Bitcoin explained like an onion, Part 3: How to make a digital signature
We need a way to be sure someone wanted a transaction on the blockchain to happen. This next layer of the onion is about how to digitally sign a Bitcoin transaction.
The most important bit is that each owner of a Bitcoin has a secret key like a password. That key is used when signing transactions. Anyone who has that key can therefore spend that person’s Bitcoins.
This is part three of a multi-part series, which explains bitcoins in steps, like peeling an onion. Start by reading part one about money, then part two about how transactions are chained together.
Remember our block chain of transactions?
Previously in part two of this series, we worked out how to let two people transact money without a bank. We had publicly available transaction slips which were each signed by the person giving the money:
The idea of a signature on paper is that only one person can make a particular signature…AND the piece of paper that they sign is regarded as unchanged once they sign it, unless it’s been tampered with — which we hope we would notice. We can also recognise a signature as being correct, not forged.
Digital signatures have the same idea, but the implementation has to be different.
Think about it. In our transaction slips above, there’s a unique signature for the person giving the money. If these slips are digital pictures, how do we know if the signature hasn’t just been copied and pasted from somewhere else? We don’t.
While we’re at it, we also don’t know if the details of the transaction have changed. It might have been a transaction for $4 before, but Tom changed it to $5. Or maybe Bill wanted the money, and put his name in. We wouldn’t know.
Enter James Bond.
You know how in spy movies, there’s always secret ciphers? The orders for the agent are combined with a secret cipher, to make a secret code. Often, that code is quite short, but it represents a bigger message.
That’s called cryptography, and we’re about to use it. Have a look below.
Jane has a secret key, like a very good, very long password, that only she knows, and it’s unique to her.
The transaction slip on the left is combined with her secret key in a black box of cryptography. The black box gives us a short piece of gobbledygook code, which I’m now telling you is a signature.
In practice, this gobbledygook signature is a lot longer than three letters. But the point is, a very long document (enormous, if you want) is reduced down to a short string of letters and numbers.
This signature is attached to the transaction, so we call it a signed transaction.
I’m betting you’re wondering how on earth the gobbledygook could be useful as a signature.
It’ll make sense in a minute. The cryptography black box can do things with the signature that let us know if it’s valid.
In case you’re wondering, you can’t practically work out what Jane’s secret key is from the signature. You could throw a whole heap of different secret keys at the black box with a known signed transaction, and hope that you get Jane’s corresponding signature. If you got that signature, it would mean you had found her secret key. But because Jane’s secret key is really long, and the cryptography is really, really clever, it would take you a really, really, really long time.
Let’s step back and recall the idea of signing.
Remember, just earlier we thought about what a signature on paper means:
- it’s unique to one person
- once the document has been signed, it cannot change
- we are able to verify that the signature is correct.
We’re halfway there already. Let’s start with the unique bit.
A digital signature is unique to a person.
I’ll give an example. Let’s say Tom signs the transaction of the $5 from Jane to himself:
See how the signature is different? Same transaction, different secret key, different signature.
It works the other way too: A different transaction with the same key will produce a different signature.
Now our signed transactions look like this:
The valid one is the one that Jane signed. But how do we know which one that is?
Validating digital signatures
If the transactions above were signed on paper, you could just look at the signatures and verify it by recognising Jane’s signature. But Jane’s digital signature is going to look different for every transaction.
The cryptography black box lets us verify a signature digitally, just in a different way.
To help us verify her signatures, Jane has a second key. It’s also like a very good password — she’s the only one who has this particular key. But it’s not a password, because she lets anyone know what it is. It’s called her public key.
Jane’s public key is related to her secret key, but you can’t work out what her secret key is from her public key. Because they’re related, they’re called a key pair.
We use Jane’s public key to check if a signature belongs to her:
Looks like the xyz signature belongs to her. Let’s try with Tom’s signature, but still Jane’s public key:
Nope, doesn’t work, it’s not her signature.
At this point, you’re going to have to believe me that the cryptography black box knows how to do this. (If you want mind bending details, there are links at the end of this article.)
What about changing the transaction?
I simplified things a bit in the last example. Usually, you test the signature and the transaction together. Then you know the right person signed the transaction, and that the transaction has not been tampered with.
Here we go:
We used Jane’s public key to confirm that she did want to transfer the $5 to Tom.
But what if Bill comes along and tries to make a fraudulent transaction? He thinks he’s being clever, and copies Jane’s signature from a previous signed transaction:
Sorry Bill, that doesn’t work.
Remember how we used both Jane’s private key and the transaction to make the signature?
The signature is like a summary of the transaction, even if we can’t read it.
If the transaction is changed after the signature is made, even in the tiniest detail, the signature will fail verification.
That’s enormously useful. In real life, transactions have a lot of handy things like the date and time, an ID number. None of those details can be changed after the signature is made.
How’s it used on Bitcoin’s Blockchain?
That was a lot of detail. Here’s how we can use it in the blockchain we worked out in part two.
Now we have a blockchain of signed transactions. Each person can trust the blockchain, as the signatures can be verified, as we found above.
Just to keep you on your toes, people can have multiple wallets (like bank accounts). Each wallet has a unique key pair associated with it. You have to use the correct keys for each wallet.
Well done. That was some tricky ground to cover.
But who’s going to do the checking?
Would you be upset if I pointed out to you there’s still a problem?
If there’s just a few signed transactions, you could confirm all the transactions are valid yourself. But if there are millions of transactions, you won’t be able to.
How can we trust the block chain? Someone needs to confirm all the transactions. Read the next part in this series to find out how Bitcoin confirms thousands of transactions at once.
Extra: Gory details about the cryptography black box.
This is a simplified explanation of what’s called Public Key Cryptography. For more about it, Wikipedia has a good summary article.
If you need even more, and can handle enormous equations with a lot of greek symbols, Chapter 8 of Applied Cryptography will tell you exactly how it’s done.