MultiSig BUT with Bitcoin Addresses NOT Public Keys

[damianmontero]

I'm building a Bitcoin ATM that will use Multi-Sig for security and I realized I can't create a MultiSig Account with ONLY the Bitcoin Addresses.

Why does MultiSig Use Public Key's as opposed to the compressed 1xxxxx Bitcoin address?

I feel that most of the time I'll be building MultiSig Accounts with other people. Most of whom will NOT have their public Key. Only their private key and bitcoin address.

If you have the android client. if you have a blockchain.info account. You DON'T have your public key.

Is there a way to build a multi sig with BITCOIN ADDRESSES only? (or at least ONE public key from one person (me) and a the bitcoin address of someone else?)

is there a way to CALCULATE the PUBLIC KEY (PUBKEY) from the Bitcoin Address?

Please help!

[1714770996]

1714770996

[DeathAndTaxes]

No there is no way to perform multisig with addresses.
No you can not compute a public key from an address.

An address is the pubkeyhash encoded in base58 with version and checksum. It can be decoded back to the pubkeyhash but you can get pubkey from the pubkeyhash because hashing functions are by their nature one way.

[damianmontero]

Thank you DeathAndTaxes;

How can I make a multiSig address with just regular Bitcoin Addresses?

I'm trying to create a bitcoin address where any ONE of TWO (or THREE) bitcoin private addresses can SIGN a transaction.

[DeathAndTaxes]

Once again "No there is no way to perform multisig with addresses."

You must have two or more public keys.  Not addresses or pubkeyhashes.


Technically an address can be created from the hash of a custom script (P2SH) but I am unsure if there are the necessary op_codes in the scripting language to allow you to validate against signature of one of many pubkeyhashes.

[edmundedgar]

Thank you DeathAndTaxes;

How can I make a multiSig address with just regular Bitcoin Addresses?

I'm trying to create a bitcoin address where any ONE of TWO (or THREE) bitcoin private addresses can SIGN a transaction.

You could make a special script to do this, but you'd probably need some special software to sign it. Is that an acceptable requirement? If so we can talk about the best way to script it.

[edmundedgar]

Technically an address can be created from the hash of a custom script (P2SH) but I am unsure if there are the necessary op_codes in the scripting language to allow you to validate against signature of one of many pubkeyhashes.

You can do "or" cases like this with branching OP_IFs (inside P2SH). Simplest case 1/2:

Code:

OP_IF
OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG.
OP_ELSE
OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG.
OP_ENDIF

...then sign with an OP_1 or OP_0 flag on the end to say which branch should be used.

For JavaScript this may help:
https://github.com/edmundedgar/bitcoin-branching-transaction-builder
I haven't tried it for this specific case, but I think it would be OK.

This is currently non-standard, but it should become standard as people start running bitcoin 0.10. In the meantime you should be able to broadcast it with blockchain.info, and it should get mined by Discus Fish or Eligius, which will generally get it mined in an hour or two.

[Peter Todd]

edmundedgar is on the right track, but an even better way to do it is to adapt Luke-Jr's BIP19:

{pubkey} OP_CHECKSIG OP_SWAP {pubkey} OP_CHECKSIG OP_ADD OP_SWAP {pubkey} OP_CHECKSIG OP_ADD {n} OP_EQUAL

Replace {pubkey} OP_CHECKSIG as appropriate; you can even mix-n-match multiple forms.

https://github.com/bitcoin/bips/blob/master/bip-0019.mediawiki

[damianmontero]

Code:

OP_IF
OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG.
OP_ELSE
OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG.
OP_ENDIF

1) Peter Todd. You say your version is better. But it seems to include the PubKeys. I need to include two (or at least one) Bitcoin Address (because I don't have the PubKey, they're not my addresses)
So will BIP19 help me here? and is it available now?

2) Edmundedgar: Thank you. So your solution should work once everyone moves to 0.10 bitcoin and if maybe the right pool catches my transaction. Did I understand that right? If the wrong pool gets it. does it go back in the queue until they THEY process the transaction?

I'm new at this. but hopefully your link for the bitcoin-branching-transaction-builder will help. but their "tests" and therefor only documentation keeps mentioning PubKeys. So I'm trying to make the code work right now and it's not easy.

I'll update this thread with my solution if I can get bitcoinJS-lib to build.

[damianmontero]

@edmundedgar; using your code and  your "bitcoin-branching-transaction-builder" project (and Peter Todd's public Bitcoin Address so he could sign a TRANSACTION)

Code:

var bitcoin = require('bitcoinjs-lib');
var BranchingTransactionBuilder = require('./src/branching_transaction_builder');
var Script = bitcoin.Script;

var BitcoinAddress1 = "1KYestTGTEJzM5pR7AAQ7ckBE55ytLRaDk";
var BitcoinAddress2 = "1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv";
var rules = "OP_IF OP_DUP OP_HASH160 "+ BitcoinAddress1 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 " + BitcoinAddress2 + "  OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF";
var NewP2SHAddress = Script.fromASM(rules);

console.log(NewP2SHAddress.buffer.toString('hex'));

 I get a bitcoin address of: 6376a90088006776a900880068

Is this right? Where is the redeemScript

[DeathAndTaxes]

A quick tip both you and edmundedgar are conflating PubKeyHash with Address.   PubKey, PubKeyHas, and BitcoinAddress are distinct items.   An Address is a PubKeyHash (or ScriptHash) plus checksum and version data encoded in base58.    The Bitcoin network does not use Addresses.  Addresses are just for humans.  So in your code you would need to DECODE the Address to the PubKeyHash and at the end the result in a ScriptHash which then needs to be encoded as an address (if you are displaying it to a user).


PubKeyHash = RIPEMD-160(SHA-256(PubKey)
Address = Base58(version | PubKeyHash | checksum)

On edit: corrected hashing algorithm

[Taras]

Some addresses have known public keys on the block chain, but just looking for them wouldn't be very practical because not all addresses have known public keys. A newly generated address wouldn't have one on the chain; you'd need/want to have your customers give you their pubkeys directly, some way or another. Ideally, they would create a new address just for this contract.

[Peter Todd]

Code:

OP_IF
OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG.
OP_ELSE
OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG.
OP_ENDIF

1) Peter Todd. You say your version is better. But it seems to include the PubKeys. I need to include two (or at least one) Bitcoin Address (because I don't have the PubKey, they're not my addresses)
So will BIP19 help me here? and is it available now?

This about this a little harder: you can replace the <pubkey> CHECKSIG pattern in BIP19 with OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG.

The point of using BIP19 is it's more flexible; edmund's construction doesn't do n-of-m easily.

[DeathAndTaxes]

It is "OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG".

[dserrano5]

PubKeyHash = SHA-256(SHA-256(PubKey)
Address = Base58(version | PubKeyHash | checksum)

Nit: that should be RIPEMD-160(SHA-256(PubKey)).

[amaclin]

You can do "or" cases like this with branching OP_IFs (inside P2SH). Simplest case 1/2:

You also can do "and" cases inside P2SH

[jl2012]

This is a 2-of-2 multisig using "addresses"

Code:

OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIGVERIFY OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG

1-of-2 multisig

Code:

OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG OP_FROMALTSTACK OP_ADD 

2-of-3 multisig

Code:

OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash3> OP_EQUALVERIFY OP_CHECKSIG OP_FROMALTSTACK OP_FROMALTSTACK OP_ADD OP_ADD OP_2 OP_EQUAL 

However this is non-standard so not many miners will mine for you (P2SH may work?). Most importantly, none of the current bitcoin clients is able to create a signature for the script.

[edmundedgar]

@edmundedgar; using your code and  your "bitcoin-branching-transaction-builder" project (and Peter Todd's public Bitcoin Address so he could sign a TRANSACTION)

Code:

var bitcoin = require('bitcoinjs-lib');
var BranchingTransactionBuilder = require('./src/branching_transaction_builder');
var Script = bitcoin.Script;

var BitcoinAddress1 = "1KYestTGTEJzM5pR7AAQ7ckBE55ytLRaDk";
var BitcoinAddress2 = "1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv";
var rules = "OP_IF OP_DUP OP_HASH160 "+ BitcoinAddress1 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 " + BitcoinAddress2 + "  OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF";
var NewP2SHAddress = Script.fromASM(rules);

console.log(NewP2SHAddress.buffer.toString('hex'));

 I get a bitcoin address of: 6376a90088006776a900880068

Is this right? Where is the redeemScript

I just added a quick test for branching versions of pay-to-public-key-hash - hopefully this will make it clearer how it's supposed to work. Basically bitcoinlib-js takes care of making the bits inside the OP_IF branching, and my thing takes care of putting them together in a branching script, so you don't need to put in your own scripting from the ASM code or anything.
https://github.com/edmundedgar/bitcoin-branching-transaction-builder/blob/master/test/branching_transaction_builder.js#L81

Blockchain.info took my redeeming TX (the non-standard one) - let's see if it'll confirm in a reasonable time (or at all...)
https://blockchain.info/tx/7d8cf0dac56e90bfff76cee1a13464cc07f0ac36241b6703a894d28987630218
Edit to add: Yup, Eligius took it.

Some of the other suggestions people have made here will be variously more flexible (for more combinations of conditions) and more economical (in saving a few bytes) than mine, but you'll have to work out how to sign them since my code won't help you. YMMV, let us know how you get on...

[Evil-Knievel]

This message was too old and has been purged

[damianmontero]

If you have the android client. if you have a blockchain.info account. You DON'T have your public key.

In fact, you do.

Let's see that proof. Because if you can help me find the "publicKey" from my EXISTING blockchain.info or android wallet accounts then We've solve my initial problem.

Real problem.

I want to make a 1of2 address and I have MY PubKey, but I don't have my mom's (or sisters, or friends) because they use a blockchain.info account and Android Wallet software.

[amaclin]

I want to make a 1of2 address and I have MY PubKey, but I don't have my mom's (or sisters, or friends) because they use a blockchain.info account and Android Wallet software.

If there are spending transactions from your mom's (sisters, friends, cats, dogs) addresses - you have their public keys