Bitcoin core multisig signing order

1

I have a technical question regarding the signrawtransaction function in Bitcoin core when signing a partially-signed transaction.

I have tested different scenarios and signrawtransaction will always sort the signatures in the correct way in the scriptSig, regardless of the order the transaction is signed one-by-one.

Is this achieved by analyzing the scriptSig of the partially-signed transaction when signing, and then verifying each signature in the partially-signed transactions scriptSig against all public keys in the redeemscript and finally ordering them correctly? Or is there a better way of doing this?

Unfortunately I don't understand how this is done by reading the C-code of bitcoin core.

Bjarne

Posted 2017-10-06T09:03:14.583

Reputation: 752

Answers

3

The signatures must be ordered the same way as public keys. Otherwize transaction is invalid. This is how OP_CHECKMULTISIG(VERIFY) works.

Of course, you may use the private keys for signing in any order, because signatures are independent.

amaclin

Posted 2017-10-06T09:03:14.583

Reputation: 5 763

Thanks for your answer. I know that the order in the final scriptSig must regard the redeemScript. But does the Bitcoin Core signrawtransaction-function deserialize the partially-signed scriptSig and order the signatures accordingly? This is done by actually running the verify-signature algorithm on each provided signature and each possible public-key from the redeemScript?Bjarne 2017-10-06T10:00:57.847

E.g.: with a 2-of-3 multisig (A,B,C), we first sign the newly created raw transaction with public-key C. Now this partially-signed tx is signed with public key B. To place the signature of B in the partially signed scriptSig containing signature of C, signrawtransaction must first check to which public-key the already given signature belongs to know if the signature of B has to be placed before or after?Bjarne 2017-10-06T10:01:44.927

1

>>>...by actually running the verify-signature algorithm on each provided signature and each possible public-key from the redeemScript? <<< Yes. https://github.com/bitcoin/bitcoin/blob/master/src/script/sign.cpp#L228

amaclin 2017-10-06T11:30:08.230

In fact you can implement your own algorithm for signing multisig transactions. You may use some "placeholders" and replace them with signatures later. Format of raw unsigned transaction is not a consensus rule :)amaclin 2017-10-06T11:37:10.577

Thanks! I am implementing the signing function in another program and want to keep compatibility with the way that Core is signing multisig. Your information has helped me a lot!Bjarne 2017-10-06T11:44:54.917

Permalink for future reference: https://github.com/bitcoin/bitcoin/blob/17f2acedbe078f179556f4550eca547726f087e1/src/script/sign.cpp#L228

Bjarne 2017-10-06T16:06:26.397

Asked: 2017-10-06T09:03:14.583

Viewed: 466 times

Active: 2017-10-06T09:18:21.510