Verify that a `secp256k1` signature originated from a certain Bitcoin address

Question

Verify that a `secp256k1` signature originated from a certain Bitcoin address

Zk2u opened this issue 3 years ago · 8 comments

Requires #1

Answer 1 · 2021-08-21T09:39:54.000Z

The main part is how to generate that random-message or number that needs to be verified!! The other part is done by the key owner.
Start by generating a random number. Then multiply this with the generator point on the elliptic curve. The random part of our digital signature is the point on the curve that we end up with. But we’ll just take the x-coordinate of it:

Answer 2 · 2021-08-21T09:53:31.000Z

Well that can be done separately right? The basis for it is verifying the signature came from the address. The actual content of the signature does not matter when recovering the public key so we don't need to include that.

Answer 3 · 2021-08-21T09:57:44.000Z

Well that can be done separately right? The basis for it is verifying the signature came from the address. The actual content of the signature does not matter when recovering the public key so we don't need to include that.

secp256k1 clarity function do all the thing for verifying the signature (as said in Clarity reference) ... we only need to provide the user with a new hash-message to take that into his wallet and bring back the signature for us

Answer 4 · 2021-08-21T15:57:26.000Z

Yes, but you can do that in a separate contract. There are many types of addresses in Bitcoin so we need to account for them.

secp256k1-verify verifies a signature came from a public key, not a Bitcoin address

Answer 5 · 2021-08-23T08:33:13.000Z

Yes, but you can do that in a separate contract. There are many types of addresses in Bitcoin so we need to account for them.

secp256k1-verify verifies a signature came from a public key, not a Bitcoin address

Now this is a weakness for Clarity!... What format of pubkey is used in this command? Compressed or decompressed? (not mentioned in the reference)

Answer 6 · 2021-08-23T12:18:34.000Z

This is why we're creating a library in Clarity to do it!

Public keys are (buff 33)s so they are compressed. @syvita/sypool is almost finished with a decompression function.

Answer 7 · 2021-08-27T06:26:35.000Z

Well that can be done separately right? The basis for it is verifying the signature came from the address. The actual content of the signature does not matter when recovering the public key so we don't need to include that.

Yes we don't need to integrate it in a contract but we still need to provide enough material for users to do the encoding by some tools

Answer 8 · 2021-09-19T11:56:13.000Z

@syvirean do u have any idea what is the type/structure of signature put in secp256k1 function?...I cannot wrap my head around that and i have tried many formats and variations.. none of them worked!
message: is sha-256
pub key: is compact form
signature: ??