How are "message signatures" verified without having access to the public key?

5

1

In the bitcoin-qt client you can sign and verify messages using only the public address. Since the public address is a RIPEMD160 hash how is it possible that I can verify a signature since I do not have access to the public key?

e1000

Posted 2013-12-21T09:49:36.217

Reputation: 51

Answers

1

When signing a message (as opposed to signing a transaction), the signature contains additional information needed to recover the public key using the signature and the signed message. The recovered public key is then hashed and the result compared to the address. If they match, the message was signed by that address.

ScripterRon

Posted 2013-12-21T09:49:36.217

Reputation: 2 023

1

It is possible to recover the public key from the signed message and the signature. This public key can than be hashed and compared to the hashed public key you already have.

So you don't really "verify the signature with the public key*, because you don't need to have it beforehand to verify the signature. What you do is calculate the public key that corresponds to the private key with which the signature has been created.

Steven Roose

Posted 2013-12-21T09:49:36.217

Reputation: 10 855

-1

Actually messages are signed using the private key and verified using the public key. If you'd be able to sign and verify only with the public key, that wouldn't make sense and it wouldn't stop anybody from reading your messages and signing them with your public key, which as the name states, is public.

Luca Matteis

Posted 2013-12-21T09:49:36.217

Reputation: 4 784

When I said "using only the public address" my intention was to say, verified with only the public address which is a hash.

Anyways, I found the answer elseware: it looks like you can extract a public key from certain signature encodings. This public key then can be used both to verify the signature and to verify the address hash.

https://bitcointalk.org/index.php?topic=6430.0

e1000 2013-12-21T22:10:30.923

Maybe post that as an answer to your own question, rather than a comment. It's correct.Pieter Wuille 2014-01-20T19:24:14.187