Multisignature: what happens if the number of signatures exceeds the "threshold" number of public keys?

3

1

Let's say a coin has been locked with a 2-of-3 challenge script. In other words, spending the coin requires two signatures, each of which matches one of three designated public keys.

Now I try to spend the coin with a transaction containing, not two signatures, but three. All three signatures are valid and match a different designated public key.

The complete validation script will contain eight values:

<3>
<PK1>
<PK2>
<PK3>
<2>
<SIG1>
<SIG2>
<SIG3>
<0>

AFAIK, the only way for the interpreter to know the number of signatures is the value <2>, which was provided by the challenge script, not my response script. It seems that the only way for OP_CHECKMULTISIG to know how many signatures to pop is the value <2>.

However, popping only two values leaves the stack like this:

<SIG3>
<0>

Then the interpreter checks to see that the next value on the stack is 0, which it is not:

https://github.com/bitcoin/bitcoin/blob/0.10/src/script/interpreter.cpp#L894

As I understand it, this scenario should lead to failure of the verification script.

Is this correct?

Rich Apodaca

Posted 2014-12-12T19:11:57.090

Reputation: 1 896

Answers

2

Then the interpreter checks to see that the next value on the stack is 0, which it is not:

I am not sure, but pushing OP_FALSE is not a requirement, but some kind a mumbo-jumbo to fix the bug in the very first (and still current) implementation of OP_CHECKMULTISIG :)

In fact, you can push 3 or even more signatures redeeming 2-of-3 multisignature output. Not all miners will accept this transaction, because it is non-standard. But it will be valid.

amaclin

Posted 2014-12-12T19:11:57.090

Reputation: 5 763