Sighash calculation #8991

issue Ayms opened this issue on October 21, 2016
  1. Ayms commented at 12:58 PM on October 21, 2016: none

    Probably I am doing something wrong but the documentation is not very clear (and not very new), or I did not find it, except http://enetium.com/resources/Bitcoin.pdf which probably would deserve to be better referenced

    I am using test transactions 226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493 whose preceding tx is 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5, these are probably @petertodd's transactions (226a... is the preceding tx of the recent DPL post from Peter)

    Then if I am correct the result to be computed should be:

    0100000001b5f370bbd9a5dd4a3adc52d779d7c7eeb3c5d82a7c8285b2f8a1986e372a874000000000232102d5ddb8c9a2bc17624baa51245ef3c07380f90b2e2f38217307a8a1869508ca01feffffff02d75900000000000017a914ea4e30950c2495beba1e75e035bedd55ccfe4c9b874dd51d00000000001976a914676de8484253cd355c37fc51ba34f2e5d62a944088acb69f060001000000

    But the public key recovery leads to a public key fd5b0de93dae9f462788459ef96e6331e5b20b515de35e651c369aad20af4966 or 8f4df599d8dddca73d391f495537c9af7b7616b13e91a024fce33fc1fb9af0df for point x and not the expected d5ddb8c9a2bc17624baa51245ef3c07380f90b2e2f38217307a8a1869508ca01

    The code is simply:

    var signature = new Buffer('3044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc3','hex');
var message=new Buffer('0100000001b5f370bbd9a5dd4a3adc52d779d7c7eeb3c5d82a7c8285b2f8a1986e372a874000000000232102d5ddb8c9a2bc17624baa51245ef3c07380f90b2e2f38217307a8a1869508ca01feffffff02d75900000000000017a914ea4e30950c2495beba1e75e035bedd55ccfe4c9b874dd51d00000000001976a914676de8484253cd355c37fc51ba34f2e5d62a944088acb69f060001000000','hex');
message=crypto.createHash('sha256').update(message).digest();
message=crypto.createHash('sha256').update(message).digest();
//<Buffer 2b 6d 20 06 78 4d 92 c4 da 3e 6d a8 6b ce c4 6b 6b 8a 18 9f 72 75 e1 e9 68 71 2b 91 96 7d 44 39>
try {
    var pub=ec.recoverPubKey(message,signature,0);
    console.log(pub);
} catch(ee) {}
try {
    pub=ec.recoverPubKey(message,signature,1);
    console.log(pub);
} catch(ee) {}
try {
    pub=ec.recoverPubKey(message,signature,2);
    console.log(pub);
} catch(ee) {}
try {
    pub=ec.recoverPubKey(message,signature,3);
    console.log(pub);
} catch(ee) {}

    Same method used with the example given in https://en.bitcoin.it/wiki/OP_CHECKSIG works

  2. achow101 commented at 1:12 PM on October 21, 2016: member

    This is an issue tracker for Bitcoin Core, not the place to ask questions about how Bitcoin works. Please take your question to http://bitcoin.stackexchange.com/ and close this issue.

  3. Ayms commented at 5:18 PM on October 21, 2016: none

    Missing OP_CHECKSIG in the subscript, the correct result is:

    0100000001b5f370bbd9a5dd4a3adc52d779d7c7eeb3c5d82a7c8285b2f8a1986e372a874000000000232102d5ddb8c9a2bc17624baa51245ef3c07380f90b2e2f38217307a8a1869508ca01acfeffffff02d75900000000000017a914ea4e30950c2495beba1e75e035bedd55ccfe4c9b874dd51d00000000001976a914676de8484253cd355c37fc51ba34f2e5d62a944088acb69f060001000000

    So closing but might be of some use for other people later to understand how this thing works, since the docs are unclear and a 8 years old example from the genesis block does not help a lot, as well as the bitcoin core test vectors

  4. Ayms closed this on Oct 21, 2016
  5. DrahtBot locked this on Sep 8, 2021
Contributors
Aymsachow101
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 18:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me