Bitcoin Forum
October 21, 2021, 05:00:04 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Can empty output scripts be redeemed?  (Read 2405 times)
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 190


View Profile
July 13, 2015, 10:50:33 AM
 #1

Hello,

I noticed that some miners collect the spam and use a single empty output script with zero satoshi (no OP_RETURN).   For example 6a8b0cd013fd0ed45e93dc9e1a200785fdf54b77f70a5fde2428bcf27ff84c14

I was under the impression that these outputs cannot be pruned since in principle someone may spend them, e.g., use OP_TRUE as input script.  Of course, it doesn't make senses to spend a zero valued coin, but bitcoind must be able handle these according to the consensus rules.  Wouldn't this mean that these transactions still clutter the UTXO space?  Worse, these transaction have only one input, i.e., they do not even reduce the number of UTXOs.

Am I missing something?

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
1634792404
Hero Member
*
Offline Offline

Posts: 1634792404

View Profile Personal Message (Offline)

Ignore
1634792404
Reply with quote  #2

1634792404
Report to moderator
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1634792404
Hero Member
*
Offline Offline

Posts: 1634792404

View Profile Personal Message (Offline)

Ignore
1634792404
Reply with quote  #2

1634792404
Report to moderator
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1015


View Profile
July 13, 2015, 11:42:41 AM
 #2

(I've updated my answer)
You are absolutely right.
Such txs do not reduce number of utxo, but even more profitable for miners than OP_RETURN because of saving 1 byte per tx  Grin
One more example of Tragedy of the commons

I think that there are 2 possibilities
1) f2pool used empty script unintentionally instead of null-data script OP_RETURN
2) they do not want to relay these non-standard transactions to a network and allow other pools to mine them
tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1070


I may write code in exchange for bitcoins.


View Profile
July 14, 2015, 06:20:24 AM
 #3

I noticed that some miners collect the spam and use a single empty output script with zero satoshi (no OP_RETURN).   For example 6a8b0cd013fd0ed45e93dc9e1a200785fdf54b77f70a5fde2428bcf27ff84c14

Thanks for the interesting observation!

Can you link to any discussion of this kind of activity from the miners?  I see you included a transaction but I wonder if this is being talked about on the forum anywhere.
HeadsOrTails
Full Member
***
Offline Offline

Activity: 233
Merit: 100



View Profile
July 17, 2015, 02:02:45 PM
 #4

I believe SIGHASH_SINGLE returns empty scripts, which hash to 1
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1015


View Profile
August 01, 2015, 02:33:28 PM
Last edit: August 01, 2015, 03:24:22 PM by amaclin
 #5

Now f2pool is redeeming these outputs to OP_RETURN (which is provable unspendable)

Have a look to the transactions in block
https://blockchain.info/block/000000000000000007796685374d184e373aea4f4af697a5fba361e1d9e544a0

tx example:
https://blockchain.info/tx/28890e261ce80f8a9cd352afccf95a360c4a24df8cd1440f74475b189ede4f5a

By the way, this is new record for a number of transactions in block
Quote
Number Of Transactions:   9647


tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1070


I may write code in exchange for bitcoins.


View Profile
August 01, 2015, 09:23:04 PM
 #6

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 2604
Merit: 4255


Just writing some code


View Profile WWW
August 01, 2015, 09:26:43 PM
 #7

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?
I think those transactions were being sent to publicly known brainwallets. The brainwallet passwords were probably simple ones like cat, password, 12345, etc. The miners can easily get the private keys associated with those brainwallet passwords and can then send those transactions in an attempt to recover everything from them as a huge transaction fee.

tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1070


I may write code in exchange for bitcoins.


View Profile
August 01, 2015, 09:50:14 PM
 #8

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?
I think those transactions were being sent to publicly known brainwallets. The brainwallet passwords were probably simple ones like cat, password, 12345, etc. The miners can easily get the private keys associated with those brainwallet passwords and can then send those transactions in an attempt to recover everything from them as a huge transaction fee.

Okay, that definitely eases my mind a little bit.  I was surely getting nervous that if there was a way for miners to generally decide to send someone's btc to an unspendable output, that would have basically meant that bitcoin was completely broken.  Ha.

Anyway, I guess that if people are sending money to these sorts of wallets then clearly there's a race to be the first to cash them out, I suppose that miners have as much of a right as anyone else to get into that race.
teukon
Legendary
*
Offline Offline

Activity: 1246
Merit: 1002



View Profile
August 01, 2015, 11:32:18 PM
 #9

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x".  To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key.  It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2".  To spend this UTXO, we need only be clever enough to solve the equation.  Here, there is no address, no private key, and no ownership.  The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true".  Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address.  These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.
tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1070


I may write code in exchange for bitcoins.


View Profile
August 02, 2015, 03:50:36 PM
 #10

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x".  To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key.  It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2".  To spend this UTXO, we need only be clever enough to solve the equation.  Here, there is no address, no private key, and no ownership.  The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true".  Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address.  These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.

teukon,

That was the best explanation I've gotten yet about how this stuff works.  I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said.  He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does.  However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"?  That seems like you're just giving your bitcoins away.  What's the motivation for anyone to do this?

achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 2604
Merit: 4255


Just writing some code


View Profile WWW
August 02, 2015, 04:03:01 PM
 #11

teukon,

That was the best explanation I've gotten yet about how this stuff works.  I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said.  He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does.  However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"?  That seems like you're just giving your bitcoins away.  What's the motivation for anyone to do this?


There are OP codes that allow anyone to spend the transaction's outputs, although they are considered nonstandard and typically not relayed.

The reason the spammers are giving out Bitcoins seems to be that it can produce more spam. Imagine that 1000 people see a transaction where they can spend the Bitcoin to themselves and get some free Bitcoin. The 1000 people then create 1000 separate transactions to attempt to do so. Suddenly, one transaction has created 1000 double spend transactions which further spam and flood the network. The spammer has essentially amplified their attack by a thousandfold. Now instead of 1000 people, imagine if this happens on the entire network. Then the spam attack becomes amplified and the spammer requires less effort to create that much volume of transactions.

teukon
Legendary
*
Offline Offline

Activity: 1246
Merit: 1002



View Profile
August 02, 2015, 10:07:54 PM
 #12

I have to admit guys, I'm totally confused by this thread.  How can a miner take an output which belongs to someone else and spend it?  I thought that you'd need the private key to do that (in order to sign the transaction).  If a miner decided to spend my bitcoins to an unspendable output, I'd be screwed.  There must be some piece of this puzzle that I'm missing, which is why I was asking for a link above to some discussion of it.

Help!?

The outputs under discussion here have no owners.

A typical UTXO will have a script of the form: "Tell me x and y where hash(x) = 1BXBbmKEua65aU7StBAZoMpDH4dcSs6bcJ and y is a valid signature for x".  To spend the UTXO, one needs to provide x and y satisfying the script, a feat practically impossible without a corresponding private key.  It is from the output script that the notions of address and owner originate.

It is valid, for example, to create a UTXO with 5 BTC and a script which says: "Tell me x where x + 1 = 2".  To spend this UTXO, we need only be clever enough to solve the equation.  Here, there is no address, no private key, and no ownership.  The 5 BTC will go to whomever claims them first.

The UTXOs discussed in this thread have no script, basically: "Tell me x where x is true".  Just as above, anyone can spend (redeem) them.

Aside: The 367.75849319 BTC output of this transaction has no address.  These "homeless" bitcoins are arguably even more lost than those at 1BitcoinEaterAddressDontSendf59kuE.

teukon,

That was the best explanation I've gotten yet about how this stuff works.  I was aware of the notion of scripts and that it was possible to write unusual scripts which allowed unusual spend conditions, but that explantion was a very nice way to show how they work.

Thanks.

Another think I can note is that your explantion of what the OP was talking about differs from what knightdk said.  He suggested that these were simply publically known private keys (brainwallet for "cat", for example), whereas you suggest that in these cases there simply are no private keys involved at all.

OP was talking about "empty output scripts" so no private keys are involved.

I suppose both types of UTXO must exist, and it makes sense that miners want to claim these funds as much as anyone else does.  However, I guess you'd need to write a pretty clever program to "interpret" scripts of UTXO and try to decide if they're easy to solve.

Such a program would have to be very clever indeed.  This puts in mind a program to automatically track changes to a repository, find bugs, and report them.  Fantasy.

There do exist programs to tackle a special class of such scripts, namely the weak brainwallets that knightdk was talking about.  These programs simply look up new output addresses in rainbow tables and quickly act to spend any matches.

One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"?  That seems like you're just giving your bitcoins away.  What's the motivation for anyone to do this?

OP was talking about outputs "with zero satoshi".  I know nothing of people intentionally leaving bitcoins on the table in this way.  To clarify, I use "spend" for using up an output even when the corresponding amount is 0 BTC.  My 5 BTC example was purely illustrative.
tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1070


I may write code in exchange for bitcoins.


View Profile
August 03, 2015, 02:48:36 PM
 #13


One last follow up, why is anyone sending bitconis to an output with a script which says "tell me X where X is true"?  That seems like you're just giving your bitcoins away.  What's the motivation for anyone to do this?

OP was talking about outputs "with zero satoshi".  I know nothing of people intentionally leaving bitcoins on the table in this way.  To clarify, I use "spend" for using up an output even when the corresponding amount is 0 BTC.  My 5 BTC example was purely illustrative.


I guess that knightdk answer it just above you.

There are OP codes that allow anyone to spend the transaction's outputs, although they are considered nonstandard and typically not relayed.

The reason the spammers are giving out Bitcoins seems to be that it can produce more spam. Imagine that 1000 people see a transaction where they can spend the Bitcoin to themselves and get some free Bitcoin. The 1000 people then create 1000 separate transactions to attempt to do so. Suddenly, one transaction has created 1000 double spend transactions which further spam and flood the network. The spammer has essentially amplified their attack by a thousandfold. Now instead of 1000 people, imagine if this happens on the entire network. Then the spam attack becomes amplified and the spammer requires less effort to create that much volume of transactions.

This explanation makes sense, the spammers are using greed to really amplify their attack.  I really appreciate you guys filling me in on the details missing in the OP.  Bitcointalk users educate me again!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!