Re: [Bitcoin-development] Signature with negative integer?
On Fri, Jul 18, 2014 at 9:33 PM, Richard Moore wrote: > Hey all, > I'm wondering if anyone can help explain to me tx > 70f7c15c6f62139cc41afa858894650344eda9975b46656d893ee59df8914a3d... A rather timely post. See the other thread on BIP0062. What you're looking at is an example of a well-known-to-implementers-here where invisible and undocumented "over permissiveness" in interpreting invalid encoding in a cryptographic library (OpenSSL in our case) which would have been probably-not-unwelcome in many other protocol uses results in an unexpected consensus critical normative rule in Bitcoin. Modern releases of Bitcoin core will no longer relay or mine them but they're still valid in blocks should they show up. BIP62 proposes, among other things, soft-forking (backwards compatible) changes that will strictly limit the DER encoding to avoid ambiguity. If adopted by the network implementations would still need to grandfather in existing weird transactions but could do so on a txid by txid basis since there would be no more broken encoding permitted in blocks, and use different DER decoding code without risk of consensus inconsistency (so long as it uses der decoding which is functionally identical to what BIP62 requires— of course). -- Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Signature with negative integer?
Hey all, I'm wondering if anyone can help explain to me tx 70f7c15c6f62139cc41afa858894650344eda9975b46656d893ee59df8914a3d... (https://blockchain.info/tx/70f7c15c6f62139cc41afa858894650344eda9975b46656d893ee59df8914a3d) The input signature script is: 304402206b5c3b1c86748dcf328b9f3a65e10085afcf5d1af5b40970d8ce3a9355e06b5b0220cdbdc23e6d3618e47056fccc60c5f73d1a542186705197e5791e97f0e6582a3201 Which decodes to: r= 48560432700441876832361368709121298776045893858160378595187765610521057848155 s= -22732680560694206332190468058638664750027418114195068375538144640549433890254 (http://lapo.it/asn1js/#304402206B5C3B1C86748DCF328B9F3A65E10085AFCF5D1AF5B40970D8CE3A9355E06B5B0220CDBDC23E6D3618E47056FCCC60C5F73D1A542186705197E5791E97F0E6582A32) The ECC library I'm using is failing to verify this, which I think makes sense, since I the point needs to be positive, no? But it is obviously valid, as it has been verified and spent. I have tried simply modulo curve.order to positive-ify it, but that didn't seem to work either. Given a point P (with Py < 0) is there some fancy way to bring it into the elliptic curve space, such that Px >= 0 and Py >= 0? Thanks! RicMoo .·´¯`·.¸¸.·´¯`·.¸¸.·´¯`·.¸¸.·´¯`·.¸¸.·´¯`·.¸><(((º> Richard Moore ~ Founder Genetic Mistakes Software inc. phone: (778) 882-6125 email: ric...@geneticmistakes.com www: http://GeneticMistakes.com -- Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development