What does a digital signature prove?

A digital signature cryptographically proves you authorized a specific message (transaction) using your private key.

Can you copy a signature from one transaction to another?

Signatures are unique to each transaction. Copying a signature to a different transaction would fail verification.

Who can verify a Bitcoin signature?

Anyone can verify a signature using the public key—this enables trustless verification.

What did Schnorr signatures improve?

Schnorr signatures (Taproot) are more efficient, enable signature aggregation, and improve privacy.

Digital Signatures

9 min readarticleIncludes quiz · 4 questions

Digital signatures are how you prove you authorized a Bitcoin transaction. Like a handwritten signature, but impossible to forge and mathematically verifiable. Anyone can check a signature is valid, but only you can create it with your private key.

What is a Digital Signature?

•Definition: Cryptographic proof that you authorized a message (like a transaction) using your private key.
•Purpose: Proves authenticity and prevents tampering without revealing your private key.
•Components: Signature = f(private key, message). Verification = f(public key, message, signature).
•Properties: Unforgeable, non-repudiable (can't deny you signed it), verifiable by anyone.

How Digital Signatures Work:

Signing (by sender): 1. Hash the message (transaction) to get a fixed-size digest. 2. Use your private key and the hash to create a signature (ECDSA in Bitcoin). 3. Attach the signature to the transaction. 4. Broadcast the transaction + signature to the network.

Verification (by everyone else): 1. Receive the transaction, signature, and public key. 2. Hash the transaction. 3. Use the public key to verify the signature matches the hash. 4. If valid, you know the private key holder authorized it. 5. If invalid, reject the transaction.

Key Definitions:

•ECDSA: Elliptic Curve Digital Signature Algorithm—Bitcoin's original signing method.
•Schnorr signatures: A newer, more efficient signature scheme (added in Taproot 2021).
•Message hash: A fixed-size fingerprint of the transaction data (created with SHA-256).
•r and s: The two components of an ECDSA signature.
•Nonce: A random number used once in signature generation (must be truly random or security breaks).
•DER encoding: How Bitcoin encodes signatures in transactions.

Why Signatures Are Secure:

•Private key stays private: You never reveal your private key; the signature proves you have it without showing it.
•Unique to message: Each signature is tied to a specific transaction. You can't copy a signature to authorize a different transaction.
•Unforgeable: Without the private key, creating a valid signature is computationally infeasible (would take longer than the age of the universe).
•Public verification: Anyone with your public key can verify the signature, ensuring transparency.
•Non-repudiation: Once signed, you can't deny you authorized it.

Signature in a Bitcoin Transaction:

When you spend Bitcoin:

1. Create transaction: Specify inputs (coins you're spending) and outputs (where they're going). 2. Hash transaction: Bitcoin hashes the transaction data. 3. Sign hash: Use your private key to sign the hash. 4. Include signature: Add signature to the transaction. 5. Broadcast: Send the signed transaction to miners. 6. Miners verify: Check the signature is valid using your public key. 7. Confirmed: If valid, transaction is included in a block.

ECDSA vs Schnorr:

ECDSA (Original)

•Used since Bitcoin's launch
•Well-tested and proven secure
•Larger signatures
•Each input needs its own signature

Schnorr (Taproot upgrade, 2021)

•More efficient (smaller signatures)
•Enables signature aggregation (multiple signers → one signature)
•Better privacy (complex scripts look like simple payments)
•Linear math (easier to work with)

Common Signature Vulnerabilities (and How Bitcoin Avoids Them):

•Nonce reuse: Using the same random nonce twice leaks your private key. Bitcoin implementations use deterministic nonces (RFC 6979).
•Weak randomness: Poor random number generation can leak keys. Hardware wallets use secure RNGs.
•Side-channel attacks: Timing or power analysis can leak keys during signing. Hardware wallets have protections.
•Signature malleability: Attackers could modify signatures without invalidating them. SegWit fixed this in 2017.

Why This Matters:

•No chargebacks: Once you sign and broadcast, the transaction is final (after confirmations).
•No middlemen: You don't need a bank to authorize your transactions—your signature is the authorization.
•Auditability: Anyone can verify all signatures in Bitcoin's history are valid.
•Security: Your coins are only as secure as your private key. Guard it carefully.

Test Your Knowledge

This lesson includes a 4-question quiz (passing score: 75%).

Quiz functionality available in the mobile app.