How Digital Signatures Work in Bitcoin
  • Hash256
  • Hash160
  • Reverse Bytes

Digital Signatures (Signing & Verifying) Proving that a signature and public key were created by the same private key.


A digital signature has two parts:

  1. A random part.
  2. A signature part (private key + the transaction data we’re creating the digital signature for).

1. Random Part

Start by generating a random number. Then multiply this with the generator point on the elliptic curve (the same generator point used when making public keys):

The random part of our digital signature is the point on the curve that we end up with. But we’ll just take the x-coordinate of it:

We’ll call this “r” for short.

This is basically the same thing as creating a private key and a public key. But here we’re doing it to add a random element to our digital signature.

So now we’ve got half of our digital signature ready, but we haven’t used our private key for anything yet. This is where the second half comes in…

2. Signature Part

First we take our private key, and multiply it with r (the x-coordinate of that random point on the curve we just found).

Next we want to include the thing we want to sign. This is called the message. In bitcoin, the message is the hash of the entire transaction data that contains the output that we want to unlock.

Including transaction hash ties the signature to one transaction (so it can’t be used within a different transaction).

Including transaction hash ties the signature to one transaction (so it can’t be used within a different transaction).

Finally, for good measure, we divide all of this by that initial random number we started with:

And hey presto, we have the vital “signature” part of our digital signature. We’ll call this s for short.

Mr. D Signature.

Mr. D Signature.

Now here’s the fun bit…

If someone asks us to prove that we know the private key for a public key, we can give them our digital signature (r & s) as proof.

But how the hell can someone use this as proof?


To verify that a digital signature was made using a correct private key, the person you give this digital signature to needs to use both parts to find two new points on the elliptic curve:

Point 1

Divide the message by s. The first point is just the generator point multiplied by this value:

Point 2

Divide r by s. The second point is just the public key multiplied by this value:


Now if we add these two points together, we will get a third point on the curve:

And if the x-coordinate of this third point is the same as the x-coordinate of the random point we started with (r), then this is proof that the digital signature was created using the private key connected to this public key.


By Greg Walker,

Last Updated: 24 May 2019
  • 24 May 2019: Added Hashover comment system (basic functionality to test it out)
  • 17 Feb 2019: corrected math for digital signature verifying (divide, not multiply)
  • 26 Nov 2018: Added sub titles to every page.
  • 27 Mar 2018: Added more descriptive titles to be shown in search engines.
  • 24 Mar 2018: Using ampersand in title instead of a plus.
  • 13 Mar 2018: guide/ - renamed all files from .text to .md and removed numerical prefix. Makes it cleaner and makes for easier working with search box.

Hey there, it's Greg.

I'll let you know about cool website updates, or if something seriously interesting happens in bitcoin.

Don't worry, it doesn't happen very often.