Digital signatures have three uses in Bitcoin:
First, the signature proves that the owner of the private key, that is, the owner of the funds, has authorized the expenditure of these funds.
Second, the authorization certificate is undeniable (undeniable).
Third, the signature proves that the transaction (or a specific part of the transaction) has not been and cannot be modified by anyone after signing.
Create a digital signature
In the implementation of ECDSA algorithm of Bitcoin, the signed "message" is the transaction, or more accurately, the hash value of a specific subset of data in the transaction (see signature hash type).
The signing key is the user's private key, and the result is a signature:
((Sig = F{sig}(F{hash}(m),dA)))
This is:
● dA is the signature private key.
M is a transaction (or part of it)
● F hash is a hash function.
Fsig is a signature algorithm.
Sig is the result signature.
More details of ECDSA mathematical operations can be found in the ECDSA mathematical chapter.
The function F Sig generates a Signature sig consisting of two values, usually called r and s:
Sig = (R,S)
Signature serialization (DER)
After unlocking script serialization:
3045022 100884d 142d 86652 a 3f 47ba 4746 EC 7 19 bbf BD 040 a 570 b 1 deccbb 6498 c 75 C4 AE 24 CB 02204 b 9 f 039 ff 08 df 09 CBE 9 f 6 addc 960298 CAD 530 a 863 ea 8 f 53982 c 09 db 8 f 66
Contains the following 9 elements:
● 0x30 indicates the beginning of the DER sequence.
●0x 45- Sequence length (69 bytes)
●0x 02- an integer value
●0x 2 1- integer length (33 bytes)
●R-00884d 142d 86652 a3 f 47 ba 4746 EC 7 19 bbf BD 040 a 570 b 1 dec cbb 6498 c 75 C4 AE 24 CB
● 0x02-Next is an integer.
●0x 20- integer length (32 bytes)
●S-4b 9 f 039 ff 08 df 09 CBE 9 f 6 a ddac 960298 CAD 530 a 863 ea 8 f 53982 c 09 db 8 f 6 e 38 13
The suffix (0x00 1) indicates the hash type used (SIGHASH_ALL).