0
2
How to recover ECDSA public key from the signature?
I know that all is need is a hash of the unsigned message and signature.
But may be there is some detailed method for to calculate ECDSA public key?
0
2
How to recover ECDSA public key from the signature?
I know that all is need is a hash of the unsigned message and signature.
But may be there is some detailed method for to calculate ECDSA public key?
3
when looking at a signed (P2PKH) tx, the signature looks like this:
483045022100A428348FF55B2B59BC55DDACB1A00F4ECDABE282707BA5185D39FE9CDF05D7F0022074232DAE76965B6311CEA2D9E5708A0F137F4EA2B0E36D0818450C67C9BA259D0121025F95E8A33556E9D7311FA748E9434B333A4ECFB590C773480A196DEAB0DEDEE1
This can be further split into two parts:
signature: 483045022100A428348FF55B2B59BC55DDACB1A00F4ECDABE282707BA5185D39FE9CDF05D7F0022074232DAE76965B6311CEA2D9E5708A0F137F4EA2B0E36D0818450C67C9BA259D01
pubkey: 21025F95E8A33556E9D7311FA748E9434B333A4ECFB590C773480A196DEAB0DEDEE1
and further looks like this in detail (with address for pubkey at the end):
##################################################################
48: OP_DATA_0x48: push hex 48 (decimal 72) bytes as data
30: OP_SEQUENCE_0x30: type tag indicating SEQUENCE, begin sigscript
45: OP_LENGTH_0x45: length of R + S
02: OP_INT_0x02: type tag indicating INTEGER
21: OP_LENGTH_0x21: this is SIG R
00A428348FF55B2B:59BC55DDACB1A00F
4ECDABE282707BA5:185D39FE9CDF05D7
F0
02: OP_INT_0x02: type tag indicating INTEGER
20: OP_LENGTH_0x20: this is SIG S
74232DAE76965B63:11CEA2D9E5708A0F
137F4EA2B0E36D08:18450C67C9BA259D
01: OP_SIGHASHALL: this terminates the ECDSA signature (ASN1-DER structure)
#########################################################
21: OP_DATA_0x21: type tag indicating LENGTH
02: OP_INT_0x02: type tag indicating INTEGER
5F95E8A33556E9D7:311FA748E9434B33
3A4ECFB590C77348:0A196DEAB0DEDEE1
* This terminates the Public Key (X9.63 COMPRESSED form)
* corresponding bitcoin address is:
1HTNtayFkoBV28wqDygMbW33qSnRjxAuNR
please tell where is the hash which is need for signature verification with corresponding public key? – D L – 2017-10-20T08:10:38.737
hmmm, I think I don't get it.... the hash is constructed before signing, or can be reconstructed, as described here https://bitcoin.stackexchange.com/questions/60051/how-transaction-becomes-confirmed-by-miners-if-inputscript-has-only-the-sig - achow explained it with another link. So the hash is not included in the tx itself.
Hmm I don't get the answer. The question is about key recovery while the answer talks about signatures without key recovery. – Jus12 – 2017-12-27T05:20:40.257
maybe I need some help then... the first line in the question says: "How to recover ECDSA public key from the signature?", I thought I'd show how to get to the pubkey from the signature... There it is in X9.63 (compressed) format. Is op looking for a different format, like the p,r,s and z format? – pebwindkraft – 2017-12-27T07:41:06.653
late, but anyhow: based on the comment from @Jus12, I reviewed some other posts on ECDSA, and found this link, which is also referenced in some other threads: https://bitcointalk.org/index.php?topic=6430.0 - it shows tht pubkey is included in signature itself, but not implemented in Bitcoin, due to more CPU cycles - and it would probably require a hardfork.
do want to sign a message, or do you want to extract pubkey from an already signed tx? – pebwindkraft – 2017-10-20T07:57:47.050
i interested about extraction publickey from already signed tx – D L – 2017-10-20T08:02:20.540
@HughMarstonHefner Are you asking about transactions, or you are looking for a general way of deriving an ECDSA public key from a given signature and message? – sr-gi – 2017-10-20T15:22:43.490
@sr-gi i pointed out very clearly – D L – 2017-10-20T22:52:51.643
That may be the way then: https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work
– sr-gi – 2017-10-20T22:55:22.497@sr-gi
Actually, it is not possible to uniquely recover the public key from an ECDSA signaturefrom this link – D L – 2017-10-20T22:56:45.590Read a little bit further, "However, with the signature and the message that was signed, and the knowledge of the curve, it is possible to generate two public keys; one of which will be the public key corresponding to the private key used" – sr-gi – 2017-10-20T23:01:45.363