Title: Why does P2SH script design look like a hack to me? Post by: Coding Enthusiast on July 26, 2019, 03:36:06 PM Since I am coding all these things without "translating" it from anywhere, I sometimes face some oddity in decisions that were made. Sometimes I am missing the rationale so here I am...
When looking at P2PKH scripts it all makes perfect sense: Code: <PushData-sig><PushData-pubkey>|<Dup><Hash160><PushData-20_byte_hash><EqualVerify><CheckSig> But then we have multisig/P2SH design the script stops making sense to me (a 2of3 example): Code: <0><PushData-sig1><PushData-sig2><PushData-redeem_script>|<Hash160><PushData-20_byte_hash><Equal> Logically running this script (without the hack) should be like this: <OP_0> => stack has 1 item (emptyBytes) <PushData-sig1> => stack has 2 item (empty-sig1) <PushData-sig2> => stack has 3 items (empty-sig1-sig2) <PushData-redeem_script> => stack has 4 items (empty-sig1-sig2-redeemScr) <Hash160> => pop top item, hash it, push => stack has 4 items (empty-sig1-sig2-hashresult) <PushData-20_byte_hash> => stack has 5 items (empty-sig1-sig2-hashresult-givenHash) <Equal> => pop 2 and compare => stack has 4 items (empty-sig1-sig2-true/false) Without the hack we are left with a stack with 4 items in it and no more operations left to run! Now here is another question. Why not simply do this instead: Code: <PushData-sigs><PushData-redeem_script>|<Dup><Hash160><PushData-20_byte_hash><EqualVerify><CheckMultiSig> Title: Re: Why does P2SH script design look like a hack to me? Post by: achow101 on July 26, 2019, 05:24:25 PM Now here is another question. Why not simply do this instead: Because that only works for multisig. P2SH allows you to do much more than just multisig. This is not a generic solution at all. Furthermore, you still have to have the "hack" of interpreting the top stack item as a script. The thing that you are calling a "hack" is just part of the literal definition of how to handle a P2SH scriptPubKey. P2SH just defined that a certain sequence of bytes are magic and you must do these specific things to handle them. You say that the script doesn't tell you to keep a copy of the script, but it does, because that's what the sequence of bytes that match the P2SH template means.Code: <PushData-sigs><PushData-redeem_script>|<Dup><Hash160><PushData-20_byte_hash><EqualVerify><CheckMultiSig> Yes, P2SH is kind of a hack, but why they chose this is explained in the BIP itself: Recognizing one 'special' form of scriptPubKey and performing extra validation when it is detected is ugly. However, the consensus is that the alternatives are either uglier, are more complex to implement, and/or expand the power of the expression language in dangerous ways. That could have maybe solve the OP_0 bug(?) It wouldn't.Title: Re: Why does P2SH script design look like a hack to me? Post by: Coding Enthusiast on July 26, 2019, 06:02:55 PM Because that only works for multisig. P2SH allows you to do much more than just multisig. This is not a generic solution at all. Furthermore, you still have to have the "hack" of interpreting the top stack item as a script. The thing that you are calling a "hack" is just part of the literal definition of how to handle a P2SH scriptPubKey. P2SH just defined that a certain sequence of bytes are magic and you must do these specific things to handle them. You say that the script doesn't tell you to keep a copy of the script, but it does, because that's what the sequence of bytes that match the P2SH template means. Thanks, it is starting to make more sense now. 1 more question though, does this mean I can put any "script" in my scriptSig that I want? For example is the following correct: Code: <PushData-redeem_script>|<Hash160><PushData-20_byte_hash><Equal> Code: 05 52 53 93 55 87 | a9 14 4254e2a76ec94641c2d3e4b5528bbb30a350838c 87 Title: Re: Why does P2SH script design look like a hack to me? Post by: achow101 on July 26, 2019, 06:35:50 PM Thanks, it is starting to make more sense now. 1 more question though, does this mean I can put any "script" in my scriptSig that I want? For example is the following correct: Yes, you can have any script as the redeemScript. P2SH allows you to have any arbitrary script be the "locking conditions" without having to expose to the sender exactly what those conditions are and hope that they make the transaction correctly. It also provides a simple and standard way to specify any conditions that you want and still be able to easily receive money.Code: <PushData-redeem_script>|<Hash160><PushData-20_byte_hash><Equal> Code: 05 52 53 93 55 87 | a9 14 4254e2a76ec94641c2d3e4b5528bbb30a350838c 87 Title: Re: Why does P2SH script design look like a hack to me? Post by: Coding Enthusiast on July 28, 2019, 07:02:44 AM Code: 05 52 53 93 55 87 | a9 14 4254e2a76ec94641c2d3e4b5528bbb30a350838c 87 First hash160 posted in this quote was used to create a new P2SH address (2MyHxGtCH53AhhWTzqwRRCq3MUZ5DahmhRi (https://blockstream.info/testnet/address/2MyHxGtCH53AhhWTzqwRRCq3MUZ5DahmhRi)1) and some testNet coins were sent to this address in this transaction: 4bb9f0a567e83f8ef3b5a18d9b2b19e1139f302471ad03246be50598151d019a (https://blockstream.info/testnet/tx/4bb9f0a567e83f8ef3b5a18d9b2b19e1139f302471ad03246be50598151d019a) This is the PubScript in this transaction: a9-14-4254e2a76ec94641c2d3e4b5528bbb30a350838c-87 Then the coins were spent in this transaction: 463782617f0e6a69102530caa9ba2fe48f996128378af99ee437a22660afc5a7 (https://blockstream.info/testnet/tx/463782617f0e6a69102530caa9ba2fe48f996128378af99ee437a22660afc5a7?expand) The following is the complete hex dump of it (ScriptSig is in bold): 02000000 01 9a011d159805e56b2403ad7124309f13e1192b9b8da1b5f38e3fe867a5f0b94b 00000000 06 05 52-53-93-55-87 ffffffff 01 a086010000000000 19 76 a9 14 68cfed146aced22f422a68015ff8ca180761912a88ac 00000000 The "script" is the 52-53-93-55-87 (=OP_2 OP_3 OP_ADD OP_5 OP_EQUAL) and is placed in a OP_PUSH (05). The preceding 06 is the CompactInt size of the whole scriptSig. 1. This address contains coins from 2018, apparently someone else did the same thing as me but never spent the coins. I won't touch them in case some other developer wanted to claim them as an exercise. |