Hi,

I am a technical noob trying to understand the tech aspects of Bitcoin(wallets, transactions, security etc).

My questions are in

RED below and it would be reallyhelpful if someone can direct me to relevant resoruces to learn more.

I learnt the technical mechanics behind generating a hot wallet recently from my readings.

The next step is to understand how does the ownership of bitcoins is transferred. I read up the white paper and came up with this:

Suppose A wants to send Bitcoins to B. pubA,pubB be the public keys of A and B. privA,privB be the private keys of A and B.

Bitcoin is the transaction that was received by A. Let it be m.

G is the base point

privA is a random number in [1,n-1] and pubA =privA X G , X is ECC multiplication

A does the following:

Signs the bitcoin transaction as follows

1. Calculate e=SHA256(m)

2. Let Z be the L

n leftmost bits of e, where L

n is the bit length of group order n.

Now I understand n as defined in the specifications and is a very large number, then are we picking the leftmost n bits of e here?

I am kinda confused here...Any help 3.Select a random integer k from [1,n-1]

4. Calculate (x1,y1)=k X G

5. Calculate r1=x1 mod(n). If r1=0 go to step 3.

6. Calculate s1=k^(-1) * (z+r1(privA)) mod(n) . If s1=0 go to step 3.

7. The signature is pair (r1,s1)

A also signs the pubB using the same method above to produce (r2,s2).

A then transmits m appended with r1,s1,r2,s2 to the network. Let this transaction be represented as M1.

How are the signatures appended to the original transactions? Are these just bitwise appends? I am not sure at allNow once B receives this message from the network, it should be able to use privB to verify the incoming transaction.

B does the following:

1. Verify r1,s1,r2,s2 are valid integers in [1,n-1].

2. Calculate e=SHA256(m)

3. Let Z be the L

n leftmost bits of e, where L

n is the bit length of group order n.

4. Calculate w1=s1^(-1) mod n

5. Calculate u11=zw1 mod n and u12=r1w1 mod n.

6. Calculate curve point (x1,y1)= u11 X G + u12 X pubA

7. Signature is valid if r1=x1 mod(n)

Repeat steps 4-7 for r2,s2.

If both signatures match, then M1 is the new transaction and new bitcoin.

This is my understanding so far. Please help me understand this better by pointing mistakes.

Thanks a ton.

Kittu