1VayNert throwing away BTC | Bitcointalksearch.org

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: sebastian on December 16, 2011, 11:22:24 PM

theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.

Probably that is always better than AES encryption.

sebastian

full member

Activity: 129

Merit: 119

theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.

DeepBit

donator

Activity: 532

Merit: 501

We have cookies

Finally redeemed :)
The new TX wasn't even considered strange by the network.

http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e#o2

DeepBit

donator

Activity: 532

Merit: 501

We have cookies

Would be nice to test for zeroes with OP_LESSTHAN which is allowed, but it's limited to 32 bits only, just as OP_DIV and OP_RSHIFT (both are disabled) :(

Sadly most useful ops are either disabled or crippled by 4 bytes limit.

Quote from: BTCurious on November 21, 2011, 12:50:48 PM

Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?

No, OP_WITHIN is limited to 32 bit numbers, so it can only work within 0x000000 and 0xFFFFFFFF, a maximum subset is 4 294 967 295 of sha256's output space (around ~0.0000000000000000000000000000000000000000000000000000000000000000000037%)
(not sure about that)

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: BTCurious on November 21, 2011, 12:05:35 PM

Doesn't Eligius accept non-standard scripts? Or is this really non-standard?

They would end up on a different network if they accepted this. The network doesn't recognize OP_SUBSTR anymore, and OP_EVAL isn't implemented yet (though it is planned).

The script I gave is inferior in every way that I can think of to just including an AES-encrypted private key with a standard transaction. I just wanted to illustrate the concept. Possibly there are better ways of doing transaction proof-of-works, though. Maybe you could do it by making public only parts of public keys, signatures, or private keys. It could certainly be better than AES encryption if there was a script op that output a hash of the non-Script parts of transactions: then you wouldn't have to use OP_CHECKSIG at all.

My script could be improved by leaving out the private key and having everyone use the same known keypair. Then it's only a little bigger than the encrypted-private-key method.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Doesn't Eligius accept non-standard scripts? Or is this really non-standard?

DeepBit

donator

Activity: 532

Merit: 501

We have cookies

Quote from: theymos on November 21, 2011, 10:14:07 AM

Quote from: DeepBit on November 21, 2011, 06:24:33 AM

What do you mean by adding proof-of-work to the script ?

Like this (using some disabled/not-yet-implemented Script features):
...
With this, you need to do some "mining" after changing the transaction to make it valid.

Wow, that's really cool :)
Sadly it can't be used because of disabled ops...

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: DeepBit on November 21, 2011, 06:24:33 AM

What do you mean by adding proof-of-work to the script ?

Like this (using some disabled/not-yet-implemented Script features):

Code:

ScriptSig: password { [sig] [nonce] OP_DROP }

ScriptPubKey:
//give out the private key
[private key] OP_DROP

OP_3DUP OP_DUP

//check that scriptSig takes expected form
0 1 OP_SUBSTR 72 OP_EQUALVERIFY
73 1 OP_SUBSTR 4 OP_EQUALVERIFY
77 1 OP_SUBSTR { OP_DROP } OP_EQUALVERIFY
OP_SIZE 79 OP_NUMEQUALVERIFY

//check that the hash of scriptSig starts with many zeroes. This is indirectly a hash of the entire
//transaction, since the signature is on a hash of the transaction
OP_HASH256 0 10 OP_SUBSTR 0x00000000000000000000 OP_EQUALVERIFY

//verify signature
OP_EVAL
[pubKey] OP_CHECKSIGVERIFY

//check the password
OP_HASH256 [password hash] OP_EQUAL

({} denotes that something is in a string, not part of the script proper.)

With this, you need to do some "mining" after changing the transaction to make it valid.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Learning a lot. Thanks.

DeepBit

donator

Activity: 532

Merit: 501

We have cookies

Quote from: theymos on November 20, 2011, 07:30:48 PM

Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.

What do you mean by adding proof-of-work to the script ?

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

That makes sense.

Also, all those transactions* seem to have the same password, too, so he would need to spend all of them at the same time.

*At least the two examples posted. 2 is a representative data sample, no?

theymos

administrator

Activity: 5222

Merit: 13032

I'd guess the OP_DROP data is salt for the password.

Spends of these transactions could be intercepted and hijacked by miners. It would be better to do a regular public key transaction and attach the private key as AES-encrypted OP_DROP data. Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Output script:

Code:

04678afd04678afd OP_DROP OP_SHA256 894eeb82f9a851f5d1cb1be3249f58bc8d259963832c5e7474a76f7a859ee95c OP_EQUAL

So as far as I understand it:
It drops this first string (04678afd04678afd) from the stack, so ignore that. Then it hashes (SHA256) the next thing on the stack, which would be in the input script you use. Then that should be equal to the 89...95c part.

So basically these outputs can be claimed by a password.

Gavin Andresen

legendary

Activity: 1652

Merit: 2301

Chief Scientist

They're not throwing away 0.01 BTC, they just haven't redeemed them yet-- they're using valid-but-strange transactions.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Dear 1VayNert

It appears that you may have a bug in your transactions that is causing you to throw away 0.01 BTC on each transaction. Thought you would like to know.

Example here: http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e

and http://blockexplorer.com/tx/8c8baf2e0529c0193ad3a583306a16fcc3e9cd271ba625e12bfd74261a46ad7c

Topic: 1VayNert throwing away BTC (Read 3528 times)