I'm trying to decide what kind of Bitcoin scripts to use for my application, based on information from bitcoin.it.
https://en.bitcoin.it/wiki/Script:
A transaction is valid if nothing in the combined script triggers failure and the top stack item is true (non-zero).
| OP_CHECKMULTISIG | For each signature and public key pair, OP_CHECKSIG is executed. If more public keys than signatures are listed, some key/sig pairs can fail. All signatures need to match a public key. If all signatures are valid, 1 is returned, 0 otherwise. Due to a bug, one extra unused value is removed from the stack. |
| OP_CHECKMULTISIGVERIFY | Same as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward. |
| OP_VERIFY | Marks transaction as invalid if top stack value is not true. |
https://en.bitcoin.it/wiki/Contracts:
Section "Theory":
2 <pubkey1> <pubkey2> 2 CHECKMULTISIGVERIFY
I don't understand this: if this is signed with two signatures, then the boolean output of the CHECKMULTISIG part will be popped from the stack by the VERIFY part. So, evaluation of correct signatures ends with an empty stack, unless scriptPubKey contains another, redundant "True". I'd say that, according to the validity condition described on the Script page, an empty stack would NOT be valid, since it does not contain a top element that is True. So, CHECKMULTISIG should be used here instead of CHECKMULTISIGVERIFY.
Should I fix the wiki page? Is the use of CHECKMULTISIGVERIFY really wrong here? Why does it say CHECKMULTISIGVERIFY in the first place? Is this old obsolete/deprecated? I see CHECKMULTISIG being used in other places, so I suppose that, at least, that one is not wrong.
Which of the two is considered to be a "standard" multisig script by the Satoshi client?
I have basically the same question about EQUALVERIFY vs. EQUAL, but I suppose this isn't a standard script yet:
<key> CHECKSIGVERIFY SHA256 <hash of secret x> EQUAL[VERIFY]
PS. I just read about the bug in CHECKMULTISIG (popping an extra value). Is it also present in CHECKMULTISIGVERIFY? Does this mean that, in the CHECKMULTISIGVERIFY example above, the signer is supposed to add an extra unused value to scriptSig?
