Author

Topic: How to verify SegWit signature with Brainwallet ? (Read 690 times)

sr. member
Activity: 709
Merit: 336
You need someone to develop your Web project ?
Hello,

I revive this somewhat old subject to thank @Baofeng.

Indeed he translated this subject in the Pilipinas category, and for that I thank him !

You can see its translation here :
- https://bitcointalksearch.org/topic/paano-ma-verify-ang-segwit-signature-gamit-ang-brainwallet-5253812

Thanks again for his help !
sr. member
Activity: 709
Merit: 336
You need someone to develop your Web project ?
Thank you for this additional information.

So I edited the first post accordingly Wink
legendary
Activity: 3472
Merit: 10611
that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.
You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

Quote from: pooya87
here is the same exact signature with a different message which that site verifies!
I see, so those extra spaces and lines that usually added/missed can change the result.

it is a bug in that tool's code! in fact if you remove the address there is a pretty good chance that the tool returns an invalid address for you since it is possible to derive more than 1 public key from an ECDSA signature.
basically:
Code:
byte[] message = UTF8.Decode("_message_here_")
int256 e = SHA256(SHA256(message)).ConvertToInt256()
for(j=0 to 1)
   int256 x = r + (j*N)
   int256 y = ModularSQRT(x^3 + a*x + b)
   for(k=1 to 2)
      point temp = r^−1(sR − eG)
      if (temp is on curve)
          AddToPossibleResults
      temp = -temp
when you remove the address, all you have is r, s and e. with them you can recover up to 4 possible public keys. but there is no address to compare it with.
when you change your "message" you are changing the hash so "e" changes and from that you get an entirely different public key hence the different address.

this is also why it is dangerous to trust tools like this! they have weird features like this in them.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.
You're right, so the "shortcut" cannot be used by other users who are verifying the message.
Honestly, I'm focused on fetching the legacy address (for the signer) and that method will work if
he didn't messed up the copy->paste of his original signed message, 'coz what are the odds that he'll accidentally change his own message?

Quote from: pooya87
here is the same exact signature with a different message which that site verifies!
I see, so those extra spaces and lines that usually added/missed can change the result.

@lulucrypto You should remove the quote from the OP as it won't be a reliable shortcut.
Anyways, it's still best to use the correct client since some may have used a different implementation on signing messages with SegWit addresses.
legendary
Activity: 3472
Merit: 10611
~

that does NOT save you any steps, you still have to perform the workaround steps to get the workaround address as was explained and check if it is correct otherwise all you are doing is deriving a public key and NOT verifying anything whatsoever.

here is the same exact signature with a different message which that site verifies!
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. blah blah
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

so now you have to fetch the address it gives you (18BLXDUbKDiMF34a1dm5hJ3mpCBwsDUowF) and see if it is the correct one while having bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7
HCP
legendary
Activity: 2086
Merit: 4363
I have a question, can one receive BTC with the legacy address?
That's a bit Off topic, but of course you can...

It does not make a difference if it is PSPKH (aka Legacy), P2SH (or one of it's derivatives), P2WPKH or P2WSH. As long as it is a valid address, it will be accepted by the network and you'll be able to receive funds.

The thing to note is that then those funds are recorded as belonging to that address... it won't show up in your wallet as belonging to the native segwit (aka bc1) address.
sr. member
Activity: 1204
Merit: 388
Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Thanks for sharing this.
I have a question, can one receive BTC with the legacy address?
sr. member
Activity: 709
Merit: 336
You need someone to develop your Web project ?

It works well for me Wink

Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.

Indeed, thank you for sharing, I was not aware of this method.

So I allowed myself to quote your message and more in my first post Wink
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Actually, there's a shortcut to this!

Just get your original message,
Then remove the address from the message (copy this):
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----
And paste to https://brainwalletx.github.io/#verify
It'll automatically recognize the legacy address used for that signed message.

Because either way, the message was verified using the address: 1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf, not bc1q7qgn8zw75n26hd60a8ay42482mukdjrdv3cyp7.
But both can be derived from the same prv key, so there wont be a serious problem with future verification.
The only difference is: those extra steps are some kind of proof that the result legacy address was based from your SegWit address.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?

No problem. It is a good tool for verification.
I don't like the idea of a brainwallet either, and I miss some other online tool for simple verification.

I would like to verify messages in block explores for example.
sr. member
Activity: 709
Merit: 336
You need someone to develop your Web project ?
Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalksearch.org/topic/m.29647827

Thank you for sharing, I was not aware of this topic Wink



How to verify SegWit signature with Brainwallet ?
And that's all for this little tutorial Smiley
Great guide/tutorial thanks Smiley
I would add to that only one warning. Brainwallet is dangerous to use because human mind is not that complicated in terms of creating passwords (brainwallet).
Because of that many many many brainwallets got hacked and will be hacked in future because people still using them.


Um, I understand that Brainwallet is dangerous for the creation of address, but in terms of verification, there is no problem if I'm not mistaken ?
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Gratz nice idea.

It is a nice turn around until we have some standard for segwit addresses signatures

Long ago I made a topic about this subject. The situation is still the same. Only Electrum made it own standard for segwit signed messaged, this is why you cannot verify those in any other wallet

https://bitcointalksearch.org/topic/m.29647827
sr. member
Activity: 709
Merit: 336
You need someone to develop your Web project ?
Hello !

Having put this method on my bot to check the Bitcoin signatures, I thought it would be useful to take the opportunity to share this method to everyone !

The purpose of this method is to convert the Bech32 address to a Legacy address.

For this example, I will use my signature.

We agree that if I try to check my signature with the address Bech32, it does not work.



So to start, paste your Bech32 address here and decode it :
-> https://slowli.github.io/bech32-buffer/

With my example, the returned data is "f0113389dea4d5abb74fe9fa4aaaa756f966c86d".



Now, go to this page, and paste the decoded data in the "Converts a BitCoin Hash160 (in Hex) to a valid BitCoin address." input and convert :
-> https://bitcoinvalued.com/tools.php

At this point, I copy the address "1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf".



And ... It's all, now, use the copied address in signed message like this :

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
I'm Lulucrypto on Bitcointalk. And normally, I'm Luluwebmaster. I sign this message at 9 Aug 2019.
-----BEGIN SIGNATURE-----
1NtMnD5BQrRvVeHDk4HXaGvXiVkUuTjhXf
IAIAMSyjMV62EttLm3HltwmQK0HEchc80OfXKJGPEo1pIvq/st/kgWvLmREfByk3/TSbdrWLmfzoExivGSxzTOo=
-----END BITCOIN SIGNED MESSAGE-----

You can now verify your signed message with Brainwallet :



Big thanks to @pooya87 and @hatshepsut93 who helped me understand how to set up this method :
-> https://bitcointalksearch.org/topic/bot-to-automatically-check-signatures-5194216.msg52815008#msg52815008
-> https://bitcointalksearch.org/topic/bot-to-automatically-check-signatures-5194216.msg52817898#msg52817898


This post in other Language :

And that's all for this little tutorial Smiley
Jump to: