Bitcoin Forum
December 14, 2024, 12:49:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Why does OP_CheckMultiSig not fail on an invalid public key?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Why does OP_CheckMultiSig not fail on an invalid public key?  (Read 157 times)
Coding Enthusiast (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 2824


Bitcoin and C♯ Enthusiast


View Profile WWW
April 22, 2020, 06:28:36 AM
Merited by bones261 (4), hugeblack (2), vapourminer (1), NeuroticFish (1), ABCbits (1), Husna QA (1)
 #1
Basically this test vector: https://github.com/bitcoin/bitcoin/blob/b6a5dc90bfd4640cf9f914e59bf8e21cd265b51e/src/test/data/tx_valid.json#L185-L188

It is spending a P2SH output with the redeem script of it being:
OP_2 <invalid_pub><Pub><Pub> OP_3 OP_CheckMultiSig
The first push which is supposed to be a public key is an invalid public key (it is a DER encoded signature) and despite that OP_CheckMultiSig passes successfully!
Is this another bug at protocol level? Also is it the same for SegWit scripts?
Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.20.0)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4298
Merit: 8818



View Profile WWW
April 22, 2020, 07:27:03 AM
Merited by joniboini (4), bones261 (4), ABCbits (1), hugeblack (1), Husna QA (1), Coding Enthusiast (1)
 #2
Quote from: Coding Enthusiast on April 22, 2020, 06:28:36 AM
Is this another bug at protocol level?
Why would you consider this a bug?  Yes, it could have been implemented differently, but the definition of CMS is that signature validation passes N of M times.

Obvious ways of implementing it-- including the way it was originally implemented-- wouldn't provide for any way to determine exactly why a signature failed to validate only that it did.
Coding Enthusiast (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 2824


Bitcoin and C♯ Enthusiast


View Profile WWW
April 22, 2020, 07:42:41 AM
 #3
Quote from: gmaxwell on April 22, 2020, 07:27:03 AM
Why would you consider this a bug?  Yes, it could have been implemented differently, but the definition of CMS is that signature validation passes N of M times.
I guess because I usually expect certain things to be strict specially when it comes to evaluating scripts.
This is not the first time I'm surprised by such rules though.
Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.20.0)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Why does OP_CheckMultiSig not fail on an invalid public key?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!