Hello,
I would like to verify a signature for a given input of a transaction having multiple inputs and 1 output.
My calculations work in case of 1 input and 1 output.
My question is close to the one in this topic:
https://bitcointalksearch.org/topic/message-hash-5327054/ However, I still need help to know where I make errors.
For example, let's consider this
TX=3c457f53a327aec79a851b19679bd9a2825d848f3bf11c2f9785375c9818b201I tried to check the signature (s) for the first input.
From the raw transaction, I was able to fill the fields that make the message (m):
version 01000000
Inputs count (=2*UTXO) 02
1st UTXO
previous TX hash
2cce4dc9e7a2de90bacf13073c1b256c714c73f5f42f8d28d291ae40c58b0f21 index of UTXO in previous TX 00000000
scriptSig (with prev. TX scriptPubKey) 19+76a914+
e3e67d92d6334b0274beb908067eddd09d37900d+88ac+ffffffff
2nd UTXO
previous TX hash
1e4f4d473a0488f3afccecf7e4facb09f1ef67975c6901af001663c79823437c index of UTXO in previous TX 00000000
scriptSig (empty) 01+
00+ffffffff
Output count 01
Value of 1st UTXO (=14791 Satoshis)
C739000000000000Output script 19+76a914+
232fc87e0fb5171b82bace360eed8e35ae59f056+88ac
lock time + hash code type 00000000+01000000
I'm not sure about the fields, nor about their contents, so I need confirmation or correction ! Assuming it's OK, than we concatenate all:
m=01000000022cce4dc9e7a2de90bacf13073c1b256c714c73f5f42f8d28d291ae40c58b0f21000000001976a914e3e67d92d6334b0274beb908067eddd09d37900d88acffffffff1e4f4d473a0488f3afccecf7e4facb09f1ef67975c6901af001663c79823437c000000000100ffffffff01C7390000000000001976a914232fc87e0fb5171b82bace360eed8e35ae59f05688ac0000000001000000
z=double_sha256(m)
=b83840d74ed30ec294a62cb3606fb860630b1a675f73d8b31375c5bb2d97dd9a
and we know:
r=2b269ced03190b5933d84e3147b215ebb96e353aca78814af507633e6c0a06d8
s=731cf71abcd0f50640ba94751da00e4a101d22d2fa4ab4dc65821edacc99864401
Public key (calculated from compressed form) X=5d88794d2312098c661a6d12d1cd423bc2e2f6cc309ebcd3d710270d50e30d7f
Y=1d247221f5b6f08b1a7158def26407db1d766bba0b8a54c82c7941e043925cc1
r_calc= (h * s_inv) * G + (r * s_inv) * pubKey
=106765858465750765076100522084960429065592682877327173698145890404372588967248 ≠r (NOK
)
I'm sure about the implementation of last formula using ecdsa bceause it works with a single input transaction. Thus, the probleme is in the fields and/or their filling.
Regards,
Akaki