So, you heard that Bitcoin transactions need to be signed. But which transaction is actually signed? The new one that you want to send, or the old ones that were already sent? And when you “sign a transaction”, what is actually signed? Literally – what is the actual thing that is performed when someone “signs a transaction”? You can’t take a pen and put marks on 0’s and 1’s in the computer? Can you? How is it signed? And why? And what is a signature?
A Bitcoin transaction is just a string of bytes in a computer. We all sign our signature on forms using a pen, so. Where the heck is the form that you need to sign, to sign a Bitcoin transaction?! How the heck can you put your signature on numbers in a computer? Which numbers should you sign? How do you put your pen in the computer to sign your signature? And how can someone else even verify that it was definitely you and not someone else who signed your transaction?
Jokes aside – in Bitcoin, the final transaction that will be broadcast to transfer funds, is the one that is signed.
The original input transaction(s) were already signed and they are not signed again. This is to prevent double spending, because if the signature of previous transactions could be changed, it means that, those transactions could be spent again in the future.
OK, moving on. Each input transaction in the final transaction must be signed.
So if a new transaction has 2 input transactions, then the new, final transaction is signed 2 times, and the new, final transaction contains 2 signatures.
It’s funny yes, a final transaction does not have just one signature. It has the same amount of signatures, as there are input transactions in the final transaction.
This is because proof is needed to transfer each input transaction. The signature is the proof that you are the owner and that you are allowed to send the input transaction, as part of the final transaction.
And that is why the correct private key is used (well, must or should be used) to sign each input transaction.
Someone else doesn’t have your private key, so they cannot prove that they are allowed to send the input transaction, as part of a final transaction.
Your signature is the proof that you agree and you have authorized the sending of the input transaction. Someone else cannot authorize your payment, because only you have your private key, which can create the signature.
Bitcoin uses ECDSA encryption, it is the same idea as RSA encryption, just that a different formula is used to calculate the private key and public key.
ECDSA private key = Bitcoin WIF
ECDSA public key = Bitcoin address
Each input transaction is signed with an ECDSA private key to create a signature.
The public key (address) of the private key (WIF) can verify that the signature was created by the required private key.
So the signature can be used to prove who is the owner of the input transaction, and then the Bitcoin network can either allow it, or reject it as fake or a theft attempt.
Another way to think about signatures is:
Let’s say signatures did not exist in Bitcoin.
Let’s say, to use Bitcoin, you only had a private key and public key.
So, now, what can you do to prove that you own an input transaction? There is only one thing you could do. You would have to put your WIF private key in the transaction. That is the only thing that uniquely identifies you as the owner.
But that’s bad, because if you put in your WIF, then someone else can withdraw your money. That is why your WIF is a secret.
So, Bitcoin’s designer(s) came up with a solution, they created the concept of a signature.
A signature is a sort of “cheat” so you can put your WIF in the input transaction, without actually putting in the WIF!
And now the public key can confirm that the input transaction belonged to a specific private key, and now you have a way to authorize the transfer of a transaction.
If a signature was not there, you would have had to put a WIF, but that’s dangerous and stupid of course.
A signature is not technically required. Technically you only need a WIF private key and an address (a public key). But as described, it would then be too dangerous to use Bitcoin, because you could lose all your funds in an instant.
That is also why all the Schnorr signature and SegWit stuff is being discussed.
Now that we know why signatures are needed, let’s move on.
The complete signature for a Bitcoin input transaction is 70 bytes, exactly. It has 4 general header bytes, 1 byte for the header of the x part of the signature, 32 bytes for the x part of the signature, 1 byte for the header of the y part of the signature, and 32 bytes for the y part of the signature. In total, it is 70 bytes.
If you send two transactions from one address, the text of the signature should be the same for those two input transactions, right?
Wrong!
The text in the signatures (well, the numbers in hex format) are not the same, because one input transaction actually consists of a) one previous “original output” transaction, and b) an index in that previous output transaction.
So, no two signatures would be the same, because signing input transaction bytes means that the SHA256 hash of the bytes of the “index” of the input transaction is also taken into account, which would be different for any two input transactions, even if they come from the same previous “original output” transaction.
In Bitcoin, they also use a new random number called a “nonce”, each time a new signature is created.
So, a signature is always different, even if it is exactly the same input transaction bytes. Because they use a random “nonce” to generate the signature.
In ECDSA, to create a signature, they 1) multiply together, your private key, the random nonce, and a constant number called the Bitcoin generator point. Then, 2) they add the double-SHA256 hash (calculated separately) to the answer in (1) and then 3) divide the answer from (2) with the nonce again. Lastly, they 4) take the modulo of the answer in (3) with another constant number called N.
What the above paragraph means is that, from the signature, you cannot get back the secret private key again. But using the private key, you can get the signature again, and that is the proof that you own the input transaction.
That is the magic of signatures.
And then lastly.
“Mining” is just a simple guessing game program consisting of a for-loop, starting at 0, which keeps going until it finds the random nonce that was used for each signature.
So each time new block is added to the blockchain, it means all the nonces for all the transactions in the block were guessed and found, meaning all the input transactions and their signatures were a correct match in that block.
