Skip to main content

Digital Signature | Bitcoin Glossary | Mapping Bitcoin

Digital Signature

Criptografía

A cryptographic proof that the holder of a private key has authorized a transaction without revealing the key itself. Bitcoin uses ECDSA and Schnorr signature schemes to verify that transaction inputs are being spent by their rightful owner.

Overview

Digital signatures are the fundamental mechanism by which Bitcoin owners prove they have the right to spend their funds. When a user creates a transaction, they sign each input with the private key corresponding to the address holding the funds. Nodes and miners verify these signatures before accepting the transaction, ensuring that only the legitimate owner can move their bitcoin.

How It Works

The signing and verification process follows a general pattern:

SIGNING (by the sender):
┌─────────────────────┐
│  Transaction Data   │
│  (inputs, outputs)  │
└────────┬────────────┘
         │
         ▼
┌─────────────────────┐     ┌─────────────┐
│   Hash Function     │ ◄───│ Private Key  │
└────────┬────────────┘     └─────────────┘
         │
         ▼
┌─────────────────────┐
│  Digital Signature   │
│  (r, s values)       │
└─────────────────────┘

VERIFICATION (by every node):
┌──────────────┐  ┌──────────────┐  ┌──────────────┐
│  Signature   │  │  Public Key  │  │  Tx Data     │
└──────┬───────┘  └──────┬───────┘  └──────┬───────┘
       │                 │                 │
       └────────┬────────┘─────────────────┘
                ▼
         ┌──────────────┐
         │  Valid: ✓/✗  │
         └──────────────┘

Signature Types in Bitcoin

ECDSA (Elliptic Curve Digital Signature Algorithm): The original signature scheme used in Bitcoin since launch. ECDSA signatures use the secp256k1 curve and produce signatures of approximately 70-72 bytes. All pre-Taproot transaction types use ECDSA.

Schnorr Signatures: Introduced with the Taproot upgrade in November 2021, Schnorr signatures offer several advantages: they are simpler mathematically, provably secure under standard assumptions, support native key and signature aggregation, and are always exactly 64 bytes. Schnorr signatures are used in Pay-to-Taproot (P2TR) outputs.

Sighash Flags

When signing a transaction, the signer can choose which parts of the transaction data the signature covers using sighash flags:

  • SIGHASH_ALL (default): Signs all inputs and outputs
  • SIGHASH_NONE: Signs all inputs but no outputs
  • SIGHASH_SINGLE: Signs all inputs and only the output at the same index
  • SIGHASH_ANYONECANPAY: Can be combined with the above; signs only one input

Common Misconceptions

  • Digital signatures do not encrypt anything. They provide authentication and integrity but not confidentiality.
  • The private key is never transmitted or embedded in the transaction. Only the signature and public key are included.
  • Each signature is unique to the specific transaction data being signed, so a signature cannot be reused for a different transaction.

Términos Relacionados

SignatureCriptografía

A cryptographic proof produced using a private key that demonstrates authorization to spend specific bitcoin. Bitcoin currently supports ECDSA and Schnorr signature schemes, both of which can be verified by anyone using the corresponding public key.

Schnorr SignatureCriptografía

A digital signature scheme activated on Bitcoin through the Taproot upgrade (BIP340). Schnorr signatures are mathematically simpler and more efficient than ECDSA, and their key property of linearity enables signature aggregation (MuSig), improving privacy and scalability.

Elliptic Curve Cryptography (ECC)Criptografía

A public-key cryptography system based on the algebraic structure of elliptic curves over finite fields. Bitcoin uses the secp256k1 curve to generate key pairs and create digital signatures that prove ownership of funds.

Key PairCriptografía

A mathematically linked pair of cryptographic keys: a private key (kept secret) used to sign transactions and a public key (shared openly) used to verify signatures and derive addresses. The private key can generate the public key but not vice versa.