Can OP_CHECKMULTISIG be used to fake OP_CHECKSIGFROMSTACK behavior?

0 replies 290 views
coin_2013Member
Posts: 54 · Reputation: 198
#1Nov 9, 2025, 12:42 AM
Been thinking about this... is there any way to replicate what OP_CHECKSIGFROMSTACK does, but using a carefully crafted OP_CHECKMULTISIG instead? Like, say a 2-of-2 setup where you hand over two signatures, and the whole point is finding one single public key that satisfies both at once. So normally OP_CHECKMULTISIG just does its standard thing. But what if you set it up differently, where the z-value ends up being the same across both signatures? Then you could pick your (r,s) pairs in such a way that whoever provides the right public key is essentially proving they signed a specific message. That's the idea anyway. Yeah obviously this blows up all private keys involved, but that's kind of the point here. If you plug in carefully chosen (r,s) pairs that are already public knowledge, you can basically turn this into a calculator of sorts, one that does "multiply and add some given 256-bit number by these values." A plain OP_CHECKSIG could technically handle part of that, but the nice thing about OP_CHECKMULTISIG is that it forces the z-value to be the same across all signatures, which is exactly what makes this construction interesting. So the question is, does 2-of-2 actually cut it, or do you need to go bigger, like 3-of-3 or even more, to properly pull off something equivalent to OP_CHECKSIGFROMSTACK?
3 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics