Bitcoin Forum
December 09, 2016, 02:23:57 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: 1VayNert throwing away BTC  (Read 3118 times)
BurtW
Legendary
*
Offline Offline

Activity: 1792

All paid signature campaigns should be banned.


View Profile WWW
November 20, 2011, 03:35:46 PM
 #1

Dear 1VayNert

It appears that you may have a bug in your transactions that is causing you to throw away 0.01 BTC on each transaction.  Thought you would like to know.

Example here:  http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e

and http://blockexplorer.com/tx/8c8baf2e0529c0193ad3a583306a16fcc3e9cd271ba625e12bfd74261a46ad7c

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
1481250237
Hero Member
*
Offline Offline

Posts: 1481250237

View Profile Personal Message (Offline)

Ignore
1481250237
Reply with quote  #2

1481250237
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481250237
Hero Member
*
Offline Offline

Posts: 1481250237

View Profile Personal Message (Offline)

Ignore
1481250237
Reply with quote  #2

1481250237
Report to moderator
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
November 20, 2011, 05:18:21 PM
 #2

They're not throwing away 0.01 BTC, they just haven't redeemed them yet-- they're using valid-but-strange transactions.

How often do you get the chance to work on a potentially world-changing project?
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 21, 2011, 12:13:51 AM
 #3

Output script:
Code:
04678afd04678afd OP_DROP OP_SHA256 894eeb82f9a851f5d1cb1be3249f58bc8d259963832c5e7474a76f7a859ee95c OP_EQUAL
So as far as I understand it:
It drops this first string (04678afd04678afd) from the stack, so ignore that. Then it hashes (SHA256) the next thing on the stack, which would be in the input script you use. Then that should be equal to the 89...95c part.

So basically these outputs can be claimed by a password.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
November 21, 2011, 12:30:48 AM
 #4

I'd guess the OP_DROP data is salt for the password.

Spends of these transactions could be intercepted and hijacked by miners. It would be better to do a regular public key transaction and attach the private key as AES-encrypted OP_DROP data. Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 21, 2011, 12:55:09 AM
 #5

That makes sense.

Also, all those transactions* seem to have the same password, too, so he would need to spend all of them at the same time.

*At least the two examples posted. 2 is a representative data sample, no?

DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
November 21, 2011, 11:24:33 AM
 #6

Another way might be to add a proof-of-work to the script so that miners don't have time to hijack the transaction before someone else includes it.
What do you mean by adding proof-of-work to the script ?

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
BurtW
Legendary
*
Offline Offline

Activity: 1792

All paid signature campaigns should be banned.


View Profile WWW
November 21, 2011, 03:09:24 PM
 #7

Learning a lot.  Thanks.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
November 21, 2011, 03:14:07 PM
 #8

What do you mean by adding proof-of-work to the script ?

Like this (using some disabled/not-yet-implemented Script features):
Code:
ScriptSig: password { [sig] [nonce] OP_DROP }

ScriptPubKey:
//give out the private key
[private key] OP_DROP

OP_3DUP OP_DUP

//check that scriptSig takes expected form
0 1 OP_SUBSTR 72 OP_EQUALVERIFY
73 1 OP_SUBSTR 4 OP_EQUALVERIFY
77 1 OP_SUBSTR { OP_DROP } OP_EQUALVERIFY
OP_SIZE 79 OP_NUMEQUALVERIFY

//check that the hash of scriptSig starts with many zeroes. This is indirectly a hash of the entire
//transaction, since the signature is on a hash of the transaction
OP_HASH256 0 10 OP_SUBSTR 0x00000000000000000000 OP_EQUALVERIFY

//verify signature
OP_EVAL
[pubKey] OP_CHECKSIGVERIFY

//check the password
OP_HASH256 [password hash] OP_EQUAL

({} denotes that something is in a string, not part of the script proper.)

With this, you need to do some "mining" after changing the transaction to make it valid.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
November 21, 2011, 03:21:18 PM
 #9

What do you mean by adding proof-of-work to the script ?
Like this (using some disabled/not-yet-implemented Script features):
...
With this, you need to do some "mining" after changing the transaction to make it valid.
Wow, that's really cool :)
Sadly it can't be used because of disabled ops...

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 21, 2011, 05:05:35 PM
 #10

Doesn't Eligius accept non-standard scripts? Or is this really non-standard?

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
November 21, 2011, 05:31:53 PM
 #11

Doesn't Eligius accept non-standard scripts? Or is this really non-standard?

They would end up on a different network if they accepted this. The network doesn't recognize OP_SUBSTR anymore, and OP_EVAL isn't implemented yet (though it is planned).

The script I gave is inferior in every way that I can think of to just including an AES-encrypted private key with a standard transaction. I just wanted to illustrate the concept. Possibly there are better ways of doing transaction proof-of-works, though. Maybe you could do it by making public only parts of public keys, signatures, or private keys. It could certainly be better than AES encryption if there was a script op that output a hash of the non-Script parts of transactions: then you wouldn't have to use OP_CHECKSIG at all.

My script could be improved by leaving out the private key and having everyone use the same known keypair. Then it's only a little bigger than the encrypted-private-key method.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 21, 2011, 05:50:48 PM
 #12

Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?

DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
November 21, 2011, 06:40:56 PM
 #13

Would be nice to test for zeroes with OP_LESSTHAN which is allowed, but it's limited to 32 bits only, just as OP_DIV and OP_RSHIFT (both are disabled) :(

Sadly most useful ops are either disabled or crippled by 4 bytes limit.

Well, the substr magic can be replaced by an OP_WITHIN, where it should be within 0x00000000000000 and 0x00000001000000 for example. That would circumvent the OP_SUBSTR, while achieving the same result, right?
No, OP_WITHIN is limited to 32 bit numbers, so it can only work within 0x000000 and 0xFFFFFFFF, a maximum subset is 4 294 967 295 of sha256's output space (around ~0.0000000000000000000000000000000000000000000000000000000000000000000037%)
(not sure about that)

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
December 17, 2011, 01:09:36 AM
 #14

Finally redeemed :)
The new TX wasn't even considered strange by the network.

http://blockexplorer.com/tx/9969603dca74d14d29d1d5f56b94c7872551607f8c2d6837ab9715c60721b50e#o2

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
sebastian
Member
**
Offline Offline

Activity: 119


View Profile
December 17, 2011, 04:22:24 AM
 #15

theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
December 17, 2011, 08:38:30 AM
 #16

theymos: why add the private key AES encrypted when you just can SHA256(password) (like mini-private-keys) and use that as private key?
Then you tell the legit whoever that should be able to access those coins on how you redeem them.

Probably that is always better than AES encryption.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!