Signature explorer | Bitcointalksearch.org

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: athanred on September 24, 2024, 09:11:13 AM

I don't want to get only (r,s) pair, because it is trivial. I want to get data, behind a given z-value.
-snip-
And it is not just a transaction hash. Instead, it is that thing:

Yeah, I'm aware that it's not the transaction's hash; in fact, I demonstrated how to do it here: https://bitcointalksearch.org/topic/m.63427494
I thought you only need the signature which is what you've asked in the OP.

Anyways, AFAIK, 2coins.org's online rsz tool that can do exactly that but it's exclusive to legacy transactions.
Paste an existing TXID and it'll automatically fetch the transaction from various blockchain API then compute the message hash.
But I'm not aware of any that will work on SegWit and TapRoot transactions, the mentioned website has contact info, perhaps they accept feature requests.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: athanred on September 24, 2024, 09:11:13 AM

They don't have to "store" it, just "compute" and "show to the user". And if this is computationally expensive, then maybe it can be done on a client side, instead of server side?

It is just a bunch of SHA256 hashes, so it is not really expensive in 99% of the cases. That 1% may be those weird transactions that are big and/or are abusing certain things like FindAndDelete.

athanred

newbie

Activity: 10

Merit: 37

Quote

Blockstream's explorer can already show the signature of each input

I don't want to get only (r,s) pair, because it is trivial. I want to get data, behind a given z-value.

For example, you can see this transaction:

Code:

01000000000102fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f0000000000eeffffffef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a0100000000ffffffff02202cb206000000001976a9148280b37df378db99f66f85c95a783a76ac7a6d5988ac9093510d000000001976a9143bde42dbee7e4dbe6a21b2d50ce2f0167faa815988ac000147304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee0111000000

And then, you can easily notice this signature:

Code:

47304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee01

Then, extracting (r,s) pair is trivial, and anyone can do that easily:

Code:

r=3609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a
s=573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee

However, to fully verify things, you also need z-value. And it is not just a transaction hash. Instead, it is that thing:

Code:

0100000096b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd3752b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3bef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a010000001976a9141d0f172a0ecb48aee1be1f2687d2963ae33f71a188ac0046c32300000000ffffffff863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e51100000001000000

And then, you can complete the proof:

Code:

z=c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670
r=3609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a
s=573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee
Q=025476c2e83188368da1ff3e292e7acafcdb3566bb0ad253f62fc70f07aeee6357
n=fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
1/s=18c3acadca5e7b9fc3cd6b221f30e66fa26c07450aeafe2327f6c51fd7a75147
z/s=df8e03f52bb441d2e9ed959efabceaebbc9211918c5e5420b8164577f9c603eb
r/s=93978dc15dbb351e107f083839792787230beb342db2a8bea4fd3fa18990c6a7
(z/s)G=024D008960C8AAFA40869FDACF9088FC96F68E6AC6DBC26ADAB611145C7BB2C12A
(r/s)Q=03E830824028F11FC59B3D4C1A7A135D1DFB3FD3CA7E7563D896889B46A77DCF13
R=(z/s)G+(r/s)Q
R=023609E17B84F6A7D30C80BFA610B5B4542F32A8A0D5447A12FB1366D7F01CC44A
R.x=3609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a

But: getting this z-value is far from trivial. And it is different, if you have different address types. It is not just a hash of the transaction, it is much more complex. For example: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki

So, is there any tool, which would work in that way?

Code:

decodesignatures 01000000000102fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f0000000000eeffffffef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a0100000000ffffffff02202cb206000000001976a9148280b37df378db99f66f85c95a783a76ac7a6d5988ac9093510d000000001976a9143bde42dbee7e4dbe6a21b2d50ce2f0167faa815988ac000147304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee0111000000
{
"signatures": [
{
"hex": "47304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee01",
"r": "3609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a",
"s": "573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee",
"sighash": "01",
"data": "0100000096b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd3752b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3bef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a010000001976a9141d0f172a0ecb48aee1be1f2687d2963ae33f71a188ac0046c32300000000ffffffff863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e51100000001000000",
"z": "c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670",
"version": 1,
"prevouts": [
"hex": "96b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd37",
"data": "fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f00000000ef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a01000000",
"vin": [
{
"txid": "fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f",
"vout": 0
},
{
"txid": "ef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a",
"vout": 1
}
]
],
"sequence": [
"hex": "52b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3b",
"data": "eeffffffffffffff",
"sequences": [
4294967278,
4294967295
]
]
"vin": [
{
"txid": "ef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a",
"vout": 1,
"scriptSig": {
"hex": "1976a9141d0f172a0ecb48aee1be1f2687d2963ae33f71a188ac"
},
"value": 6.00000000,
"sequence": 4294967295
}
],
"outputs": "863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e5",
"locktime": 17,
"sighash": "01000000"
}
]
}

Quote

the explorer has to store this additional data on top of what they are storing

They don't have to "store" it, just "compute" and "show to the user". And if this is computationally expensive, then maybe it can be done on a client side, instead of server side?

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: athanred on September 22, 2024, 03:49:39 PM

However, when I think about it, I guess we could need another kind of explorer: a signature explorer.

Blockstream's explorer can already show the signature of each input when you toggle "Details +" button at the right-hand side of the TXID (below).
It's hidden by default since the information aren't meant for and useless for regular users.

Check if out if it satisfies your use-case.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: pooya87 on September 23, 2024, 09:00:10 AM

Quote from: athanred on September 22, 2024, 03:49:39 PM

Well, there are many questions about z-values. Extracting them from transactions, and signed messages, can be tedious.

To be clear the z-values aren't part of the transaction so they are not stored in the blockchain to be "extracted". They have to be computed, then the explorer has to store this additional data on top of what they are storing (that is tens of gigabytes of additional data).

I honestly don't see the utility for such a explorer though.

Talking about different explorers, someone was recently Talking about a OP_RETURN explorer, which would allow users to search for particular messages written in the blockchain. This could be a more interesting idea imo

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: athanred on September 22, 2024, 03:49:39 PM

Well, there are many questions about z-values. Extracting them from transactions, and signed messages, can be tedious.

To be clear the z-values aren't part of the transaction so they are not stored in the blockchain to be "extracted". They have to be computed, then the explorer has to store this additional data on top of what they are storing (that is tens of gigabytes of additional data).

I honestly don't see the utility for such a explorer though.

athanred

newbie

Activity: 10

Merit: 37

There are many kinds of block explorers: some are just showing regular blockchain data, as they are handled by full nodes. Some are UTXO-based, and focused on pruned ones. However, when I think about it, I guess we could need another kind of explorer: a signature explorer.

Why it would be needed? Well, there are many questions about z-values. Extracting them from transactions, and signed messages, can be tedious. It is much, much easier, to just hack into the client, and dump signatures in that way, than to write a code from scratch, which would handle FindAndDelete, Segwit, Taproot, Bitcoin Message, and who knows what.

Also, actually signed messages are quite similar, to what is really shown by block explorers anyway. For example: instead of scriptSig, there is a previous output script. Another thing is that if you can see, what is actually signed, then you can better understand different sighashes, SIGHASH_SINGLE bug, s-value grinding, and so on.

Topic: Signature explorer (Read 161 times)