4
1
In a P2PKH pubkey script, first, the public key provided by the intended spender is verified to be correct and then this key is used to verify the spender's signature.
I wonder why just verifying the public key is not enough. The pubkey script contains a cryptographic hash of it, so reversing should be impossible and anyone wanting to spend the UTXO associated with that script needs to have the correct public key. Doesn't that already authenticate the spender sufficiently? I understand that signing is necessary in P2PK transactions, but with P2PKH, hashing and signing seems redundant to me.
Isn't mere hashing of the redeem script also used for authentication in P2SH? The pubkey script in P2SH just checks if the redeem script hashes to the correct value and then it already executes it. If hashing is taken to be secure in P2SH, why not also in P2PKH?
Could you elaborate a little on 1) and dumb down 2) for me, please or explain it otherwise? I don't see how 2) answers my question because I barely understand it. ^^ – cadaniluk – 2018-03-18T09:42:50.570
1@Downvoter I'll simplify both 1 and 2: After the hash's input (preimage) gets revealed, anyone can steal the address's bitcoins. – MCCCS – 2018-03-18T09:55:54.487
Thanks. So that rules out just using a public key for P2PKH, but doesn't P2SH also just verify the hash of a redeem script? So once that redeem script is known, can't anyone pretend to be the owner? – cadaniluk – 2018-03-18T10:00:26.757
1@Downvoter That’s why signatures exist. P2SH verifies the signature too. – MCCCS – 2018-03-18T11:06:40.497
Here, the pubkey script of P2SH is shown to be
OP_HASH160 <Hash160(redeemScript)> OP_EQUAL. The signature script is<sig> [sig] [sig...] <redeemScript>, so signatures are passed, but they must not be verified at all, it seems. Only if the redeem script chooses to, they are verified. Isn't that super unsecure if someone misses to verify signatures in the redeem script? – cadaniluk – 2018-03-18T11:34:25.820@Downvoter 99% of the P2SH checks the signature. The 1% is special, rare, and called "Anyone Can Spend" scripts. No one "misses" to verify the signature. – MCCCS – 2018-03-18T12:50:22.543
In a P2SH input, the redeemScript is passed back through the script interpreter after it's hash has been checked. So when you create the input, you put the binary blob that is the redeemScript in the input. Then that blob is taken off of the stack and interpreted as a script itself. – Andrew Chow – 2018-03-18T21:49:10.987