Bitcoin Forum
December 13, 2017, 04:18:47 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Spend multi-sig BTC with a partial redeemScript  (Read 654 times)
jsharpie
Newbie
*
Offline Offline

Activity: 3


View Profile
January 18, 2017, 09:11:41 PM
 #1

First post here - so hopefully this is in the right place...

If there was a 2 of 3 multisig address created, and BTC was sent to this address, is it possible to regenerate the redeemScript using just two of the 3 public keys that were initially used to create it, in order to spend the bitcoin that was originally sent to the multisig address?

It appears to me that the redeemScript is the op codes plus the three public keys. If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in which the 3rd public key is bogus, but which would let me sign the transaction with the two remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?

Thanks
1513138727
Hero Member
*
Offline Offline

Posts: 1513138727

View Profile Personal Message (Offline)

Ignore
1513138727
Reply with quote  #2

1513138727
Report to moderator
1513138727
Hero Member
*
Offline Offline

Posts: 1513138727

View Profile Personal Message (Offline)

Ignore
1513138727
Reply with quote  #2

1513138727
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513138727
Hero Member
*
Offline Offline

Posts: 1513138727

View Profile Personal Message (Offline)

Ignore
1513138727
Reply with quote  #2

1513138727
Report to moderator
1513138727
Hero Member
*
Offline Offline

Posts: 1513138727

View Profile Personal Message (Offline)

Ignore
1513138727
Reply with quote  #2

1513138727
Report to moderator
1513138727
Hero Member
*
Offline Offline

Posts: 1513138727

View Profile Personal Message (Offline)

Ignore
1513138727
Reply with quote  #2

1513138727
Report to moderator
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
January 18, 2017, 09:34:47 PM
 #2

If there was a 2 of 3 multisig address created, and BTC was sent to this address,
Are we talking about bare-msig output or about p2sh address (the address which starts with "3")?

Quote
is it possible to regenerate the redeemScript using just two of the 3 public keys that were initially
used to create it, in order to spend the bitcoin that was originally sent to the multisig address?

regenerating the redeemScript with two public keys will give you another redeemScript and
another address from the first which was funded. So, It will not help you to redeem funds

Quote
It appears to me that the redeemScript is the op codes plus the three public keys.
Ok, this is not very strong definition, but let me agree

Quote
If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in
which the 3rd public key is bogus, but which would let me sign the transaction with the two
remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?
Why on earth you are going so strange way?

You have redeemScript and its funded address.
You are able to parse the redeemScript and see all three public keys in it
You have two private keys of these three
This is enough to redeem funds from the address.
You do not need to construct any more data structures and scripts
jsharpie
Newbie
*
Offline Offline

Activity: 3


View Profile
January 18, 2017, 10:18:05 PM
 #3

Quote
Are we talking about bare-msig output or about p2sh address (the address which starts with "3")?
The bitcoin address that is returned when using the createmultisig RPC

Quote
If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in
which the 3rd public key is bogus, but which would let me sign the transaction with the two
remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?
Why on earth you are going so strange way?

You have redeemScript and its funded address.
You are able to parse the redeemScript and see all three public keys in it
You have two private keys of these three
This is enough to redeem funds from the address.
You do not need to construct any more data structures and scripts
[/quote]

Not exactly - let me illustrate

The original multi-sig address was created with keypairs A, B, and C in that order. So the redeem script looks something like

<OP code> <public key A> <public key B> <public key C> <OP code>


In this scenario, I have lost the C keypair, and I have only the partial redeem script, because the file saving the redeem script was corrupt.
<OP code> <public key A> <public key B>


 I still have keypair A and B. Why can't I generate a redeemScript that looks likes
<OP code> <public key A> <public key B> <public key OTHER> <OP code>


and still use keypair A and keypair B to redeem the transaction?


In other words - when I am trying to spend from the multisig account, and I do "signrawtransaction" RPC with a modified redeemScript, what is the mechanism that can check to know whether that redeemScript was modified or not? is the hash of the original redeem script put into the funding transaction of the multisig wallet?
jsharpie
Newbie
*
Offline Offline

Activity: 3


View Profile
January 19, 2017, 12:04:54 AM
 #4

Sorry - I think i answered my own question while trying to think of my reply. So in a P2SH transaction, the "address" in the vout  scriptPubKey of the transaction is the hash of the redeemScript - is that correct?

How is that calculated? I couldn't seem to get it by using the command line tools in ubuntu to do

echo $REDEEM_SCRIPT | sha256sum | openssl rmd160

and then base58 encoding that output. There must be a little more to it than that?
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1246


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
January 19, 2017, 01:39:26 AM
 #5

Sorry - I think i answered my own question while trying to think of my reply. So in a P2SH transaction, the "address" in the vout  scriptPubKey of the transaction is the hash of the redeemScript - is that correct?

How is that calculated? I couldn't seem to get it by using the command line tools in ubuntu to do

echo $REDEEM_SCRIPT | sha256sum | openssl rmd160
You have to treat the redeemScript as bytes, not as a string.

and then base58 encoding that output. There must be a little more to it than that?
Nope, that's all you have to day. Base58 Check Encode the resulting hash and you will get the address.

amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
January 19, 2017, 05:30:43 AM
 #6

In this scenario, I have lost the C keypair, and I have only the partial redeem script,
because the file saving the redeem script was corrupt.
<OP code> <public key A> <public key B>

If you do not have redeemScript - you are not able to redeem funds from address.
SFYL

(Are there any redeem transaction *from* msig address? In this case the redeemScript is
written in the blockchain and can be taken)

Quote
I still have keypair A and B. Why can't I generate a redeemScript that looks likes
<OP code> <public key A> <public key B> <public key OTHER> <OP code>
and still use keypair A and keypair B to redeem the transaction?
To redeem which transaction? There are millions unspent transation outputs in the blockchain
Tou have to prove that you know 3 public keys A, B and C and 2 private keys
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!