Bitcoin Forum
April 16, 2021, 11:49:31 PM
 News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 Home Help Search Login Register More
 Pages: [1]
 Author Topic: Newbie Tech question - Bitcoin payments send and confirm  (Read 604 times)
kittucrypt
Sr. Member

Offline

Activity: 300
Merit: 253

Ok Check!

 April 03, 2014, 02:36:23 AM

Hi,

I am a technical noob trying to understand the tech aspects of Bitcoin(wallets, transactions, security etc).

My questions are in RED below and it would be reallyhelpful if someone can direct me to relevant resoruces to learn more.

I learnt the technical mechanics behind generating a hot wallet recently from my readings.

The next step is to understand how does the ownership of bitcoins is transferred. I read up the white paper and came up with this:

Suppose A wants to send Bitcoins to B. pubA,pubB be the public keys of A and B. privA,privB be the private keys of A and B.
Bitcoin is the transaction that was received by A. Let it be m.
G is the base point

privA is a random number in [1,n-1] and pubA =privA X G , X is ECC multiplication

A does the following:

Signs the bitcoin transaction as follows

1. Calculate e=SHA256(m)
2. Let Z be the Ln leftmost bits of e, where Ln is the bit length of group order n.
Now I understand n as defined in the specifications and is a very large number, then are we picking the leftmost n bits of e here?
I am kinda confused here...Any help

3.Select a random integer k from [1,n-1]
4. Calculate (x1,y1)=k X G
5. Calculate r1=x1 mod(n). If r1=0 go to step 3.
6. Calculate s1=k^(-1) * (z+r1(privA)) mod(n) . If s1=0 go to step 3.
7. The signature is pair (r1,s1)

A also signs the pubB using the same method above to produce (r2,s2).

A then transmits m appended with r1,s1,r2,s2 to the network. Let this transaction be represented as M1.

How are the signatures appended to the original transactions? Are these just bitwise appends? I am not sure at all

Now once B receives this message from the network, it should be able to use privB to verify the incoming transaction.

B does the following:

1. Verify r1,s1,r2,s2 are valid integers in [1,n-1].
2. Calculate e=SHA256(m)
3. Let Z be the Ln leftmost bits of e, where Ln is the bit length of group order n.
4. Calculate w1=s1^(-1)  mod n
5. Calculate u11=zw1 mod n and u12=r1w1 mod n.
6. Calculate curve point (x1,y1)= u11 X G + u12 X pubA
7. Signature is valid if r1=x1 mod(n)

Repeat steps 4-7 for r2,s2.

If both signatures match, then M1 is the new transaction and new bitcoin.

Thanks a ton.

Kittu

1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
1618616971
Hero Member

Offline

Posts: 1618616971

Ignore
 1618616971

1618616971
 Report to moderator
Altoidnerd
Sr. Member

Offline

Activity: 406
Merit: 250

http://altoidnerd.com

 April 03, 2014, 03:45:51 PM

Suppose A wants to send Bitcoins to B....
Bitcoin is the transaction that was received by A.

What happened there?

You can restate this keeping in mind the privkey of the recipient is irrelevant.

Do you even mine?
http://altoidnerd.com
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
kittucrypt
Sr. Member

Offline

Activity: 300
Merit: 253

Ok Check!

 April 03, 2014, 04:26:08 PM

Suppose A wants to send Bitcoins to B....
Bitcoin is the transaction that was received by A.

What happened there?

You can restate this keeping in mind the privkey of the recipient is irrelevant.

I am sorry...I did not understand your question. I guess what I was saying was that the Bitcoins owned by A is essentially the signed transaction received by A. It has nothing to do with privA.

Altoidnerd
Sr. Member

Offline

Activity: 406
Merit: 250

http://altoidnerd.com

 April 03, 2014, 04:27:58 PM

You say

"A sends to B...  are the BTC received by A."

This seems to be a contradiction, what do you mean?

Do you even mine?
http://altoidnerd.com
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
kittucrypt
Sr. Member

Offline

Activity: 300
Merit: 253

Ok Check!

 April 03, 2014, 06:32:34 PM

You say

"A sends to B...  are the BTC received by A."

This seems to be a contradiction, what do you mean?

Oh I meant the existing balance of A. So lets say A has 1 BTC and it is sending all BTC to B, which it received from someone before. this BTC is just a transaction hash.

Altoidnerd
Sr. Member

Offline

Activity: 406
Merit: 250

http://altoidnerd.com

 April 03, 2014, 08:41:18 PM

You wish to know how signatures are actually appended to tx's.  Perhaps this may help.

https://en.bitcoin.it/wiki/Script#Crypto

ECDSA does not seem to be your problem if I'm not mistaken.

Do you even mine?
http://altoidnerd.com
12gKRdrz7yy7erg5apUvSRGemypTUvBRuJ
kittucrypt
Sr. Member

Offline

Activity: 300
Merit: 253

Ok Check!

 April 04, 2014, 12:00:33 AM

You wish to know how signatures are actually appended to tx's.  Perhaps this may help.

https://en.bitcoin.it/wiki/Script#Crypto

ECDSA does not seem to be your problem if I'm not mistaken.

yeah I believe I do understand the ECDSA bit. Let me go through the link provided. Thanks for the reference.

 Pages: [1]