public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* Re: [Bitcoin-development] Determine input addresses of a transaction
@ 2011-10-25  9:45 Jan Vornberger
  2011-10-25 10:03 ` Joel Joonatan Kaartinen
  2011-10-25 10:42 ` Mike Hearn
  0 siblings, 2 replies; 12+ messages in thread
From: Jan Vornberger @ 2011-10-25  9:45 UTC (permalink / raw)
  To: bitcoin-development

Am Mo, 24.10.2011, 16:55, schrieb Gavin Andresen:
>> So my first shot at this is to go through the inputs of a transaction and
>> see if the scriptSig field has only two opcodes. If that is the case, I
assume that it is of the structure <sig> <pubKey> and calculate the
Bitcoin address from <pubKey>.
>> But then I started to wonder if this is safe. Can this be tricked somehow?
>
> Sure. There are lots of non-standard scriptPubKey scripts that will
validate if given <sig> <pubKey> as input:  a simple OP_NOP would work
(do nothing, then check the top value on the stack and validate if it is
not zero-- and <pubKey> is not zero).

Aw, I see. So back to the drawing board for me.

How about this: I make sure that <sig> is a proper signature from a green
address key, by bringing my own scriptPubKey of just OP_CHECKSIG, complete
the script to be <sig> <pubKey> OP_CHECKSIG, and run it and afterwards
check the address by looking at <pubKey>? Would that be safe? (Even if it
is a hackish solution that only works for certain type of transactions):

> Green addresses could be implemented as a second signature in the
scriptSig.  You'd have to hack your bitcoin client, but you could
generate a transaction that had <greensig> <sig> <pubKey>  ... as the
input instead of <sig> <pubKey>.

Interesting suggestion! So if I understand correctly, <greensig> would be
the signature generated from signing the transaction with the key of a
green address? Which would allow the rest of the transaction to be
completely 'normal' and not require it to use specific inputs as such?
Sounds good - I guess I never thought in this direction, as I always
assumed doing anything 'non-standard' with the scripting language would
create a number of knock-on problems. But you are saying, that this would
still be considered standard? I guess I have to study this part of the
source code more.

Well, I guess I'm torn a little bit between two options:

1) Get something working reasonable fast to detect current green address
style transactions. It's fine if it is a little bit of a hack, as long as
it's safe, since I don't expect it to be merged with mainline anyway at
this point.

2) Rethink how green transactions are created and verified and try to put
something 'proper' together which has a chance of being merged at some
point.

For the moment I was going more with 1) because I got the impression, that
green transactions are too controversial at this point to get them
included in mainline. Criticism ranging from 'unnecessary, as
0-confirmation transactions are fairly safe today' to 'encourages too much
centralization and therefore evil'. So how to people on this list feel
about green transactions? Would people be interested in helping me with
2)?

Regards,
Jan





^ permalink raw reply	[flat|nested] 12+ messages in thread
* [Bitcoin-development] Determine input addresses of a transaction
@ 2011-10-24  8:29 Jan Vornberger
  2011-10-24 11:09 ` Pieter Wuille
  2011-10-24 14:55 ` Gavin Andresen
  0 siblings, 2 replies; 12+ messages in thread
From: Jan Vornberger @ 2011-10-24  8:29 UTC (permalink / raw)
  To: Bitcoin Dev

Hi there!

As part of my green address endeavor, I'm currently trying to extend the
'gettransaction' call to include an extra field "inputaddresses" which
should return a list of the Bitcoin addresses associated with the inputs
of the transaction.

I understand that this is not generally possible, because of the different
possible structures enabled through the scripting language. But it would
be fine, if this only worked for 'regular' transactions.

So my first shot at this is to go through the inputs of a transaction and
see if the scriptSig field has only two opcodes. If that is the case, I
assume that it is of the structure <sig> <pubKey> and calculate the
Bitcoin address from <pubKey>. The patch for this is here:

https://github.com/javgh/bitcoin/compare/vps_wheezy...showinputaddresses

But then I started to wonder if this is safe. Can this be tricked somehow?
Would it be possible to create a valid transaction which has an input that
has only two opcodes but with an arbitrary pubKey at the second position?
Could someone who has a better grasp on the scripting capabilities comment
on this?

Or alternatively: should I determine the input addresses of a transaction
in a different way? if so, how?

Regards!
Jan



^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2011-10-27 14:50 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-10-25  9:45 [Bitcoin-development] Determine input addresses of a transaction Jan Vornberger
2011-10-25 10:03 ` Joel Joonatan Kaartinen
2011-10-25 10:42 ` Mike Hearn
  -- strict thread matches above, loose matches on Subject: below --
2011-10-24  8:29 Jan Vornberger
2011-10-24 11:09 ` Pieter Wuille
2011-10-27 14:12   ` Jan Vornberger
2011-10-24 14:55 ` Gavin Andresen
2011-10-24 16:25   ` Mike Hearn
2011-10-24 18:52     ` Simon Barber
2011-10-24 17:14   ` Michael Hendricks
2011-10-27 13:37   ` Jan Vornberger
2011-10-27 14:50   ` Jan Vornberger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox