pull down to refresh
0 sats \ 0 replies \ @btc101 3 May 2024 \ on: I own 100% of the channels offering negative inbound fees lightning
You may open a channel to my node.
https://amboss.space/node/028803c6dd88596c7cf92566a641f7fb62cc848f525ab0bd5d72b6856fc71a44a9
Running lnd v0.18
The step-by-step guide mentioned in original post contains good enough info. The usage of the term "sighash" in original post seems to be incorrect. The appearance of "sighash" in the guide is what sighash usually mean.
To spend P2WPKH UTXO, the signature required is on the 10 items shown in Section 4.
Just before Section 4.1.1, it lists out the exact message to be signed.
02000000 99197e88ff743aff3e453e3a7b745abd31937ccbd56f96a179266eba786833e6 82a7d5bb59fc957ff7f737ca0b8be713c705d6173783ad5edb067819bed70be8 9cb872539fbe1bc0b9c5562195095f3f35e6e13919259956c6263c9bd53b20b7 01000000 1976a914594c2e3da92d1904f7e7c856220f8cae5efb556488ac 5424000000000000 ffffffff f3ae23c3fd63a2e0479888f95c7a8ab221b20add6ac819e9d8953edd1a0cd924 00000000 01000000
Double SHA-256 the above and you get
4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2
Assuming you use libsecp256k1, this is the byte array msghash32 for secp256k1_ecdsa_sign and secp256k1_ecdsa_verify.
48 is at offset 0, a2 is at offset 31.
In ECDSA page of Wikipedia, there is a mention of e=HASH(m). In signing P2WPKH spend, e=double_sha256(10 items). This means
e=4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2
48 is most significant byte, a2 is least significant byte.
The following checks out as valid ECDSA signature.
seckey=26f85ce8b2c635ad92f6148e4443fe415f512f3f29f44ab0e2cbda819295bbd5 pubkey=02 5972a1f2532b44348501075075b31eb21c02eef276b91db99d30703f2081b773 msghash32=4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2 signature(DER)=3045022100f8dac321b0429798df2952d086e763dd5b374d031c7f400d92370ae3c5f57afd0220531207b28b1b137573941c7b3cf5384a3658ef5fc238d26150d8f75b2bcc61e7
One potential confusion might arise on the signature shown in guide is because it is not deterministic and thus not reproducible.
If you use libsecp256k1 which follows RFC6979 to sign, the signature would be
r=808b91ed95d3756affdb964d685bac231ff8b48a2da209824dbe5e9dcfda5e0a s=1bee96f19c7153b89a5c0766f66df46fda4e078fd4b7704d879841b554379e7a
which is also valid.
GENESIS