Spend multi-sig BTC with a partial redeemScript

[jsharpie]

First post here - so hopefully this is in the right place...

If there was a 2 of 3 multisig address created, and BTC was sent to this address, is it possible to regenerate the redeemScript using just two of the 3 public keys that were initially used to create it, in order to spend the bitcoin that was originally sent to the multisig address?

It appears to me that the redeemScript is the op codes plus the three public keys. If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in which the 3rd public key is bogus, but which would let me sign the transaction with the two remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?

Thanks

[1714784448]

1714784448

[1714784448]

1714784448

[1714784448]

1714784448

[1714784448]

1714784448

[1714784448]

1714784448

[amaclin]

If there was a 2 of 3 multisig address created, and BTC was sent to this address,

Are we talking about bare-msig output or about p2sh address (the address which starts with "3")?

is it possible to regenerate the redeemScript using just two of the 3 public keys that were initially
used to create it, in order to spend the bitcoin that was originally sent to the multisig address?

regenerating the redeemScript with two public keys will give you another redeemScript and
another address from the first which was funded. So, It will not help you to redeem funds

It appears to me that the redeemScript is the op codes plus the three public keys.

Ok, this is not very strong definition, but let me agree

If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in
which the 3rd public key is bogus, but which would let me sign the transaction with the two
remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?

Why on earth you are going so strange way?

You have redeemScript and its funded address.
You are able to parse the redeemScript and see all three public keys in it
You have two private keys of these three
This is enough to redeem funds from the address.
You do not need to construct any more data structures and scripts

[jsharpie]

Are we talking about bare-msig output or about p2sh address (the address which starts with "3")?

The bitcoin address that is returned when using the createmultisig RPC

If I still have two of the public keys (A and B) , shouldn't I be able to make a redeem script in
which the 3rd public key is bogus, but which would let me sign the transaction with the two
remaining matching private keys (Apriv and Bpriv), thus spending the BTC out of the multisig address?

Why on earth you are going so strange way?

You have redeemScript and its funded address.
You are able to parse the redeemScript and see all three public keys in it
You have two private keys of these three
This is enough to redeem funds from the address.
You do not need to construct any more data structures and scripts
[/quote]

Not exactly - let me illustrate

The original multi-sig address was created with keypairs A, B, and C in that order. So the redeem script looks something like

<OP code> <public key A> <public key B> <public key C> <OP code>

In this scenario, I have lost the C keypair, and I have only the partial redeem script, because the file saving the redeem script was corrupt.

<OP code> <public key A> <public key B>

 I still have keypair A and B. Why can't I generate a redeemScript that looks likes

<OP code> <public key A> <public key B> <public key OTHER> <OP code>

and still use keypair A and keypair B to redeem the transaction?


In other words - when I am trying to spend from the multisig account, and I do "signrawtransaction" RPC with a modified redeemScript, what is the mechanism that can check to know whether that redeemScript was modified or not? is the hash of the original redeem script put into the funding transaction of the multisig wallet?

[jsharpie]

Sorry - I think i answered my own question while trying to think of my reply. So in a P2SH transaction, the "address" in the vout  scriptPubKey of the transaction is the hash of the redeemScript - is that correct?

How is that calculated? I couldn't seem to get it by using the command line tools in ubuntu to do

echo $REDEEM_SCRIPT | sha256sum | openssl rmd160

and then base58 encoding that output. There must be a little more to it than that?

[achow101]

Sorry - I think i answered my own question while trying to think of my reply. So in a P2SH transaction, the "address" in the vout  scriptPubKey of the transaction is the hash of the redeemScript - is that correct?

How is that calculated? I couldn't seem to get it by using the command line tools in ubuntu to do

echo $REDEEM_SCRIPT | sha256sum | openssl rmd160

You have to treat the redeemScript as bytes, not as a string.

and then base58 encoding that output. There must be a little more to it than that?

Nope, that's all you have to day. Base58 Check Encode the resulting hash and you will get the address.

[amaclin]

In this scenario, I have lost the C keypair, and I have only the partial redeem script,
because the file saving the redeem script was corrupt.

<OP code> <public key A> <public key B>

If you do not have redeemScript - you are not able to redeem funds from address.
SFYL

(Are there any redeem transaction *from* msig address? In this case the redeemScript is
written in the blockchain and can be taken)

I still have keypair A and B. Why can't I generate a redeemScript that looks likes
<OP code> <public key A> <public key B> <public key OTHER> <OP code>
and still use keypair A and keypair B to redeem the transaction?

To redeem which transaction? There are millions unspent transation outputs in the blockchain
Tou have to prove that you know 3 public keys A, B and C and 2 private keys