Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Rearranging sig and pubkey order before broadcasting an m-of-n transaction (Read 938 times)

No_2
hero member
Activity: 906
Merit: 1034
BTC: the beginning of stake-based public resources
Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 28, 2015, 03:25:32 AM
#6
Quote from: DeathAndTaxes on March 27, 2015, 02:09:42 PM
Quote from: No_2 on March 27, 2015, 05:36:19 AM
Only the sigs are required in the input for P2PKH as the pubkeys are already provided in full in the output of the previous transaction.

Correction, the output contains only the pubkeyhash not the pubkey so the ScriptSig will need to provide both the Signature and the PubKey.  There is only one possible order however.

Opps, yes the pubkeyhash not the pubkey. I'm guessing the pubkey is not expressed twice in the input script for P2SH use of OP_CHECKMULITSIG?


Quote from: DeathAndTaxes on March 27, 2015, 02:09:42 PM
Quote from: No_2 on March 27, 2015, 05:36:19 AM
...can I rearrange the sigs to make the transaction valid before I broadcast it to the network?

Yes.  The ScriptSig is mutable.  You or anyone can change the order of the Signatures.  The person broadcasting the txn will need to ensure they are in the correct order before broadcasting.  If in an invalid order the txn will be dropped as invalid.  Technically nodes could be designed to change the order as necessary and 'fix' the txn for you but they don't as that could be used as a DDOS vector.  Keep in mind that changing the order of the signatures (or anything in the ScriptSig) will change the TxId.

Where ScriptSig is the sig and pub key?
DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Re: Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 27, 2015, 02:09:42 PM
#5
Quote from: No_2 on March 27, 2015, 05:36:19 AM
Only the sigs are required in the input for P2PKH as the pubkeys are already provided in full in the output of the previous transaction.

Correction, the output contains only the pubkeyhash not the pubkey so the ScriptSig will need to provide both the Signature and the PubKey.  There is only one possible order however.

Quote
can I rearrange the sigs to make the transaction valid before I broadcast it to the network?

Yes.  The ScriptSig is mutable.  You or anyone can change the order of the Signatures.  The person broadcasting the txn will need to ensure they are in the correct order before broadcasting.  If in an invalid order the txn will be dropped as invalid.  Technically nodes could be designed to change the order as necessary and 'fix' the txn for you but they don't as that could be used as a DDOS vector.  Keep in mind that changing the order of the signatures (or anything in the ScriptSig) will change the TxId.
fbueller
sr. member
Activity: 412
Merit: 287
Re: Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 27, 2015, 12:35:21 PM
#4
No, there is no medium for exchanging signatures. I'm working on something to facilitate requesting a signature for an input at the moment, I think it's an interesting problem.

If you have all required signatures, and knowledge of the redeemScript, you can build a valid transaction:

  • For each input, calculate the message hash (for ECDSA)
  • Check all input signatures against against the message hash, and link signatures to a public key
  • Looping through the public keys in the script (the necessary order) you can now build the correct script

Each input has as unique message to be signed, but in P2SH, all parties are signing the same data. So you can extract signatures from 5 partially signed transactions and compose them into a fully signed one, so long as none of the data captured by the signature has changed (other inputs, output values/scripts, locktime, etc)
No_2
hero member
Activity: 906
Merit: 1034
BTC: the beginning of stake-based public resources
Re: Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 27, 2015, 12:24:41 PM
#3
Thanks.

Is there a call to send a sig between clients? Or does this have to be done via another medium?
hhanh00
sr. member
Activity: 467
Merit: 267
Re: Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 27, 2015, 06:13:30 AM
#2
There are no dependencies between signatures.
No_2
hero member
Activity: 906
Merit: 1034
BTC: the beginning of stake-based public resources
Re: Rearranging sig and pubkey order before broadcasting an m-of-n transaction
March 27, 2015, 05:36:19 AM
#1
From what I understand to redeem an OP_CHECKMULTISIG the sigs need to be presented in the right order. Only the sigs are required in the input for P2PKH as the pubkeys (Edit: pubkeyhashs) are already provided in full in the output of the previous transaction. But for P2SH both the pubkeys and sigs are required as the script output is provided only as a hash.

So to take the following example:

Code:
5         8 OP_CHECKMULTISIG

Wold be satisfied by:

Code:

So my question is if I wish to redeem an existing P2SH output for which I need 5 of the 8 signatories to sign, and I have 5 of the sigs (and pub keys for P2SH) for an appropriate redeeming transaction, but I received the sigs out of order, can I rearrange the sigs to make the transaction valid before I broadcast it to the network?

Have I understood this correctly, e.g. are there any dependencies between the sigs etc that I may be unaware of.
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: