Last active
August 30, 2023 12:07
-
-
Save rllola/3a6be4222c7b52f934c28843e7b965aa to your computer and use it in GitHub Desktop.
Attempting to verify the signature for a single signing flag transaction where the ouput is non existant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ecdsa | |
# https://bitcoin.stackexchange.com/questions/114850/sighash-single-with-no-corresponding-output | |
pubkey = "044edfcf9dfe6c0b5c83d1ab3f78d1b39a46ebac6798e08e19761f5ed89ec83c108172c4776865f02047b39cd704135c00c1b00085e0d1b9255405ac7079fa50a2" | |
signature = "912f994094193109a9faedf7ef855220638f95ac51c66d4eb46740dd1c0813fa100bc99adb8b64fb784173ca8883a78835e156b74f143c02e071dc82695e8472" | |
msg = bytes.fromhex("0100000000000000000000000000000000000000000000000000000000000000") | |
verify_key = ecdsa.VerifyingKey.from_string(bytearray.fromhex(pubkey), curve=ecdsa.SECP256k1) | |
# To verify a digest we need to call a special function because `hashfunc=None` will use the default hashfunc on the msg | |
# see https://github.com/tlsfuzzer/python-ecdsa/blob/5db1d2d2c415b25e741c06451dbc72cb44f75e23/src/ecdsa/keys.py#L671 | |
# verify_key.verify(bytearray.fromhex(signature), msg, hashfunc=None) | |
verify_key.verify_digest(bytes.fromhex(signature), msg) |
You still need the other person to sign the HASH_ONE value. Then people can re-use this signature to steal what funds are left on the address. The signature can be reuse because it sign the simple value
0100000000000000000000000000000000000000000000000000000000000000
(aka HASH_ONE) and not a real unique transaction.
Ah! You're right! Thank you for explanation! I was missing that info wondering if it is possible to adapt the code. Now I know it is impossible.
Is HASH_ONE hashed/signed always the same?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You still need the other person to sign the HASH_ONE value. Then people can re-use this signature to steal what funds are left on the address. The signature can be reuse because it sign the simple value
0100000000000000000000000000000000000000000000000000000000000000
(aka HASH_ONE) and not a real unique transaction.