Can empty output scripts be redeemed?

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: teukon on August 02, 2015, 05:07:54 PM

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"? That seems like you're just giving your bitcoins away. What's the motivation for anyone to do this?

OP was talking about outputs "with zero satoshi". I know nothing of people intentionally leaving bitcoins on the table in this way. To clarify, I use "spend" for using up an output even when the corresponding amount is 0 BTC. My 5 BTC example was purely illustrative.

I guess that knightdk answer it just above you.

Quote from: achow101 on August 02, 2015, 11:03:01 AM

There are OP codes that allow anyone to spend the transaction's outputs, although they are considered nonstandard and typically not relayed.

The reason the spammers are giving out Bitcoins seems to be that it can produce more spam. Imagine that 1000 people see a transaction where they can spend the Bitcoin to themselves and get some free Bitcoin. The 1000 people then create 1000 separate transactions to attempt to do so. Suddenly, one transaction has created 1000 double spend transactions which further spam and flood the network. The spammer has essentially amplified their attack by a thousandfold. Now instead of 1000 people, imagine if this happens on the entire network. Then the spam attack becomes amplified and the spammer requires less effort to create that much volume of transactions.

This explanation makes sense, the spammers are using greed to really amplify their attack. I really appreciate you guys filling me in on the details missing in the OP. Bitcointalk users educate me again!

teukon

legendary

Activity: 1246

Merit: 1011

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

Quote from: teukon on August 01, 2015, 06:32:18 PM

Quote from: tspacepilot on August 01, 2015, 04:23:04 PM

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x". To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key. It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2". To spend this UTXO, we need only be clever enough to solve the equation. Here, there is no address, no private key, and no ownership. The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true". Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address. These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.

teukon,

That was the best explanation I've gotten yet about how this stuff works. I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Thanks.

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said. He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

OP was talking about "empty output scripts" so no private keys are involved.

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does. However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

Such a program would have to be very clever indeed. This puts in mind a program to automatically track changes to a repository, find bugs, and report them. Fantasy.

There do exist programs to tackle a special class of such scripts, namely the weak brainwallets that knightdk was talking about. These programs simply look up new output addresses in rainbow tables and quickly act to spend any matches.

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"? That seems like you're just giving your bitcoins away. What's the motivation for anyone to do this?

OP was talking about outputs "with zero satoshi". I know nothing of people intentionally leaving bitcoins on the table in this way. To clarify, I use "spend" for using up an output even when the corresponding amount is 0 BTC. My 5 BTC example was purely illustrative.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: tspacepilot on August 02, 2015, 10:50:36 AM

teukon,

That was the best explanation I've gotten yet about how this stuff works. I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said. He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does. However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"? That seems like you're just giving your bitcoins away. What's the motivation for anyone to do this?

There are OP codes that allow anyone to spend the transaction's outputs, although they are considered nonstandard and typically not relayed.

The reason the spammers are giving out Bitcoins seems to be that it can produce more spam. Imagine that 1000 people see a transaction where they can spend the Bitcoin to themselves and get some free Bitcoin. The 1000 people then create 1000 separate transactions to attempt to do so. Suddenly, one transaction has created 1000 double spend transactions which further spam and flood the network. The spammer has essentially amplified their attack by a thousandfold. Now instead of 1000 people, imagine if this happens on the entire network. Then the spam attack becomes amplified and the spammer requires less effort to create that much volume of transactions.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: teukon on August 01, 2015, 06:32:18 PM

Quote from: tspacepilot on August 01, 2015, 04:23:04 PM

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x". To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key. It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2". To spend this UTXO, we need only be clever enough to solve the equation. Here, there is no address, no private key, and no ownership. The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true". Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address. These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.

teukon,

That was the best explanation I've gotten yet about how this stuff works. I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said. He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does. However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"? That seems like you're just giving your bitcoins away. What's the motivation for anyone to do this?

teukon

legendary

Activity: 1246

Merit: 1011

Quote from: tspacepilot on August 01, 2015, 04:23:04 PM

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x". To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key. It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2". To spend this UTXO, we need only be clever enough to solve the equation. Here, there is no address, no private key, and no ownership. The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true". Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address. These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: achow101 on August 01, 2015, 04:26:43 PM

Quote from: tspacepilot on August 01, 2015, 04:23:04 PM

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

I think those transactions were being sent to publicly known brainwallets. The brainwallet passwords were probably simple ones like cat, password, 12345, etc. The miners can easily get the private keys associated with those brainwallet passwords and can then send those transactions in an attempt to recover everything from them as a huge transaction fee.

Okay, that definitely eases my mind a little bit. I was surely getting nervous that if there was a way for miners to generally decide to send someone's btc to an unspendable output, that would have basically meant that bitcoin was completely broken. Ha.

Anyway, I guess that if people are sending money to these sorts of wallets then clearly there's a race to be the first to cash them out, I suppose that miners have as much of a right as anyone else to get into that race.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: tspacepilot on August 01, 2015, 04:23:04 PM

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

I think those transactions were being sent to publicly known brainwallets. The brainwallet passwords were probably simple ones like cat, password, 12345, etc. The miners can easily get the private keys associated with those brainwallet passwords and can then send those transactions in an attempt to recover everything from them as a huge transaction fee.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

I have to admit guys, I'm totally confused by this thread. How can a miner take an output which belongs to someone else and spend it? I thought that you'd need the private key to do that (in order to sign the transaction). If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed. There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

amaclin

legendary

Activity: 1260

Merit: 1019

Now f2pool is redeeming these outputs to OP_RETURN (which is provable unspendable)

Have a look to the transactions in block
https://blockchain.info/block/000000000000000007796685374d184e373aea4f4af697a5fba361e1d9e544a0

tx example:
https://blockchain.info/tx/28890e261ce80f8a9cd352afccf95a360c4a24df8cd1440f74475b189ede4f5a

By the way, this is new record for a number of transactions in block

Quote

Number Of Transactions: 9647

HeadsOrTails

full member

Activity: 233

Merit: 102

I believe SIGHASH_SINGLE returns empty scripts, which hash to 1

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: johoe on July 13, 2015, 05:50:33 AM

I noticed that some miners collect the spam and use a single empty output script with zero satoshi (no OP_RETURN). For example 6a8b0cd013fd0ed45e93dc9e1a200785fdf54b77f70a5fde2428bcf27ff84c14

Thanks for the interesting observation!

Can you link to any discussion of this kind of activity from the miners? I see you included a transaction but I wonder if this is being talked about on the forum anywhere.

amaclin

legendary

Activity: 1260

Merit: 1019

(I've updated my answer)
You are absolutely right.
Such txs do not reduce number of utxo, but even more profitable for miners than OP_RETURN because of saving 1 byte per tx Grin

One more example of Tragedy of the commons

I think that there are 2 possibilities
1) f2pool used empty script unintentionally instead of null-data script OP_RETURN
2) they do not want to relay these non-standard transactions to a network and allow other pools to mine them

johoe

full member

Activity: 217

Merit: 259

Hello,

I noticed that some miners collect the spam and use a single empty output script with zero satoshi (no OP_RETURN). For example 6a8b0cd013fd0ed45e93dc9e1a200785fdf54b77f70a5fde2428bcf27ff84c14

I was under the impression that these outputs cannot be pruned since in principle someone may spend them, e.g., use OP_TRUE as input script. Of course, it doesn't make senses to spend a zero valued coin, but bitcoind must be able handle these according to the consensus rules. Wouldn't this mean that these transactions still clutter the UTXO space? Worse, these transaction have only one input, i.e., they do not even reduce the number of UTXOs.

Am I missing something?

Topic: Can empty output scripts be redeemed? (Read 2448 times)