p2sh checksig failing

Question

I'm attempting to validate a p2sh transaction from the live bitcoin blockchain, however it is failing the checksig. I am using pybitcointools for the checksig and I have successfully validated lots of other txhash/pubkey/signature sets so I don't think the problem lies in the ECDSA library.

I think I must be evaluating p2sh incorrectly. Please could someone tell me where I am going wrong:

tx hash 7edb32d4ffd7a385b763c7a8e56b6358bcd729e747290624e18acdbe6209fc45 spends txout with index 0 from tx hash 40eee3ae1760e3a8532263678cdf64569e6ad06abc133af64f735e52562bccc8.

First I evaluate the scriptsig:

OP_FALSE
OP_PUSHDATA0(72)
3045022100ad0851c69dd756b45190b5a8e97cb4ac3c2b0fa2f2aae23aed6ca97ab33bf88302200b248593abc1259512793e7dea61036c601775ebb23640a0120b0dba2c34b79001
OP_PUSHDATA0(69)
5141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51ae

This leaves the stack like so:

0 - 00
1 - 3045022100ad0851c69dd756b45190b5a8e97cb4ac3c2b0fa2f2aae23aed6ca97ab33bf88302200b248593abc1259512793e7dea61036c601775ebb23640a0120b0dba2c34b79001
2 - 5141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51ae

I back this up as stack_copy.

Then I evaluate the scriptpubkey:

OP_HASH160
OP_PUSHDATA0(20)
e9c3dd0c07aac76179ebc76a6c78d4d67c6c160a
OP_EQUAL

This passes fine.

Finally I evaluate the p2sh - I restore stack_copy and pop the last item (2) off the stack. I deserialize it to get the following script:

OP_TRUE
OP_PUSHDATA0(65)
042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf
OP_TRUE
OP_CHECKMULTISIG

And then evaluate this using stack_copy (without element 2 which has just been popped). The data for the checksig evaluation is:

serial tx: 0100000001c8cc2b56525e734ff63a13bc6ad06a9e5664df8c67632253a8e36017aee3ee4000000000455141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51aefeffffff0120f40e00000000001976a9141d30342095961d951d306845ef98ac08474b36a088ac0000000001000000
txhash: 8fcf56ee75816930fb141fdc19b2aa1bc721b124d2a76d5f0c1be17bcd21ccdc
pubkey: 042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf
signature: 3045022100ad0851c69dd756b45190b5a8e97cb4ac3c2b0fa2f2aae23aed6ca97ab33bf88302200b248593abc1259512793e7dea61036c601775ebb23640a0120b0dba2c34b790

However this is failing! Let me know if you need more information and I can provide it.

my bad. the serialized tx is wrong. will add full details in a second once i have verified... — mulllhausen, Nov 11 '15 at 12:06

mulllhausen · Accepted Answer · 2015-11-11T12:43:45.747

i had the locktime field of the spending transaction accidentally set to 0 when in fact it is 272295 for this transaction.

{
    "hash": "7edb32d4ffd7a385b763c7a8e56b6358bcd729e747290624e18acdbe6209fc45",
    "num_inputs": 1,
    "input": {
        "0": {
            "funds": 990000,
            "hash": "40eee3ae1760e3a8532263678cdf64569e6ad06abc133af64f735e52562bccc8",
            "index": 0,
            "parsed_script": "OP_FALSE OP_PUSHDATA0(72) 3045022100ad0851c69dd756b45190b5a8e97cb4ac3c2b0fa2f2aae23aed6ca97ab33bf88302200b248593abc1259512793e7dea61036c601775ebb23640a0120b0dba2c34b79001 OP_PUSHDATA0(69) 5141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51ae",  
            "script_length": 144,
            "sequence_num": 4294967294
        }
    },
    "lock_time": 272295,
    "num_outputs": 1,
    "output": {
        "0": {
            "addresses": [
                "13fLLox43yXYvfoZadXpGbkTUXkW8bhqut"
            ],
            "funds": 980000,
            "parsed_script": "OP_DUP OP_HASH160 OP_PUSHDATA0(20) 1d30342095961d951d306845ef98ac08474b36a0 OP_EQUALVERIFY OP_CHECKSIG",
            "script_length": 25
        }
    },
    "size": 229,
    "version": 1
}

and the serialized tx with the txin 0 script replaced with the following script:

OP_TRUE
OP_PUSHDATA0(65)
042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf
OP_TRUE
OP_CHECKMULTISIG

should actually be:

0100000001c8cc2b56525e734ff63a13bc6ad06a9e5664df8c67632253a8e36017aee3ee4000000000455141042f90074d7a5bf30c72cf3a8dfd1381bdbd30407010e878f3a11269d5f74a58788505cdca22ea6eab7cfb40dc0e07aba200424ab0d79122a653ad0c7ec9896bdf51aefeffffff0120f40e00000000001976a9141d30342095961d951d306845ef98ac08474b36a088aca727040001000000

only the final 8 bytes that contain the locktime are different from before: a727040001000000

the new serial tx has hash:

607789be41392e6b12735a79bc9ea94573b4e39948badef18ca48e85ee15196d

and the signature and pubkey from before were already correct. these evaluate correctly in pybitcointools now, like so:

pybitcointools.ecdsa_raw_verify(tx_hash, pybitcointools.der_decode_sig(bin2hex(signature)), bin2hex(pubkey))

Argh, I could not figure it out. And I'm the resident pybitcointools expert — Wizard Of Ozzie, Nov 12 '15 at 01:00
@WizardOfOzzie in that case i have another question for you :) will post tonight (i also live in aus). — mulllhausen, Nov 12 '15 at 03:15
Sounds good mate. There's a bunch of new PRs for pybitcointools which I've submitted recently, so I'm certainly familiar with all the code once again — Wizard Of Ozzie, Nov 14 '15 at 03:16

p2sh checksig failing

1 Answers1