Same private key, different P2WSH address

[vneos]

Hi all, I'm having problems trying to convert a private key to a P2WSH address.

Using the tool provided on this site: https://secretscan.org/Bech32, the P2WSH address obtained for private key '1' is

Code:

bc1qpac4ht6afshdx2tctnhjnetz7u6g3j9zhwwmc4cqkdsa2jumq42qd3drf7

, which is the same as the result generated by the tool provided on github: https://github.com/fortesp/bitcoinaddress.

But when I use bitcoin core, the address I get using private key '1' is

Code:

bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3

, which can be confirmed here: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki/#examples

Why is there this discrepancy?

Best regards.

[ABCbits]

I tried reading source code for bitcoinaddress[1], but couldn't understand what kind of redeem script would be generated. But i'm fairly sure that BIP 173 and bitcoinaddress use different redeem script which caused the discrepancy.

[1] https://github.com/fortesp/bitcoinaddress/blob/master/bitcoinaddress/address.py#L130

[vjudeu]

Code:

SHA-256(210279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798ac)=1863143c14c5166804bd19203356da136c985678cd4d27a1b8c6329604903262
SHA-256(0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798)=0f715baf5d4c2ed329785cef29e562f73488c8a2bb9dbc5700b361d54b9b0554

The first Script is locked into the public key. The second Script is simply invalid. Which means, that coins from bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3 require a valid signature. However, coins from bc1qpac4ht6afshdx2tctnhjnetz7u6g3j9zhwwmc4cqkdsa2jumq42qd3drf7 are trapped on that address, probably forever.

Edit: I thought they are always spendable, but it is worse: they are locked into invalid Script.

Code:

$ ./bitcoin-cli -testnet decodescript 210279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798ac
{
  "asm": "0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 OP_CHECKSIG",
  "desc": "pk(0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798)#gn28ywm7",
  "type": "pubkey",
  "p2sh": "2MvVwHhgE2JyjkjQk72CghrhrJsanKfHfqe",
  "segwit": {
    "asm": "0 751e76e8199196d454941c45d1b3a323f1433bd6",
    "desc": "addr(tb1qw508d6qejxtdg4y5r3zarvary0c5xw7kxpjzsx)#0wnhlaqf",
    "hex": "0014751e76e8199196d454941c45d1b3a323f1433bd6",
    "address": "tb1qw508d6qejxtdg4y5r3zarvary0c5xw7kxpjzsx",
    "type": "witness_v0_keyhash",
    "p2sh-segwit": "2NAUYAHhujozruyzpsFRP63mbrdaU5wnEpN"
  }
}

$ ./bitcoin-cli -testnet decodescript 0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
{
  "asm": "-15993 OP_VERNOTIF OP_CAT OP_UNKNOWN OP_UNKNOWN OP_UNKNOWN OP_CHECKSIG 5 OP_GREATERTHAN OP_VER OP_MUL OP_UNKNOWN OP_EQUAL 07029bfcdb2dce28d959f2 OP_RIGHT 11 [error]",
  "desc": "raw(0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798)#7v4hh3gm",
  "type": "nonstandard"
}

[nc50lc]

But when I use bitcoin core, the address I get using private key '1' is

Code:

bc1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3qccfmv3

, which can be confirmed here: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki/#examples

This is the correct address which is properly imported to Bitcoin Core,
you probably used this descriptor: wsh(pk(0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798))
pubKey can be replaced by its WIF prvKey pair for non-watching-only wallets.

Code:

bc1qpac4ht6afshdx2tctnhjnetz7u6g3j9zhwwmc4cqkdsa2jumq42qd3drf7

, which is the same as the result generated by the tool provided on github: https://github.com/fortesp/bitcoinaddress.

Now this is as if they've forcefully created it with the descriptor: wsh(0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798)
Which will not work since its redeeem script would be the public key itself.

[ABCbits]

I forget to mention this earlier. If you want to create address based on single private key as spend condition, you better use either P2TR or P2WPKH. Those option have lower input/output size, which means you could pay less fee.

--snip--

Good catch, those website/library doesn't include include 0x21 (which push the 33 byte data) and 0xAC (OP_CHECKSIG). But i didn't expect Bitcoin Core parse the script (which only contain public key) in that way.

[pooya87]

This highlights the risk of using unpopular tools that aren't reviewed and lack enough tests; or in this case I should say tools that have wrong tests which is worse because it is creating a false sense of correctness!

A quick look at the source code shows their test vector for P2WSH with a single pubkey is wrong as well:
https://github.com/fortesp/bitcoinaddress/blob/da9dd65e529600bc7ad0b5427c91bbff533fe773/tests/test_address.py#L20-L21
The correct address is bc1q6gmqnd9x8q40gusftcxw84sjmdszcp3hv0ur3k7aufvjwzw5y77sl2kknp