Author

Topic: Can I sign a message with more than one address? (Read 266 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
November 21, 2019, 05:35:59 PM
#17
What I have seen on brain wallet, they never asked for public key for verify signature. They just ask address, message and signature. Means you are able to verify signature with thses details. Public keys isn't necessary here. Even you don't need to provide address to verify signature, wallet automatically will show from which address it has been signed. If wallet themselves calculate public keys means it's not necessary for you. That's what my point.
That is incorrect.


In ECDSA, to verify a signature, you MUST have the public key, the signature, and the message. However, there is a way that, given a signature and a message, you can compute a public key that would verify the trio. The caveat is that every signature and every message has a public key that makes the trio valid. Without knowing the public key or some representation of it, a signature and message combo is always valid for some public key. The point of a public key is that you are verifying the identify of the person who created the signature and message.

Bitcoin does not require you to have the public key for signed messages because you are required to have the address, which is a representation of the public key. Bitcoin signed messages are verified by recovering the pubkey from the signature and message. Then that public key is hashed and the address computed from that. That computed address is compared to the address given to the verifier. If it matches, then the signature is "valid". If not, it is "invalid".

So verifying a signed message absolutely requires the public key or some representation of it (aka the address).
legendary
Activity: 2268
Merit: 18771
Quote
In effect, the private key generates the public key which, in turn, generates the public address.
This is correct, at the most basic level.

Your private key is (almost) any 256 bit number. The private key is used to generate the public key by using the ECDSA curve secp256k1. This is a one way process.

The public key is used to generate the address by first passing it through sha256, then ripemd160, then calculating and appending the checksum. Again, a one way process.
hero member
Activity: 2464
Merit: 594
Since then, all I know that the public key and address are just the same. Please enlighten me more...

So I came to google and typed on the search bar "public key and address" and I got this result from investopedia.com

Quote
The public address is a hashed version of the public key. Because the public key is made up of an extremely long string of numbers, it is compressed and shortened to form the public address. In effect, the private key generates the public key which, in turn, generates the public address.

legendary
Activity: 2268
Merit: 18771
Even you don't need to provide address to verify signature, wallet automatically will show from which address it has been signed.
Correct. As I explained above, the verifying software will use the message and the signature to calculate usually two possible public keys (but very rarely 4), and then determine which one was used to sign the message. It will then hash that public key to give an address. If you have also supplied an address, it will tell you if they match. If you haven't supplied an address, then it will display the address it has calculated.

That's why I just explain normally that address is another appearance of public.
It's not, though. I'm not sure how much of this is a language barrier, but to suggest two things are different appearances of the same thing also suggests that they are interchangeable or convertible back and forth, which you've correctly stated in your previous statement that they are not.
legendary
Activity: 2408
Merit: 2226
Signature space for rent
Public key doesn't necessarily to verify message.
It actually is needed, it's just you don't have to send it to the verifier; they can calculate it themselves.
What I have seen on brain wallet, they never asked for public key for verify signature. They just ask address, message and signature. Means you are able to verify signature with thses details. Public keys isn't necessary here. Even you don't need to provide address to verify signature, wallet automatically will show from which address it has been signed. If wallet themselves calculate public keys means it's not necessary for you. That's what my point.

Careful with your wording here. An address is a hash of a public key. This is important because it means you can't reverse the process and generate a public key from only knowing the address. This is different to compression. For example, if you know a compressed public key, you can calculate the full uncompressed public key without any additional information.
I know address is hash of public key which is one way, can't calculate reverse. I Google about public key, seems most of articles mixed up public keys with address. That's why I just explain normally that address is another appearance of public. Yes, I shouldn't use compressed word in that case. Edited post by the way.
legendary
Activity: 1624
Merit: 2481
~snip~

This is an incredibly horrible representation of the process.

1) There are no bitcoin 'accounts'.
2) The address is not an 'account number'.
3) The "signature checker" function does need the public key to verify the signature. But this image implies the address is used. It is quite inaccurate. Even for a simplified version of the process.

Alone the wrong naming makes it a bad representation. I'd suggest to rather not use this image when explaining things as it will result in newbies getting confused and/or learning wrong terms.
legendary
Activity: 2268
Merit: 18771
Public key doesn't necessarily to verify message.
It actually is needed, it's just you don't have to send it to the verifier; they can calculate it themselves.

Address is a compressed appearance of public key.
Careful with your wording here. An address is a hash of a public key. This is important because it means you can't reverse the process and generate a public key from only knowing the address. This is different to compression. For example, if you know a compressed public key, you can calculate the full uncompressed public key without any additional information.

You may see below picture how it work
So in that picture, the "f(t,s,a)" function uses the message and signature to calculate the public key, hashes it, and then checks it matches the given address.
legendary
Activity: 2408
Merit: 2226
Signature space for rent
In order to verify the sender's signature, the person verifying should know the sender's public key. Without it, there is no way of verifying if the signature is valid.
I think you mixed up public key with address. Public key doesn't necessarily to verify message. Address is a compressed  appearance of public key. And public key genarated from private keys. So only address, message and signature is necessary to verify prove ownership.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
So does the signature (somehow) reveal the public key?
In order to verify the sender's signature, the person verifying should know the sender's public key. Without it, there is no way of verifying if the signature is valid. And since a public key corresponds to a private key, it would imply that the person who signed the message actually owns the private key of the address without revealing the private key

This video could help: https://www.youtube.com/watch?v=U2bw_N6kQL8
It is not a requirement for the verifier to have the public key of the address used in the signature. The address is NOT the public key but rather, it is the hash of the public key. With the use of ECDSA and the secp256k1 curve, you can determine the 2 possible public keys used to sign the message. The client will then hash the address given by the user to check if it matches the key. Brainwallet can even show you with the address used to sign the message if you don't provide them with one.
legendary
Activity: 2268
Merit: 18771
So does the signature (somehow) reveal the public key?
The signature on its own does not, but the signature combined with the message does.

In order to verify the sender's signature, the person verifying should know the sender's public key.
They actually don't need to know the public key, or at least, you don't need to give it them.

To sign a message, you need to include three things: The address (which is a hash of the public key), the signature which you generate, and the message itself. There is no requirement to send your public key to the other party. By using a feature of ECDSA, their wallet or software can recover your public key (actually two possible public keys) by inputting your message and signature in to an equation, and then hash that public key to ensure it matches your address.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
So does the signature (somehow) reveal the public key?
In order to verify the sender's signature, the person verifying should know the sender's public key. Without it, there is no way of verifying if the signature is valid. And since a public key corresponds to a private key, it would imply that the person who signed the message actually owns the private key of the address without revealing the private key

This video could help: https://www.youtube.com/watch?v=U2bw_N6kQL8
member
Activity: 131
Merit: 29
So does the signature (somehow) reveal the public key?
legendary
Activity: 2408
Merit: 2226
Signature space for rent
Will doing so (producing a signed message) reveal the public key to anyone who sees the signature or just a hash of the public key? (Or a hash straight from the private key?)
Signature is genarated from hash and private keys. It should not effected or revealed your private keys. Its something like you are proving ownership of your address without providing your private to someone else. Every one is free to verify if you provide all details (raw msg, address & signature) except private keys, but no one will see your private key.
the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key.
member
Activity: 131
Merit: 29
Will doing so (producing a signed message) reveal the public key to anyone who sees the signature or just a hash of the public key? (Or a hash straight from the private key?)
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Idea is that signing a message using a bitcoin address means you have the private key. One address one private key so logically and also practically you can not sign a message with more than one address.
staff
Activity: 3458
Merit: 6793
Just writing some code
No. You have to sign the same message multiple times.
member
Activity: 131
Merit: 29
I'm using Bitcoin Core v0.18.0 & Qt version 5.9.7.

Is it possible to sign a single message from more than one address?
Jump to: