Author

Topic: Is this reward for SHA-1 preimage correctly constructed? (Read 84 times)

legendary
Activity: 3472
Merit: 10611
Collision is already taken, I think about preimage.
Since you didn't provide the hash itself and user can choose any inputs (and their hashes) this is not preimage, this is collision.

Quote
Quote
Also the second OP_2DUP needs to be OP_SWAP so that you "swap" the 2 stack items and hash the other item.
Without duplication, that public key would be lost during hashing, so using OP_CHECKSIG later would always evaluate to false.
I was talking about the second duplication which is followed immediately by a drop, OP_2DUP OP_DROP could be replaced by OP_OVER to do the same thing:
x y -(OP_2DUP)-> x y x y -(OP_DROP)-> x y x
x y -(OP_OVER)-> x y x

Quote
There is also no need for a OP_CheckSig in a hash collision script.
Without it, any miner could steal coins from the winner. This is not a collision, this is preimage.
[/quote]
OK. That makes sense but it is still a collision but only limited to valid public keys, it would have been preimage if the script contained the hash.
jr. member
Activity: 34
Merit: 87
Quote
If you want to write a script for hash collision you usually want to use the same hash algorithms not 2 different ones (SHA1 and HASH160).
Collision is already taken, I think about preimage. HASH160 is used to set target for that preimage, in this way it would be impossible for miners to steal that coins from the winner, because only the author of the solution will know the private key.

Quote
Also the second OP_2DUP needs to be OP_SWAP so that you "swap" the 2 stack items and hash the other item.
Without duplication, that public key would be lost during hashing, so using OP_CHECKSIG later would always evaluate to false.

Quote
There is also no need for a OP_CheckSig in a hash collision script.
Without it, any miner could steal coins from the winner. This is not a collision, this is preimage. Something like "OP_SHA1 <160-bit zero value> OP_EQUAL" would also work, but in this way any miner could take that coins. Here, instead of some predefined value, you can take your public key, hash it, and then try to create preimage using any message that hashes to this value.

Quote
the first part where it checks that something != pubkey is useless since SHA1 is not the same as HASH160
Good point, so the first four opcodes can be skipped:
Code:
decodescript a76e75a988ac
{
  "asm": "OP_SHA1 OP_2DUP OP_DROP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG",
  "type": "nonstandard",
  "p2sh": "2MvtHZjt8oeLFv21TmmpaEy79ZXJa1D5Eke",
  "segwit": {
    "asm": "0 c41cd68d0bc660607174343ab0f31638f7977faaab3c3022b1fcebd76dda6fd9",
    "hex": "0020c41cd68d0bc660607174343ab0f31638f7977faaab3c3022b1fcebd76dda6fd9",
    "reqSigs": 1,
    "type": "witness_v0_scripthash",
    "addresses": [
      "tb1qcswddrgtcesxqut5xsatpuck8rmewla24v7rqg43ln4awmw6dlvsnphpn6"
    ],
    "p2sh-segwit": "2NBQZBHBPNuhNDwCPoZP1cetPcEany2GBhR"
  }
}
Code:
[signature][publicKey][sha1image] //OP_SHA1
[signature][publicKey][sha1(sha1image)] //OP_2DUP
[signature][publicKey][sha1(sha1image)][publicKey][sha1(sha1image)] //OP_DROP
[signature][publicKey][sha1(sha1image)][publicKey] //OP_HASH160
[signature][publicKey][sha1(sha1image)][hash160(publicKey)] //OP_EQUALVERIFY
[signature][publicKey] //OP_CHECKSIG
[1]
full member
Activity: 161
Merit: 230
You should probably explain what your goal is. It looks like the script is rewarding someone that can create SHA1(something) == HASH160(pubkey) but the first part where it checks that something != pubkey is useless since SHA1 is not the same as HASH160, and finding a string where something == pubkey under these constraints would be reward-able in itself.
legendary
Activity: 3472
Merit: 10611
I think it works this way but it doesn't make sense to me to do it this way.
If you want to write a script for hash collision you usually want to use the same hash algorithms not 2 different ones (SHA1 and HASH160).
Also the second OP_2DUP needs to be OP_SWAP so that you "swap" the 2 stack items and hash the other item.
There is also no need for a OP_CheckSig in a hash collision script.

Something like this (from the existing collision puzzles):
Code:
OP_2DUP OP_EQUAL OP_NOT OP_VERIFY OP_SHA1 OP_SWAP OP_SHA1 OP_EQUAL
jr. member
Activity: 34
Merit: 87
Code:
decodescript 6e879169a76e75a988ac
{
  "asm": "OP_2DUP OP_EQUAL OP_NOT OP_VERIFY OP_SHA1 OP_2DUP OP_DROP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG",
  "type": "nonstandard",
  "p2sh": "2NE2dLCZzw7nYSKaHouiSjKWHry9qXgcJyt",
  "segwit": {
    "asm": "0 b91d7ae4c9fc1edca8d16a679b2843560f50eeb78db6aa051c62d6d5b73f2013",
    "hex": "0020b91d7ae4c9fc1edca8d16a679b2843560f50eeb78db6aa051c62d6d5b73f2013",
    "reqSigs": 1,
    "type": "witness_v0_scripthash",
    "addresses": [
      "tb1qhywh4exfls0de2x3dfnek2zr2c84pm4h3km25pguvttdtdelyqfsqnquhy"
    ],
    "p2sh-segwit": "2NCdayxXk2GNnz3xFCDoQcdNgQFWhgh5qwP"
  }
}
Code:
[signature][publicKey][sha1image] //OP_2DUP
[signature][publicKey][sha1image][publicKey][sha1image] //OP_EQUAL
[signature][publicKey][sha1image][0] //OP_NOT
[signature][publicKey][sha1image][1] //OP_VERIFY
[signature][publicKey][sha1image] //OP_SHA1
[signature][publicKey][sha1(sha1image)] //OP_2DUP
[signature][publicKey][sha1(sha1image)][publicKey][sha1(sha1image)] //OP_DROP
[signature][publicKey][sha1(sha1image)][publicKey] //OP_HASH160
[signature][publicKey][sha1(sha1image)][hash160(publicKey)] //OP_EQUALVERIFY
[signature][publicKey] //OP_CHECKSIG
[1]
Jump to: