Been thinking about this... is there any way to replicate what OP_CHECKSIGFROMSTACK does, but using a carefully crafted OP_CHECKMULTISIG instead? Like, say a 2-of-2 setup where you hand over two signatures, and the whole point is finding one single public key that satisfies both at once.
So normally OP_CHECKMULTISIG just does its standard thing. But what if you set it up differently, where the z-value ends up being the same across both signatures? Then you could pick your (r,s) pairs in such a way that whoever provides the right public key is essentially proving they signed a specific message. That's the idea anyway.
Yeah obviously this blows up all private keys involved, but that's kind of the point here. If you plug in carefully chosen (r,s) pairs that are already public knowledge, you can basically turn this into a calculator of sorts, one that does "multiply and add some given 256-bit number by these values." A plain OP_CHECKSIG could technically handle part of that, but the nice thing about OP_CHECKMULTISIG is that it forces the z-value to be the same across all signatures, which is exactly what makes this construction interesting.
So the question is, does 2-of-2 actually cut it, or do you need to go bigger, like 3-of-3 or even more, to properly pull off something equivalent to OP_CHECKSIGFROMSTACK?
Can OP_CHECKMULTISIG be used to fake OP_CHECKSIGFROMSTACK behavior?
0 replies 290 views
?Reply
Sign in to reply to this topic
Related topics
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Are you in favor of BIP-110? Let's get a Bitcoin poll going. 0
- Erlay seems to have some issues here’s a better proposal for a bitcoin protocol without invites 3
- New Optional Hourglass Implementation is Live 3
- Ways to earn some sats by contributing to bitcoin core development 5
- Exploring the Potential and Challenges of a Kardashev-Scale Bitcoin Network 3