Author

Topic: 1VayNert throwing away BTC (Read 3507 times)

administrator
Activity: 5222
Merit: 13032
December 17, 2011, 04:38:30 AM
#16
theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.

Probably that is always better than AES encryption.
full member
Activity: 129
Merit: 118
December 17, 2011, 12:22:24 AM
#15
theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.
donator
Activity: 532
Merit: 501
We have cookies
December 16, 2011, 09:09:36 PM
#14
Finally redeemed :)
The new TX wasn't even considered strange by the network.

http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e#o2
donator
Activity: 532
Merit: 501
We have cookies
November 21, 2011, 02:40:56 PM
#13
Would be nice to test for zeroes with OP_LESSTHAN which is allowed, but it's limited to 32 bits only, just as OP_DIV and OP_RSHIFT (both are disabled) :(

Sadly most useful ops are either disabled or crippled by 4 bytes limit.

Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?
No, OP_WITHIN is limited to 32 bit numbers, so it can only work within 0x000000 and 0xFFFFFFFF, a maximum subset is 4 294 967 295 of sha256's output space (around ~0.0000000000000000000000000000000000000000000000000000000000000000000037%)
(not sure about that)
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 21, 2011, 01:50:48 PM
#12
Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?
administrator
Activity: 5222
Merit: 13032
November 21, 2011, 01:31:53 PM
#11
Doesn't Eligius accept non-standard scripts? Or is this really non-standard?

They would end up on a different network if they accepted this. The network doesn't recognize OP_SUBSTR anymore, and OP_EVAL isn't implemented yet (though it is planned).

The script I gave is inferior in every way that I can think of to just including an AES-encrypted private key with a standard transaction. I just wanted to illustrate the concept. Possibly there are better ways of doing transaction proof-of-works, though. Maybe you could do it by making public only parts of public keys, signatures, or private keys. It could certainly be better than AES encryption if there was a script op that output a hash of the non-Script parts of transactions: then you wouldn't have to use OP_CHECKSIG at all.

My script could be improved by leaving out the private key and having everyone use the same known keypair. Then it's only a little bigger than the encrypted-private-key method.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 21, 2011, 01:05:35 PM
#10
Doesn't Eligius accept non-standard scripts? Or is this really non-standard?
donator
Activity: 532
Merit: 501
We have cookies
November 21, 2011, 11:21:18 AM
#9
What do you mean by adding proof-of-work to the script ?
Like this (using some disabled/not-yet-implemented Script features):
...
With this, you need to do some "mining" after changing the transaction to make it valid.
Wow, that's really cool :)
Sadly it can't be used because of disabled ops...
administrator
Activity: 5222
Merit: 13032
November 21, 2011, 11:14:07 AM
#8
What do you mean by adding proof-of-work to the script ?

Like this (using some disabled/not-yet-implemented Script features):
Code:
ScriptSig: password { [sig] [nonce] OP_DROP }

ScriptPubKey:
//give out the private key
[private key] OP_DROP

OP_3DUP OP_DUP

//check that scriptSig takes expected form
0 1 OP_SUBSTR 72 OP_EQUALVERIFY
73 1 OP_SUBSTR 4 OP_EQUALVERIFY
77 1 OP_SUBSTR { OP_DROP } OP_EQUALVERIFY
OP_SIZE 79 OP_NUMEQUALVERIFY

//check that the hash of scriptSig starts with many zeroes. This is indirectly a hash of the entire
//transaction, since the signature is on a hash of the transaction
OP_HASH256 0 10 OP_SUBSTR 0x00000000000000000000 OP_EQUALVERIFY

//verify signature
OP_EVAL
[pubKey] OP_CHECKSIGVERIFY

//check the password
OP_HASH256 [password hash] OP_EQUAL

({} denotes that something is in a string, not part of the script proper.)

With this, you need to do some "mining" after changing the transaction to make it valid.
legendary
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
November 21, 2011, 11:09:24 AM
#7
Learning a lot.  Thanks.
donator
Activity: 532
Merit: 501
We have cookies
November 21, 2011, 07:24:33 AM
#6
Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.
What do you mean by adding proof-of-work to the script ?
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 20, 2011, 08:55:09 PM
#5
That makes sense.

Also, all those transactions* seem to have the same password, too, so he would need to spend all of them at the same time.

*At least the two examples posted. 2 is a representative data sample, no?
administrator
Activity: 5222
Merit: 13032
November 20, 2011, 08:30:48 PM
#4
I'd guess the OP_DROP data is salt for the password.

Spends of these transactions could be intercepted and hijacked by miners. It would be better to do a regular public key transaction and attach the private key as AES-encrypted OP_DROP data. Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 20, 2011, 08:13:51 PM
#3
Output script:
Code:
04678afd04678afd OP_DROP OP_SHA256 894eeb82f9a851f5d1cb1be3249f58bc8d259963832c5e7474a76f7a859ee95c OP_EQUAL
So as far as I understand it:
It drops this first string (04678afd04678afd) from the stack, so ignore that. Then it hashes (SHA256) the next thing on the stack, which would be in the input script you use. Then that should be equal to the 89...95c part.

So basically these outputs can be claimed by a password.
legendary
Activity: 1652
Merit: 2216
Chief Scientist
November 20, 2011, 01:18:21 PM
#2
They're not throwing away 0.01 BTC, they just haven't redeemed them yet-- they're using valid-but-strange transactions.
legendary
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
November 20, 2011, 11:35:46 AM
#1
Dear 1VayNert

It appears that you may have a bug in your transactions that is causing you to throw away 0.01 BTC on each transaction.  Thought you would like to know.

Example here:  http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e

and http://blockexplorer.com/tx/8c8baf2e0529c0193ad3a583306a16fcc3e9cd271ba625e12bfd74261a46ad7c
Jump to: