Many thanks!
The issue was there. Now works perfectly.
For anyone interested, the correct preimages for each input are:
First Input: 0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 0001976a914ac2129222b94c90222c18c1f1a52b4139643d2f088acffffffff11ac3e436400735e 8edc830a37f60fcab2098c871d6687c08507afe5168d110e00000000000000000011ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e0100000000000000000158980000 000000001976a914487b2cf05b1dc2b50c3c3019e578be45c29d03ff88ac0000000003000000
Second Input:
0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 000000000000011ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e00 0000001976a914c103e57c094061209b419e5ca559704a8a22f3f988acffffffff11ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e01000000000000000002ffffffff ffffffff0058980000000000001976a914d80f48340dd7ee6c7fae287342d3eeb1d4d887e288ac0 000000003000000
Happy New Year!
Topic: Signature Verification Issue with SigHash SINGLE flag on Multi-Input Transaction (Read 67 times)
December 31, 2024, 07:59:42 AM
December 31, 2024, 01:16:59 AM
At first sight, I don’t see any issues with the preimage, but certainly, something could be wrong.
Does anyone see what might be going wrong here?
I think it's the nSequence values of the inputs.Does anyone see what might be going wrong here?
In the first Input's preimage, the nSequence of inputs 2nd and 3rd should be 0x00000000 instead of 0xffffffff.
Reference: https://en.bitcoin.it/wiki/OP_CHECKSIG#Procedure_for_Hashtype_SIGHASH_SINGLE
Quote
3. All other txCopy inputs aside from the current input are set to have an nSequence index of zero.
It's also worth checking number 1 and 2 in the article's 'procedure' or this image (image link) December 30, 2024, 03:54:40 PM
I just created and broadcasted the following transaction using Sparrow Wallet: https://mempool.space/es/testnet4/tx/4942f8db3e32bd1f114fbfb5c500e0f9cd06c3c235ffe77b07087750b86cc0ea
This is a 3-input, 2-output transaction, with all inputs signed using the SINGLE flag (0x03).
However, when I attempt to verify the transaction with a custom script I wrote, the signature verification fails for the first and second input.
My script supports all SigHash types, including combinations like SINGLE | ANYONECANPAY, ALL, multiple inputs, etc. and works perfectly 99% of the time.
But, in the particular case that the transaction is signed with SINGLE and contains more than one input, the verification fails.
I suspect the issue lies in how the preimage for each input is being reconstructed. For inputs where the index exceeds the number of outputs, the verification succeeds (the signed message in such cases is "1").
Below is the preimage for each input, along with a breakdown:
---
First Input Hash-Preimage:
Raw Preimage:
0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 0001976a914ac2129222b94c90222c18c1f1a52b4139643d2f088acffffffff11ac3e436400735e 8edc830a37f60fcab2098c871d6687c08507afe5168d110e0000000000ffffffff11ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e0100000000ffffffff0158980000 000000001976a914487b2cf05b1dc2b50c3c3019e578be45c29d03ff88ac0000000003000000
Breakdown:
- 01000000 - Version
- 03 - Number of Inputs
- First Input:
- d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e - Txid Outpoint
- 01000000 - Output Index
- 1976a914ac2129222b94c90222c18c1f1a52b4139643d2f088ac - ScriptPubKey
- ffffffff - Sequence
- Second Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 00000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Third Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Outputs:
- 01 - Number of Outputs
- 5898000000000000 - Satoshis
- 1976a914487b2cf05b1dc2b50c3c3019e578be45c29d03ff88ac - ScriptPubKey
- 00000000 - LockTime
- 03000000 - SigHash Flag
---
Second Input Hash-Preimage:
Raw Preimage:
0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 00000ffffffff11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e00 0000001976a914c103e57c094061209b419e5ca559704a8a22f3f988acffffffff11ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e0100000000ffffffff02ffffffff ffffffff0058980000000000001976a914d80f48340dd7ee6c7fae287342d3eeb1d4d887e288ac0 000000003000000
Breakdown:
- 01000000 - Version
- 03 - Number of Inputs
- First Input:
- d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Second Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 00000000 - Output Index
- 1976a914c103e57c094061209b419e5ca559704a8a22f3f988ac - ScriptPubKey
- ffffffff - Sequence
- Third Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Outputs:
- 02 - Number of Outputs
- ffffffffffffffff - Satoshis (dummy output)
- 00 - ScriptPubKey (dummy output)
- 5898000000000000 - Satoshis
- 1976a914d80f48340dd7ee6c7fae287342d3eeb1d4d887e288ac - ScriptPubKey
- 00000000 - LockTime
- 03000000 - SigHash Flag
---
At first sight, I don’t see any issues with the preimage, but certainly, something could be wrong.
Does anyone see what might be going wrong here?
Thanks in advance, and Happy New Year!
This is a 3-input, 2-output transaction, with all inputs signed using the SINGLE flag (0x03).
However, when I attempt to verify the transaction with a custom script I wrote, the signature verification fails for the first and second input.
My script supports all SigHash types, including combinations like SINGLE | ANYONECANPAY, ALL, multiple inputs, etc. and works perfectly 99% of the time.
But, in the particular case that the transaction is signed with SINGLE and contains more than one input, the verification fails.
I suspect the issue lies in how the preimage for each input is being reconstructed. For inputs where the index exceeds the number of outputs, the verification succeeds (the signed message in such cases is "1").
Below is the preimage for each input, along with a breakdown:
---
First Input Hash-Preimage:
Raw Preimage:
0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 0001976a914ac2129222b94c90222c18c1f1a52b4139643d2f088acffffffff11ac3e436400735e 8edc830a37f60fcab2098c871d6687c08507afe5168d110e0000000000ffffffff11ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e0100000000ffffffff0158980000 000000001976a914487b2cf05b1dc2b50c3c3019e578be45c29d03ff88ac0000000003000000
Breakdown:
- 01000000 - Version
- 03 - Number of Inputs
- First Input:
- d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e - Txid Outpoint
- 01000000 - Output Index
- 1976a914ac2129222b94c90222c18c1f1a52b4139643d2f088ac - ScriptPubKey
- ffffffff - Sequence
- Second Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 00000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Third Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Outputs:
- 01 - Number of Outputs
- 5898000000000000 - Satoshis
- 1976a914487b2cf05b1dc2b50c3c3019e578be45c29d03ff88ac - ScriptPubKey
- 00000000 - LockTime
- 03000000 - SigHash Flag
---
Second Input Hash-Preimage:
Raw Preimage:
0100000003d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e01000 00000ffffffff11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e00 0000001976a914c103e57c094061209b419e5ca559704a8a22f3f988acffffffff11ac3e4364007 35e8edc830a37f60fcab2098c871d6687c08507afe5168d110e0100000000ffffffff02ffffffff ffffffff0058980000000000001976a914d80f48340dd7ee6c7fae287342d3eeb1d4d887e288ac0 000000003000000
Breakdown:
- 01000000 - Version
- 03 - Number of Inputs
- First Input:
- d38e64afa39dd966f96e07bf56ae44bc3d402630771480f461389edff8a0051e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Second Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 00000000 - Output Index
- 1976a914c103e57c094061209b419e5ca559704a8a22f3f988ac - ScriptPubKey
- ffffffff - Sequence
- Third Input:
- 11ac3e436400735e8edc830a37f60fcab2098c871d6687c08507afe5168d110e - Txid Outpoint
- 01000000 - Output Index
- 00 - ScriptPubKey (empty)
- ffffffff - Sequence
- Outputs:
- 02 - Number of Outputs
- ffffffffffffffff - Satoshis (dummy output)
- 00 - ScriptPubKey (dummy output)
- 5898000000000000 - Satoshis
- 1976a914d80f48340dd7ee6c7fae287342d3eeb1d4d887e288ac - ScriptPubKey
- 00000000 - LockTime
- 03000000 - SigHash Flag
---
At first sight, I don’t see any issues with the preimage, but certainly, something could be wrong.
Does anyone see what might be going wrong here?
Thanks in advance, and Happy New Year!
Jump to: