TeachMeBitcoin

Custom Python Signature Auditor

From TeachMeBitcoin, the free encyclopedia Reading time: 2 min

Custom Python Signature Auditor

In this final guide, we will build a Python script that parses a DER-encoded ECDSA Signature. We will extract the r and s values and check if the signature follows the modern "Low S" standardness rule.

The Signature Auditor

# secp256k1 Curve Order (n)
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

def audit_der_signature(der_hex):
    print(f"--- ECDSA Signature (DER) Audit ---")
    print(f"[*] Raw DER: {der_hex}")

    # 1. Verify Header (0x30)
    if not der_hex.startswith("30"):
        print("[ERROR] Invalid DER header!")
        return

    # 2. Extract r and s
    # This is a simplified parser for educational purposes
    try:
        # Move past 30 [len] 02
        # r_len starts at index 6
        r_len = int(der_hex[6:8], 16) * 2
        r_start = 8
        r_val = der_hex[r_start : r_start + r_len]

        # s starts after r (02 + s_len_byte)
        s_header_index = r_start + r_len
        s_len = int(der_hex[s_header_index + 2 : s_header_index + 4], 16) * 2
        s_start = s_header_index + 4
        s_val = der_hex[s_start : s_start + s_len]

        # Extract sighash (last byte)
        sighash = der_hex[-2:]

        # 3. Perform Integer Conversion
        r_int = int(r_val, 16)
        s_int = int(s_val, 16)

        print(f"[*] r value: {hex(r_int)}")
        print(f"[*] s value: {hex(s_int)}")
        print(f"[*] Sighash: {sighash}")

        # 4. Check for Low S Compliance
        if s_int \u003c= N // 2:
            print("[SUCCESS] Signature is LOW S compliant.")
        else:
            print("[WARNING] Signature is HIGH S (Malleable).")

    except Exception as e:
        print(f"[ERROR] Parsing failed: {e}")

# --- Simulation ---

# Case 1: A standard Low S signature
print("Audit 1:")
sig_low = "3044022012345678123456781234567812345678123456781234567812345678123456780220123456781234567812345678123456781234567812345678123456781234567801"
audit_der_signature(sig_low)

# Case 2: A High S signature (Non-standard)
print("\nAudit 2:")
sig_high = "3044022012345678123456781234567812345678123456781234567812345678123456780220fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036414001"
audit_der_signature(sig_high)

How to Run the Auditor

  1. Ensure you have Python 3 installed.

  2. Copy the code into a file named sig_auditor.py.

  3. Run it using python3 sig_auditor.py.

Technical Takeaways

  1. ASN.1 Parsing: Real-world parsers are more complex as they must handle varying lengths for $r$ and $s$, but the basic structure remains constant.

  2. Sighash Byte: The 01 at the end is technically not part of the DER format itself; it is a Bitcoin-specific addition to tell the VM how to validate the inputs.

  3. Low S Rule: This is a "Standardness" rule. If you send a High S transaction, miners might reject it, even though the math of the elliptic curve says it is valid.

Congratulations! You have completed the Signature (ECDSA r/s format) module. You now understand the mathematical proofs that secure every Satoshi on the network.

Related Articles
☕ Help support TeachMeBitcoin

TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation:

Ethereum: 0x578417C51783663D8A6A811B3544E1f779D39A85
Bitcoin: bc1q77k9e95rn669kpzyjr8ke9w95zhk7pa5s63qzz
Solana: 4ycT2ayqeMucixj3wS8Ay8Tq9NRDYRPKYbj3UGESyQ4J
◄ Previous article (Signature Malleability (Low S)) Next article (Checksums: The Bitcoin Safety Net) ►
Address copied to clipboard!