Satoshi Signatures

This mini app produces "valid" Satoshi signatures. More specifically, it produces a message hash and a signature that verify when checked against the public key for the genesis Bitcoin address.

Of course this isn't real: I do not possess the private key behind the Bitcoin genesis address! This app constructs a valid hash and associated ECDSA signature with simple math (see details here).

We cannot construct a valid **message** to verify against because it'd require us to find a valid pre-image for that constructed hash. And that would mean breaking sha256.

The lesson here: ECDSA is constructed with a hash function acting as a Random Oracle. If this assumption is violated (in this case, I'm choosing the hash so it's definitely not random!) ECDSA breaks catastrophically; existential forgery attacks become trivial

This is an easy mistake to make when verifying signature. When verifying an ECDSA signature, a verifier **must** compute the message hash themselves. Otherwise they're not verifying anything of value,as this mini-demo demonstrates. I'm clearly not Satoshi!

Coded with:
Architecture made of:
HTML, CSS & JavaScript


Sample signature