ECDSA Signature Verification in Script


We have implemented ECDSA signature verification algorithm in Script. It can verify if an arbitrary message is signed by a private key corresponding to a given public key, while OP_CHECKSIG can only verify signatures when the message is the current spending transaction¹. Surprisingly, this is done without introducing any new opcode such as OP_DATASIGVERIFY (aka, OP_CHECKDATASIG) on BCH.


Elliptic Curve Digital Signature Algorithm (ECDSA)

ECDSA is the algorithm used in Bitcoin for signature generation and verification. The verification algorithm is listed below.

ECDSA Signature Verification


We have implemented the algorithm as shown below, using the elliptic curve library we released before.

First, we need to extract r and s components from the signature, which is encoded in DER format. Since they are big-endian, we have to convert to little-endian, which is how data is encoded in Script/sCrypt.


After r and s are retrieved, we simply run the standard ECDSA verification algorithm.

ECDSA Contract

[1] More precisely, it verifies signature against sighash.

sCrypt Inc ( is a company with a mission to provide integrated on-chain smart contracting solutions using the original BitCoin Protocol on BSV