How a transaction proves its ownership of the its source, which can be one or multiple unspent output?

3

I read the following from the book << Mastering Bitcoin >>

"As you may notice, the transaction contains an empty scriptSig because we haven’t signed it yet. Without a signature, this transaction is meaningless, we haven’t yet proven that we own the address from which the unspent output is sourced."

I am wondering how a signature can prove that this transaction owns the address from which the unspent output is sourced?

Qi Zhang

Posted 2018-04-27T02:41:46.460

Reputation: 173

Answers

3

Assume you understand how public-key cryptography works. In short, one can verify the ownership of an address by checking the signature. A valid signature can only be generated by the private key owner.

The detail of signature verification in Bitcoin is described here

Without digging into the details, OP_xxx are stack operations. For example, OP_DUP is to duplicate top of the stack. Basically it

  • first hashes the public key by operation OP_HASH160 and check if the result is identical to pubKeyHash by operation OP_EQUALVERIFY
  • then verifies sig and pubKey by operation OP_CHECKSIG

You can read more about OP_CHECKSIG here

Will Gu

Posted 2018-04-27T02:41:46.460

Reputation: 318

Please elaborate on what the links explain in the answer as well. As it stands, this answer is not helpful if the links stop working.Raghav Sood 2018-04-27T07:01:44.887

2

The ownership is proven for each input by providing a valid signature in the scriptSig field. If one of the signatures is missing, the whole transaction is invalid.

The scriptPubKey for each output in the example you provided is locked to a Bitcoin address. A Bitcoin address is, in a nutshell, a hash of a public key. So, in order to provide a valid signature, the secret key belonging to the same key pair of the public key referred in each input is required.

sr-gi

Posted 2018-04-27T02:41:46.460

Reputation: 2 382