Bitcoin Forum
October 19, 2018, 08:20:06 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Why is scriptSig filled with scriptPubKey before signing a transaction?  (Read 308 times)
croraf
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 26, 2017, 11:14:12 PM
 #1



I'm checking the transaction signing as described here https://bitcoin.stackexchange.com/questions/32628/redeeming-a-raw-transaction-step-by-step-example-required.

What is the reason for steps 5 and 6: temporarily filling scriptSig with scriptPubKey of the output we want to redeem?

Can't this just be skipped, as with txid and output index we uniquely specify the output thus scriptPubKey and we don't get any value with this filling?
1539937206
Hero Member
*
Offline Offline

Posts: 1539937206

View Profile Personal Message (Offline)

Ignore
1539937206
Reply with quote  #2

1539937206
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539937206
Hero Member
*
Offline Offline

Posts: 1539937206

View Profile Personal Message (Offline)

Ignore
1539937206
Reply with quote  #2

1539937206
Report to moderator
1539937206
Hero Member
*
Offline Offline

Posts: 1539937206

View Profile Personal Message (Offline)

Ignore
1539937206
Reply with quote  #2

1539937206
Report to moderator
pebwindkraft
Full Member
***
Offline Offline

Activity: 251
Merit: 232


View Profile
November 27, 2017, 10:59:19 AM
 #2

I posted my answer as well on your question in stackexchange...

https://bitcoin.stackexchange.com/questions/63489/why-is-scriptsig-filled-with-scriptpubkey-before-signing-a-transaction/63519#63519

croraf
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 27, 2017, 01:32:11 PM
 #3

Thanks man.

I have kind of a follow up question, that I will also post on SE.

So to make transaction the following is done.

For each input
 
- all inputs and outputs are taken
- the respective input scriptSig is filled with txPrev.pubScript, other inputs's scriptSigs are left blank?
- this is signed and signature is put in respective scriptSig


Is there any benefit for bundling all inputs in each signature? Could just respective input (and all outputs) be used when signing for that input?

This will give N_inputs different templates.

But if currently other inputs' scriptSig than respective are left blank (instead of each being filled with txPrev.pubScript) then we currently also have N_inputs different templates.

The ideal would be to leave all scriptSigs blank when making signing template and use all inputs and outputs. This will give us 1 template that is signed N_input times.

What you think? Were you able to follow my thoughts?
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1554
Merit: 1704


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
November 27, 2017, 04:36:48 PM
 #4

Is there any benefit for bundling all inputs in each signature? Could just respective input (and all outputs) be used when signing for that input?
The benefit is that each signature commits to the inputs and outputs of the transaction so that they cannot be changed. If each input only commit to one input, then more inputs could be added and malleate the transaction. However there is a sighash type that allows this, sighash ANYONECANPAY.

croraf
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 28, 2017, 09:08:05 AM
 #5

Is there any benefit for bundling all inputs in each signature? Could just respective input (and all outputs) be used when signing for that input?
The benefit is that each signature commits to the inputs and outputs of the transaction so that they cannot be changed. If each input only commit to one input, then more inputs could be added and malleate the transaction. However there is a sighash type that allows this, sighash ANYONECANPAY.

Cool. Understood.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!