If addresses are hashes of public keys, how are signatures verified?

6

1

I've skimmed through the https://en.bitcoin.it/wiki/Protocol_specification and it seems that when sending someone bitcoins, I would sign the transaction data (not quite sure which parts exactly) with my private key, so that people could verify it with my public key, but my address is a digest of my public key, so where do people get my public key from?

Phlexonance

Posted 2013-03-19T10:55:32.913

Reputation: 61

Answers

2

The transaction's INPUT has ScriptSig which is both the signature as well as the public key.

Stephen Gornick

Posted 2013-03-19T10:55:32.913

Reputation: 26 118

The script contains two components, a signature and a public key. The public key belongs to the redeemer of the output transaction and proves the creator is allowed to redeem the outputs value.

So it's the receiver's public key. How does that help? – Phlexonance 2013-03-19T12:09:52.473

3No, the script contains the spender's public key. It is like saying - "here is a check to address X. I own that address, here is a proof: I have a public key Y, it turns into address X, and here is a signature from my private key that can be verified with Y". The sender proves that they know the public key and that they posses the private key. An address is just a way of saving space.ThePiachu 2013-03-19T21:50:20.090

1the input transactions i have looked at just contain the signature and no public key. i'm guessing that the public key comes from the output of the previous referenced transaction being spent (located using the previous output hash and index number). is this correct?mulllhausen 2013-12-21T05:41:02.250

@mulllhausen How could that possibly work? If the previous transaction were from A to B and C, it wouldn't contain the public keys for B and C, just the addresses. So when B wants to spend that input, they must put their public key in the transaction.David Schwartz 2014-01-17T04:32:21.720

@DavidSchwartz it seems to be the case when spending a coinbase transaction as i understand it. take a look at this question for an example - http://bitcoin.stackexchange.com/questions/19081/parsing-bitcoin-input-and-output-addresses-from-scripts - but please correct me if i am wrong.

mulllhausen 2014-01-18T23:36:17.487