basil00
Member
 Offline
Activity: 60
Merit: 10
|
 |
September 13, 2015, 05:15:20 AM |
|
@basil00, you can use predefined 'k' for signing ECDSA. This saves some space in blockchain. Thanks for the tip -- was not aware of this. I have to figure out how do this with cbitcoin though. Note that if the replacement transaction is bigger the miner may prefer the original anyway (better fee rate). |
|
|
|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 05:28:17 AM |
|
Note that if the replacement transaction is bigger the miner may prefer the original anyway (better fee rate). You can vary the number of inputs of your tx. Take several inputs from one tx and several from another, and doublespend two transactions!  In fact miners do not use replace-by-fee today. |
|
|
|
|
basil00
Member
Offline
Activity: 60
Merit: 10
|
|
September 13, 2015, 06:24:48 AM |
|
@basil00, you can use predefined 'k' for signing ECDSA. This saves some space in blockchain. I tried but no luck so far, still get big sigs. What exactly is the K-value required (kinv for ECDSA_sign_ex)? Does it depend on the priv key? |
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 06:51:02 AM |
|
I tried but no luck so far, still get big sigs. What exactly is the K-value required (kinv for ECDSA_sign_ex)?
My code is very dirty and I do not understand it myself  static BIGNUM* bn_kinv = BN_new ( );
...
static const MyKey32 k ( QByteArray::fromHex ( "7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0" ));
BN_bin2bn ( k.constPtr ( ), 32, bn_kinv );
...
EC_POINT_mul ( group, tmp_point, bn_kinv, 0, 0, ctx );
EC_POINT_get_affine_coordinates_GFp ( group, tmp_point, bn_x, 0, ctx );
...
Does it depend on the priv key? no |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
September 13, 2015, 09:35:21 AM
Last edit: April 17, 2016, 07:46:13 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 10:29:03 AM |
|
What exactly is the K-value required (kinv for ECDSA_sign_ex)? static const MyKey32 k ( QByteArray::fromHex ( "7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0" ));
BN_bin2bn ( k.constPtr ( ), 32, bn_kinv ); // convert bytearray to openSSL bignumber object
EC_POINT_mul ( group, tmp_point, bn_kinv, 0, 0, ctx );
EC_POINT_get_affine_coordinates_GFp ( group, tmp_point, bn_x, 0, ctx );
BN_nnmod ( retr, bn_x, bn_order, ctx ); // retr is R-part of signature
BN_mod_inverse ( bn_kinv, bn_kinv, bn_order, ctx ); // todo: seems to me that this should be performed once!
BN_mod_mul ( tmp, ecprivkey, retr, bn_order, ctx ); // ecprivkey is my privkey as openSSL bignumber object
BN_mod_add_quick ( rets, tmp, BN_bin2bn ( dgst.constPtr ( ), 32, m ), bn_order );
BN_mod_mul ( rets, rets, bn_kinv, bn_order, ctx ); // rets is S-part of signature
// now encode pair of <retr,rets> to DER
|
|
|
|
|
|
|
rz20
Legendary
Offline
Activity: 1330
Merit: 1001
|
|
September 13, 2015, 01:16:26 PM |
|
0 btc transacted. Damn this really doesn't work and the OP is just spamming the blockchain. |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
September 13, 2015, 01:21:04 PM
Last edit: April 17, 2016, 07:46:07 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
|
yakuza699
|
|
September 13, 2015, 01:22:49 PM |
|
0 btc transacted. Damn this really doesn't work and the OP is just spamming the blockchain. Wrong.Sending more than 0BTC to an OP_RETURN output would be non-standard.As you can see he gave everything as fees for the miners and you should know that OP_RETURN outputs does not increase UTXO. |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 01:23:56 PM |
|
0 btc transacted. Damn this really doesn't work and the OP is just spamming the blockchain.
The OP is doing nothing. Everything you see here has been done by others. This is some kind of cleenup the dust. |
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 01:26:31 PM |
|
The private keys however are entirely useless. I took ~4BTC from these keys. What do you mean by "useless"? Useless for you? |
|
|
|
|
basil00
Member
Offline
Activity: 60
Merit: 10
|
|
September 13, 2015, 01:29:03 PM |
|
Thanks. After fiddling around with openSSL and getting nowhere I switched to libsecp256k1 and got it working first try. All you need to do is make the nonce function return the magic value for K. The new txs are tagged 'S' or 'SS'. I will remove this byte soon. Some of the older encoded txs (XX, XY, XW, R, DS) will likely bounce around for a while. I've set my script to double-spend them. Also, only SIGHASH_ALL works, otherwise other nodes reject the transaction. Non-standard or maybe I stuffed something up? |
|
|
|
|
|
yakuza699
|
|
September 13, 2015, 01:32:18 PM |
|
The fees for these small outputs are higher than the values in those outputs.
Yes that's what you need to do if you want your tx to get confirmed. So here is what I think: The OP wanted to perform the stress test but realized that he will not be able to accumulate those dust outputs (which he before created by splitting 250 BTC up in small amounts) without spending another 250 BTC on transaction fees.
I think it's wrong.Maybe OP was just too lazy to do it himself so instead released the priv keys so that other people would do the "stress test" for him.And you know if OP would have gave me the keys I would have got at least 100BTC from it. Now he realized that he essentially burned 250 BTC and the release of those private keys is one last desperate move to reestablish his good reputation (by appearing generous). The private keys however are entirely useless.
As amaclin said useless for who? |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 01:36:23 PM
Last edit: September 13, 2015, 02:04:41 PM by amaclin |
|
Some of the older encoded txs (XX, XY, XW, R, DS) will likely bounce around for a while. I've set my script to double-spend them. No need to do it. Because my script converts everything to "my address". And your script converts my result to OP_RETURN. Unfortunately to me, I can not beat you OK, the game is over. From this moment all dust outputs from compromised private keys will go to miners only.
@basil00, You took my profits, the son of a bitch ! |
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 01:53:54 PM |
|
Sending more than 0BTC to an OP_RETURN output would be non-standard. No, this is standard output. The amount will be burned |
|
|
|
|
|
yakuza699
|
|
September 13, 2015, 03:12:23 PM
Last edit: September 13, 2015, 03:25:38 PM by yakuza699 |
|
Sending more than 0BTC to an OP_RETURN output would be non-standard. No, this is standard output. The amount will be burned Wrong. https://bitcoin.org/en/developer-guide#non-standard-transactions "As of Bitcoin Core 0.9.3 standard null data outputs must receive zero satoshis".Still think I am wrong? 010000000133c3d38bb4a30bd4595707e13ca17d948d051365b166f50da26527680f0bddf0000000008a47304402205a277704ca398dfdfee958ab6eb3af098d88b60c34712ff5bceab9401a715c4d02202523894f0924136bde8ae07b8b6cf06cb2e75c175172c31e6800db7d9adca648014104f64e3d965b8f4aa507665a7a765dab9a78192c1dc7d87743696ee7adc714de336b8435c3e21ae72d917fe1e588f54e632a8448611a8a1b20bbe9066c0ec78a75ffffffff0290512d00000000001976a91474824ef4fc87f5e6a9c7800ca5afd67e49dac34188ac0000000000000000066a045445535400000000 Good luck relaying it. |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
September 13, 2015, 04:25:14 PM |
|
Still think I am wrong? Yes. I think you are wrong. This is the actual code:
BOOST_FOREACH(const CTxOut& txout, tx.vout) {
if (!::IsStandard(txout.scriptPubKey, whichType)) {
reason = "scriptpubkey";
return false;
}
if (whichType == TX_NULL_DATA)
nDataOut++;
else if ((whichType == TX_MULTISIG) && (!fIsBareMultisigStd)) {
reason = "bare-multisig";
return false;
} else if (txout.IsDust(::minRelayTxFee)) {
reason = "dust";
return false;
}
}
// only one OP_RETURN txout is permitted
if (nDataOut > 1) {
reason = "multi-op-return";
return false;
}
The reference client either increases the total count of null-data outputs in tx or checks for dust limits. But not both. So, it is possible to burn any amount via OP_RETURN, even zero. Note, that bc.i still treats null-data output as non-standard |
|
|
|
|
|
yakuza699
|
|
September 13, 2015, 05:07:42 PM |
|
Still think I am wrong? Yes. I think you are wrong. I am NOT saying that, that transaction is invalid.I am saying that, that transaction is non-standard.Try to relay the given tx and see yourself. |
|
|
|
|
|
|
