flywithu/Learning-Bitcoin-from-the-Command-Line
1
1
Fork 0
mirror of https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line.git synced 2025-06-10 17:36:23 +00:00
Code Issues Releases Wiki Activity

Update 11_1_Writing_Puzzle_Scripts.md

Browse Source
This commit is contained in:
Shannon Appelcline 2017-06-06 10:46:39 -07:00 committed by GitHub
parent 58912c0d10
commit 2dca6b3183
1 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
11_1_Writing_Puzzle_Scripts.md
View File

@ -6,7 +6,7 @@ Bitcoin Scripts _don't_ actually have to depend on the knowledge of a secret key
## Write Simple Algebra Scripts
Our first real Script, from [§7.2: Running a Bitcoin Script](7_2_Running_a_Bitcoin_Script.md) was an alegbraic script. That Bitcoin Script, `OP_ADD 99 OP_EQUAL`, could have been alternatively described as `x + y = 99`.
Our first real Script, from [§7.2: Running a Bitcoin Script](7_2_Running_a_Bitcoin_Script.md) was an alegbraic puzzle. That Bitcoin Script, `OP_ADD 99 OP_EQUAL`, could have been alternatively described as `x + y = 99`.
This sort of Script doesn't have a lot of applicability in the real world, as it's too easy to claim the funds. But, a puzzle-solving contest giving out Bitcoin dust might offer it as a fun entertainment.
@ -26,7 +26,7 @@ Script: 2 OP_DUP OP_DUP 7 OP_ADD OP_ADD OP_ADD 13 OP_EQUAL
Stack: [ ]
Script: OP_DUP OP_DUP 7 OP_ADD OP_ADD OP_ADD 13 OP_EQUAL
Stack: [ 25 ]
Stack: [ 2 ]
Script: OP_DUP 7 OP_ADD OP_ADD OP_ADD 13 OP_EQUAL
Running: 2 OP_DUP
@ -58,14 +58,13 @@ Script:
Running: 13 13 OP_EQUAL
Stack: [ True ]
```
See also the [WebBC Debug Execution](https://webbtc.com/script/2/OP_DUP%20OP_DUP%207%20OP_ADD%20OP_ADD%20OP_ADD%2013%20OP_EQUAL/) of this script.
See also the [WebBTC Debug Execution](https://webbtc.com/script/2/OP_DUP%20OP_DUP%207%20OP_ADD%20OP_ADD%20OP_ADD%2013%20OP_EQUAL/) of this script.
### Write an Equation System
What if you wanted to instead write an equation system, such as `x + y = 3`, `y + z = 5`, and `x + z = 4`? A bit of algebra tells you that the answers come out to `x = 1`, `y = 2`, and `z = 3`. But, how do you script it?
Most obviously, after the redeemer inputs the three numbers, we're going to need two copies of each numbers, since each goes into two equations. `OP_3DUP` takes care of that and results in `x y z x y z` being on the stack. Popping off two items at a time will give us `y z`, `z x`, and `x y`. Voila! That's our three equations, so we just need to do some addition! Here's the full script: `OP_3DUP OP_ADD 5 OP_EQUALVERIFY OP_ADD 4 OP_EQUALVERIFY OP_ADD 3 OP_EQUAL`.
Most obviously, after the redeemer inputs the three numbers, we're going to need two copies of each numbers, since each number goes into two different equations. `OP_3DUP` takes care of that and results in `x y z x y z` being on the stack. Popping off two items at a time will give us `y z`, `z x`, and `x y`. Voila! That's our three equations, so we just need to add them up and test them in the right order! Here's the full script: `OP_3DUP OP_ADD 5 OP_EQUALVERIFY OP_ADD 4 OP_EQUALVERIFY OP_ADD 3 OP_EQUAL`.
Here's how it runs with the correct unlocking script of `1 2 3`:
```
@ -112,11 +111,13 @@ Script:
Running: 3 3 OP_EQUAL
Stack: [ True ]
```
See also the [WebBC Debug Execution](https://webbtc.com/script/1%202%203/OP_3DUP%20OP_ADD%205%20OP_EQUALVERIFY%20OP_ADD%204%20OP_EQUALVERIFY%20OP_ADD%203%20OP_EQUAL/) of this script.
See also the [WebBTC Debug Execution](https://webbtc.com/script/1%202%203/OP_3DUP%20OP_ADD%205%20OP_EQUALVERIFY%20OP_ADD%204%20OP_EQUALVERIFY%20OP_ADD%203%20OP_EQUAL/) of this script.
> **WARNING** The WebBTC Debugger was used not just to offer another visualization of these scripts, but to also double-check the results. Sure enough, we got this one wrong the first time, testing the equations in the wrong order. That's how easy it is to make a financially fatal mistake in a Bitcoin Script, and that's why every script must be tested.
## Write Simple Computational Scripts
Though puzzle scripts are trivial, they can actually have real-world usefulness if you want to crowdsource a computation. You simply create a script that requires the answer to the computation and you put Bitcoin into the P2SH address. It'll then stay there until someone comes up with the answer.
Though puzzle scripts are trivial, they can actually have real-world usefulness if you want to crowdsource a computation. You simply create a script that requires the answer to the computation and you send funds to the P2SH address as a reward. It'll stay there until someone comes up with the answer.
For example, Peter Todd [offered rewards](https://bitcointalk.org/index.php?topic=293382.0) for solving equations that demonstrate collisions for standard cryptographic algorithms. Here was his script for confirming a SHA1 collision: `OP_2DUP OP_EQUAL OP_NOT OP_VERIFY OP_SHA1 OP_SWAP OP_SHA1 OP_EQUAL`. It requires two inputs, which will be the two numbers that collide.
@ -134,7 +135,6 @@ Script: OP_EQUAL OP_NOT OP_VERIFY OP_SHA1 OP_SWAP OP_SHA1 OP_EQUAL
Running: <numA> <numB> OP_2DUP
Stack: [ <numA> <numB> <numA> <numB> ]
```
Then, we make sure the two numbers aren't equal, exiting if they are:
```
Script: OP_NOT OP_VERIFY OP_SHA1 OP_SWAP OP_SHA1 OP_EQUAL
@ -167,24 +167,26 @@ Script:
Running: <hashB> <hashA> OP_EQUAL
Stack: [ True ]
```
This is a nice example because it shows careful use of logic (with the `OP_NOT` and the `OP_VERIFY`) and good use of stack functions (with the `OP_SWAP`). It's all around a great example of a real-world function. And it is very real-world. When [SHA-1 was broken](https://shattered.io/), 2.48 BTC were quickly liberated from the address, with a total value of almost $3,000.
This is a nice script because it shows careful use of logic (with the `OP_NOT` and the `OP_VERIFY`) and good use of stack functions (with the `OP_SWAP`). It's all around a great example of a real-world function. And it is very real-world. When [SHA-1 was broken](https://shattered.io/), 2.48 BTC were quickly liberated from the address, with a total value of almost $3,000.
See also the [WebBTC Debug Execution](https://webbtc.com/script/255044462d312e330a25e2e3cfd30a0a0a312030206f626a0a3c3c2f57696474682032203020522f4865696768742033203020522f547970652034203020522f537562747970652035203020522f46696c7465722036203020522f436f6c6f7253706163652037203020522f4c656e6774682038203020522f42697473506572436f6d706f6e656e7420383e3e0a73747265616d0affd8fffe00245348412d3120697320646561642121212121852fec092339759c39b1a1c63c4c97e1fffe017f46dc93a6b67e013b029aaa1db2560b45ca67d688c7f84b8c4c791fe02b3df614f86db1690901c56b45c1530afedfb76038e972722fe7ad728f0e4904e046c230570fe9d41398abe12ef5bc942be33542a4802d98b5d70f2a332ec37fac3514e74ddc0f2cc1a874cd0c78305a21566461309789606bd0bf3f98cda8044629a1%20255044462d312e330a25e2e3cfd30a0a0a312030206f626a0a3c3c2f57696474682032203020522f4865696768742033203020522f547970652034203020522f537562747970652035203020522f46696c7465722036203020522f436f6c6f7253706163652037203020522f4c656e6774682038203020522f42697473506572436f6d706f6e656e7420383e3e0a73747265616d0affd8fffe00245348412d3120697320646561642121212121852fec092339759c39b1a1c63c4c97e1fffe017346dc9166b67e118f029ab621b2560ff9ca67cca8c7f85ba84c79030c2b3de218f86db3a90901d5df45c14f26fedfb3dc38e96ac22fe7bd728f0e45bce046d23c570feb141398bb552ef5a0a82be331fea48037b8b5d71f0e332edf93ac3500eb4ddc0decc1a864790c782c76215660dd309791d06bd0af3f98cda4bc4629b1/OP_2DUP%20OP_EQUAL%20OP_NOT%20OP_VERIFY%20OP_SHA1%20OP_SWAP%20OP_SHA1%20OP_EQUAL/), with the correct answers.
The other [bounties](https://bitcointalk.org/index.php?topic=293382.0) remain unclaimed at the time of this writing. They're all written in the same manner as the SHA-1 example above.
Peter Todd's other [bounties](https://bitcointalk.org/index.php?topic=293382.0) remain unclaimed at the time of this writing. They're all written in the same manner as the SHA-1 example above.
## Understand the Danger of Puzzle Scripts
## Understand the Limitations of Puzzle Scripts
Though puzzle scripts are great to further examine Bitcoin Scripting, but you'll only see them in real-world use if they have very low values or if they are intended for redemption by very skilled users. There's a reason for this: they aren't secure. Yet, Peter Todd's cryptographic bounties prove that they do have some real-world application.
Puzzle scripts are great to further examine Bitcoin Scripting, but you'll only see them in real-world use if they're holding small amounts of funds or if they're intended for redemption by very skilled users. There's a reason for this: they aren't secure.
But, here's where the security falls down.
Here's where the security falls down:
First, anyone can redeem them without knowing much of a secret. They do have to have the `redeemScript`, which offers some protection, but once they do, that's probably all the secret that's necessary. Unless your puzzle is _really_ tough, such as a computational puzzle.
First, anyone can redeem them without knowing much of a secret. They do have to have the `redeemScript`, which offers some protection, but once they do, that's probably the only secret that's necessary — unless your puzzle is _really_ tough, such as a computational puzzle.
Second, the actual redemption isn't secure. Normally, a Bitcoin transction is protected by the signature. Because the signature covers the transaction, no one on the network can take your transaction and change it to send to their address. The restulant signature would no longer be valid. That isn't true with a transactions whose inputs are just numbers. Anyone could grab your inputs and write a new transaction that sends to them. If they can get their transaction into a block before yours, they win, and you don't get the puzzle money. There are solutions for this, but they involve mining the block yourself of having a trusted pool mine it, and neither of those is rational for an average Bitcoin user.
Second, the actual redemption isn't secure. Normally, a Bitcoin transction is protected by the signature. Because the signature covers the transaction, no one on the network can rewrite that transaction to instead send to their address without invalidating the signature (and thus the transaction). That isn't true with a transactions whose inputs are just numbers. Anyone could grab the transaction and rewrite it to allow them to steal the funds. If they can get their transaction into a block before yours, they win, and you don't get the puzzle money. There are solutions for this, but they involve mining the block yourself of having a trusted pool mine it, and neither of those options is rational for an average Bitcoin user.
Yet, Peter Todd's cryptographic bounties prove that puzzle scripts do have some real-world application.
## Summary: Writing Puzzle Scripts
Puzzles scripts are a great introduction to more realistic and complex real-world Bitcoin Scripts. They demonstrate the power of the mathematical and stack functions in Bitcoin Script and how they can be carefully combined to create questions that require very specific answers. However, their real-world usage is also limited by the security problems inherent in non-signed Bitcoin transactions.
Puzzles scripts are a great introduction to more realistic and complex Bitcoin Scripts. They demonstrate the power of the mathematical and stack functions in Bitcoin Script and how they can be carefully combined to create questions that require very specific answers. However, their real-world usage is also limited by the security issues inherent in non-signed Bitcoin transactions.
_What is the power of puzzle script?_ Despite their limitations, puzzles scripts have been used in the real world as the prizes for computational bounties. Anyone who can figure out a complex puzzle, whose solution presmably has some real-world impact, can win the bounty.
_What is the power of puzzle script?_ Despite their limitations, puzzles scripts have been used in the real world as the prizes for computational bounties. Anyone who can figure out a complex puzzle, whose solution presmably has some real-world impact, can win the bounty. Whether they get to actually keep it is another question.