How Would you go about to Verify a Transaction signature?

[bmatusiak]

How can you Verify a Transaction in a block?

for example if i receive a transaction (lets say in HEX)

how would i know the transaction is signed by the owner?

[junderw]

1. Bitcoin Core does that for you.
2. Verifying the signature is important, but verifying that the bitcoin it is signing for actually existed at the time of the block is equally, if not much more, important.
3. Verifying a signature and verifying the unlocking script are two different things.

Running your own Bitcoin node and grabbing the transaction from that node will solve all those problems.

---

That being said, what is your use case? Do you really want just the signature validation? or do you want to verify the unlocking script? are you just trusting someone that those Bitcoin exist? then why not trust them that the unlocking script is valid?

[bmatusiak]

im writing my own validator style blockchain dapp ,

so lets pretend im building bitcoin-core in nodejs,

if i recieve a TX, and i decode it into the Transaction object.. what would be the best practice to verify the the TX. before checking the blockchain, so i can insert to proposed list of transactions to be mined/hashed into a block

should i be check the unlocking script or the Signature or both

i could be misunderstanding or misleading the question.. so here is another example

if i get a TX from a node.. before i just pass it along i would test it... the ins to the outs if i where a static function i would be something like Transaction.checkTx( this.ins,this.outs ) == true

[junderw]

so lets pretend im building bitcoin-core in nodejs,

There is a project like that called bcoin https://github.com/bcoin-org/bcoin . They are a fully validating node, whereas this library is mostly for wallet creation and management.

so i can insert to proposed list of transactions to be mined/hashed into a block

I highly recommend using Bitcoin Core's getblocktemplate (https://en.bitcoin.it/wiki/Getblocktemplate) check "How to use it" and "For developers"

The reason why you want to use the software that most nodes on the network are using. One little tiny mistake in your program that makes it even a tiny bit different from Bitcoin Core could cost your miners a lot of money.

Also, in order to check if a tx is valid, you need the current UTXO set. In order to get the current UTXO set, you need to validate every block from the genesis block up to current.

In which case, you should use Bitcoin Core and get the info from getblocktemplate.

[bmatusiak]

i totally understand this is for wallet management.. but take this into perspective...

lets say i write a tx to file, and a few days later i want to send it, but i first want to check to make sure the tx was sign properly as per the correct addresses.. is that possible with this library? it seems like it is all there and im missing something. i noticed there is bitcoinjs-message that can sign and verify messages.. i was thinking it would be the same way with transactions

[junderw]

lets say i write a tx to file, and a few days later i want to send it, but i first want to check to make sure the tx was sign properly as per the correct addresses..

From v0.17.0 Bitcoin Core has an RPC method called testmempoolaccept which will tell you whether the transaction would be accepted into the mempool (which means it is both validation compliant and standardness-compliant... aka, the bitcoin exists and all unlocking scripts are valid, and all signatures are valid)

Please do no write your own validation code for transactions. It is dangerous and people can and will lose money.

There are some round-about ways you could do it using bitcoinjs-lib, but verifying a message and verifying a transaction are extremely different. One can cause you to lose money, the other can't.

to make sure the tx was sign properly as per the correct addresses

addresses don't sign. and what do you mean "correct?" If you verify the signatures and the outputs are correct, why would you care which address the funds are from? Caring which UTXO was used, I can understand.

Checking outputs might be useful, but tbh, if someone was able to sign with your key, they won't just leave a signed theft transaction on your disk and wait for you to accidentally send it... they will send it themselves, immediately...

I am not understanding what exactly you want to do and what threat model you are trying to defend from... If you can explain this in detail without being vague, I can help you better.

[bmatusiak]

i don't know how straight forward i could have been,

im writing my own validator style blockchain dapp so lets pretend im building bitcoin-core in nodejs

i wasn't being majestic about it, honestly that is what im doing, creating my own blockchain to simply have fun in the office with my co-workers and i wanted a touch of bitcoin flavor to it. and brings me to learn some inner workings of bitcoinjs-lib and bitcoin itself. so found this lib and i raised a question.. " if i create a transactions how could i quick check the transactions signatures"

But i don't want to give out the idea behind the blockchain because there is no real value in it.. unless there is., i hope you understand that part.. and if it is.. i will simply create a white paper under a pseudo name, fork some flavor of a crypto, pump up a community and say to the moon.

and being vague is not what i was trying to be, i know thats impolite

so do you think i still need to keep digging around in the source to see what im looking for or missing.. or just write my own validation code for transactions or make my own tx logic . but if i do, i will just end up filling the blockchain with heavy encoded data, and i dont want to do that.

for reference im including mining in my experimental blockchain , and if i stick to the Block and Transaction schema i wont have to rewrite stratum block header building logic ,

i guess i was asking about which UTXO was used and the unlocking scripts

Please do no write your own validation code for transactions. It is dangerous and people can and will lose money.

i never said i would apply this to money. but the idea could have that effect

There are some round-about ways you could do it using bitcoinjs-lib

is what i was inquiring about. i dont mind digging into bcoin i just figured there was a trick if i used this lib

[junderw]

I never said i would apply this to money.

The default assumption when dealing with a library that handles bitcoin is that someone will use this with real money and could possibly lose money. Without that default assumption many open source developers could potentially be liable for those losses depending on what jurisdiction and how much money they have (it takes little effort for a lawyer to find some reason to sue you just to punish you by making you pay lawyer fees... these are called SLAPP suits). Even though MIT license covers the code, advice on the issues of the repository are not necessarily covered by such protections.

creating my own blockchain to simply have fun in the office with my co-workers

I would recommend using bcoin for the transaction validation, peer-2-peer, and other operations of the node and use our library for wallet management. (Generating addresses, keys, creating transactions for broadcasting etc.)

[hel-o]

Latest version of bitcoin core has wallet management RPC, do you think there is a trade off for switch to use it? I mean if I migrate from bitcoinjs-lib to bitcoin core

[junderw]

Bitcoin Core wallet RPC is not very versatile. If you are creating a wallet in JS, bitcoinjs-lib will most likely be a requirement for development.