Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could someone please clarify the connection between the wallet:

1Q2TWHE3GMdB6BZKafqwxXtWAWgFt5Jvm3

And the signature:

HM7vpPSUbNsfDHRX6gv8xxWcVNHEc/3pOk0YrVehaGoUdbWizznfzOdELkLd1EjSXsW1oE5vHAkNAPzrAVzhuoI=

how do we know that the two are connected? (I'm guessing one of them hashes to the other.)



I know next to nothing about the internals of bitcoin, but based on a high-level understanding of public key cryptography:

- 1Q2TWHE3GMdB6BZKafqwxXtWAWgFt5Jvm3 is the wallet address but can also be thought of as a public key. The owner of the wallet also has a private key corresponding to that public key.

- HM7vpPSUbNsfDHRX6gv8xx...[etc] is a cryptographic signature generated by signing an arbitrary message using a private key. To generate the signature, you need the plain text of the message, and a private key. To "verify" the signature (i.e., confirm that it was generated by the private key you expect), you only need the message and the public key (or the wallet address, in this case).

- Shkreli claims (and it has indeed been confirmed) that the signature he posted is valid for the message and the wallet address. In other words, someone in possession of the private key for the wallet in question, has signed the message given using that private key.

What I don't understand is where the signature came from -- I do see a Jan 2009 transaction involving that address on various blockchain explorers, but that particular signature is nowhere to be found. This could absolutely just be me not understanding how all of this works, but in order for this to be "really big news" I think you'd have to show proof that the signature given was posted with the transaction back in 2009. Otherwise, it just means that Hal Finney's wallet is compromised and someone has been signing random messages with it.


> What I don't understand is where the signature came from -- I do see a Jan 2009 transaction involving that address on various blockchain explorers, but that particular signature is nowhere to be found. This could absolutely just be me not understanding how all of this works, but in order for this to be "really big news" I think you'd have to show proof that the signature given was posted with the transaction back in 2009. Otherwise, it just means that Hal Finney's wallet is compromised and someone has been signing random messages with it.

This.


Furthermore we know that the wallet spent coins in 2017, three years after Hal's death. Someone other than Hal had (has?) access to the private key for that address.


However, I couldn't find this signature:

HM7vpPSUbNsfDHRX6gv8xxWcVNHEc/3pOk0YrVehaGoUdbWizznfzOdELkLd1EjSXsW1oE5vHAkNAPzrAVzhuoI=

... anywhere on the blockchain:

https://www.blockchain.com/explorer/search?search=HM7vpPSUbN...

Why not?

Update: I get it now. It doesn't have to have been on the blockchain. It's just a message that was signed with a private key, and...., using Hal Finney's public key (wallet address), the message, and the message signature, we can confirm that it was signed by Hal Finney's private key.


You can sign a message without broadcasting it . This message could have been created an hour ago for all we know.


You can verify the signature along with the public key and the message: https://www.bitcoin.com/tools/verify-message/


When you run signature verification on that text with that signature and that address, it checks out. It wouldn't otherwise. The text links the two.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: