Create simple and secure transaction without checksig?

0

According to my previously asked question (P2SH secure spending. How?) creating transactions without signature checking is probably not secure.

Anyway, I see many transactions

(for ex.:40eee3ae1760e3a8532263678cdf64569e6ad06abc133af64f735e52562bccc8)

with scriptpubkey like: OP_HASH160 [pubkey] OP_EQUAL

With very similar to 

OP_SHA256 [hash] OP_EQUAL (from my prev. question)

And scriptsig doesnt have OP_CHECKSIG

PUSHDATA(72)[3045022100ad0851c69dd756b45190b5a8e97cb4ac3c2b0fa2f2aae23aed6ca97ab33bf88302200b248593abc1259512793e7dea61036c601775ebb23640a0120b0dba2c34b79001] 

PUSHDATA(69)[5141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51ae]

I can't beleeve this transaction are insecure. But what the difference with this ones?

Andrew

Posted 2018-12-18T23:54:50.817

Reputation: 161

Answers

3

This transaction actually does have a signature check. Instead of OP_CHECKSIG, it's OP_CHECMULTISIG as the script is a multisignature script. The script in this case is the redeemScript which is provided in the input itself. To see this OP_CHECKMULSITIG, you need to decode the redeemScript.

The redeemScript is:

5141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51ae

Decoded, this redeemScript is:

1 042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf 1 OP_CHECKMULTISIG

As you can see, this has an OP_CHECKMULTISIG in it which does do a signature check. OP_CHECKMULTISIG checks that n of the public keys listed provide a signature. n is the number that is at the beginning of the script. In this case, n is 1, and the public key is 042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf. So this script is looking for a signature that corresponds to that public key.

Andrew Chow

Posted 2018-12-18T23:54:50.817

Reputation: 40 910

I'm still don't get it. Ok, in input we can set op_checkmultisigsig and be sure that transaction can't be replaced. It's no requered for spending, right? What if some funds left with the same scriptpubkey (HASH160 [pubkey] EQUAL)? To spend inputs, we just need to provide data, which HASH160 will equal to e9c3dd0c07...e9c3dd0c07. So, we know that data from spending transaction (its 3045022100ad0...a2c34b79001) Where is my mistake?Andrew 2018-12-20T09:58:46.147

The output script is a special type known as P2SH. You have to provide something in the input which hashes to that hash. But, that something itself is also a script and is interpreted too. So you must also meet the conditions of that script too. Since that script includes an OP_CHECKMULTISIG, you will need to provide signatures, and without the private keys, you can't do that.Andrew Chow 2018-12-20T19:54:22.663

Asked: 2018-12-18T23:54:50.817

Viewed: 77 times

Active: 2018-12-19T01:19:13.503