Unique Thread: Why OP_DUP as an alternative of offering the PubKey twice in P2PKH?
I’m struggling to grasp the logic in the preferred reply and my “popularity” is < 50 so I can’t remark my response.
If the specification for a unique single key kind of p2pk transaction required solely a single public key there could be no scenario by which a miner was in a position to present a second key. For instance you have got defined that the setup for the transaction appears to be like like OP_HASH160 <hash(P1)> OP_EQUALVERIFY OP_CHECKSIG if that is true then the one method by which somebody would be capable to produce an output that appears like this <sig with P2> <P2> <P1> (with their very own public key) is by modifying the variety of public keys used within the transaction. The specification for a transaction with a single public key shouldn’t be in a position to be spent by another public key, even one that may show it’s derived from the non-public key which owns the unique. I perceive that this may increasingly not align with the core logic of bitcoin script, if that is so I’d actually admire an evidence into why. It appears cryptographically safe, is the safety difficulty with the logical implementation of transactions?
I am additionally not following how the core logic wouldn’t be capable to inform {that a} completely different public key shouldn’t be a legitimate duplicate of the unique key (within the scenario the place we merely offered one or two public keys in a row)? Your reply appears to recommend that the vulnerability is inside the capability for anybody so as to add a key to the transaction and signal for it. Nevertheless if the important thing was something completely different from the unique public key it will probably not be the results of a legitimate OP_DUP proper? You wouldn’t be capable to confirm the signature of that transaction with the unique public key, is that not sufficient to show it’s coming from one other key and is subsequently an invalid signature?
Total it appears to me that the vulnerability situation the place a miner offered an alternate public key would depend on the power for there to be a couple of public key variable semantically within the transaction. The OP_DUP semantic on this scenario causes this theoretical vulnerability since it’s apparently implicitly duplicated and isn’t verifiably duplicated. For those who take away the duplication totally you have got a transaction by which a public key references an output from which it owns and gives the signature proving this proprietor relationship. So whereas I perceive why eradicating the OP_DUP might trigger vulnerability with the present implementation, I battle to grasp why a a lot less complicated single key transaction couldn’t be attainable to take away all of this overhead.
