Fix "Using a single OP_CHECKSIGADD-based script" #890

pull visvirial wants to merge 1 commits into bitcoin:master from visvirial:patch-1 changing 1 files +1 −1
  1. visvirial commented at 7:24 AM on February 20, 2020: contributor
    1. CHECKSIG / CHECKSIGADD is confused

    Only the first OP-code for the first public key should be "CHECKSIG" and the following (second to n-th) OP-codes should be "CHECKSIGADD". It is confusing because it is only specified the first and last OP-codes, so I specified the second OP-code clearly. (I recommend to describe why only the first OP-code should be "CHECKSIG", not "CHECKSIGADD".)

    1. Order of the signatures in witness

    In the original sentence, the stack status after the all witness elements are pushed will be

    w_n
    w_1

    and then, the first element of the script, "<pubkey_1>" will be pushed to the stack | pubkey_1 |

    w_n
    w_1

    so the "pubkey_1" and "w_n" won't match.

    The order of either "pubkey_i"s or "w_i"s should be inverted.

  2. Fix "Using a single OP_CHECKSIGADD-based script"
    1. CHECKSIG / CHECKSIGADD is confused

Only the first OP-code for the first public key should be "CHECKSIG" and the following (second to n-th) OP-codes should be "CHECKSIGADD".
It is confusing because it is only specified the first and last OP-codes, so I specified the second OP-code clearly.
(I recommend to describe why only the first OP-code should be "CHECKSIG", not "CHECKSIGADD".)

2. Order of the signatures in witness

In the original sentence, the stack status after the all witness elements are pushed will be
| w_n  |
|    :    |
| w_1 |

and then, the first element of the script, "<pubkey_1>" will be pushed to the stack
| pubkey_1 |
| w_n  |
|    :    |
| w_1 |

so the "pubkey_1" and "w_n" won't match.

The order of either "pubkey_i"s or "w_i"s should be inverted.
    9329af381f
  3. junderw commented at 7:58 AM on February 20, 2020: contributor

    ACK 1. It is kind of confusing if you don't have enough context.

    for 2. IIRC the order of the signatures shouldn't matter since the intermediate state of the interpreter doesn't matter unless a VERIFY operation etc. terminates processing... After all the signatures are added with the pubkeys, it should come out with a number of valid signatures for comparison.

  4. jonasnick approved
  5. jonasnick commented at 1:00 PM on February 20, 2020: contributor

    ACK Good catch.

  6. sipa commented at 5:23 AM on February 24, 2020: member

    ACK

  7. luke-jr merged this on Feb 28, 2020
  8. luke-jr closed this on Feb 28, 2020
  9. luke-jr added the label Proposed BIP modification on Feb 28, 2020
Contributors
visvirialjunderwjonasnicksipa
Labels
Proposed BIP modification
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 11:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me