Signing bitcoin TXs offline. How does it work? Simplified explanation please

[colinistheman]

I have recently been brought aware of the fact that bitcoin transactions can be signed offline. I know they still have to touch the network somewhere to propagate throughout it.

What exactly are you doing when you "sign" the transaction? I assume it has something to do with the private key that doesn't reveal the private key. A sort of non-technical explanation would be great. Just trying to wrap my wits around how it is secure to do this type of thing.

[hhanh00]

When you sign a document when a pen, you always use the same signature. A forger can duplicate it if he's good. On the contrary, a digital signature varies with the document signed. It still can be verified but it won't work on another document. Since in Bitcoin, you use digital signatures to sign the transactions, you won't be signing the same document twice.
Moreover, you can sign offline because once the document is prepared, the signature is a mathematical operation that doesn't require an internet connection.

[malaimult]

I have recently been brought aware of the fact that bitcoin transactions can be signed offline. I know they still have to touch the network somewhere to propagate throughout it.

The file that contains your private key is what is actually kept offline. The process for signing an offline transaction is generally something along the lines of you creating an unsigned transaction on a computer that is connected to the internet/has access to the Bitcoin network, then the unsigned transaction is transferred to the computer that has the file that contains the private key, the wallet service will sign the TX for you, you transfer the now-signed TX back to your online computer and broadcast it to the network.

What exactly are you doing when you "sign" the transaction? I assume it has something to do with the private key that doesn't reveal the private key. A sort of non-technical explanation would be great. Just trying to wrap my wits around how it is secure to do this type of thing.

Signing a bitcoin transaction is essentially adding a code to the transaction that proves the person/entity that controls the private key "approves" the transaction. The code essentially the answer to a complex mathematical problem that is very difficult to calculate without the private key, but very easy to verify is correct 

[DannyHamilton]

I have recently been brought aware of the fact that bitcoin transactions can be signed offline. I know they still have to touch the network somewhere to propagate throughout it.

What exactly are you doing when you "sign" the transaction? I assume it has something to do with the private key that doesn't reveal the private key. A sort of non-technical explanation would be great. Just trying to wrap my wits around how it is secure to do this type of thing.

Explaining an asynchronous digital signature algorithm such as ECDSA (Elliptic Curve Digital Signature Algorithm) in a non-technical way isn't going to be easy.

To a certain extent, you are going to just have to accept that it works.

With asynchronous digital signature algorithms, there is a private key (that should never be shared with anyone) and a public key (that needs to be shared with anyone that will verify the signature).  Using the private key, it is possible to calculate a value dependent on the data in the message that is being signed.  This value has a special attribute in that anyone with the public key can verify that the value was calculated with the associated private key.  As long as the signature is calculated properly, it is not possible to figure out what the private key is from the available information (public key, signature value, and message).  It is only possible to validate that the correct private key was used to create the signature value.

When "signing a transaction" in bitcoin, you are using the private key that is associated with the bitcoin address (the bitcoin address is a hash of the public key) to calculate this signature value.  Then the signature value is included in the transaction in the appropriate field where all other nodes expect to see it.  The signature provides proof to the network that you have the authorization to re-assign the value that you are using in the transaction.  The bitcoin address was already made public when the transaction was sent to you.  Therefore, the entire network can validate that the signature value that you provide was calculated with the private key that is associated with your bitcoin address.  However, as long as the signature is calculated properly, it is not possible for anybody to calculate what the private key is.

This allows you to sign the transaction on an offline computer with the private key.  Then the transaction (with the signature value embedded in it in the correct place) can be transported to an online computer to be broadcast to the bitcoin network.

[freedomno1]

I've been pondering its not easy to explain it

Basically you generate your transaction from an offline computer not connected to the internet and then you push that transaction log onto the Bitcoin network using a site so it can be processed onto the blockchain using a different computer.

https://blockchain.info/pushtx

Broadcasting can be applied to offline wallets just use Armory it copies the unsigned transaction hex to a usb and sticks it into the supposedly offline machine, where you sign it and copy it to the usb, then you plug the usb back to the online computer and broadcast the transaction. (doog did it a different way too but forgot how it worked)

https://blog.blockchain.com/2014/07/08/tutorial-how-to-rebroadcast-a-bitcoin-transaction/


_
http://bitcoin.stackexchange.com/questions/8101/how-to-sign-a-transaction-using-only-an-offline-computer

Old Video
https://www.youtube.com/watch?v=ZlSC3mLjNSg

[botany]

From Bitcoin.org
Bitcoin wallets keep a secret piece of data called a private key or seed, which is used to sign transactions, providing a mathematical proof that they have come from the owner of the wallet. The signature also prevents the transaction from being altered by anybody once it has been issued.

A signed transaction is what is broadcasted to the network. Signing a transaction requires a private key, while verifying whether a transaction is valid doesn't. The signing of a transaction can be done offline as well.


Here is the process of using offline signing in electrum
https://electrum.org/tutorials.html#offline-mpk

[colinistheman]

Thank you very much for all the answers guys

[jonald_fyookball]

how is this actually done in qt?  I use electrum so I'm aware of how they do it, but no with other wallets.

[freedomno1]

how is this actually done in qt?  I use electrum so I'm aware of how they do it, but no with other wallets.

Similar topic
https://bitcointalk.org/index.php?topic=357916.0

Have not tried it myself but I think the best approach is a live CD

If your offline Bitcoin-QT knows about the outputs/coins in question (i.e. they need to be older than
the offline blockchain that is outdated)

No need for raw transaction. Send coins as usual, burn wallet.dat to CD and copy it to an on-line Bitcoin-QT installation.
Bitcoin-QT will rescan and then broadcast the transaction, not immediately but within an hour.

[juju]

I have recently been brought aware of the fact that bitcoin transactions can be signed offline. I know they still have to touch the network somewhere to propagate throughout it.

What exactly are you doing when you "sign" the transaction? I assume it has something to do with the private key that doesn't reveal the private key. A sort of non-technical explanation would be great. Just trying to wrap my wits around how it is secure to do this type of thing.

https://bitcoinarmory.com/cold-storage/

That has a good explanation on how to use Cold Storage, in Armory's setup you still need a machine which has a "watching" copy of your offline wallet. This watching copy can't sign any transactions, just broadcast them. It can create the unsigned transaction, you copy the tx to your offline machine, sign it, then broadcast the tx online some method.

[DannyHamilton]

how is this actually done in qt?  I use electrum so I'm aware of how they do it, but no with other wallets.

With Qt (also known as Bitcoin Core) it can't be done from the GUI.  It isn't designed for typical offline use.  However, you can do it using the API calls from the "Console" in the "Debug window" under the "Help" menu.

First you have to create the raw transaction.  This requires knowledge of the unspent outputs that are going to be spent.  One way to do this is with "createrrawtransaction" on an online copy of Bitcoin Core that doesn't have your private keys. You could also look them up in a block explorer such as blockchain.info or blockr.io.

Assuming that your offline copy of Bitcoin Core does not have the blockchain, you will also need the the script pub keys. One way to get these is with "dumprawtransaction" on an online copy of Bitcoin Core that doesn't have your private keys. You could also look them up in a block explorer such as blockchain.info or blockr.io.

After that you would use the "signrawtransaction" command on your offline copy of Bitcoin Core. The output of this command will be a signed transaction that you can then broadcast to the bitcoin network.  This can be accomplished with the "sendrawtransaction" command on the online copy of Bitcoin Core that doesn't have your private keys.  It can also be accomplished with web interfaces such as the one supplied by Eligius pool: http://eligius.st/~wizkid057/newstats/pushtxn.php

[cryptworld]

you create a txid with your address the amount and the address where it goes and after that you spread that txid around the network