Why cant get RSZ from Bitcoin Transaction?

[bane77]

Playing around with rsz values and i stumble on from example  this transaction and cant retrieve rsz: 

 https://www.blockchain.com/explorer/transactions/btc/4dcc0f56c1bec15e29c3efdaf562cf6a2893e2b819112e9ea4e92d6b256a79db   

I try on www.2coins.org with Transaction ID and Raw Tx, i get: Transaction ID is probably wrong or with Raw Tx:Invalid Data In Raw Tx. I also try with Iceland RSZ script and also get error: ValueError: invalid literal for int() with base 16: ''

I m guessing something is missing in the transaction

Can please someone explain?

Thanks!

[1714244961]

1714244961

[1714244961]

1714244961

[1714244961]

1714244961

[1714244961]

1714244961

[1714244961]

1714244961

[nc50lc]

I m guessing something is missing in the transaction

The transaction in question spent "p2pk" (Pay-to-PubKey) outputs, so I'm guessing that the tool that you've tried simply doesn't support p2pk scriptSig.

For r and S of that particular txn, you can get it from the input's scriptSig since it is a valid DER-encoded ECDSA signature;
For the first input:

• r: 64bfde07ac93d16f8559d89831e11ac461cc448486f6b7304a379f4aab4fc96f
• S: 5e2f0f6aed03a6338ab66bd9ad11496ff9ac91f6b134c918f74bf7ded699849f

The Z-value however isn't in the signature, it has to be computed.

I've tried other p2pk transactions and it resulted with the same error.
So try to find another tool that supports it.

[nc50lc]

Is it correct that the Z-value is the signature hash?

It's quite complicated to manually compute specially in transactions with multiple inputs.
It's the data that was signed, basically the Hash256 (SHA256 2x) of the output of "Step9" in this diagram: https://en.bitcoin.it/w/images/en/7/70/Bitcoin_OpCheckSig_InDetail.png

For the sake of simplicity, here's a 1input-1output p2pkh testnet transaction I used for testing: 4d1b9b5999d63fa77983efc663bef4cc76bf13820771a6b3ab436a93fd33dc4e
RAW (use that tool to get r, S, Z):

Code:

01000000011605ebaaf9f879b432d0331d287201e1f132f939fb35498a737a54caeb4906e9010000006a473044022024f3353d2412ed4721eddc3efcc632d934772c3683e8a5f80505f1bee67c0689022068e66bfc569924d571be6acb1094127a882a0e3c98789ea578378e03d1f799c5012102f617c1916a4538d08c0abf6c57c3504396f53a61cc4aeca5c8e6a73a16709566fdffffff0104100000000000001976a9146f7176518dc6d4f9f574f3cb76bf8f06f21f6cff88ac00000000

Result of Step 9:

Code:

01000000011605ebaaf9f879b432d0331d287201e1f132f939fb35498a737a54caeb4906e9010000001976a91443fc0f21f73898be3afa09ef7189796d3b37c9e288acfdffffff0104100000000000001976a9146f7176518dc6d4f9f574f3cb76bf8f06f21f6cff88ac0000000001000000

HASH256 of the above = Z-value:

Code:

d5a1e5dd5159ef3a73b7f8246895b9f5afe5f29e363b325fb6f41036aab5a209

[nc50lc]

For example this one?

TestNet TxId:  ac919ea7cd1564fe0826851076041d58185b2ca04f2305f22dd60b63ac476913

According to BIP143: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#p2sh-p2wpkh
That transaction's Z-value should be:

Code:

67927cd4db3a11cd954cf8903f65f1ddbd0e601cba1a3b74cf1136e53f509592

SHA2562x of (remove breakspaces):

Code:

02000000
a8ea6358b5a2efe25e5b6813b5298c603666c90b3061eea0aed7108588ce6f52
18606b350cd8bf565266bc352f0caddcf01e8fa789dd8a15386327cf8cabe198
e977d313dd88253458ea455fd4a8256453acd7ad193b2c72ae376492ed338e1f01000000
1976a9148e6e804524d16ff27b51fa0b0e65463028ffd4b888ac
77cd300000000000
feffffff
8942f7fbf60d9102e812e3d720d2c0918f68b1dbb3cd7e76366ddf055e051f56
0a6a1800
01000000

But since we can't find a tool that supports SegWit, I can't cross-check if it's correct, so please CMIIAW.

[whanau]

For example this one?

TestNet TxId:  ac919ea7cd1564fe0826851076041d58185b2ca04f2305f22dd60b63ac476913

According to BIP143: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#p2sh-p2wpkh
That transaction's Z-value should be:

Code:

67927cd4db3a11cd954cf8903f65f1ddbd0e601cba1a3b74cf1136e53f509592

SHA2562x of (remove breakspaces):

Code:

02000000
a8ea6358b5a2efe25e5b6813b5298c603666c90b3061eea0aed7108588ce6f52
18606b350cd8bf565266bc352f0caddcf01e8fa789dd8a15386327cf8cabe198
e977d313dd88253458ea455fd4a8256453acd7ad193b2c72ae376492ed338e1f01000000
1976a9148e6e804524d16ff27b51fa0b0e65463028ffd4b888ac
77cd300000000000
feffffff
8942f7fbf60d9102e812e3d720d2c0918f68b1dbb3cd7e76366ddf055e051f56
0a6a1800
01000000

But since we can't find a tool that supports SegWit, I can't cross-check if it's correct, so please CMIIAW.

I 'plugged in' the message to the usual signature check algorithm and it r's matched so the z-value quoted by nc50lc is correct.
I will go away and learn the BIP page. Thanks

Code:

Msg: 02000000a8ea6358b5a2efe25e5b6813b5298c603666c90b3061eea0aed7108588ce6f5218606b350cd8bf565266bc352f0caddcf01e8fa789dd8a15386327cf8cabe198e977d313dd88253458ea455fd4a8256453acd7ad193b2c72ae376492ed338e1f010000001976a9148e6e804524d16ff27b51fa0b0e65463028ffd4b888ac77cd300000000000feffffff8942f7fbf60d9102e812e3d720d2c0918f68b1dbb3cd7e76366ddf055e051f560a6a180001000000 


Public key  = b17450a1cabad6f734df66e4ea6a85882c8a14ce350733a20f83f2f10448803e 17a6393dfd1e448bc2d810100e0a4cef8966f92cd866ef7a4e759998a3bf6d2a 

r           = 0d8e8eaa6ecaa92eae1208b04fd6306f02bc66078fab46c9a60bfbf94a49ee18
s           = 770a265fe229918c0d67b0bc73dc4408248939d2b261f2b6ea4b7c9c5bcd123c
z           = 67927cd4db3a11cd954cf8903f65f1ddbd0e601cba1a3b74cf1136e53f509592

Result r    = d8e8eaa6ecaa92eae1208b04fd6306f02bc66078fab46c9a60bfbf94a49ee18
Signature matches!

[NotATether]

You can already get the R and S values of any non-taproot transaction directly from the bytes.

To get the z values, just follow the BIP143 format posted by nc50lc or you can read it at https://medium.com/coinmonks/creating-and-signing-a-segwit-transaction-from-scratch-ec98577b526a ,

Or for legacy (non-segwit signalling) transactions, follow the format here: https://medium.com/@ottosch/manually-creating-and-signing-a-bitcoin-transaction-87fbbfe46032

I am following the process of signing raw transactions, but there are a few values which you cannot get directly from the transaction itself and you'll need to get by looking at previous transactions, such as the scriptpubkey of the previous outpoint and its value in sats.

[NotATether]

That transaction's Z-value should be:

Code:

67927cd4db3a11cd954cf8903f65f1ddbd0e601cba1a3b74cf1136e53f509592

Very nice! The Sig-Hash is right!
Thank you very much, that helps :-)
I will now take a lot of time to dig through the BIP143!
I try to analyze the calculation alone and implement it in my code.
If I can't do it, I'll ask again here.
Many thanks to everyone who also helped here and posted helpful links :-)

Keep in mind that in the BIP143, the first two elements related to hashprevout and hashsequence are a concatenation of all the prevouts and sequences in the transaction inputs (from first to last) respectively.

And everywhere that says "sha256 hash" for an element, they mean you need to do a double sha256 hash on it, as well as a another double hash on the whole byte sequence once you've assembled it.

[nc50lc]

In the section: P2SH-P2WPKH

Code:

  hashPrevouts:
    dSHA256(db6b1b20aa0fd7b23880be2ecbd4a98130974cf4748fb66092ac4d3ceb1a547701000000)
  = b0287b4a252ac05af83d2dcef00ba313af78a3e9c329afa216eb3aa2a7b4613a

The last 4 bytes "01000000" are not clear to me where they come from.

It's the second option.
It is the 'Transaction ID' and 'Output Index' of the input(s).

You can refer to the other examples which work similarly but used different sighash flag that are different from the prevIndex.