Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: CHECKMULTISIG vs. CHECKMULTISIGVERIFY - inconsistency on bitcoin.it? (Read 3414 times)

theymos
administrator
Activity: 5222
Merit: 13032
CHECKMULTISIG vs. CHECKMULTISIGVERIFY - inconsistency on bitcoin.it?
September 26, 2014, 04:53:37 PM
#2
You're right. You shouldn't end a script with a -VERIFY opcode because the stack needs to contain a non-false value when it completes. You can use a -VERIFY opcode, but doing so requires adding wasteful data in the scriptSig.

Quote
PS. I just read about the bug in CHECKMULTISIG (popping an extra value). Is it also present in CHECKMULTISIGVERIFY? Does this mean that, in the CHECKMULTISIGVERIFY example above, the signer is supposed to add an extra unused value to scriptSig?

Yes. Bitcoin Core always uses OP_0 as a dummy value.
cjp
full member
Activity: 210
Merit: 124
Re: CHECKMULTISIG vs. CHECKMULTISIGVERIFY - inconsistency on bitcoin.it?
September 26, 2014, 03:07:42 PM
#1
I'm trying to decide what kind of Bitcoin scripts to use for my application, based on information from bitcoin.it.

https://en.bitcoin.it/wiki/Script:
A transaction is valid if nothing in the combined script triggers failure and the top stack item is true (non-zero).
OP_CHECKMULTISIGFor each signature and public key pair, OP_CHECKSIG is executed. If more public keys than signatures are listed, some key/sig pairs can fail. All signatures need to match a public key. If all signatures are valid, 1 is returned, 0 otherwise. Due to a bug, one extra unused value is removed from the stack.
OP_CHECKMULTISIGVERIFYSame as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward.
OP_VERIFYMarks transaction as invalid if top stack value is not true.

https://en.bitcoin.it/wiki/Contracts:
Section "Theory":
2 2 CHECKMULTISIGVERIFY

I don't understand this: if this is signed with two signatures, then the boolean output of the CHECKMULTISIG part will be popped from the stack by the VERIFY part. So, evaluation of correct signatures ends with an empty stack, unless scriptPubKey contains another, redundant "True". I'd say that, according to the validity condition described on the Script page, an empty stack would NOT be valid, since it does not contain a top element that is True. So, CHECKMULTISIG should be used here instead of CHECKMULTISIGVERIFY.

Should I fix the wiki page? Is the use of CHECKMULTISIGVERIFY really wrong here? Why does it say CHECKMULTISIGVERIFY in the first place? Is this old obsolete/deprecated? I see CHECKMULTISIG being used in other places, so I suppose that, at least, that one is not wrong.

Which of the two is considered to be a "standard" multisig script by the Satoshi client?

I have basically the same question about EQUALVERIFY vs. EQUAL, but I suppose this isn't a standard script yet:
CHECKSIGVERIFY SHA256 EQUAL[VERIFY]

PS. I just read about the bug in CHECKMULTISIG (popping an extra value). Is it also present in CHECKMULTISIGVERIFY? Does this mean that, in the CHECKMULTISIGVERIFY example above, the signer is supposed to add an extra unused value to scriptSig?
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: