[WTB]Tutorial on how to make non-standard outputs

[amaclin]

Unfortunately f2pool relayed the double-spending tx again 901dd16927eac839cdbb44fb3762792c95db07871b42c254eb55ff850ecd6b06

Your non-standard transaction doesn't pay fee.
f2pool ignores it as spam (and it is definetely spam)

[1714177257]

1714177257

[1714177257]

1714177257

[1714177257]

1714177257

[1714177257]

1714177257

[1714177257]

1714177257

[yakuza699]

Unfortunately f2pool relayed the double-spending tx again 901dd16927eac839cdbb44fb3762792c95db07871b42c254eb55ff850ecd6b06

Your non-standard transaction doesn't pay fee.
f2pool ignores it as spam (and it is definetely spam)

Well then it's very strange. Because when I relay same transactions(but they are standard it's just that it pays 0 fee for 3000+bytes below 0.01BTC tx) they hold it(Eligius doesn't) how's that not a spam? What criteria should I meet to relay it to them does paying 100sat fee and/or sending above 0.01 help?

[DeathAndTaxes]

WARNING:  Before you go any further you should understand that a script locked by a hash of a "secret" is insecure and trivially easy to steal.  When this owner tries to redeem this output the secret will be in plain text in the input.  Any miner could simply change the output to their output and include it in the next block.   

Well then it's very strange. Because when I relay same transactions(but they are standard it's just that it pays 0 fee for 3000+bytes below 0.01BTC tx) they hold it(Eligius doesn't) how's that not a spam? What criteria should I meet to relay it to them does paying 100sat fee and/or sending above 0.01 help?

You seem to be confusing to separate aspects.   "Standard transactions" and priority/fee.  Most nodes follow the lead of the reference client when it comes to relaying txns so your best bet is to simply comply but it can be done indirectly w/ P2SH and redemption will get easier once v0.10 is widely deployed (see release notes for v0.10).

Priority/fee
High priority txns do not need to pay a fee in order to be relayed so that might be what you are observing. The coin age of the inputs must be at least "one bitcoin day" or more (i.e. spending a 1 BTC output you received 144 blocks ago).   There actually is an exact formula but the wiki seems to be down right now.   So if your txn is low priority you will need to pay the min fee of 1000 sat per KB or the txn won't be relayed (by 99%+ of the network).  There is no point in paying a fee >0 and less than the min fee as it won't be relayed regardless.   Also understand the fee rules apply regardless of if the txn is standard or not.   If your txn is low priority and you don't want to pay the fee your only option is to bypass the network and find some one to get the txn directly to a miner.   This would be the only reason to pay a fee greater than zero but less than the min (1,000).  As a heads up There no longer is a >=0.01 BTC output rule to avoid txn fees.  It was removed way back in v0.8.6 but you may still see old docs refer to that.

Standard Transaction
Customs scripts are non-standard and won't be relayed by most of the network.  This can be bypassed by replacing the "output script" with a P2SH script including the HASH160 of your redemption script.

Pubkey script: OP_HASH160 <Hash160(redeemScript)> OP_EQUAL
Signature script: <sig> [sig] [sig...] <redeemScript>

So using the example txn linked above instead of having an output of:

OP_HASH256 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000 OP_EQUAL

That becomes the redeem script and the HASH160 of it goes in an output like this:

OP_HASH160 <Hash160(yourscript)> OP_EQUAL

To redeem that output, the signature script (in input of the txn spending this output) would be the redemption script you hashed plus whatever satisfies the conditions (in this case the secret that was hashed):

<secretThatWasHashed> OP_HASH256 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000 OP_EQUAL

Also you need to make sure the min output is above the dust threshold to avoid it being considered spam (which is always non-standard).

(nValue*1000)/(3*((int)GetSerializeSize(SER_DISK,0)+148)) < nMinRelayTxFee

[yakuza699]

WARNING:  Before you go any further you should understand that a script locked by a hash of a "secret" is insecure and trivially easy to steal.  When this owner tries to redeem this output the secret will be in plain text in the input.  Any miner could simply change the output to their output and include it in the next block.

Yep read that in the wiki page long time ago.

You seem to be confusing to separate aspects.

No I might write like I would confuse them but no I don't think so.(I guess)

High priority txns do not need to pay a fee in order to be relayed

If you meant "doesn't need to pay a fee to get mined" than yes but low priority tx's will still be relayed. Look at http://mempool.info/ scroll down a bit and you see lots of transactions like this https://blockchain.info/tx/25692930af2f39c0fb0725b19241ab53a4807772261e542aa5ed955ae4398a6e

So if your txn is low priority you will need to pay the min fee of 1000 sat per KB or the txn won't be relayed (by 99%+ of the network).

Wrong even my 0.8.6 relays them.When I push it to let's say blockchain.info/pushtx it appears on all blockchain explorers and also on my client.

There is no point in paying a fee >0 and less than the min fee as it won't be relayed regardless.

I must agree that there is no point of doing that in most cases but in mine there is.

Also understand the fee rules apply regardless of if the txn is standard or not.

I fault that non-standard transactions need to pay double the fee.

If your txn is low priority and you don't want to pay the fee your only option is to bypass the network and find some one to get the txn directly to a miner.  

What do you call a low priority transaction? For me its low priority=output less than 0.01,it has not passed enough time to qualify for free tx(and still be high priority),it does not pay any fee and it is above 1000bytes

As a heads up There no longer is a >=0.01 BTC output rule to avoid txn fees.  It was removed way back in v0.8.6 but you may still see old docs refer to that.

In 0.8.6 or after 0.8.6? I still use 0.8.6 and now downgraded to 0.8.5(Luke's Jr version of qt)

Customs scripts are non-standard and won't be relayed by most of the network.  This can be bypassed by replacing the "output script" with a P2SH script including the HASH160 of your redemption script.

Wouldn't that be standard then?

[Taras]

Customs scripts are non-standard and won't be relayed by most of the network.  This can be bypassed by replacing the "output script" with a P2SH script including the HASH160 of your redemption script.

Wouldn't that be standard then?

And would this then work?
OP_DUP OP_HASH160 7db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e3925 OP_EQUALVERIFY OP_CHECKSIG OP_SHA256 9c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c081233 OP_EQUALVERIFY

[amaclin]

detected

Code:

0100000001066BCD0E85FF55EB54C2421B8707DB952C796237FB44BBCD39C8EA2769D11D90000000008A47304402203D10ECE797B624A5296BDD6FB86216E4CFED0BD6C85ED99F16D48DEC835CE53C022020962978A7BD9B7EE9BEB45C8D80289C475A257E74CA5519B77DE47818AA8FFE014104D79737E9137E54A6ED4D3F6CCABB2A2232BC0020477C911F0D7D74DB62D6F7B2F6FDD88457E6C408033EDC7B12539584D42C8ACAEFFF6347165F24F0ABBCB9C2FFFFFFFF0100350C000000000023A9209C0F28FC262F58E9AD1F021AB707662CAD96C754ECF3AD43BE5C26E49C0812338700000000

"txid" : "ae26b54c5443278909d77983d03e535013d7e26906f5328a91c4fcb45f711210",
"version" : 1,
"locktime" : 0,
"vin" : [
{
"txid" : "901dd16927eac839cdbb44fb3762792c95db07871b42c254eb55ff850ecd6b06",
"vout" : 0,
[...]
"vout" : [
{
"value" : 0.00800000, // no miners fee again?
"n" : 0,
"scriptPubKey" : {
"asm" : "OP_HASH160 9c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c081233 OP_EQUAL", // UNSPENDABLE because hash160 can not be equal to 32-byte value
"hex" : "a9209c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c08123387",
"type" : "nonstandard"

[yakuza699]

Not sure if that is exactly what DeathAndTaxes meant but I created

Code:

0100000001066bcd0e85ff55eb54c2421b8707db952c796237fb44bbcd39c8ea2769d11d90000000008a47304402203d10ece797b624a5296bdd6fb86216e4cfed0bd6c85ed99f16d48dec835ce53c022020962978a7bd9b7ee9beb45c8d80289c475a257e74ca5519b77de47818aa8ffe014104d79737e9137e54a6ed4d3f6ccabb2a2232bc0020477c911f0d7d74db62d6f7b2f6fdd88457e6c408033edc7b12539584d42c8acaefff6347165f24f0abbcb9c2ffffffff0100350c000000000023a9209c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c0812338700000000

I pushed it, it got relayed then tried to push the double-spending tx to f2pool and they accepted it. So it means that they still ignore it or didn't got the first tx.

[dabura667]

Customs scripts are non-standard and won't be relayed by most of the network.  This can be bypassed by replacing the "output script" with a P2SH script including the HASH160 of your redemption script.

Wouldn't that be standard then?

And would this then work?
OP_DUP OP_HASH160 7db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e3925 OP_EQUALVERIFY OP_CHECKSIG OP_SHA256 9c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c081233 OP_EQUALVERIFY

Nope. you would SHA256 hash the number 1, as if CHECKSIG is OK then it will leave OP_1 on the top of the stack.

You would also need something that checked if OPCHECKSIG gave a 1 or 0... which is why you should use OP_CHECKSIGVERIFY instead, as that will fail the script immediately if it fails, AND it won't leave a 1 on the stack.

[dabura667]

Hi I would like to buy a step by step tutorial on how to make OP_TRUE and OP_EQUAL(tx like this https://blockchain.info/tx/a4bfa8ab6435ae5f25dae9d89e4eb67dfa94283ca751f393c1ddc5a837bbc31b) non-standard outputs on bitcoind or bitcoinqt debug window(raw transaction).An example of how to make OP_RETURN tutorial https://bitcointalk.org/index.php?topic=453086.msg5302717#msg5302717

Will pay a little amount of 0.01BTC for it.

Since your bounty requirements were just to teach you how to make the non-standard output, and you have succeeded, I would like to ask that you deposit the bounty to my tip address in my sig.

Thank you.

[yakuza699]

Hi I would like to buy a step by step tutorial on how to make OP_TRUE and OP_EQUAL(tx like this https://blockchain.info/tx/a4bfa8ab6435ae5f25dae9d89e4eb67dfa94283ca751f393c1ddc5a837bbc31b) non-standard outputs on bitcoind or bitcoinqt debug window(raw transaction).An example of how to make OP_RETURN tutorial https://bitcointalk.org/index.php?topic=453086.msg5302717#msg5302717

Will pay a little amount of 0.01BTC for it.

Since your bounty requirements were just to teach you how to make the non-standard output, and you have succeeded, I would like to ask that you deposit the bounty to my tip address in my sig.

Thank you.

I guess OP_TRUE won't differ much from the OP_EQUAL(sha-256) so I send you a full bounty. https://blockchain.info/tx/678fe4a407b2ea100b6ce7ad1eda0c692465260c3498d0b691ff529b0e1ef5b8

[dabura667]

Hi I would like to buy a step by step tutorial on how to make OP_TRUE and OP_EQUAL(tx like this https://blockchain.info/tx/a4bfa8ab6435ae5f25dae9d89e4eb67dfa94283ca751f393c1ddc5a837bbc31b) non-standard outputs on bitcoind or bitcoinqt debug window(raw transaction).An example of how to make OP_RETURN tutorial https://bitcointalk.org/index.php?topic=453086.msg5302717#msg5302717

Will pay a little amount of 0.01BTC for it.

Since your bounty requirements were just to teach you how to make the non-standard output, and you have succeeded, I would like to ask that you deposit the bounty to my tip address in my sig.

Thank you.

I guess OP_TRUE won't differ much from the OP_EQUAL(sha-256) so I send you a full bounty. https://blockchain.info/tx/678fe4a407b2ea100b6ce7ad1eda0c692465260c3498d0b691ff529b0e1ef5b8

Thank you very much. Let me know if you have any other questions about non-standard transactions.

[yakuza699]

Thank you very much. Let me know if you have any other questions about non-standard transactions.

Um how does one sign this transaction

Code:

0100000001a0f48023ba779fbe20b0c0e0447fa46d5eceb9ef2911b6e72566b45c172c192b000000001976a9147db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e392588acffffffff0100350c000000000017a914f837bec6fc1610acc74b1089ab4ef060ecfe254a8700000000

without using bitcoin core(yes I have all the 10 private keys)

[amaclin]

Um how does one sign this transaction [...] without using bitcoin core(yes I have all the 10 private keys)

all 10 keys of what?
of msig-address 3QKUHN3uCLqX3KSbFkut2EdoDynrxFs2s7 which is the output of
https://blockchain.info/tx/2b192c175cb46625e7b61129efb9ce5e6da47f44e0c0b020be9f77ba2380f4a0

take the keys.
create digest of your transaction (remove scriptsig at all and do sha256^2)
the scriptsig will be
OP_FALSE, sig1, sig2... sigx, bip16
where hash160 (bip16) = f837bec6fc1610acc74b1089ab4ef060ecfe254a

[yakuza699]

take the keys.
create digest of your transaction (remove scriptsig at all and do sha256^2)
the scriptsig will be
OP_FALSE, sig1, sig2... sigx, bip16
where hash160 (bip16) = f837bec6fc1610acc74b1089ab4ef060ecfe254a

Didn't understood it. Especially the part where you have to make a digest of the tx.

[amaclin]

Didn't understood it. Especially the part where you have to make a digest of the tx.

OK, I'll try to explain.
May be there will be errors in my explanation, because I do not want to check with a compiler all steps.
I was wrong in previous message. You should not remove scriptSig.

1) Just create a digest of your data - sha256 ( sha256 ( your-raw-transaction-in-binary-representation-concatenated-with-SIGHASH_ALL ) )
2) Take your favorite ECDSA library and sign this digest with your private keys
3) Create new scriptSig: OP_FALSE signature-of-privkey1 signature-of-privkey2.... signature-of-privkeyN
where every signature is concatenated with byte 0x01 (SIGHASH_ALL)
4) Append bip16 msig string to a scriptSig
5) replace scriptSig bytes 76a9147db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e392588ac in your template with new scriptSig

[yakuza699]

Went to bitcoin core typed createrawtransaction

Code:

"{\"1Jtwbwd8xtiU1tjbRyrhuMA5k6RFdHjVun\":0.008}"]createrawtransaction
"[
{\"txid\":\"ac1d26f3bc37d48718a8128c586ffdc2c837c5698d9943c05dd5b84a7eb339ab\",\"vout\":0},
{\"txid\":\"ac1d26f3bc37d48718a8128c586ffdc2c837c5698d9943c05dd5b84a7eb339ab\",\"vout\":1}
]"
"{\"1Jtwbwd8xtiU1tjbRyrhuMA5k6RFdHjVun\":0.008}"

Got

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0000000000ffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0100000000ffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac00000000

Went to coinb.in signed with one key copied the generated data and signed it with the other key, got

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac000000008a47304402203a7bbd4960e7d09984de939e8a58c909342925bc4632256605e6a8769b85102202203d5ee29c7d3146312d49a5951e8d176d3db62cba37dda4fe293781b97b1b12a8014104d79737e9137e54a6ed4d3f6ccabb2a2232bc0020477c911f0d7d74db62d6f7b2f6fdd88457e6c408033edc7b12539584d42c8acaefff6347165f24f0abbcb9c2ffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac010000008a47304402203a7bbd4960e7d09984de939e8a58c909342925bc4632256605e6a8769b85102202203d5ee29c7d3146312d49a5951e8d176d3db62cba37dda4fe293781b97b1b12a8014104d79737e9137e54a6ed4d3f6ccabb2a2232bc0020477c911f0d7d74db62d6f7b2f6fdd88457e6c408033edc7b12539584d42c8acaefff6347165f24f0abbcb9c2ffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac00000000

tried to send it and failed

Code:

Input signature 0 invalid.
Input signature 1 invalid.

I tried to replace the placeholder(in the first stage) from 0 to 1976a9147db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e392588ac than the ending result was

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac000000008a47304402207e3644cc77d35d91a3b8832fd848e9db8478148c46c879c5cc6bdbcba5cb431a022056cceebf27ae1018c48029050b9c54ad3858b75b64d651c2b1c9e35a7cfae210014104d79737e9137e54a6ed4d3f6ccabb2a2232bc0020477c911f0d7d74db62d6f7b2f6fdd88457e6c408033edc7b12539584d42c8acaefff6347165f24f0abbcb9c2ffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac010000008b483045022100830735184d667729fbdb150a6042a5b7606d426fcd9f614014e6e351be2e13db022028f77a014556347be4a15a92c0ba96a5929b3e302c217e5a3a80f45568a32e09014104d79737e9137e54a6ed4d3f6ccabb2a2232bc0020477c911f0d7d74db62d6f7b2f6fdd88457e6c408033edc7b12539584d42c8acaefff6347165f24f0abbcb9c2ffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac00000000

but still got Input signature 0 invalid. What did I did wrong?

I was signing with coinb.in and no I will not try to sync it with bitcoin core as it would take me about 2(and maybe more) days to sync it(without turning the pc off)

[luv2drnkbr]

Were you able to accomplish what you wanted to accomplish?  In this last post, the first input needs to sign the double-sha256 hash of:

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788acffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0100000000ffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac0000000001000000

and the second key needs to sign the double-sha256 of

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0000000000ffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac010000001976a9147db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e392588acffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac0000000001000000

Notice that in both of them, the input that is not the one that's doing the signing is always set to 00, and then the signature type (SIGHASH_ALL aka 01) is appended to the end (01000000 -- aka 00000001 but reversed so the 01 is the left-most byte).

So the unsigned transaction that you are given to put on the website to sign is where all inputs are set to 00 and the signature type isn't on the end.  Which looks like this:

Code:

0100000002ab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0000000000ffffffffab39b37e4ab8d55dc043998d69c537c8c2fd6f588c12a81887d437bcf3261dac0100000000ffffffff0100350c00000000001976a914c44ceea4b4738e74483219e9af1435b7a0e8127788ac00000000

So if you sign that separately with each and then in each position swap the 00 with the sig+pubkey, which will likely be:

[8a or 8b, the length of the sig+pubkey combo] followed by
[47 or 48, the length of the signature]
[30.......01, the DER signature, which will be 71 or 72 bytes long, ending in 01 aka SIGHASH_ALL] followed by
[41, the length of the uncompressed pubkey] followed by
[04......., the uncompressed pubkey]

So you swap each 00 with each key's sig+key data in the format above.

You probably already know this, because the last code-quote in your last post there looks correct syntactically, but the signatures just don't verify against the tx.

[yakuza699]

I just created this transaction

Code:

01000000
01
b25674cb772bc4a788a9da826609672175b9f02bab3b252446b2357f01115d9f
00000000
1976a9147db9fbceb81b5dc4cbcc84ab6b0cd9e57d1e392588ac
fffffff
01
204E000000000000
23
a8
20
9c0f28fc262f58e9ad1f021ab707662cad96c754ecf3ad43be5c26e49c081233
87
00000000

I tried to sign it with the corresponding private key of 12ZMT7Qn2rysM3XKxkSBrVfzdXXufoS13t and it failed why? I need help ASAP.

[amaclin]

I tried to sign it with the corresponding private key of 12ZMT7Qn2rysM3XKxkSBrVfzdXXufoS13t and it failed why? I need help ASAP.

There is at least one error in line #6
only 7 'f' but should be 8

[yakuza699]

I tried to sign it with the corresponding private key of 12ZMT7Qn2rysM3XKxkSBrVfzdXXufoS13t and it failed why? I need help ASAP.

There is at least one error in line #6
only 7 'f' but should be 8

Changed from 7 to 8 but still when I tried to sign it returned me the same hash(unsigned one).