damianmontero (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 08, 2015, 07:43:53 PM |
|
I'm building a Bitcoin ATM that will use Multi-Sig for security and I realized I can't create a MultiSig Account with ONLY the Bitcoin Addresses.
Why does MultiSig Use Public Key's as opposed to the compressed 1xxxxx Bitcoin address?
I feel that most of the time I'll be building MultiSig Accounts with other people. Most of whom will NOT have their public Key. Only their private key and bitcoin address.
If you have the android client. if you have a blockchain.info account. You DON'T have your public key.
Is there a way to build a multi sig with BITCOIN ADDRESSES only? (or at least ONE public key from one person (me) and a the bitcoin address of someone else?)
is there a way to CALCULATE the PUBLIC KEY (PUBKEY) from the Bitcoin Address?
Please help!
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
January 08, 2015, 07:57:51 PM |
|
No there is no way to perform multisig with addresses. No you can not compute a public key from an address.
An address is the pubkeyhash encoded in base58 with version and checksum. It can be decoded back to the pubkeyhash but you can get pubkey from the pubkeyhash because hashing functions are by their nature one way.
|
|
|
|
damianmontero (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 08, 2015, 09:36:19 PM |
|
Thank you DeathAndTaxes;
How can I make a multiSig address with just regular Bitcoin Addresses?
I'm trying to create a bitcoin address where any ONE of TWO (or THREE) bitcoin private addresses can SIGN a transaction.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
January 08, 2015, 10:07:48 PM |
|
Once again "No there is no way to perform multisig with addresses."
You must have two or more public keys. Not addresses or pubkeyhashes.
Technically an address can be created from the hash of a custom script (P2SH) but I am unsure if there are the necessary op_codes in the scripting language to allow you to validate against signature of one of many pubkeyhashes.
|
|
|
|
edmundedgar
|
|
January 08, 2015, 10:29:25 PM |
|
Thank you DeathAndTaxes;
How can I make a multiSig address with just regular Bitcoin Addresses?
I'm trying to create a bitcoin address where any ONE of TWO (or THREE) bitcoin private addresses can SIGN a transaction.
You could make a special script to do this, but you'd probably need some special software to sign it. Is that an acceptable requirement? If so we can talk about the best way to script it.
|
|
|
|
edmundedgar
|
|
January 08, 2015, 10:39:26 PM |
|
Technically an address can be created from the hash of a custom script (P2SH) but I am unsure if there are the necessary op_codes in the scripting language to allow you to validate against signature of one of many pubkeyhashes.
You can do "or" cases like this with branching OP_IFs (inside P2SH). Simplest case 1/2: OP_IF OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF ...then sign with an OP_1 or OP_0 flag on the end to say which branch should be used. For JavaScript this may help: https://github.com/edmundedgar/bitcoin-branching-transaction-builderI haven't tried it for this specific case, but I think it would be OK. This is currently non-standard, but it should become standard as people start running bitcoin 0.10. In the meantime you should be able to broadcast it with blockchain.info, and it should get mined by Discus Fish or Eligius, which will generally get it mined in an hour or two.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1150
|
|
January 08, 2015, 11:12:52 PM |
|
edmundedgar is on the right track, but an even better way to do it is to adapt Luke-Jr's BIP19: {pubkey} OP_CHECKSIG OP_SWAP {pubkey} OP_CHECKSIG OP_ADD OP_SWAP {pubkey} OP_CHECKSIG OP_ADD {n} OP_EQUAL
Replace {pubkey} OP_CHECKSIG as appropriate; you can even mix-n-match multiple forms. https://github.com/bitcoin/bips/blob/master/bip-0019.mediawiki
|
|
|
|
damianmontero (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 09, 2015, 04:40:23 AM |
|
OP_IF OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF 1) Peter Todd. You say your version is better. But it seems to include the PubKeys. I need to include two (or at least one) Bitcoin Address (because I don't have the PubKey, they're not my addresses) So will BIP19 help me here? and is it available now? 2) Edmundedgar: Thank you. So your solution should work once everyone moves to 0.10 bitcoin and if maybe the right pool catches my transaction. Did I understand that right? If the wrong pool gets it. does it go back in the queue until they THEY process the transaction? I'm new at this. but hopefully your link for the bitcoin-branching-transaction-builder will help. but their "tests" and therefor only documentation keeps mentioning PubKeys. So I'm trying to make the code work right now and it's not easy. I'll update this thread with my solution if I can get bitcoinJS-lib to build.
|
|
|
|
damianmontero (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 09, 2015, 05:30:21 AM |
|
@edmundedgar; using your code and your "bitcoin-branching-transaction-builder" project (and Peter Todd's public Bitcoin Address so he could sign a TRANSACTION) var bitcoin = require('bitcoinjs-lib'); var BranchingTransactionBuilder = require('./src/branching_transaction_builder'); var Script = bitcoin.Script;
var BitcoinAddress1 = "1KYestTGTEJzM5pR7AAQ7ckBE55ytLRaDk"; var BitcoinAddress2 = "1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv"; var rules = "OP_IF OP_DUP OP_HASH160 "+ BitcoinAddress1 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 " + BitcoinAddress2 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF"; var NewP2SHAddress = Script.fromASM(rules);
console.log(NewP2SHAddress.buffer.toString('hex'));
I get a bitcoin address of: 6376a90088006776a900880068 Is this right? Where is the redeemScript
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
January 09, 2015, 05:51:12 AM Last edit: January 09, 2015, 04:51:21 PM by DeathAndTaxes |
|
A quick tip both you and edmundedgar are conflating PubKeyHash with Address. PubKey, PubKeyHas, and BitcoinAddress are distinct items. An Address is a PubKeyHash (or ScriptHash) plus checksum and version data encoded in base58. The Bitcoin network does not use Addresses. Addresses are just for humans. So in your code you would need to DECODE the Address to the PubKeyHash and at the end the result in a ScriptHash which then needs to be encoded as an address (if you are displaying it to a user).
PubKeyHash = RIPEMD-160(SHA-256(PubKey) Address = Base58(version | PubKeyHash | checksum)
On edit: corrected hashing algorithm
|
|
|
|
Taras
Legendary
Offline
Activity: 1386
Merit: 1053
Please do not PM me loan requests!
|
|
January 09, 2015, 06:04:50 AM |
|
Some addresses have known public keys on the block chain, but just looking for them wouldn't be very practical because not all addresses have known public keys. A newly generated address wouldn't have one on the chain; you'd need/want to have your customers give you their pubkeys directly, some way or another. Ideally, they would create a new address just for this contract.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1150
|
|
January 09, 2015, 06:37:01 AM |
|
OP_IF OP_DUP OP_HASH160 <address1> OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF 1) Peter Todd. You say your version is better. But it seems to include the PubKeys. I need to include two (or at least one) Bitcoin Address (because I don't have the PubKey, they're not my addresses) So will BIP19 help me here? and is it available now? This about this a little harder: you can replace the <pubkey> CHECKSIG pattern in BIP19 with OP_DUP OP_HASH160 <address2> OP_EQUALVERIFY OP_CHECKSIG. The point of using BIP19 is it's more flexible; edmund's construction doesn't do n-of-m easily.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
January 09, 2015, 06:39:25 AM |
|
It is "OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG".
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
January 09, 2015, 07:41:54 AM |
|
PubKeyHash = SHA-256(SHA-256(PubKey) Address = Base58(version | PubKeyHash | checksum)
Nit: that should be RIPEMD-160(SHA-256(PubKey)).
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
January 09, 2015, 08:03:51 AM |
|
You can do "or" cases like this with branching OP_IFs (inside P2SH). Simplest case 1/2: You also can do "and" cases inside P2SH
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1093
|
|
January 09, 2015, 08:22:25 AM |
|
This is a 2-of-2 multisig using "addresses" OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIGVERIFY OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG 1-of-2 multisig OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG OP_FROMALTSTACK OP_ADD 2-of-3 multisig OP_DUP OP_HASH160 <pubKeyHash1> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_CHECKSIG OP_TOALTSTACK OP_DUP OP_HASH160 <pubKeyHash3> OP_EQUALVERIFY OP_CHECKSIG OP_FROMALTSTACK OP_FROMALTSTACK OP_ADD OP_ADD OP_2 OP_EQUAL However this is non-standard so not many miners will mine for you (P2SH may work?). Most importantly, none of the current bitcoin clients is able to create a signature for the script.
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
edmundedgar
|
|
January 09, 2015, 01:05:07 PM Last edit: January 13, 2015, 04:56:06 AM by edmundedgar |
|
@edmundedgar; using your code and your "bitcoin-branching-transaction-builder" project (and Peter Todd's public Bitcoin Address so he could sign a TRANSACTION) var bitcoin = require('bitcoinjs-lib'); var BranchingTransactionBuilder = require('./src/branching_transaction_builder'); var Script = bitcoin.Script;
var BitcoinAddress1 = "1KYestTGTEJzM5pR7AAQ7ckBE55ytLRaDk"; var BitcoinAddress2 = "1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv"; var rules = "OP_IF OP_DUP OP_HASH160 "+ BitcoinAddress1 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ELSE OP_DUP OP_HASH160 " + BitcoinAddress2 + " OP_EQUALVERIFY OP_CHECKSIG. OP_ENDIF"; var NewP2SHAddress = Script.fromASM(rules);
console.log(NewP2SHAddress.buffer.toString('hex'));
I get a bitcoin address of: 6376a90088006776a900880068 Is this right? Where is the redeemScript I just added a quick test for branching versions of pay-to-public-key-hash - hopefully this will make it clearer how it's supposed to work. Basically bitcoinlib-js takes care of making the bits inside the OP_IF branching, and my thing takes care of putting them together in a branching script, so you don't need to put in your own scripting from the ASM code or anything. https://github.com/edmundedgar/bitcoin-branching-transaction-builder/blob/master/test/branching_transaction_builder.js#L81Blockchain.info took my redeeming TX (the non-standard one) - let's see if it'll confirm in a reasonable time (or at all...) https://blockchain.info/tx/7d8cf0dac56e90bfff76cee1a13464cc07f0ac36241b6703a894d28987630218Edit to add: Yup, Eligius took it. Some of the other suggestions people have made here will be variously more flexible (for more combinations of conditions) and more economical (in saving a few bytes) than mine, but you'll have to work out how to sign them since my code won't help you. YMMV, let us know how you get on...
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
January 09, 2015, 02:43:01 PM Last edit: April 17, 2016, 08:02:08 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
damianmontero (OP)
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 09, 2015, 03:08:00 PM |
|
If you have the android client. if you have a blockchain.info account. You DON'T have your public key. In fact, you do. Let's see that proof. Because if you can help me find the "publicKey" from my EXISTING blockchain.info or android wallet accounts then We've solve my initial problem. Real problem. I want to make a 1of2 address and I have MY PubKey, but I don't have my mom's (or sisters, or friends) because they use a blockchain.info account and Android Wallet software.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
January 09, 2015, 03:11:39 PM |
|
I want to make a 1of2 address and I have MY PubKey, but I don't have my mom's (or sisters, or friends) because they use a blockchain.info account and Android Wallet software. If there are spending transactions from your mom's (sisters, friends, cats, dogs) addresses - you have their public keys
|
|
|
|
|