VERIFYING RAW BITCOIN TX USING SAGEMATH (pure ecdsa in math)
i have no idea where to ask about this...so i start new topic here!
first i have created this tx using brainwallet...from 1LoestmTyf96fLFf9Rfb4CZUGMsXtZGsok to 1EwGDERoz4W8Cyf3murUjcFq9kQhDsEWCM valued 0.00095143 BTC with 0.000001 BTC fee.
then i want to understand about how this tx is verified in math....
as described at wikipedia to verify a ecdsa signature by this step :
1. Verify that r and s are integers in [1, n-1]. If not, the signature is invalid.
2. Calculate e = HASH(m), where HASH is the same function used in the signature generation.
3. Let z be the Ln leftmost bits of e.
4. Calculate w = s-1 mod n.
5. Calculate u1 = z*w mod n and u2 = r*w mod n.
6. Calculate the curve point (x1, y1) = u1 * G + u2 * Qa.
6. The signature is valid if r == x1 mod n, invalid otherwise.
my raw tx is 01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0008b48304502204117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9 0221008a032016f639b730779945f7b5bedb3701a0645c1752c1b27fccc617019f172b014104ef0 9f65a570580ae9e33bea461b5d27bef90e521020f924c599a0d918f84c2781eb29f21d8985aefb9 19e1feccde73bea07edea0cd04b15e7c88a19e80df2dd0ffffffff01a7730100000000001976a91 498dccb66b17e1efb1f0d2bba0446502f2625444488ac00000000
as described at this article i begin calculate the message(m) of my tx so my unsigned tx is 01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488acffffffff01a7730100000000 001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488ac0000000001000000
then i calculate the hash of my message as described at bitcoin wiki it must be double hashed..i use python to do this
and resulting...
it's all not same otherwise the signature is not valid?!!!
or may be i lose something so my calculation being wrong?!!
thanks for helps....
first i have created this tx using brainwallet...from 1LoestmTyf96fLFf9Rfb4CZUGMsXtZGsok to 1EwGDERoz4W8Cyf3murUjcFq9kQhDsEWCM valued 0.00095143 BTC with 0.000001 BTC fee.
then i want to understand about how this tx is verified in math....
as described at wikipedia to verify a ecdsa signature by this step :
1. Verify that r and s are integers in [1, n-1]. If not, the signature is invalid.
2. Calculate e = HASH(m), where HASH is the same function used in the signature generation.
3. Let z be the Ln leftmost bits of e.
4. Calculate w = s-1 mod n.
5. Calculate u1 = z*w mod n and u2 = r*w mod n.
6. Calculate the curve point (x1, y1) = u1 * G + u2 * Qa.
6. The signature is valid if r == x1 mod n, invalid otherwise.
my raw tx is 01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0008b48304502204117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9 0221008a032016f639b730779945f7b5bedb3701a0645c1752c1b27fccc617019f172b014104ef0 9f65a570580ae9e33bea461b5d27bef90e521020f924c599a0d918f84c2781eb29f21d8985aefb9 19e1feccde73bea07edea0cd04b15e7c88a19e80df2dd0ffffffff01a7730100000000001976a91 498dccb66b17e1efb1f0d2bba0446502f2625444488ac00000000
as described at this article i begin calculate the message(m) of my tx so my unsigned tx is 01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488acffffffff01a7730100000000 001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488ac0000000001000000
then i calculate the hash of my message as described at bitcoin wiki it must be double hashed..i use python to do this
Quote
# Double Hash Function used by Bitcoin
import hashlib
m = "01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488acffffffff01a7730100000000 001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488ac0000000001000000"
d = hashlib.sha256()
d2 = hashlib.sha256()
d.update(m)
d.hexdigest()
d2.update(d.digest())
e = d2.hexdigest()
print e
and resulting this hashimport hashlib
m = "01000000011575f1aacac4f66f9cfecd6ea1ef272e8cb5ce33f5ae97d1fcf02cec774a82e007000 0001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488acffffffff01a7730100000000 001976a91498dccb66b17e1efb1f0d2bba0446502f2625444488ac0000000001000000"
d = hashlib.sha256()
d2 = hashlib.sha256()
d.update(m)
d.hexdigest()
d2.update(d.digest())
e = d2.hexdigest()
print e
Quote
4ebb9eb31e4a87591b66491308520e92679729d21e6e3197969a8dc463645fe7
now i begin calculate it using sagemathQuote
# r, s pair from signed transaction
z = 0x4ebb9eb31e4a87591b66491308520e92679729d21e6e3197969a8dc463645fe7
r = 0x4117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9
s = 0x8a032016f639b730779945f7b5bedb3701a0645c1752c1b27fccc617019f172b
# signature verification
w = mod(s^-1, n)
u1 = mod((z * u), n)
u2 = mod((r * u), n)
# calculate
C = u1*G + u2*Qa
print r
print C.x
z = 0x4ebb9eb31e4a87591b66491308520e92679729d21e6e3197969a8dc463645fe7
r = 0x4117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9
s = 0x8a032016f639b730779945f7b5bedb3701a0645c1752c1b27fccc617019f172b
# signature verification
w = mod(s^-1, n)
u1 = mod((z * u), n)
u2 = mod((r * u), n)
# calculate
C = u1*G + u2*Qa
print r
print C.x
and resulting...
Quote
r = 134a083ace7ff01daa33b41000a1774755a8acaf58524caece273d97ea52323d
C.x = 4117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9
C.x = 4117f9f3173b915d03be6170d7af520bfa78d9d9fd35c829d974d3aaead09ae9
it's all not same otherwise the signature is not valid?!!!
or may be i lose something so my calculation being wrong?!!
thanks for helps....