Signing and Verifying Messages on the Blockchain
Questions About Address Ownership
A bitcoin address has a hash of a public key with a paired private key. While this is a concept very familiar to developers, especially those who work in cryptography or a blockchain, an average user might get confused when signing and verifying messages. The public address can be given out for people to send bitcoin to and receive bitcoin from. The private portion, however, should be maintained secretly by you or a trusted source. The public addresses do not contain any personally identifying information, such as a user’s name or identity. While you could check that a private key matches a particular public key, you should never disclose this to avoid fraudulent transactions or electronic identity theft. How, then, do you prove that you own an address?
Signing and Verifying Messages
You can electronically ‘stamp’ your identity on a message by adding a signature. With a given input (we call this a plaintext message) such as: “I verify that No Rest Labs was has ownership of the address the_address_I_signed_with_here at 2018-03-28T08:51:22+00:00 – 35ff633770e47e084c50c547247404518a844c07d3a314630648bfc7d65f0d67”. A good plaintext message is often significantly long, with unique and changing components such as a date or random string to avoid susceptibility to attack. The result can often be encoded to a long string of letters, numbers, and symbols for verification. Once the signing process is done, it might be sent to a user you wished to verify your identity to in a format like:
—– BEGIN SIGNED MESSAGE —– Signed message
—– BEGIN BITCOIN SIGNATURE —– Signature here
—– END SIGNATURE —–
A user can run a verification, passing in the address that performed the signature, the signed message, and the plaintext message. If it completes successfully, address ownership has been verified, as only the private key could be used to generate the signature paired with that address.