Title: Understanding P2SH Post by: domob on January 22, 2018, 08:01:52 PM I'm trying to fully understand how P2SH (BIP16) works, and I thought I did. For fun and to check my understanding, I disabled BIP16 in Bitcoin Core (setting BIP16Height in chainparams to a high value) and tried to "sign" a transaction spending a P2SH output by just providing the redeem script. According to my understanding, this should be enough pre-BIP16, since it will make the "OP_HASH160 <hash> OP_EQUAL" script of the P2SH output succeed, right? But that seems to be not the case.
In regtest mode, I created the following P2SH address: Code: $ addmultisigaddress 1 '["03c278d06b977e67b8ea45ef24e3c96a9258c47bc4cce3d0b497b690d672497b6e", "0221ac9dc97fe12a98374344d08b458a9c2c1df9afb29dd6089b94a3b4dc9ad570"]' And funded it: Code: $ sendtoaddress 2MwCrk6S9UEeFujacKe7m4uDCzu25F3VAeM 10 Then, I tried to spend it by providing just the serialised redeem script as scriptSig, but this fails: Code: $ decoderawtransaction 0100000001f02d734ad14f53f4e120b804814bf690cc413d15dc550611b6a0b93415f6e814000000004847512103c278d06b977e67b8ea45ef24e3c96a9258c47bc4cce3d0b497b690d672497b6e210221ac9dc97fe12a98374344d08b458a9c2c1df9afb29dd6089b94a3b4dc9ad57052aeffffffff0100e1f505000000001976a914cf112b41997697caa3eee9e308ad9b2b917b4e4c88ac00000000 As you can see, the scriptSig of the raw transaction I try to send matches the hex of the P2SH address. (A very similar script is sent for a correctly signed spending of the P2SH output, except prepended by the actual signatures as mandated by BIP16.) From my understanding of how P2SH works, this should be a valid script pre-fork. Can someone please explain to me what I'm missing here? Title: Re: Understanding P2SH Post by: achow101 on January 23, 2018, 12:48:42 AM You will need to change this line: https://github.com/bitcoin/bitcoin/blob/master/src/script/standard.h#L54 and remove "SCRIPT_VERIFY_P2SH" (just change that to be 0).
The way that P2SH is enforced is that, at this point, all new blocks and transactions must pass the P2SH checks. Changing the chainparams parameter for bip16Hash will only effect the verification of old blocks. Title: Re: Understanding P2SH Post by: pebwindkraft on January 23, 2018, 12:50:58 AM I am not 100% sure... wasn't there this OP_CHECKMULTISIG off-by-one error, and you had to put a hex "0" before the signature?
See the explanation in Andreas' book "Mastering Bitcoin" (2nd edition) in chapter 7, page 150 ... (book is online available) Title: Re: Understanding P2SH Post by: achow101 on January 23, 2018, 12:51:49 AM I am not 100% sure... wasn't there this OP_CHECKMULTISIG off-by-one error, and you had to put a hex "0" before the signature? The point of this is to not validate the redeemScript. Thus that is not a concern.See the explanation in Andreas' book "Mastering Bitcoin" (2nd edition) in chapter 7, page 150 ... (book is online available) Title: Re: Understanding P2SH Post by: domob on January 23, 2018, 05:12:00 PM You will need to change this line: https://github.com/bitcoin/bitcoin/blob/master/src/script/standard.h#L54 and remove "SCRIPT_VERIFY_P2SH" (just change that to be 0). The way that P2SH is enforced is that, at this point, all new blocks and transactions must pass the P2SH checks. Changing the chainparams parameter for bip16Hash will only effect the verification of old blocks. Indeed, that was it. I was not aware of a second flag that turns on P2SH validation besides the chain parameters, thanks for pointing this out! Resetting this made everything work as expected. |