BEGINNER_DOC_005 // BEGINNERS / DIGITAL-SIGNATURES
DIGITAL
SIGNATURES
SIGNATURES
A signature/">digital signature is the cryptographic proof that you authorized a transaction.
Only the holder of the private key can create a valid signature — but anyone can verify it using
the corresponding public key. This is how Bitcoin eliminates the need for a trusted bank to authorize payments.
THE_REAL_WORLD_ANALOGY
TRADITIONAL SIGNATURE (PHYSICAL)
You sign a cheque with your handwritten signature.
The bank recognizes your signature and processes the payment.
Problem: signatures can be forged. Banks must store and verify samples.
VS
DIGITAL SIGNATURE (BITCOIN)
You sign a transaction with your private key (a secret number).
Anyone can verify the signature using your public key.
Mathematically impossible to forge without the private key.
No trusted verifier needed — the math is the bank.
HOW_SIGNING_WORKS
Step 1 — Signing
PRIVATE KEY
To spend bitcoin, you create a transaction and sign it with your private key. The signature
is mathematically derived from both your private key AND the transaction data.
Inputs to the signing function:
1. Your private key (secret — proves you own the funds)
2. Transaction hash (the specific transaction being authorized)
3. Random nonce k (adds unpredictability)
Output:
Signature (r, s) (two 32-byte numbers in DER format)
The signature is unique to this exact transaction. The same private key signing a different transaction produces a completely different signature.
Step 2 — Verification
PUBLIC KEY
Every node on the network independently verifies your signature using only your public key.
They never need to know your private key — the math proves it.
Inputs to the verification function:
1. Public key (derived from your private key, shared openly)
2. Transaction hash (the exact same transaction data)
3. Signature (r, s) (from the ScriptSig or Witness)
Output:
TRUE → valid signature, transaction accepted ✓
FALSE → invalid signature, transaction rejected ✗
Nodes verify signatures without any communication with you. Bitcoin requires no accounts, no identity checks — just math.
SIGNATURE_TYPES_IN_BITCOIN
ECDSA — Elliptic Curve Digital Signature Algorithm
LEGACY
Used in P2PK, P2PKH, P2SH, P2WPKH, P2WSH outputs. The original signature scheme used since Bitcoin's launch in 2009.
Signature size: 71–73 bytes (DER encoded)
Curve: secp256k1
Used in: All legacy and SegWit v0 outputs (P2PKH, P2SH, P2WPKH, P2WSH)
TAPROOT (2021)
Introduced with Taproot (BIP 340/341). Simpler, more efficient, enables key aggregation for multi-party signatures that look identical to single-key signatures.
Signature size: 64 bytes (more compact than ECDSA)
Curve: secp256k1 (same as ECDSA)
Used in: P2TR outputs (Taproot)
Bonus: Multiple signers can combine into one signature (MuSig2)
Schnorr signatures improve privacy (multisig looks like single-sig on-chain) and efficiency (batch verification is faster).
ONLY THE PRIVATE KEY CAN SIGN
ANYONE WITH THE PUBLIC KEY CAN VERIFY · NO TRUSTED THIRD PARTY REQUIRED
KEY_PROPERTIES_OF_DIGITAL_SIGNATURES
CANNOT BE FORGED
Without the private key, it is computationally impossible to produce a valid signature.
Breaking ECDSA would require solving the elliptic curve discrete logarithm problem.
TIED TO THE TRANSACTION
A signature commits to the specific transaction it signs. You cannot reuse
a signature from one transaction for another — each is unique to the exact message signed.
TERMINOLOGY_INDEX
Private Key
The secret number used to create signatures. The only way to authorize spending.
Public Key
Derived from the private key. Shared publicly. Used to verify signatures.
Signature
Cryptographic proof that the private key holder authorized a specific transaction.
ECDSA
Elliptic Curve Digital Signature Algorithm. Bitcoin's original signature scheme. Used in legacy outputs.
Schnorr
Newer signature scheme used in Taproot. Smaller, more efficient, supports key aggregation.
secp256k1
The specific elliptic curve Bitcoin uses for both ECDSA and Schnorr signatures.
DER Format
Distinguished Encoding Rules. The serialization format for ECDSA signatures in Bitcoin Script.