Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: Is ChatGPT's answer correct? (Question about P2WPKH) (Read 163 times)

tiffy
jr. member
Activity: 42
Merit: 48
Is ChatGPT's answer correct? (Question about P2WPKH)
December 25, 2024, 06:30:57 AM
#7
Quote from: nc50lc on December 24, 2024, 10:00:03 PM
As for the signed data, it's the "message hash" (aka Z-value) which is the hash of the unsigned transaction with stripped parts depending on the "sighash type".
On that website, the whole process from unsigned raw transaction to signed raw transaction is explained here:
https://learnmeabitcoin.com/technical/keys/signature/#legacy-algorithm (example is for the commonly used "sighash_all")
Sighash type is explained just below that page.

I don't have a sendable Merrit at the moment, but thank you very much.
nc50lc
legendary
Activity: 2646
Merit: 6681
Self-proclaimed Genius
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 24, 2024, 10:00:03 PM
#6
Quote from: tiffy on December 24, 2024, 09:37:04 AM
https://learnmeabitcoin.com/technical/script/p2wpkh/
I hope the explanations there are correct.
-snip-
One question that is bothering me: What exactly is signed with the P2WPKH procedure? I sign on my offline wallet with the private key material. But what is the input for a signature?

Or to put it another way: How does the Core Client check the correctness of the signature? To which data does the core client (or another Bitcoin programme) apply the coresponding pubkey?
That website is legit, it's maintained by a former Bitcoin developer.

As for the signed data, it's the "message hash" (aka Z-value) which is the hash of the unsigned transaction with stripped parts depending on the "sighash type".
On that website, the whole process from unsigned raw transaction to signed raw transaction is explained here:
https://learnmeabitcoin.com/technical/keys/signature/#legacy-algorithm (example is for the commonly used "sighash_all")
Sighash type is explained just below that page.
tiffy
jr. member
Activity: 42
Merit: 48
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 24, 2024, 09:37:04 AM
#5
Quote from: nc50lc on December 23, 2024, 11:16:05 PM
The signature can be further sorted-out to get the R and S values, refer to BIP66: (https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki#der-encoding-reference)

Many thanks for the reference. I am trying to understand this as a whole and also came across this page:

https://learnmeabitcoin.com/technical/script/p2wpkh/

I hope the explanations there are correct.

I think my difficulties in understanding are due to the fact that I have not yet understood the classic P2PKH procedure in detail. So I still need to study it myself.

One question that is bothering me: What exactly is signed with the P2WPKH procedure? I sign on my offline wallet with the private key material. But what is the input for a signature?

Or to put it another way: How does the Core Client check the correctness of the signature? To which data does the core client (or another Bitcoin programme) apply the coresponding pubkey?
nc50lc
legendary
Activity: 2646
Merit: 6681
Self-proclaimed Genius
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 23, 2024, 11:16:05 PM
#4
Quote from: tiffy on December 23, 2024, 04:07:14 PM
Thank you for your assessment. Is it possible to decode “txinwitness” even further? So the first value:
Code:
"304402201616c3090b25b40a1972fc1af2100fac806c6671a6c0f2c3d70760dc0bddda3c02203ae0cb30476e5c9ecfe022cedc645fb7e82fcd4dc966935eb5dd9016af0311c501",
If you mean a command to decode it, AFAIK there's none but that's the signature followed by the sighash flag "0x01" so it's basically the actual data that it represents.

The DER-encoded signature:
Code:
304402201616c3090b25b40a1972fc1af2100fac806c6671a6c0f2c3d70760dc0bddda3c02203ae0cb30476e5c9ecfe022cedc645fb7e82fcd4dc966935eb5dd9016af0311c5
And the SigHash type:
Code:
01

The signature can be further sorted-out to get the R and S values, refer to BIP66: (https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki#der-encoding-reference)
tiffy
jr. member
Activity: 42
Merit: 48
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 23, 2024, 04:07:14 PM
#3
Quote from: nc50lc on December 23, 2024, 12:06:40 AM
For actual example, here's the mentioned part of a testnet4 transaction's decoded PSBT:

Thank you for your assessment. Is it possible to decode “txinwitness” even further? So the first value:
Code:
"304402201616c3090b25b40a1972fc1af2100fac806c6671a6c0f2c3d70760dc0bddda3c02203ae0cb30476e5c9ecfe022cedc645fb7e82fcd4dc966935eb5dd9016af0311c501",
nc50lc
legendary
Activity: 2646
Merit: 6681
Self-proclaimed Genius
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 23, 2024, 12:06:40 AM
#2
Quote from: tiffy on December 22, 2024, 04:24:05 PM
Quote from: ChatGPT
In Bitcoin, when you're working with P2WPKH (Pay-to-Witness-PubKey-Hash) transactions, the signature is embedded into the scriptWitness (for SegWit transactions) rather than in the traditional `scriptSig` field used in legacy transactions. This is key to understanding why you only see a `final_scriptwitness` field instead of an explicit signature in the signed PSBT file. -snip-
That is actually good and direct answer. (probably because "PSBT" is relatively new)
The key concepts can be nitpicked or expanded here and there but the general explanation is on point.

For actual example, here's the mentioned part of a testnet4 transaction's decoded PSBT:
(transaction: 3a59bb3faabe232f62d8a67d60b5930e876ac26186565e7099c0b65b9bcff66a)
Code:
,
                "final_scriptwitness": [
                    "304402201616c3090b25b40a1972fc1af2100fac806c6671a6c0f2c3d70760dc0bddda3c02203ae0cb30476e5c9ecfe022cedc645fb7e82fcd4dc966935eb5dd9016af0311c501",
                    "029c9d450af9db59bdb3646bdd1a5faf9ed10a5d319d9fe0f479a889b51aa46b54"
                ]

Input part of "getrawtransaction 3a59bb3faabe232f62d8a67d60b5930e876ac26186565e7099c0b65b9bcff66a 1" result:
(as you can see, there's no scrptSig, the above is under "txinwitness")
Code:
"vin": [
        {
            "txid": "19271fea772888b5628a21971079c1cdfb4f619a83658f180dd0af5ebb97f740",
            "vout": 1,
            "scriptSig": {
                "asm": "",
                "hex": ""
            },
            "txinwitness": [
                "304402201616c3090b25b40a1972fc1af2100fac806c6671a6c0f2c3d70760dc0bddda3c02203ae0cb30476e5c9ecfe022cedc645fb7e82fcd4dc966935eb5dd9016af0311c501",
                "029c9d450af9db59bdb3646bdd1a5faf9ed10a5d319d9fe0f479a889b51aa46b54"
            ],
            "sequence": 4294967293
        }
    ]
tiffy
jr. member
Activity: 42
Merit: 48
Re: Is ChatGPT's answer correct? (Question about P2WPKH)
December 22, 2024, 04:24:05 PM
#1
Question to ChatGPT:
I create an unsigned PSBT file (P2WPKH) in a watch wallet. I then sign the file offline and import the signed file back into my watch wallet. I can then broadcast the corresponding transaction and the transaction is added to the blockchain. However, when I look at the signed PSBT file, I only find “final_scriptwitness” as an additional value, but no explicit signature. What is the reason for this?

Quote from: ChatGPT
In Bitcoin, when you're working with P2WPKH (Pay-to-Witness-PubKey-Hash) transactions, the signature is embedded into the scriptWitness (for SegWit transactions) rather than in the traditional `scriptSig` field used in legacy transactions. This is key to understanding why you only see a `final_scriptwitness` field instead of an explicit signature in the signed PSBT file. Let's walk through this in more detail.

Key Concepts:

1. SegWit (Segregated Witness) Transactions:
  • P2WPKH is a SegWit address type, meaning the signature data is stored in the `witness` field rather than in the `scriptSig` field.
  • The `witness` is part of the SegWit structure that separates the witness (signature data) from the rest of the transaction data. This helps to reduce transaction size and enable lower fees.

2. PSBT Structure:
  • A Partially Signed Bitcoin Transaction (PSBT) is a container format used to allow multiple parties to sign a transaction in different environments (e.g., one party signs offline, another party signs online).
  • The PSBT for a P2WPKH transaction will typically have a `final_scriptwitness`field once it has been signed.
  • The `final_scriptwitness` field in the PSBT contains the actual witness stack, which includes the signature, the public key, and any other necessary data for the SegWit script execution.
   
   Specifically, for a P2WPKH transaction, the `final_scriptwitness` will contain:
  • Element 0: The signature (which is what you might expect to see directly).
  • Element 1: The public key (needed to verify the signature).
   
 However, the signed PSBT you’re inspecting does not directly show the signature in the traditional format, because SegWit transactions store this signature in the `witness` field, which is represented as the `final_scriptwitness` in the PSBT.

3. The Reason You Don’t See the Signature in the PSBT File:
  • When you sign the PSBT offline, the client (whether it's Bitcoin Core or another wallet) will create a SegWit-compatible witness stack that includes the signature and public key for the relevant input(s).
  • For P2WPKH, the final_scriptwitness will contain a witness stack (usually two elements): 1. The signature. 2. The public key.

The witness stack itself doesn't explicitly look like a signature in a traditional format. Instead, it looks like a data structure that Bitcoin Core (or other wallets) interpret as the witness for SegWit transactions. The signature is implicitly part of that stack.

So, when you look at the signed PSBT, you're seeing the signed witness data (which includes the signature) instead of a traditional, standalone signature field.
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: