Title: Why does OP_CheckMultiSig not fail on an invalid public key? Post by: Coding Enthusiast on April 22, 2020, 06:28:36 AM Basically this test vector: https://github.com/bitcoin/bitcoin/blob/b6a5dc90bfd4640cf9f914e59bf8e21cd265b51e/src/test/data/tx_valid.json#L185-L188
It is spending a P2SH output with the redeem script of it being: OP_2 <invalid_pub><Pub><Pub> OP_3 OP_CheckMultiSig The first push which is supposed to be a public key is an invalid public key (it is a DER encoded signature) and despite that OP_CheckMultiSig passes successfully! Is this another bug at protocol level? Also is it the same for SegWit scripts? Title: Re: Why does OP_CheckMultiSig not fail on an invalid public key? Post by: gmaxwell on April 22, 2020, 07:27:03 AM Is this another bug at protocol level? Why would you consider this a bug? Yes, it could have been implemented differently, but the definition of CMS is that signature validation passes N of M times.Obvious ways of implementing it-- including the way it was originally implemented-- wouldn't provide for any way to determine exactly why a signature failed to validate only that it did. Title: Re: Why does OP_CheckMultiSig not fail on an invalid public key? Post by: Coding Enthusiast on April 22, 2020, 07:42:41 AM Why would you consider this a bug? Yes, it could have been implemented differently, but the definition of CMS is that signature validation passes N of M times. I guess because I usually expect certain things to be strict specially when it comes to evaluating scripts. This is not the first time (https://bitcoin.stackexchange.com/q/93663/87716) I'm surprised by such rules though. |