How to use cryptotools to modify signatures and vefiry an existing MultiSig transaction

[Anynomouss]

Dear all,

And especially @mcdallas , I want to use your library to solve a particular problem for MultiSig holders, and that problem is the need to be able to produce security proof, so accessibility of all MultiSig holders keys on a regular basis. See here the issue discussed on bitcointalk:

https://bitcointalk.org/index.php?topic=5353221.msg57646299#msg57646299

Unfortunately even when signing a transaction with all MultiSig holders, only the minimal amount of signatures are broadcasted to the network.
Therefore, I wrote a small script to parse the signatures from Partially Signed Bitcoin Transaction data shared among MultiSigHolders to extract all signatures.
Subsequently I want to use cryptotools to substitute the signature in the raw transacion hex with missing signatures.
Cryptotools can verify the transaction, and as such proof that the additional signatures I provided are valid, providing security proof that all key-holders indeed have access to their keys.
I do however missed some documentation on how to use cryptotools to modify a transaction. I can use
tx.json() to get the transaction data and replace a signature in the witness data (P2WSH transaction), but I do not see how to modify it, or load a modified version of the json as a transaction.
Alternatively I could use
'tx.hex()' to get the raw hex and swap a signature, but also here I do not see how to load the hex in a transaction and tests it validity 'using tx.verify'

Any help, suggestions or links to more elaborate documentation of the cryptotools library are greatly appreciated.

Anynomous

[mcdallas]

Hey @Anynomouss,

Happy to help grin since I am an old contributor and sorry for the lack of documentation

If I understand correctly you want to replace 2 signatures in a 4-of-6 multisig ?
If you already have the modified hex you can just use tx = Transaction.from_hex('yourhexstring')

or you can do it like this

>>> from cryptotools import *
>>> tx = Transaction.get('cfbc3792e42a6832825f5b4f9dcb264d7a84662f0365661a05c1db591546bac3')
>>> inp = tx.inputs[0]
>>> inp.json()
{'txid': '64e89ed6da77ed53db5bc5ebfb9e9a51e3e9b320c3fca26fdf7f04fbbd8a496f', 'vout': 0, 'scriptSig': {'hex': ''}, 'witness': ['', '304402200a214ffd4c7d9ef838b4c892d3e6ff89b0e97715dfda4d3b27955bced7bf2c7b02200d16fa29f771510f772ef79bd4f59bc9bb15770fdb765ba2256db82da3f6a47401', '304402200a214ffd4c7d9ef838b4c892d3e6ff89b0e97715dfda4d3b27955bced7bf2c7b02200d16fa29f771510f772ef79bd4f59bc9bb15770fdb765ba2256db82da3f6a47401', '30440220082df4554726abc7427e2426c24e781ff09925acdb849de19943b34039efbcb40220583a4a3dab4bc7499ed5c90fa33e605745801ff7d1d49e7e5bd90cc6caecf9b201', '304402200a214ffd4c7d9ef838b4c892d3e6ff89b0e97715dfda4d3b27955bced7bf2c7b02200d16fa29f771510f772ef79bd4f59bc9bb15770fdb765ba2256db82da3f6a47401', '54210217dc227f2409969e154a651b47f5b8ec3add571e22febbd28e8e0d65318f25c421021b80c3b386759e0b155ed999b5b8e8ee396837222f535c04fe5b6bbd757bde6621023beb227ad56f92fc0e2d112bb2d61f950e640853d355dd75607be79ea07b47d621025546eea541af399b51e93e209b8f41945540e70fac595d1234430e46d057872f21026ce222b609736e330da692d8d620f4b17c8dfa198bb938074d56d68c42ce7a46210311996c195b65975e992ad314d83577b0c1e096fcb5913c90ece9d557fcf60ad056ae'], 'sequence': 4294967293}

Here the witness contains 6 stack items: the empty byte string, the 4 sigs and the witness script which is 54210217dc227f2409969e154a651b47f5b8ec3add571e22febbd28e8e0d65318f25c421021b80c3b386759e0b155ed999b5b8e8ee396837222f535c04fe5b6bbd757bde6621023beb227ad56f92fc0e2d112bb2d61f950e640853d355dd75607be79ea07b47d621025546eea541af399b51e93e209b8f41945540e70fac595d1234430e46d057872f21026ce222b609736e330da692d8d620f4b17c8dfa198bb938074d56d68c42ce7a46210311996c195b65975e992ad314d83577b0c1e096fcb5913c90ece9d557fcf60ad056ae

or (in symbolic representation)

>>> asm(inp.witness[-1])
'OP_4 0217dc227f2409969e154a651b47f5b8ec3add571e22febbd28e8e0d65318f25c4 021b80c3b386759e0b155ed999b5b8e8ee396837222f535c04fe5b6bbd757bde66 023beb227ad56f92fc0e2d112bb2d61f950e640853d355dd75607be79ea07b47d6 025546eea541af399b51e93e209b8f41945540e70fac595d1234430e46d057872f 026ce222b609736e330da692d8d620f4b17c8dfa198bb938074d56d68c42ce7a46 0311996c195b65975e992ad314d83577b0c1e096fcb5913c90ece9d557fcf60ad0 OP_6 OP_CHECKMULTISIG'

All you have to do is replace 2 of the signatures in the witness with your new sigs

Hopefully something like this will work:

from cryptotools import hex_to_bytes, Transaction

EXTRA_SIG_1 = hex_to_bytes('your_signature_1_hex_including_hashcode')
EXTRA_SIG_2 = hex_to_bytes('yout_signature_2_hex_including_hashcode')

tx = Transaction.get('cfbc3792e42a6832825f5b4f9dcb264d7a84662f0365661a05c1db591546bac3')

inp = tx.inputs[0]

wit = list(inp.witness)

wit[1] = EXTRA_SIG_1
wit[2] = EXTRA_SIG_2

inp.witness = tuple(wit)

print("Modified Transaction hex:")
print(tx.hex())

[Anynomouss]

Awesome, this was exactly what I was looking for!
When I saw that you had Schnorr signature implemented in the package, I was already wondering if you where a Grinner, so my suspicion was right .
Thx a lot, this a great help to the Grin project since both the Original Council (OC) as well as the newly formed Community Council (CC) want to have proper security proofs for their MultiSigs.

[Deramalachy]

Finding it hard installing the script, I would love proper documentation as this is the only way I think I can recover my lost phrase.

I will really appreciate if I am assisted

[mcdallas]

@Deramalachy what seems to be the problem? You can either clone it and run setup.py or just run pip install git+https://github.com/mcdallas/cryptotools.git

[Deramalachy]

Quite new to python and I barely know my way around here lol I have successfully cloned the script, lemme look around how to install using setup.py I am getting this error ERROR: Error [WinError 2] The system cannot find the file specified while executing command git clone -q https://github.com/mcdallas/cryptotools.git 'C:\Users\Dell User\AppData\Local\Temp\pip-req-build-gpf5hees'ERROR: Cannot find command 'git' - do you have 'git' installed and in your PATH? On Friday, September 17, 2021, 12:42:03 PM GMT+1, Mike Dallas ***@***.***> wrote: @Deramalachy what seems to be the problem? You can either clone it and run setup.py or just run pip install git+https://github.com/mcdallas/cryptotools.git — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[Deramalachy]

Hey don't worry I have found my way around it, Hopefully, this works out well