindesk.com/markets/2014/10/19/the-math-behind-the-bitcoin-protocol/