book

Mastering Bitcoin, 3rd Edition

by Andreas M. Antonopoulos, David A. Harding

November 2023

Beginner

402 pages

11h 51m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Includes Quizzes

Writing the Bitcoin BookIntended AudienceWhy Are There Bugs on the Cover?Conventions Used in This BookCode ExamplesUsing Code ExamplesChanges Since the Previous EditionBitcoin Addresses and Transactions in This BookO’Reilly Online LearningHow to Contact UsContacting the AuthorsAcknowledgments for the First and Second EditionsAcknowledgments for the Third EditionEarly Release Draft (GitHub Contributions)
History of BitcoinGetting StartedChoosing a Bitcoin WalletQuick StartRecovery CodesBitcoin AddressesReceiving BitcoinGetting Your First BitcoinFinding the Current Price of BitcoinSending and Receiving Bitcoin
Bitcoin OverviewBuying from an Online StoreBitcoin TransactionsTransaction Inputs and OutputsTransaction ChainsMaking ChangeCoin SelectionCommon Transaction FormsConstructing a TransactionGetting the Right InputsCreating the OutputsAdding the Transaction to the BlockchainBitcoin MiningSpending the Transaction
From Bitcoin to Bitcoin CoreBitcoin Development EnvironmentCompiling Bitcoin Core from the Source CodeSelecting a Bitcoin Core ReleaseConfiguring the Bitcoin Core BuildBuilding the Bitcoin Core ExecutablesRunning a Bitcoin Core NodeConfiguring the Bitcoin Core NodeBitcoin Core APIGetting Information on Bitcoin Core’s StatusExploring and Decoding TransactionsExploring BlocksUsing Bitcoin Core’s Programmatic InterfaceAlternative Clients, Libraries, and ToolkitsC/C++JavaScriptJavaPythonGoRustScalaC#
Public Key CryptographyPrivate KeysElliptic Curve Cryptography ExplainedPublic KeysOutput and Input ScriptsIP Addresses: The Original Address for Bitcoin (P2PK)Legacy Addresses for P2PKHBase58check EncodingCompressed Public KeysLegacy Pay to Script Hash (P2SH)Bech32 AddressesProblems with Bech32 AddressesBech32mPrivate Key FormatsCompressed Private KeysAdvanced Keys and AddressesVanity AddressesPaper Wallets
Independent Key GenerationDeterministic Key GenerationPublic Child Key DerivationHierarchical Deterministic (HD) Key Generation (BIP32)Seeds and Recovery CodesBacking Up Nonkey DataBacking Up Key Derivation PathsA Wallet Technology Stack in DetailBIP39 Recovery CodesCreating an HD Wallet from the SeedUsing an Extended Public Key on a Web Store
A Serialized Bitcoin TransactionVersionExtended Marker and FlagInputsLength of Transaction Input ListOutpointInput ScriptSequenceOutputsOutputs CountAmountOutput ScriptsWitness StructureCircular DependenciesThird-Party Transaction MalleabilitySecond-Party Transaction MalleabilitySegregated WitnessWitness Structure SerializationLock TimeCoinbase TransactionsWeight and VbytesLegacy Serialization
Transaction Scripts and Script LanguageTuring IncompletenessStateless VerificationScript ConstructionPay to Public Key HashScripted MultisignaturesAn Oddity in CHECKMULTISIG ExecutionPay to Script HashP2SH AddressesBenefits of P2SHRedeem Script and ValidationData Recording Output (OP_RETURN)Transaction Lock Time LimitationsCheck Lock Time Verify (OP_CLTV)Relative TimelocksRelative Timelocks with OP_CSVScripts with Flow Control (Conditional Clauses)Conditional Clauses with VERIFY OpcodesUsing Flow Control in ScriptsComplex Script ExampleSegregated Witness Output and Transaction ExamplesUpgrading to Segregated WitnessMerklized Alternative Script Trees (MAST)Pay to Contract (P2C)Scriptless Multisignatures and Threshold SignaturesTaprootTapscript
How Digital Signatures WorkCreating a Digital SignatureVerifying the SignatureSignature Hash Types (SIGHASH)Schnorr SignaturesSerialization of Schnorr SignaturesSchnorr-based Scriptless MultisignaturesSchnorr-based Scriptless Threshold SignaturesECDSA SignaturesECDSA AlgorithmSerialization of ECDSA Signatures (DER)The Importance of Randomness in SignaturesSegregated Witness’s New Signing Algorithm
Who Pays the Transaction Fee?Fees and Fee RatesEstimating Appropriate Fee RatesReplace By Fee (RBF) Fee BumpingChild Pays for Parent (CPFP) Fee BumpingPackage RelayTransaction PinningCPFP Carve Out and Anchor OutputsAdding Fees to TransactionsTimelock Defense Against Fee Sniping

Node Types and RolesThe NetworkCompact Block RelayPrivate Block Relay NetworksNetwork DiscoveryFull NodesExchanging “Inventory”Lightweight ClientsBloom FiltersHow Bloom Filters WorkHow Lightweight Clients Use Bloom FiltersCompact Block FiltersGolomb-Rice Coded Sets (GCS)What Data to Include in a Block FilterDownloading Block Filters from Multiple PeersReducing Bandwidth with Lossy EncodingUsing Compact Block FiltersLightweight Clients and PrivacyEncrypted and Authenticated ConnectionsMempools and Orphan Pools
Structure of a BlockBlock HeaderBlock Identifiers: Block Header Hash and Block HeightThe Genesis BlockLinking Blocks in the BlockchainMerkle TreesMerkle Trees and Lightweight ClientsBitcoin’s Test BlockchainsTestnet: Bitcoin’s Testing PlaygroundSignet: The Proof of Authority TestnetRegtest: The Local BlockchainUsing Test Blockchains for Development
Bitcoin Economics and Currency CreationDecentralized ConsensusIndependent Verification of TransactionsMining NodesThe Coinbase TransactionCoinbase Reward and FeesStructure of the Coinbase TransactionCoinbase DataConstructing the Block HeaderMining the BlockProof-of-Work AlgorithmTarget RepresentationRetargeting to Adjust DifficultyMedian Time Past (MTP)Successfully Mining the BlockValidating a New BlockAssembling and Selecting Chains of BlocksMining and the Hash LotteryThe Extra Nonce SolutionMining PoolsHashrate AttacksChanging the Consensus RulesHard ForksSoft ForksConsensus Software Development
Security PrinciplesDeveloping Bitcoin Systems SecurelyThe Root of TrustUser Security Best PracticesPhysical Bitcoin StorageHardware Signing DevicesEnsuring Your AccessDiversifying RiskMultisig and GovernanceSurvivability
Building Blocks (Primitives)Applications from Building BlocksColored CoinsSingle-Use SealsPay to Contract (P2C)Client-Side ValidationRGBTaproot AssetsPayment Channels and State ChannelsState Channels—Basic Concepts and TerminologySimple Payment Channel ExampleMaking Trustless ChannelsAsymmetric Revocable CommitmentsHash Time Lock Contracts (HTLC)Routed Payment Channels (Lightning Network)Basic Lightning Network ExampleLightning Network Transport and PathfindingLightning Network Benefits
Bitcoin - A Peer-to-Peer Electronic Cash SystemIntroductionTransactionsTimestamp ServerProof-of-WorkNetworkIncentiveReclaiming Disk SpaceSimplified Payment VerificationCombining and Splitting ValuePrivacyCalculationsConclusionReferencesLicense
AbstractTransactionsProof of WorkReclaiming Disk SpaceSimplified Payment VerificationPrivacyCalculations

Content preview from Mastering Bitcoin, 3rd Edition

Chapter 8. Digital Signatures

Two signature algorithms are currently used in Bitcoin, the schnorr signature algorithm and the Elliptic Curve Digital Signature Algorithm (ECDSA). These algorithms are used for digital signatures based on elliptic curve private/public key pairs, as described in “Elliptic Curve Cryptography Explained”. They are used for spending segwit v0 P2WPKH outputs, segwit v1 P2TR keypath spending, and by the script functions OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG, OP_CHECKMULTISIGVERIFY, and OP_CHECKSIGADD. Any time one of those is executed, a signature must be provided.

A digital signature serves three purposes in Bitcoin. First, the signature proves that the controller of a private key, who is by implication the owner of the funds, has authorized the spending of those funds. Secondly, the proof of authorization is undeniable (nonrepudiation). Thirdly, that the authorized transaction cannot be changed by unauthenticated third parties—that its integrity is intact.

Note

Each transaction input and any signatures it may contain is completely independent of any other input or signature. Multiple parties can collaborate to construct transactions and sign only one input each. Several protocols use this fact to create multiparty transactions for privacy.

In this chapter we look at how digital signatures work and how they can present proof of control of a private key without revealing that private key.

How Digital Signatures Work

A digital signature consists ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Mastering Blockchain, Fourth Edition - Fourth Edition

Publisher Resources

ISBN: 9781098150082Errata Page

Mastering Bitcoin, 3rd Edition

by Andreas M. Antonopoulos, David A. Harding

Chapter 8. Digital Signatures

Note

How Digital Signatures Work

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Mastering Blockchain, Fourth Edition - Fourth Edition

The Bitcoin Standard

Mastering Ethereum, 2nd Edition

Zero Trust Networks, 2nd Edition

Publisher Resources

Chapter 8. Digital Signatures

Note

How Digital Signatures Work

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Mastering Blockchain, Fourth Edition - Fourth Edition

The Bitcoin Standard

Mastering Ethereum, 2nd Edition

Zero Trust Networks, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.