diff --git a/src/key.cpp b/src/key.cpp
index d0c28eb56..380224937 100644
--- a/src/key.cpp
+++ b/src/key.cpp
@@ -1,419 +1,445 @@
 // Copyright (c) 2009-2016 The Bitcoin Core developers
 // Copyright (c) 2017 The Zcash developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <key.h>
 
 #include <arith_uint256.h>
 #include <crypto/common.h>
 #include <crypto/hmac_sha512.h>
 #include <pubkey.h>
 #include <random.h>
 
 #include <secp256k1.h>
 #include <secp256k1_recovery.h>
 #include <secp256k1_schnorr.h>
 
 static secp256k1_context *secp256k1_context_sign = nullptr;
 
 /**
  * These functions are taken from the libsecp256k1 distribution and are very
  * ugly.
  */
 
 /**
  * This parses a format loosely based on a DER encoding of the ECPrivateKey type
  * from section C.4 of SEC 1 <http://www.secg.org/sec1-v2.pdf>, with the
  * following caveats:
  *
  * * The octet-length of the SEQUENCE must be encoded as 1 or 2 octets. It is
  * not required to be encoded as one octet if it is less than 256, as DER would
  * require.
  * * The octet-length of the SEQUENCE must not be greater than the remaining
  * length of the key encoding, but need not match it (i.e. the encoding may
  * contain junk after the encoded SEQUENCE).
  * * The privateKey OCTET STRING is zero-filled on the left to 32 octets.
  * * Anything after the encoding of the privateKey OCTET STRING is ignored,
  * whether or not it is validly encoded DER.
  *
  * out32 must point to an output buffer of length at least 32 bytes.
  */
 static int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32,
                                  const uint8_t *privkey, size_t privkeylen) {
     const uint8_t *end = privkey + privkeylen;
     memset(out32, 0, 32);
     /* sequence header */
     if (end - privkey < 1 || *privkey != 0x30u) {
         return 0;
     }
     privkey++;
     /* sequence length constructor */
     if (end - privkey < 1 || !(*privkey & 0x80u)) {
         return 0;
     }
     ptrdiff_t lenb = *privkey & ~0x80u;
     privkey++;
     if (lenb < 1 || lenb > 2) {
         return 0;
     }
     if (end - privkey < lenb) {
         return 0;
     }
     /* sequence length */
     ptrdiff_t len =
         privkey[lenb - 1] | (lenb > 1 ? privkey[lenb - 2] << 8 : 0u);
     privkey += lenb;
     if (end - privkey < len) {
         return 0;
     }
     /* sequence element 0: version number (=1) */
     if (end - privkey < 3 || privkey[0] != 0x02u || privkey[1] != 0x01u ||
         privkey[2] != 0x01u) {
         return 0;
     }
     privkey += 3;
     /* sequence element 1: octet string, up to 32 bytes */
     if (end - privkey < 2 || privkey[0] != 0x04u) {
         return 0;
     }
     ptrdiff_t oslen = privkey[1];
     privkey += 2;
     if (oslen > 32 || end - privkey < oslen) {
         return 0;
     }
     memcpy(out32 + (32 - oslen), privkey, oslen);
     if (!secp256k1_ec_seckey_verify(ctx, out32)) {
         memset(out32, 0, 32);
         return 0;
     }
     return 1;
 }
 
 /**
  * This serializes to a DER encoding of the ECPrivateKey type from section C.4
  * of SEC 1 <http://www.secg.org/sec1-v2.pdf>. The optional parameters and
  * publicKey fields are included.
  *
  * privkey must point to an output buffer of length at least
  * CKey::PRIVATE_KEY_SIZE bytes. privkeylen must initially be set to the size of
  * the privkey buffer. Upon return it will be set to the number of bytes used in
  * the buffer. key32 must point to a 32-byte raw private key.
  */
 static int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey,
                                  size_t *privkeylen, const uint8_t *key32,
                                  int compressed) {
     assert(*privkeylen >= CKey::PRIVATE_KEY_SIZE);
     secp256k1_pubkey pubkey;
     size_t pubkeylen = 0;
     if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
         *privkeylen = 0;
         return 0;
     }
 
     if (compressed) {
         static const uint8_t begin[] = {0x30, 0x81, 0xD3, 0x02,
                                         0x01, 0x01, 0x04, 0x20};
         static const uint8_t middle[] = {
             0xA0, 0x81, 0x85, 0x30, 0x81, 0x82, 0x02, 0x01, 0x01, 0x30, 0x2C,
             0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
             0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
             0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x21, 0x02,
             0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
             0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
             0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x02,
             0x21, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
             0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41,
             0x41, 0x02, 0x01, 0x01, 0xA1, 0x24, 0x03, 0x22, 0x00};
         uint8_t *ptr = privkey;
         memcpy(ptr, begin, sizeof(begin));
         ptr += sizeof(begin);
         memcpy(ptr, key32, 32);
         ptr += 32;
         memcpy(ptr, middle, sizeof(middle));
         ptr += sizeof(middle);
         pubkeylen = CPubKey::COMPRESSED_PUBLIC_KEY_SIZE;
         secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
                                       SECP256K1_EC_COMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
         assert(*privkeylen == CKey::COMPRESSED_PRIVATE_KEY_SIZE);
     } else {
         static const uint8_t begin[] = {0x30, 0x82, 0x01, 0x13, 0x02,
                                         0x01, 0x01, 0x04, 0x20};
         static const uint8_t middle[] = {
             0xA0, 0x81, 0xA5, 0x30, 0x81, 0xA2, 0x02, 0x01, 0x01, 0x30, 0x2C,
             0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x01, 0x01, 0x02, 0x21,
             0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
             0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04,
             0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62,
             0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE,
             0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, 0x48,
             0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC,
             0x0E, 0x11, 0x08, 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54,
             0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8, 0x02, 0x21,
             0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
             0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF,
             0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
             0x02, 0x01, 0x01, 0xA1, 0x44, 0x03, 0x42, 0x00};
         uint8_t *ptr = privkey;
         memcpy(ptr, begin, sizeof(begin));
         ptr += sizeof(begin);
         memcpy(ptr, key32, 32);
         ptr += 32;
         memcpy(ptr, middle, sizeof(middle));
         ptr += sizeof(middle);
         pubkeylen = CPubKey::PUBLIC_KEY_SIZE;
         secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey,
                                       SECP256K1_EC_UNCOMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
         assert(*privkeylen == CKey::PRIVATE_KEY_SIZE);
     }
     return 1;
 }
 
 bool CKey::Check(const uint8_t *vch) {
     return secp256k1_ec_seckey_verify(secp256k1_context_sign, vch);
 }
 
 void CKey::MakeNewKey(bool fCompressedIn) {
     do {
         GetStrongRandBytes(keydata.data(), keydata.size());
     } while (!Check(keydata.data()));
     fValid = true;
     fCompressed = fCompressedIn;
 }
 
 CPrivKey CKey::GetPrivKey() const {
     assert(fValid);
     CPrivKey privkey;
     int ret;
     size_t privkeylen;
     privkey.resize(PRIVATE_KEY_SIZE);
     privkeylen = PRIVATE_KEY_SIZE;
     ret = ec_privkey_export_der(
         secp256k1_context_sign, privkey.data(), &privkeylen, begin(),
         fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
     assert(ret);
     privkey.resize(privkeylen);
     return privkey;
 }
 
 CPubKey CKey::GetPubKey() const {
     assert(fValid);
     secp256k1_pubkey pubkey;
     size_t clen = CPubKey::PUBLIC_KEY_SIZE;
     CPubKey result;
     int ret =
         secp256k1_ec_pubkey_create(secp256k1_context_sign, &pubkey, begin());
     assert(ret);
     secp256k1_ec_pubkey_serialize(
         secp256k1_context_sign, (uint8_t *)result.begin(), &clen, &pubkey,
         fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
     assert(result.size() == clen);
     assert(result.IsValid());
     return result;
 }
 
+// Check that the sig has a low R value and will be less than 71 bytes
+static bool SigHasLowR(const secp256k1_ecdsa_signature *sig) {
+    uint8_t compact_sig[64];
+    secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_sign,
+                                                compact_sig, sig);
+
+    // In DER serialization, all values are interpreted as big-endian, signed
+    // integers. The highest bit in the integer indicates its signed-ness; 0 is
+    // positive, 1 is negative. When the value is interpreted as a negative
+    // integer, it must be converted to a positive value by prepending a 0x00
+    // byte so that the highest bit is 0. We can avoid this prepending by
+    // ensuring that our highest bit is always 0, and thus we must check that
+    // the first byte is less than 0x80.
+    return compact_sig[0] < 0x80;
+}
+
 bool CKey::SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
-                     uint32_t test_case) const {
+                     bool grind, uint32_t test_case) const {
     if (!fValid) {
         return false;
     }
     vchSig.resize(CPubKey::SIGNATURE_SIZE);
     size_t nSigLen = CPubKey::SIGNATURE_SIZE;
     uint8_t extra_entropy[32] = {0};
     WriteLE32(extra_entropy, test_case);
     secp256k1_ecdsa_signature sig;
-    int ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
+    uint32_t counter = 0;
+    int ret =
+        secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
+                             begin(), secp256k1_nonce_function_rfc6979,
+                             (!grind && test_case) ? extra_entropy : nullptr);
+
+    // Grind for low R
+    while (ret && !SigHasLowR(&sig) && grind) {
+        WriteLE32(extra_entropy, ++counter);
+        ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(),
                                    begin(), secp256k1_nonce_function_rfc6979,
-                                   test_case ? extra_entropy : nullptr);
+                                   extra_entropy);
+    }
     assert(ret);
     secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign,
                                             vchSig.data(), &nSigLen, &sig);
     vchSig.resize(nSigLen);
     return true;
 }
 
 bool CKey::SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
                        uint32_t test_case) const {
     if (!fValid) {
         return false;
     }
     vchSig.resize(64);
     uint8_t extra_entropy[32] = {0};
     WriteLE32(extra_entropy, test_case);
 
     int ret = secp256k1_schnorr_sign(
         secp256k1_context_sign, &vchSig[0], hash.begin(), begin(),
         secp256k1_nonce_function_rfc6979, test_case ? extra_entropy : nullptr);
     assert(ret);
     return true;
 }
 
 bool CKey::VerifyPubKey(const CPubKey &pubkey) const {
     if (pubkey.IsCompressed() != fCompressed) {
         return false;
     }
     uint8_t rnd[8];
     std::string str = "Bitcoin key verification\n";
     GetRandBytes(rnd, sizeof(rnd));
     uint256 hash;
     CHash256()
         .Write((uint8_t *)str.data(), str.size())
         .Write(rnd, sizeof(rnd))
         .Finalize(hash.begin());
     std::vector<uint8_t> vchSig;
     SignECDSA(hash, vchSig);
     return pubkey.VerifyECDSA(hash, vchSig);
 }
 
 bool CKey::SignCompact(const uint256 &hash,
                        std::vector<uint8_t> &vchSig) const {
     if (!fValid) {
         return false;
     }
     vchSig.resize(CPubKey::COMPACT_SIGNATURE_SIZE);
     int rec = -1;
     secp256k1_ecdsa_recoverable_signature sig;
     int ret = secp256k1_ecdsa_sign_recoverable(
         secp256k1_context_sign, &sig, hash.begin(), begin(),
         secp256k1_nonce_function_rfc6979, nullptr);
     assert(ret);
     secp256k1_ecdsa_recoverable_signature_serialize_compact(
         secp256k1_context_sign, &vchSig[1], &rec, &sig);
     assert(ret);
     assert(rec != -1);
     vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
     return true;
 }
 
 bool CKey::Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
                 bool fSkipCheck = false) {
     if (!ec_privkey_import_der(secp256k1_context_sign, (uint8_t *)begin(),
                                privkey.data(), privkey.size())) {
         return false;
     }
     fCompressed = vchPubKey.IsCompressed();
     fValid = true;
 
     if (fSkipCheck) {
         return true;
     }
 
     return VerifyPubKey(vchPubKey);
 }
 
 bool CKey::Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
                   const ChainCode &cc) const {
     assert(IsValid());
     assert(IsCompressed());
     std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
     if ((nChild >> 31) == 0) {
         CPubKey pubkey = GetPubKey();
         assert(pubkey.size() == CPubKey::COMPRESSED_PUBLIC_KEY_SIZE);
         BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin() + 1, vout.data());
     } else {
         assert(size() == 32);
         BIP32Hash(cc, nChild, 0, begin(), vout.data());
     }
     memcpy(ccChild.begin(), vout.data() + 32, 32);
     memcpy((uint8_t *)keyChild.begin(), begin(), 32);
     bool ret = secp256k1_ec_privkey_tweak_add(
         secp256k1_context_sign, (uint8_t *)keyChild.begin(), vout.data());
     keyChild.fCompressed = true;
     keyChild.fValid = ret;
     return ret;
 }
 
 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
     out.nDepth = nDepth + 1;
     CKeyID id = key.GetPubKey().GetID();
     memcpy(&out.vchFingerprint[0], &id, 4);
     out.nChild = _nChild;
     return key.Derive(out.key, out.chaincode, _nChild, chaincode);
 }
 
 void CExtKey::SetSeed(const uint8_t *seed, unsigned int nSeedLen) {
     static const uint8_t hashkey[] = {'B', 'i', 't', 'c', 'o', 'i',
                                       'n', ' ', 's', 'e', 'e', 'd'};
     std::vector<uint8_t, secure_allocator<uint8_t>> vout(64);
     CHMAC_SHA512(hashkey, sizeof(hashkey))
         .Write(seed, nSeedLen)
         .Finalize(vout.data());
     key.Set(vout.data(), vout.data() + 32, true);
     memcpy(chaincode.begin(), vout.data() + 32, 32);
     nDepth = 0;
     nChild = 0;
     memset(vchFingerprint, 0, sizeof(vchFingerprint));
 }
 
 CExtPubKey CExtKey::Neuter() const {
     CExtPubKey ret;
     ret.nDepth = nDepth;
     memcpy(&ret.vchFingerprint[0], &vchFingerprint[0], 4);
     ret.nChild = nChild;
     ret.pubkey = key.GetPubKey();
     ret.chaincode = chaincode;
     return ret;
 }
 
 void CExtKey::Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const {
     code[0] = nDepth;
     memcpy(code + 1, vchFingerprint, 4);
     code[5] = (nChild >> 24) & 0xFF;
     code[6] = (nChild >> 16) & 0xFF;
     code[7] = (nChild >> 8) & 0xFF;
     code[8] = (nChild >> 0) & 0xFF;
     memcpy(code + 9, chaincode.begin(), 32);
     code[41] = 0;
     assert(key.size() == 32);
     memcpy(code + 42, key.begin(), 32);
 }
 
 void CExtKey::Decode(const uint8_t code[BIP32_EXTKEY_SIZE]) {
     nDepth = code[0];
     memcpy(vchFingerprint, code + 1, 4);
     nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
     memcpy(chaincode.begin(), code + 9, 32);
     key.Set(code + 42, code + BIP32_EXTKEY_SIZE, true);
 }
 
 bool ECC_InitSanityCheck() {
     CKey key;
     key.MakeNewKey(true);
     CPubKey pubkey = key.GetPubKey();
     return key.VerifyPubKey(pubkey);
 }
 
 void ECC_Start() {
     assert(secp256k1_context_sign == nullptr);
 
     secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
     assert(ctx != nullptr);
 
     {
         // Pass in a random blinding seed to the secp256k1 context.
         std::vector<uint8_t, secure_allocator<uint8_t>> vseed(32);
         GetRandBytes(vseed.data(), 32);
         bool ret = secp256k1_context_randomize(ctx, vseed.data());
         assert(ret);
     }
 
     secp256k1_context_sign = ctx;
 }
 
 void ECC_Stop() {
     secp256k1_context *ctx = secp256k1_context_sign;
     secp256k1_context_sign = nullptr;
 
     if (ctx) {
         secp256k1_context_destroy(ctx);
     }
 }
diff --git a/src/key.h b/src/key.h
index 1efa92fd7..a2c9813f6 100644
--- a/src/key.h
+++ b/src/key.h
@@ -1,208 +1,208 @@
 // Copyright (c) 2009-2010 Satoshi Nakamoto
 // Copyright (c) 2009-2016 The Bitcoin Core developers
 // Copyright (c) 2017 The Zcash developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_KEY_H
 #define BITCOIN_KEY_H
 
 #include <pubkey.h>
 #include <serialize.h>
 #include <support/allocators/secure.h>
 #include <uint256.h>
 
 #include <stdexcept>
 #include <vector>
 
 /**
  * secure_allocator is defined in allocators.h
  * CPrivKey is a serialized private key, with all parameters included
  * (PRIVATE_KEY_SIZE bytes)
  */
 typedef std::vector<uint8_t, secure_allocator<uint8_t>> CPrivKey;
 
 /** An encapsulated secp256k1 private key. */
 class CKey {
 public:
     /**
      * secp256k1:
      */
     static const unsigned int PRIVATE_KEY_SIZE = 279;
     static const unsigned int COMPRESSED_PRIVATE_KEY_SIZE = 214;
     /**
      * see www.keylength.com
      * script supports up to 75 for single byte push
      */
     static_assert(
         PRIVATE_KEY_SIZE >= COMPRESSED_PRIVATE_KEY_SIZE,
         "COMPRESSED_PRIVATE_KEY_SIZE is larger than PRIVATE_KEY_SIZE");
 
 private:
     //! Whether this private key is valid. We check for correctness when
     //! modifying the key data, so fValid should always correspond to the actual
     //! state.
     bool fValid;
 
     //! Whether the public key corresponding to this private key is (to be)
     //! compressed.
     bool fCompressed;
 
     //! The actual byte data
     std::vector<uint8_t, secure_allocator<uint8_t>> keydata;
 
     //! Check whether the 32-byte array pointed to by vch is valid keydata.
     static bool Check(const uint8_t *vch);
 
 public:
     //! Construct an invalid private key.
     CKey() : fValid(false), fCompressed(false) {
         // Important: vch must be 32 bytes in length to not break serialization
         keydata.resize(32);
     }
 
     friend bool operator==(const CKey &a, const CKey &b) {
         return a.fCompressed == b.fCompressed && a.size() == b.size() &&
                memcmp(a.keydata.data(), b.keydata.data(), a.size()) == 0;
     }
 
     //! Initialize using begin and end iterators to byte data.
     template <typename T>
     void Set(const T pbegin, const T pend, bool fCompressedIn) {
         if (size_t(pend - pbegin) != keydata.size()) {
             fValid = false;
         } else if (Check(&pbegin[0])) {
             memcpy(keydata.data(), (uint8_t *)&pbegin[0], keydata.size());
             fValid = true;
             fCompressed = fCompressedIn;
         } else {
             fValid = false;
         }
     }
 
     //! Simple read-only vector-like interface.
     unsigned int size() const { return (fValid ? keydata.size() : 0); }
     const uint8_t *begin() const { return keydata.data(); }
     const uint8_t *end() const { return keydata.data() + size(); }
 
     //! Check whether this private key is valid.
     bool IsValid() const { return fValid; }
 
     //! Check whether the public key corresponding to this private key is (to
     //! be) compressed.
     bool IsCompressed() const { return fCompressed; }
 
     //! Generate a new private key using a cryptographic PRNG.
     void MakeNewKey(bool fCompressed);
 
     /**
      * Convert the private key to a CPrivKey (serialized OpenSSL private key
      * data).
      * This is expensive.
      */
     CPrivKey GetPrivKey() const;
 
     /**
      * Compute the public key from a private key.
      * This is expensive.
      */
     CPubKey GetPubKey() const;
 
     /**
      * Create a DER-serialized ECDSA signature.
      * The test_case parameter tweaks the deterministic nonce.
      */
     bool SignECDSA(const uint256 &hash, std::vector<uint8_t> &vchSig,
-                   uint32_t test_case = 0) const;
+                   bool grind = true, uint32_t test_case = 0) const;
 
     /**
      * Create a Schnorr signature.
      * The test_case parameter tweaks the deterministic nonce.
      */
     bool SignSchnorr(const uint256 &hash, std::vector<uint8_t> &vchSig,
                      uint32_t test_case = 0) const;
 
     /**
      * Create a compact ECDSA signature (65 bytes), which allows reconstructing
      * the used public key.
      * The format is one header byte, followed by two times 32 bytes for the
      * serialized r and s values.
      * The header byte: 0x1B = first key with even y, 0x1C = first key with odd
      * y,
      *                  0x1D = second key with even y, 0x1E = second key with
      * odd y,
      *                  add 0x04 for compressed keys.
      */
     bool SignCompact(const uint256 &hash, std::vector<uint8_t> &vchSig) const;
 
     //! Derive BIP32 child key.
     bool Derive(CKey &keyChild, ChainCode &ccChild, unsigned int nChild,
                 const ChainCode &cc) const;
 
     /**
      * Verify thoroughly whether a private key and a public key match.
      * This is done using a different mechanism than just regenerating it.
      * (An ECDSA signature is created then verified.)
      */
     bool VerifyPubKey(const CPubKey &vchPubKey) const;
 
     //! Load private key and check that public key matches.
     bool Load(const CPrivKey &privkey, const CPubKey &vchPubKey,
               bool fSkipCheck);
 };
 
 struct CExtKey {
     uint8_t nDepth;
     uint8_t vchFingerprint[4];
     unsigned int nChild;
     ChainCode chaincode;
     CKey key;
 
     friend bool operator==(const CExtKey &a, const CExtKey &b) {
         return a.nDepth == b.nDepth &&
                memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0],
                       sizeof(vchFingerprint)) == 0 &&
                a.nChild == b.nChild && a.chaincode == b.chaincode &&
                a.key == b.key;
     }
 
     void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const;
     void Decode(const uint8_t code[BIP32_EXTKEY_SIZE]);
     bool Derive(CExtKey &out, unsigned int nChild) const;
     CExtPubKey Neuter() const;
     void SetSeed(const uint8_t *seed, unsigned int nSeedLen);
     template <typename Stream> void Serialize(Stream &s) const {
         unsigned int len = BIP32_EXTKEY_SIZE;
         ::WriteCompactSize(s, len);
         uint8_t code[BIP32_EXTKEY_SIZE];
         Encode(code);
         s.write((const char *)&code[0], len);
     }
     template <typename Stream> void Unserialize(Stream &s) {
         unsigned int len = ::ReadCompactSize(s);
         if (len != BIP32_EXTKEY_SIZE) {
             throw std::runtime_error("Invalid extended key size\n");
         }
 
         uint8_t code[BIP32_EXTKEY_SIZE];
         s.read((char *)&code[0], len);
         Decode(code);
     }
 };
 
 /**
  * Initialize the elliptic curve support. May not be called twice without
  * calling ECC_Stop first.
  */
 void ECC_Start();
 
 /**
  * Deinitialize the elliptic curve support. No-op if ECC_Start wasn't called
  * first.
  */
 void ECC_Stop();
 
 /** Check that required EC support is available at runtime. */
 bool ECC_InitSanityCheck();
 
 #endif // BITCOIN_KEY_H
diff --git a/src/test/key_tests.cpp b/src/test/key_tests.cpp
index 38e290ddc..2da58acff 100644
--- a/src/test/key_tests.cpp
+++ b/src/test/key_tests.cpp
@@ -1,296 +1,333 @@
 // Copyright (c) 2012-2015 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <key.h>
 
 #include <chainparams.h> // For Params()
 #include <key_io.h>
 #include <script/script.h>
 #include <uint256.h>
 #include <util/strencodings.h>
 #include <util/system.h>
 
 #include <test/test_bitcoin.h>
 
 #include <boost/test/unit_test.hpp>
 
 #include <string>
 #include <vector>
 
 static const std::string strSecret1 =
     "5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj";
 static const std::string strSecret2 =
     "5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3";
 static const std::string strSecret1C =
     "Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw";
 static const std::string strSecret2C =
     "L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g";
 static const std::string addr1 = "1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ";
 static const std::string addr2 = "1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ";
 static const std::string addr1C = "1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs";
 static const std::string addr2C = "1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs";
 
 static const std::string strAddressBad = "1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF";
 
 // get r value produced by ECDSA signing algorithm
 // (assumes ECDSA r is encoded in the canonical manner)
-std::vector<uint8_t> get_r_ECDSA(std::vector<uint8_t> sigECDSA) {
+static std::vector<uint8_t> get_r_ECDSA(std::vector<uint8_t> sigECDSA) {
     std::vector<uint8_t> ret(32, 0);
 
     assert(sigECDSA[2] == 2);
     int rlen = sigECDSA[3];
     assert(rlen <= 33);
     assert(sigECDSA[4 + rlen] == 2);
     if (rlen == 33) {
         assert(sigECDSA[4] == 0);
         std::copy(sigECDSA.begin() + 5, sigECDSA.begin() + 37, ret.begin());
     } else {
         std::copy(sigECDSA.begin() + 4, sigECDSA.begin() + (4 + rlen),
                   ret.begin() + (32 - rlen));
     }
     return ret;
 }
 
 BOOST_FIXTURE_TEST_SUITE(key_tests, BasicTestingSetup)
 
 BOOST_AUTO_TEST_CASE(internal_test) {
     // test get_r_ECDSA (defined above) to make sure it's working properly
     BOOST_CHECK(get_r_ECDSA(ParseHex(
                     "3045022100c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                     "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
                     "c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
                 ParseHex("c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                          "24c22e00b7bc7944a1f78"));
     BOOST_CHECK(get_r_ECDSA(ParseHex(
                     "3045022046ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                     "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
                     "c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
                 ParseHex("46ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                          "24c22e00b7bc7944a1f78"));
     BOOST_CHECK(get_r_ECDSA(ParseHex(
                     "3045021f4b5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                     "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
                     "c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
                 ParseHex("004b5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                          "24c22e00b7bc7944a1f78"));
     BOOST_CHECK(get_r_ECDSA(ParseHex(
                     "3045021e5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                     "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
                     "c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
                 ParseHex("00005f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
                          "24c22e00b7bc7944a1f78"));
 }
 
 BOOST_AUTO_TEST_CASE(key_test1) {
     CKey key1 = DecodeSecret(strSecret1);
     BOOST_CHECK(key1.IsValid() && !key1.IsCompressed());
     CKey key2 = DecodeSecret(strSecret2);
     BOOST_CHECK(key2.IsValid() && !key2.IsCompressed());
     CKey key1C = DecodeSecret(strSecret1C);
     BOOST_CHECK(key1C.IsValid() && key1C.IsCompressed());
     CKey key2C = DecodeSecret(strSecret2C);
     BOOST_CHECK(key2C.IsValid() && key2C.IsCompressed());
     CKey bad_key = DecodeSecret(strAddressBad);
     BOOST_CHECK(!bad_key.IsValid());
 
     CPubKey pubkey1 = key1.GetPubKey();
     CPubKey pubkey2 = key2.GetPubKey();
     CPubKey pubkey1C = key1C.GetPubKey();
     CPubKey pubkey2C = key2C.GetPubKey();
 
     BOOST_CHECK(key1.VerifyPubKey(pubkey1));
     BOOST_CHECK(!key1.VerifyPubKey(pubkey1C));
     BOOST_CHECK(!key1.VerifyPubKey(pubkey2));
     BOOST_CHECK(!key1.VerifyPubKey(pubkey2C));
 
     BOOST_CHECK(!key1C.VerifyPubKey(pubkey1));
     BOOST_CHECK(key1C.VerifyPubKey(pubkey1C));
     BOOST_CHECK(!key1C.VerifyPubKey(pubkey2));
     BOOST_CHECK(!key1C.VerifyPubKey(pubkey2C));
 
     BOOST_CHECK(!key2.VerifyPubKey(pubkey1));
     BOOST_CHECK(!key2.VerifyPubKey(pubkey1C));
     BOOST_CHECK(key2.VerifyPubKey(pubkey2));
     BOOST_CHECK(!key2.VerifyPubKey(pubkey2C));
 
     BOOST_CHECK(!key2C.VerifyPubKey(pubkey1));
     BOOST_CHECK(!key2C.VerifyPubKey(pubkey1C));
     BOOST_CHECK(!key2C.VerifyPubKey(pubkey2));
     BOOST_CHECK(key2C.VerifyPubKey(pubkey2C));
 
     const CChainParams &chainParams = Params();
     BOOST_CHECK(DecodeDestination(addr1, chainParams) ==
                 CTxDestination(pubkey1.GetID()));
     BOOST_CHECK(DecodeDestination(addr2, chainParams) ==
                 CTxDestination(pubkey2.GetID()));
     BOOST_CHECK(DecodeDestination(addr1C, chainParams) ==
                 CTxDestination(pubkey1C.GetID()));
     BOOST_CHECK(DecodeDestination(addr2C, chainParams) ==
                 CTxDestination(pubkey2C.GetID()));
 
     for (int n = 0; n < 16; n++) {
         std::string strMsg = strprintf("Very secret message %i: 11", n);
         uint256 hashMsg = Hash(strMsg.begin(), strMsg.end());
 
         // normal ECDSA signatures
 
         std::vector<uint8_t> sign1, sign2, sign1C, sign2C;
 
         BOOST_CHECK(key1.SignECDSA(hashMsg, sign1));
         BOOST_CHECK(key2.SignECDSA(hashMsg, sign2));
         BOOST_CHECK(key1C.SignECDSA(hashMsg, sign1C));
         BOOST_CHECK(key2C.SignECDSA(hashMsg, sign2C));
 
         BOOST_CHECK(pubkey1.VerifyECDSA(hashMsg, sign1));
         BOOST_CHECK(!pubkey1.VerifyECDSA(hashMsg, sign2));
         BOOST_CHECK(pubkey1.VerifyECDSA(hashMsg, sign1C));
         BOOST_CHECK(!pubkey1.VerifyECDSA(hashMsg, sign2C));
 
         BOOST_CHECK(!pubkey2.VerifyECDSA(hashMsg, sign1));
         BOOST_CHECK(pubkey2.VerifyECDSA(hashMsg, sign2));
         BOOST_CHECK(!pubkey2.VerifyECDSA(hashMsg, sign1C));
         BOOST_CHECK(pubkey2.VerifyECDSA(hashMsg, sign2C));
 
         BOOST_CHECK(pubkey1C.VerifyECDSA(hashMsg, sign1));
         BOOST_CHECK(!pubkey1C.VerifyECDSA(hashMsg, sign2));
         BOOST_CHECK(pubkey1C.VerifyECDSA(hashMsg, sign1C));
         BOOST_CHECK(!pubkey1C.VerifyECDSA(hashMsg, sign2C));
 
         BOOST_CHECK(!pubkey2C.VerifyECDSA(hashMsg, sign1));
         BOOST_CHECK(pubkey2C.VerifyECDSA(hashMsg, sign2));
         BOOST_CHECK(!pubkey2C.VerifyECDSA(hashMsg, sign1C));
         BOOST_CHECK(pubkey2C.VerifyECDSA(hashMsg, sign2C));
 
         // compact ECDSA signatures (with key recovery)
 
         std::vector<uint8_t> csign1, csign2, csign1C, csign2C;
 
         BOOST_CHECK(key1.SignCompact(hashMsg, csign1));
         BOOST_CHECK(key2.SignCompact(hashMsg, csign2));
         BOOST_CHECK(key1C.SignCompact(hashMsg, csign1C));
         BOOST_CHECK(key2C.SignCompact(hashMsg, csign2C));
 
         CPubKey rkey1, rkey2, rkey1C, rkey2C;
 
         BOOST_CHECK(rkey1.RecoverCompact(hashMsg, csign1));
         BOOST_CHECK(rkey2.RecoverCompact(hashMsg, csign2));
         BOOST_CHECK(rkey1C.RecoverCompact(hashMsg, csign1C));
         BOOST_CHECK(rkey2C.RecoverCompact(hashMsg, csign2C));
 
         BOOST_CHECK(rkey1 == pubkey1);
         BOOST_CHECK(rkey2 == pubkey2);
         BOOST_CHECK(rkey1C == pubkey1C);
         BOOST_CHECK(rkey2C == pubkey2C);
 
         // Schnorr signatures
 
         std::vector<uint8_t> ssign1, ssign2, ssign1C, ssign2C;
 
         BOOST_CHECK(key1.SignSchnorr(hashMsg, ssign1));
         BOOST_CHECK(key2.SignSchnorr(hashMsg, ssign2));
         BOOST_CHECK(key1C.SignSchnorr(hashMsg, ssign1C));
         BOOST_CHECK(key2C.SignSchnorr(hashMsg, ssign2C));
 
         BOOST_CHECK(pubkey1.VerifySchnorr(hashMsg, ssign1));
         BOOST_CHECK(!pubkey1.VerifySchnorr(hashMsg, ssign2));
         BOOST_CHECK(pubkey1.VerifySchnorr(hashMsg, ssign1C));
         BOOST_CHECK(!pubkey1.VerifySchnorr(hashMsg, ssign2C));
 
         BOOST_CHECK(!pubkey2.VerifySchnorr(hashMsg, ssign1));
         BOOST_CHECK(pubkey2.VerifySchnorr(hashMsg, ssign2));
         BOOST_CHECK(!pubkey2.VerifySchnorr(hashMsg, ssign1C));
         BOOST_CHECK(pubkey2.VerifySchnorr(hashMsg, ssign2C));
 
         BOOST_CHECK(pubkey1C.VerifySchnorr(hashMsg, ssign1));
         BOOST_CHECK(!pubkey1C.VerifySchnorr(hashMsg, ssign2));
         BOOST_CHECK(pubkey1C.VerifySchnorr(hashMsg, ssign1C));
         BOOST_CHECK(!pubkey1C.VerifySchnorr(hashMsg, ssign2C));
 
         BOOST_CHECK(!pubkey2C.VerifySchnorr(hashMsg, ssign1));
         BOOST_CHECK(pubkey2C.VerifySchnorr(hashMsg, ssign2));
         BOOST_CHECK(!pubkey2C.VerifySchnorr(hashMsg, ssign1C));
         BOOST_CHECK(pubkey2C.VerifySchnorr(hashMsg, ssign2C));
 
         // check deterministicity of ECDSA & Schnorr
         BOOST_CHECK(sign1 == sign1C);
         BOOST_CHECK(sign2 == sign2C);
         BOOST_CHECK(ssign1 == ssign1C);
         BOOST_CHECK(ssign2 == ssign2C);
 
         // Extract r value from ECDSA and Schnorr. Make sure they are
         // distinct (nonce reuse would be dangerous and can leak private key).
         std::vector<uint8_t> rE1 = get_r_ECDSA(sign1);
         BOOST_CHECK(ssign1.size() == 64);
         std::vector<uint8_t> rS1(ssign1.begin(), ssign1.begin() + 32);
         BOOST_CHECK(rE1.size() == 32);
         BOOST_CHECK(rS1.size() == 32);
         BOOST_CHECK(rE1 != rS1);
 
         std::vector<uint8_t> rE2 = get_r_ECDSA(sign2);
         BOOST_CHECK(ssign2.size() == 64);
         std::vector<uint8_t> rS2(ssign2.begin(), ssign2.begin() + 32);
         BOOST_CHECK(rE2.size() == 32);
         BOOST_CHECK(rS2.size() == 32);
         BOOST_CHECK(rE2 != rS2);
     }
 
     // test deterministic signing expected values
 
     std::vector<uint8_t> detsig, detsigc;
     std::string strMsg = "Very deterministic message";
     uint256 hashMsg = Hash(strMsg.begin(), strMsg.end());
     // ECDSA
     BOOST_CHECK(key1.SignECDSA(hashMsg, detsig));
     BOOST_CHECK(key1C.SignECDSA(hashMsg, detsigc));
     BOOST_CHECK(detsig == detsigc);
     BOOST_CHECK(detsig ==
-                ParseHex("3045022100c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
-                         "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
-                         "c82e56a6cc37f9b50463111c9f9229b8f3b3"));
+                ParseHex("304402200c648ad9936cae4006f0b0d7bcbacdcdf5a14260eb550"
+                         "c31ddb1eb1a13b1b58602201b868673bb5926d1610a07cd03692d"
+                         "fdcb98ed059314f66b457a794f2c4b8e79"));
     BOOST_CHECK(key2.SignECDSA(hashMsg, detsig));
     BOOST_CHECK(key2C.SignECDSA(hashMsg, detsigc));
     BOOST_CHECK(detsig == detsigc);
     BOOST_CHECK(detsig ==
-                ParseHex("304502210094dc5a77b8d5db6b42b66c29d7033cd873fac7a1272"
-                         "4a90373726f60bb9f852a02204eb4c98b9a2f5c017f9417ba7c43"
-                         "279c20c84bb058dc05b3beeb9333016b15bb"));
+                ParseHex("304402205fb8ff5dbba6110d877169812f5cd939866d9487c6b62"
+                         "5785c6876e4fb8ea69a0220711dc4ecff142f7f808905c04bbd41"
+                         "89e3d2c689c4be396ed22883c463d6ad7a"));
     // Compact
     BOOST_CHECK(key1.SignCompact(hashMsg, detsig));
     BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc));
     BOOST_CHECK(detsig ==
                 ParseHex("1b8c56f224d51415e6ce329144aa1e1c1563e297a005f450df015"
                          "14f3d047681760277e79d57502df27b8feebb001a588aa3a8c2bc"
                          "f5b2367273c15f840638cfc8"));
     BOOST_CHECK(detsigc ==
                 ParseHex("1f8c56f224d51415e6ce329144aa1e1c1563e297a005f450df015"
                          "14f3d047681760277e79d57502df27b8feebb001a588aa3a8c2bc"
                          "f5b2367273c15f840638cfc8"));
     BOOST_CHECK(key2.SignCompact(hashMsg, detsig));
     BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc));
     BOOST_CHECK(detsig ==
                 ParseHex("1c9ffc56b38fbfc0e3eb2c42dff99d2375982449f35019c1b3d56"
                          "ca62bef187c5103e483a0ad481eaacc224fef4ee2995027300d5f"
                          "2457f7a20c43547aeddbae6e"));
     BOOST_CHECK(detsigc ==
                 ParseHex("209ffc56b38fbfc0e3eb2c42dff99d2375982449f35019c1b3d56"
                          "ca62bef187c5103e483a0ad481eaacc224fef4ee2995027300d5f"
                          "2457f7a20c43547aeddbae6e"));
     // Schnorr
     BOOST_CHECK(key1.SignSchnorr(hashMsg, detsig));
     BOOST_CHECK(key1C.SignSchnorr(hashMsg, detsigc));
     BOOST_CHECK(detsig == detsigc);
     BOOST_CHECK(detsig ==
                 ParseHex("2c56731ac2f7a7e7f11518fc7722a166b02438924ca9d8b4d1113"
                          "47b81d0717571846de67ad3d913a8fdf9d8f3f73161a4c48ae81c"
                          "b183b214765feb86e255ce"));
     BOOST_CHECK(key2.SignSchnorr(hashMsg, detsig));
     BOOST_CHECK(key2C.SignSchnorr(hashMsg, detsigc));
     BOOST_CHECK(detsig == detsigc);
     BOOST_CHECK(detsig ==
                 ParseHex("e7167ae0afbba6019b4c7fcfe6de79165d555e8295bd72da1b8aa"
                          "1a5b54305880517cace1bcb0cb515e2eeaffd49f1e4dd49fd7282"
                          "6b4b1573c84da49a38405d"));
 }
 
+BOOST_AUTO_TEST_CASE(key_signature_tests) {
+    // When entropy is specified, we should see at least one high R signature
+    // within 20 signatures
+    CKey key = DecodeSecret(strSecret1);
+    std::string msg = "A message to be signed";
+    uint256 msg_hash = Hash(msg.begin(), msg.end());
+    std::vector<uint8_t> sig;
+    bool found = false;
+
+    for (int i = 1; i <= 20; ++i) {
+        sig.clear();
+        key.SignECDSA(msg_hash, sig, false, i);
+        found = sig[3] == 0x21 && sig[4] == 0x00;
+        if (found) {
+            break;
+        }
+    }
+    BOOST_CHECK(found);
+
+    // When entropy is not specified, we should always see low R signatures that
+    // are less than 70 bytes in 256 tries We should see at least one signature
+    // that is less than 70 bytes.
+    found = true;
+    bool found_small = false;
+    for (int i = 0; i < 256; ++i) {
+        sig.clear();
+        msg = "A message to be signed" + std::to_string(i);
+        msg_hash = Hash(msg.begin(), msg.end());
+        key.SignECDSA(msg_hash, sig);
+        found = sig[3] == 0x20;
+        BOOST_CHECK(sig.size() <= 70);
+        found_small |= sig.size() < 70;
+    }
+    BOOST_CHECK(found);
+    BOOST_CHECK(found_small);
+}
+
 BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
index ee26f9f75..77a55e196 100644
--- a/src/test/script_tests.cpp
+++ b/src/test/script_tests.cpp
@@ -1,3076 +1,3076 @@
 // Copyright (c) 2011-2016 The Bitcoin Core developers
 // Copyright (c) 2017-2018 The Bitcoin developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <script/script.h>
 #include <script/script_error.h>
 #include <script/sighashtype.h>
 #include <script/sign.h>
 
 #include <core_io.h>
 #include <key.h>
 #include <keystore.h>
 #include <rpc/server.h>
 #include <streams.h>
 #include <util/strencodings.h>
 #include <util/system.h>
 
 #if defined(HAVE_CONSENSUS_LIB)
 #include <script/bitcoinconsensus.h>
 #endif
 
 #include <test/data/script_tests.json.h>
 #include <test/jsonutil.h>
 #include <test/scriptflags.h>
 #include <test/sigutil.h>
 #include <test/test_bitcoin.h>
 
 #include <boost/test/unit_test.hpp>
 
 #include <univalue.h>
 
 #include <cstdint>
 #include <fstream>
 #include <string>
 #include <vector>
 
 // Uncomment if you want to output updated JSON tests.
 #define UPDATE_JSON_TESTS
 
 static const uint32_t gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
 
 struct ScriptErrorDesc {
     ScriptError err;
     const char *name;
 };
 
 static ScriptErrorDesc script_errors[] = {
     {ScriptError::OK, "OK"},
     {ScriptError::UNKNOWN, "UNKNOWN_ERROR"},
     {ScriptError::EVAL_FALSE, "EVAL_FALSE"},
     {ScriptError::OP_RETURN, "OP_RETURN"},
     {ScriptError::SCRIPT_SIZE, "SCRIPT_SIZE"},
     {ScriptError::PUSH_SIZE, "PUSH_SIZE"},
     {ScriptError::OP_COUNT, "OP_COUNT"},
     {ScriptError::STACK_SIZE, "STACK_SIZE"},
     {ScriptError::SIG_COUNT, "SIG_COUNT"},
     {ScriptError::PUBKEY_COUNT, "PUBKEY_COUNT"},
     {ScriptError::INVALID_OPERAND_SIZE, "OPERAND_SIZE"},
     {ScriptError::INVALID_NUMBER_RANGE, "INVALID_NUMBER_RANGE"},
     {ScriptError::IMPOSSIBLE_ENCODING, "IMPOSSIBLE_ENCODING"},
     {ScriptError::INVALID_SPLIT_RANGE, "SPLIT_RANGE"},
     {ScriptError::INVALID_BIT_COUNT, "INVALID_BIT_COUNT"},
     {ScriptError::VERIFY, "VERIFY"},
     {ScriptError::EQUALVERIFY, "EQUALVERIFY"},
     {ScriptError::CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
     {ScriptError::CHECKSIGVERIFY, "CHECKSIGVERIFY"},
     {ScriptError::CHECKDATASIGVERIFY, "CHECKDATASIGVERIFY"},
     {ScriptError::NUMEQUALVERIFY, "NUMEQUALVERIFY"},
     {ScriptError::BAD_OPCODE, "BAD_OPCODE"},
     {ScriptError::DISABLED_OPCODE, "DISABLED_OPCODE"},
     {ScriptError::INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
     {ScriptError::INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
     {ScriptError::UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
     {ScriptError::NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
     {ScriptError::UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
     {ScriptError::SIG_HASHTYPE, "SIG_HASHTYPE"},
     {ScriptError::SIG_DER, "SIG_DER"},
     {ScriptError::MINIMALDATA, "MINIMALDATA"},
     {ScriptError::SIG_PUSHONLY, "SIG_PUSHONLY"},
     {ScriptError::SIG_HIGH_S, "SIG_HIGH_S"},
     {ScriptError::SIG_NULLDUMMY, "SIG_NULLDUMMY"},
     {ScriptError::PUBKEYTYPE, "PUBKEYTYPE"},
     {ScriptError::CLEANSTACK, "CLEANSTACK"},
     {ScriptError::MINIMALIF, "MINIMALIF"},
     {ScriptError::SIG_NULLFAIL, "NULLFAIL"},
     {ScriptError::SIG_BADLENGTH, "SIG_BADLENGTH"},
     {ScriptError::SIG_NONSCHNORR, "SIG_NONSCHNORR"},
     {ScriptError::DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
     {ScriptError::NONCOMPRESSED_PUBKEY, "NONCOMPRESSED_PUBKEY"},
     {ScriptError::ILLEGAL_FORKID, "ILLEGAL_FORKID"},
     {ScriptError::MUST_USE_FORKID, "MISSING_FORKID"},
     {ScriptError::DIV_BY_ZERO, "DIV_BY_ZERO"},
     {ScriptError::MOD_BY_ZERO, "MOD_BY_ZERO"},
     {ScriptError::INVALID_BITFIELD_SIZE, "BITFIELD_SIZE"},
     {ScriptError::INVALID_BIT_RANGE, "BIT_RANGE"},
 };
 
 static const char *FormatScriptError(ScriptError err) {
     for (size_t i = 0; i < ARRAYLEN(script_errors); ++i) {
         if (script_errors[i].err == err) {
             return script_errors[i].name;
         }
     }
 
     BOOST_ERROR("Unknown scripterror enumeration value, update script_errors "
                 "in script_tests.cpp.");
     return "";
 }
 
 static ScriptError ParseScriptError(const std::string &name) {
     for (size_t i = 0; i < ARRAYLEN(script_errors); ++i) {
         if (script_errors[i].name == name) {
             return script_errors[i].err;
         }
     }
 
     BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
     return ScriptError::UNKNOWN;
 }
 
 BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
 
 static CMutableTransaction
 BuildCreditingTransaction(const CScript &scriptPubKey, const Amount nValue) {
     CMutableTransaction txCredit;
     txCredit.nVersion = 1;
     txCredit.nLockTime = 0;
     txCredit.vin.resize(1);
     txCredit.vout.resize(1);
     txCredit.vin[0].prevout = COutPoint();
     txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
     txCredit.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
     txCredit.vout[0].scriptPubKey = scriptPubKey;
     txCredit.vout[0].nValue = nValue;
 
     return txCredit;
 }
 
 static CMutableTransaction
 BuildSpendingTransaction(const CScript &scriptSig,
                          const CTransaction &txCredit) {
     CMutableTransaction txSpend;
     txSpend.nVersion = 1;
     txSpend.nLockTime = 0;
     txSpend.vin.resize(1);
     txSpend.vout.resize(1);
     txSpend.vin[0].prevout = COutPoint(txCredit.GetId(), 0);
     txSpend.vin[0].scriptSig = scriptSig;
     txSpend.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
     txSpend.vout[0].scriptPubKey = CScript();
     txSpend.vout[0].nValue = txCredit.vout[0].nValue;
 
     return txSpend;
 }
 
 static void DoTest(const CScript &scriptPubKey, const CScript &scriptSig,
                    uint32_t flags, const std::string &message,
                    ScriptError scriptError, const Amount nValue) {
     bool expect = (scriptError == ScriptError::OK);
     if (flags & SCRIPT_VERIFY_CLEANSTACK) {
         flags |= SCRIPT_VERIFY_P2SH;
     }
 
     ScriptError err;
     const CTransaction txCredit{
         BuildCreditingTransaction(scriptPubKey, nValue)};
     CMutableTransaction tx = BuildSpendingTransaction(scriptSig, txCredit);
     CMutableTransaction tx2 = tx;
     BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, flags,
                                      MutableTransactionSignatureChecker(
                                          &tx, 0, txCredit.vout[0].nValue),
                                      &err) == expect,
                         message);
     BOOST_CHECK_MESSAGE(err == scriptError,
                         std::string(FormatScriptError(err)) + " where " +
                             std::string(FormatScriptError(scriptError)) +
                             " expected: " + message);
 #if defined(HAVE_CONSENSUS_LIB)
     CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
     stream << tx2;
     uint32_t libconsensus_flags =
         flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL;
     if (libconsensus_flags == flags) {
         if (flags & bitcoinconsensus_SCRIPT_ENABLE_SIGHASH_FORKID) {
             BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(
                                     scriptPubKey.data(), scriptPubKey.size(),
                                     txCredit.vout[0].nValue / SATOSHI,
                                     (const uint8_t *)&stream[0], stream.size(),
                                     0, libconsensus_flags, nullptr) == expect,
                                 message);
         } else {
             BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(
                                     scriptPubKey.data(), scriptPubKey.size(), 0,
                                     (const uint8_t *)&stream[0], stream.size(),
                                     0, libconsensus_flags, nullptr) == expect,
                                 message);
             BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(
                                     scriptPubKey.data(), scriptPubKey.size(),
                                     (const uint8_t *)&stream[0], stream.size(),
                                     0, libconsensus_flags, nullptr) == expect,
                                 message);
         }
     }
 #endif
 }
 
 namespace {
 const uint8_t vchKey0[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                              0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
 const uint8_t vchKey1[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                              0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0};
 const uint8_t vchKey2[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                              0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0};
 
 struct KeyData {
     CKey key0, key0C, key1, key1C, key2, key2C;
     CPubKey pubkey0, pubkey0C, pubkey0H;
     CPubKey pubkey1, pubkey1C;
     CPubKey pubkey2, pubkey2C;
 
     KeyData() {
         key0.Set(vchKey0, vchKey0 + 32, false);
         key0C.Set(vchKey0, vchKey0 + 32, true);
         pubkey0 = key0.GetPubKey();
         pubkey0H = key0.GetPubKey();
         pubkey0C = key0C.GetPubKey();
         *const_cast<uint8_t *>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
 
         key1.Set(vchKey1, vchKey1 + 32, false);
         key1C.Set(vchKey1, vchKey1 + 32, true);
         pubkey1 = key1.GetPubKey();
         pubkey1C = key1C.GetPubKey();
 
         key2.Set(vchKey2, vchKey2 + 32, false);
         key2C.Set(vchKey2, vchKey2 + 32, true);
         pubkey2 = key2.GetPubKey();
         pubkey2C = key2C.GetPubKey();
     }
 };
 
 class TestBuilder {
 private:
     //! Actually executed script
     CScript script;
     //! The P2SH redeemscript
     CScript redeemscript;
     CTransactionRef creditTx;
     CMutableTransaction spendTx;
     bool havePush;
     std::vector<uint8_t> push;
     std::string comment;
     uint32_t flags;
     ScriptError scriptError;
     Amount nValue;
 
     void DoPush() {
         if (havePush) {
             spendTx.vin[0].scriptSig << push;
             havePush = false;
         }
     }
 
     void DoPush(const std::vector<uint8_t> &data) {
         DoPush();
         push = data;
         havePush = true;
     }
 
     std::vector<uint8_t> DoSignECDSA(const CKey &key, const uint256 &hash,
                                      unsigned int lenR = 32,
                                      unsigned int lenS = 32) const {
         std::vector<uint8_t> vchSig, r, s;
         uint32_t iter = 0;
         do {
-            key.SignECDSA(hash, vchSig, iter++);
+            key.SignECDSA(hash, vchSig, false, iter++);
             if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
                 NegateSignatureS(vchSig);
             }
 
             r = std::vector<uint8_t>(vchSig.begin() + 4,
                                      vchSig.begin() + 4 + vchSig[3]);
             s = std::vector<uint8_t>(vchSig.begin() + 6 + vchSig[3],
                                      vchSig.begin() + 6 + vchSig[3] +
                                          vchSig[5 + vchSig[3]]);
         } while (lenR != r.size() || lenS != s.size());
 
         return vchSig;
     }
 
     std::vector<uint8_t> DoSignSchnorr(const CKey &key,
                                        const uint256 &hash) const {
         std::vector<uint8_t> vchSig;
 
         // no need to iterate for size; schnorrs are always same size.
         key.SignSchnorr(hash, vchSig);
 
         return vchSig;
     }
 
 public:
     TestBuilder(const CScript &script_, const std::string &comment_,
                 uint32_t flags_, bool P2SH = false,
                 Amount nValue_ = Amount::zero())
         : script(script_), havePush(false), comment(comment_), flags(flags_),
           scriptError(ScriptError::OK), nValue(nValue_) {
         CScript scriptPubKey = script;
         if (P2SH) {
             redeemscript = scriptPubKey;
             scriptPubKey = CScript()
                            << OP_HASH160
                            << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
         }
         creditTx =
             MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
         spendTx = BuildSpendingTransaction(CScript(), *creditTx);
     }
 
     TestBuilder &SetScriptError(ScriptError err) {
         scriptError = err;
         return *this;
     }
 
     TestBuilder &Add(const CScript &_script) {
         DoPush();
         spendTx.vin[0].scriptSig += _script;
         return *this;
     }
 
     TestBuilder &Num(int num) {
         DoPush();
         spendTx.vin[0].scriptSig << num;
         return *this;
     }
 
     TestBuilder &Push(const std::string &hex) {
         DoPush(ParseHex(hex));
         return *this;
     }
 
     TestBuilder &Push(const uint256 &hash) {
         DoPush(ToByteVector(hash));
         return *this;
     }
 
     TestBuilder &Push(const CScript &_script) {
         DoPush(std::vector<uint8_t>(_script.begin(), _script.end()));
         return *this;
     }
 
     TestBuilder &
     PushSigECDSA(const CKey &key, SigHashType sigHashType = SigHashType(),
                  unsigned int lenR = 32, unsigned int lenS = 32,
                  Amount amount = Amount::zero(),
                  uint32_t sigFlags = SCRIPT_ENABLE_SIGHASH_FORKID) {
         uint256 hash = SignatureHash(script, CTransaction(spendTx), 0,
                                      sigHashType, amount, nullptr, sigFlags);
         std::vector<uint8_t> vchSig = DoSignECDSA(key, hash, lenR, lenS);
         vchSig.push_back(static_cast<uint8_t>(sigHashType.getRawSigHashType()));
         DoPush(vchSig);
         return *this;
     }
 
     TestBuilder &
     PushSigSchnorr(const CKey &key, SigHashType sigHashType = SigHashType(),
                    Amount amount = Amount::zero(),
                    uint32_t sigFlags = SCRIPT_ENABLE_SIGHASH_FORKID) {
         uint256 hash = SignatureHash(script, CTransaction(spendTx), 0,
                                      sigHashType, amount, nullptr, sigFlags);
         std::vector<uint8_t> vchSig = DoSignSchnorr(key, hash);
         vchSig.push_back(static_cast<uint8_t>(sigHashType.getRawSigHashType()));
         DoPush(vchSig);
         return *this;
     }
 
     TestBuilder &PushDataSigECDSA(const CKey &key,
                                   const std::vector<uint8_t> &data,
                                   unsigned int lenR = 32,
                                   unsigned int lenS = 32) {
         std::vector<uint8_t> vchHash(32);
         CSHA256().Write(data.data(), data.size()).Finalize(vchHash.data());
 
         DoPush(DoSignECDSA(key, uint256(vchHash), lenR, lenS));
         return *this;
     }
 
     TestBuilder &PushDataSigSchnorr(const CKey &key,
                                     const std::vector<uint8_t> &data) {
         std::vector<uint8_t> vchHash(32);
         CSHA256().Write(data.data(), data.size()).Finalize(vchHash.data());
 
         DoPush(DoSignSchnorr(key, uint256(vchHash)));
         return *this;
     }
 
     TestBuilder &PushECDSARecoveredPubKey(
         const std::vector<uint8_t> &rdata, const std::vector<uint8_t> &sdata,
         SigHashType sigHashType = SigHashType(), Amount amount = Amount::zero(),
         uint32_t sigFlags = SCRIPT_ENABLE_SIGHASH_FORKID) {
         // This calculates a pubkey to verify with a given ECDSA transaction
         // signature.
         uint256 hash = SignatureHash(script, CTransaction(spendTx), 0,
                                      sigHashType, amount, nullptr, sigFlags);
 
         assert(rdata.size() <= 32);
         assert(sdata.size() <= 32);
 
         // Our strategy: make a 'key recovery' signature, and just try all the
         // recovery IDs. If none of them work then this means the 'r' value
         // doesn't have any corresponding point, and the caller should pick a
         // different r.
         std::vector<uint8_t> vchSig(65, 0);
         std::copy(rdata.begin(), rdata.end(),
                   vchSig.begin() + (33 - rdata.size()));
         std::copy(sdata.begin(), sdata.end(),
                   vchSig.begin() + (65 - sdata.size()));
 
         CPubKey key;
         for (uint8_t recid : {0, 1, 2, 3}) {
             vchSig[0] = 31 + recid;
             if (key.RecoverCompact(hash, vchSig)) {
                 // found a match
                 break;
             }
         }
         if (!key.IsValid()) {
             throw std::runtime_error(
                 std::string("Could not generate pubkey for ") + HexStr(rdata));
         }
         std::vector<uint8_t> vchKey(key.begin(), key.end());
 
         DoPush(vchKey);
         return *this;
     }
 
     TestBuilder &
     PushECDSASigFromParts(const std::vector<uint8_t> &rdata,
                           const std::vector<uint8_t> &sdata,
                           SigHashType sigHashType = SigHashType()) {
         // Constructs a DER signature out of variable-length r and s arrays &
         // adds hashtype byte.
         assert(rdata.size() <= 32);
         assert(sdata.size() <= 32);
         assert(rdata.size() > 0);
         assert(sdata.size() > 0);
         assert(rdata[0] != 0);
         assert(sdata[0] != 0);
         std::vector<uint8_t> vchSig{0x30, 0x00, 0x02};
         if (rdata[0] & 0x80) {
             vchSig.push_back(rdata.size() + 1);
             vchSig.push_back(0);
             vchSig.insert(vchSig.end(), rdata.begin(), rdata.end());
         } else {
             vchSig.push_back(rdata.size());
             vchSig.insert(vchSig.end(), rdata.begin(), rdata.end());
         }
         vchSig.push_back(0x02);
         if (sdata[0] & 0x80) {
             vchSig.push_back(sdata.size() + 1);
             vchSig.push_back(0);
             vchSig.insert(vchSig.end(), sdata.begin(), sdata.end());
         } else {
             vchSig.push_back(sdata.size());
             vchSig.insert(vchSig.end(), sdata.begin(), sdata.end());
         }
         vchSig[1] = vchSig.size() - 2;
         vchSig.push_back(static_cast<uint8_t>(sigHashType.getRawSigHashType()));
         DoPush(vchSig);
         return *this;
     }
 
     TestBuilder &Push(const CPubKey &pubkey) {
         DoPush(std::vector<uint8_t>(pubkey.begin(), pubkey.end()));
         return *this;
     }
 
     TestBuilder &PushRedeem() {
         DoPush(std::vector<uint8_t>(redeemscript.begin(), redeemscript.end()));
         return *this;
     }
 
     TestBuilder &EditPush(unsigned int pos, const std::string &hexin,
                           const std::string &hexout) {
         assert(havePush);
         std::vector<uint8_t> datain = ParseHex(hexin);
         std::vector<uint8_t> dataout = ParseHex(hexout);
         assert(pos + datain.size() <= push.size());
         BOOST_CHECK_MESSAGE(
             std::vector<uint8_t>(push.begin() + pos,
                                  push.begin() + pos + datain.size()) == datain,
             comment);
         push.erase(push.begin() + pos, push.begin() + pos + datain.size());
         push.insert(push.begin() + pos, dataout.begin(), dataout.end());
         return *this;
     }
 
     TestBuilder &DamagePush(unsigned int pos) {
         assert(havePush);
         assert(pos < push.size());
         push[pos] ^= 1;
         return *this;
     }
 
     TestBuilder &Test() {
         // Make a copy so we can rollback the push.
         TestBuilder copy = *this;
         DoPush();
         DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, flags,
                comment, scriptError, nValue);
         *this = copy;
         return *this;
     }
 
     UniValue GetJSON() {
         DoPush();
         UniValue array(UniValue::VARR);
         if (nValue != Amount::zero()) {
             UniValue amount(UniValue::VARR);
             amount.push_back(ValueFromAmount(nValue));
             array.push_back(amount);
         }
 
         array.push_back(FormatScript(spendTx.vin[0].scriptSig));
         array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
         array.push_back(FormatScriptFlags(flags));
         array.push_back(FormatScriptError(scriptError));
         array.push_back(comment);
         return array;
     }
 
     std::string GetComment() const { return comment; }
 };
 
 std::string JSONPrettyPrint(const UniValue &univalue) {
     std::string ret = univalue.write(4);
     // Workaround for libunivalue pretty printer, which puts a space between
     // commas and newlines
     size_t pos = 0;
     while ((pos = ret.find(" \n", pos)) != std::string::npos) {
         ret.replace(pos, 2, "\n");
         pos++;
     }
 
     return ret;
 }
 } // namespace
 
 BOOST_AUTO_TEST_CASE(script_build) {
     const KeyData keys;
 
     std::vector<TestBuilder> tests;
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK", 0)
             .PushSigECDSA(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK, bad sig", 0)
             .PushSigECDSA(keys.key0)
             .DamagePush(10)
             .SetScriptError(ScriptError::EVAL_FALSE));
 
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey1C.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2PKH", 0)
                         .PushSigECDSA(keys.key1)
                         .Push(keys.pubkey1C));
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey2C.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2PKH, bad pubkey", 0)
                         .PushSigECDSA(keys.key2)
                         .Push(keys.pubkey2C)
                         .DamagePush(5)
                         .SetScriptError(ScriptError::EQUALVERIFY));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2PK anyonecanpay", 0)
             .PushSigECDSA(keys.key1, SigHashType().withAnyoneCanPay()));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2PK anyonecanpay marked with normal hashtype", 0)
             .PushSigECDSA(keys.key1, SigHashType().withAnyoneCanPay())
             .EditPush(70, "81", "01")
             .SetScriptError(ScriptError::EVAL_FALSE));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                     "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true)
             .PushSigECDSA(keys.key0)
             .PushRedeem());
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                     "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true)
             .PushSigECDSA(keys.key0)
             .PushRedeem()
             .DamagePush(10)
             .SetScriptError(ScriptError::EVAL_FALSE));
 
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey0.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true)
                         .PushSigECDSA(keys.key0)
                         .Push(keys.pubkey0)
                         .PushRedeem());
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey1.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0,
                                 true)
                         .PushSigECDSA(keys.key0)
                         .DamagePush(10)
                         .PushRedeem());
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey1.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH,
                                 true)
                         .PushSigECDSA(keys.key0)
                         .DamagePush(10)
                         .PushRedeem()
                         .SetScriptError(ScriptError::EQUALVERIFY));
 
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "3-of-3", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key0)
                         .PushSigECDSA(keys.key1)
                         .PushSigECDSA(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "3-of-3, 2 sigs", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key0)
                         .PushSigECDSA(keys.key1)
                         .Num(0)
                         .SetScriptError(ScriptError::EVAL_FALSE));
 
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true)
                         .Num(0)
                         .PushSigECDSA(keys.key1)
                         .PushSigECDSA(keys.key2)
                         .PushRedeem());
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true)
                         .Num(0)
                         .PushSigECDSA(keys.key1)
                         .Num(0)
                         .PushRedeem()
                         .SetScriptError(ScriptError::EVAL_FALSE));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too much R padding but no DERSIG", 0)
             .PushSigECDSA(keys.key1, SigHashType(), 31, 32)
             .EditPush(1, "43021F", "44022000"));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG)
             .PushSigECDSA(keys.key1, SigHashType(), 31, 32)
             .EditPush(1, "43021F", "44022000")
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too much S padding but no DERSIG", 0)
             .PushSigECDSA(keys.key1)
             .EditPush(1, "44", "45")
             .EditPush(37, "20", "2100"));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG)
             .PushSigECDSA(keys.key1)
             .EditPush(1, "44", "45")
             .EditPush(37, "20", "2100")
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too little R padding but no DERSIG", 0)
             .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
             .EditPush(1, "45022100", "440220"));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG)
             .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
             .EditPush(1, "45022100", "440220")
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
             "P2PK NOT with bad sig with too much R padding but no DERSIG", 0)
             .PushSigECDSA(keys.key2, SigHashType(), 31, 32)
             .EditPush(1, "43021F", "44022000")
             .DamagePush(10));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "P2PK NOT with bad sig with too much R padding",
                                 SCRIPT_VERIFY_DERSIG)
                         .PushSigECDSA(keys.key2, SigHashType(), 31, 32)
                         .EditPush(1, "43021F", "44022000")
                         .DamagePush(10)
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript()
                         << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
                     "P2PK NOT with too much R padding but no DERSIG", 0)
             .PushSigECDSA(keys.key2, SigHashType(), 31, 32)
             .EditPush(1, "43021F", "44022000")
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "P2PK NOT with too much R padding",
                                 SCRIPT_VERIFY_DERSIG)
                         .PushSigECDSA(keys.key2, SigHashType(), 31, 32)
                         .EditPush(1, "43021F", "44022000")
                         .SetScriptError(ScriptError::SIG_DER));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 1, without DERSIG", 0)
             .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
             .EditPush(1, "45022100", "440220"));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG)
             .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
             .EditPush(1, "45022100", "440220")
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 2, without DERSIG", 0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 2, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 3, without DERSIG", 0)
             .Num(0)
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG)
             .Num(0)
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 4, without DERSIG", 0)
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 4, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             "BIP66 example 4, with DERSIG, non-null DER-compliant signature",
             SCRIPT_VERIFY_DERSIG)
             .Push("300602010102010101"));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 4, with DERSIG and NULLFAIL",
                                 SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_NULLFAIL)
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 4, with DERSIG and NULLFAIL, "
                                 "non-null DER-compliant signature",
                                 SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_NULLFAIL)
                         .Push("300602010102010101")
                         .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 5, without DERSIG", 0)
             .Num(1)
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                     "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG)
             .Num(1)
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 6, without DERSIG", 0)
                         .Num(1));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKSIG << OP_NOT,
                                 "BIP66 example 6, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(1)
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 7, without DERSIG", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .PushSigECDSA(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 7, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .PushSigECDSA(keys.key2)
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 8, without DERSIG", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .PushSigECDSA(keys.key2)
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 8, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .PushSigECDSA(keys.key2)
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 9, without DERSIG", 0)
                         .Num(0)
                         .Num(0)
                         .PushSigECDSA(keys.key2, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 9, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .Num(0)
                         .PushSigECDSA(keys.key2, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 10, without DERSIG", 0)
                         .Num(0)
                         .Num(0)
                         .PushSigECDSA(keys.key2, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220"));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 10, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .Num(0)
                         .PushSigECDSA(keys.key2, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 11, without DERSIG", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .Num(0)
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "BIP66 example 11, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .Num(0)
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 12, without DERSIG", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_2
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "BIP66 example 12, with DERSIG",
                                 SCRIPT_VERIFY_DERSIG)
                         .Num(0)
                         .PushSigECDSA(keys.key1, SigHashType(), 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2PK with multi-byte hashtype, without DERSIG", 0)
             .PushSigECDSA(keys.key2)
             .EditPush(70, "01", "0101"));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2PK with multi-byte hashtype, with DERSIG",
                     SCRIPT_VERIFY_DERSIG)
             .PushSigECDSA(keys.key2)
             .EditPush(70, "01", "0101")
             .SetScriptError(ScriptError::SIG_DER));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2PK with high S but no LOW_S", 0)
             .PushSigECDSA(keys.key2, SigHashType(), 32, 33));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2PK with high S", SCRIPT_VERIFY_LOW_S)
             .PushSigECDSA(keys.key2, SigHashType(), 32, 33)
             .SetScriptError(ScriptError::SIG_HIGH_S));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                     "P2PK with hybrid pubkey but no STRICTENC", 0)
             .PushSigECDSA(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                     "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC)
             .PushSigECDSA(keys.key0, SigHashType())
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                                           << OP_CHECKSIG << OP_NOT,
                                 "P2PK NOT with hybrid pubkey but no STRICTENC",
                                 0)
                         .PushSigECDSA(keys.key0)
                         .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                                           << OP_CHECKSIG << OP_NOT,
                                 "P2PK NOT with hybrid pubkey",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigECDSA(keys.key0)
                         .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(CScript()
                         << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
                     "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0)
             .PushSigECDSA(keys.key0)
             .DamagePush(10));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                                           << OP_CHECKSIG << OP_NOT,
                                 "P2PK NOT with invalid hybrid pubkey",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigECDSA(keys.key0)
                         .DamagePush(10)
                         .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H)
                               << ToByteVector(keys.pubkey1C) << OP_2
                               << OP_CHECKMULTISIG,
                     "1-of-2 with the second 1 hybrid pubkey and no STRICTENC",
                     0)
             .Num(0)
             .PushSigECDSA(keys.key1));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H)
                                           << ToByteVector(keys.pubkey1C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "1-of-2 with the second 1 hybrid pubkey",
                                 SCRIPT_VERIFY_STRICTENC)
                         .Num(0)
                         .PushSigECDSA(keys.key1));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey0H) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "1-of-2 with the first 1 hybrid pubkey",
                                 SCRIPT_VERIFY_STRICTENC)
                         .Num(0)
                         .PushSigECDSA(keys.key1)
                         .SetScriptError(ScriptError::PUBKEYTYPE));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2PK with undefined hashtype but no STRICTENC", 0)
             .PushSigECDSA(keys.key1, SigHashType(5)));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC)
             .PushSigECDSA(keys.key1, SigHashType(5))
             .SetScriptError(ScriptError::SIG_HASHTYPE));
 
     // Generate P2PKH tests for invalid SigHashType
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey0.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2PKH with invalid sighashtype", 0)
                         .PushSigECDSA(keys.key0, SigHashType(0x21), 32, 32,
                                       Amount::zero(), 0)
                         .Push(keys.pubkey0));
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey0.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "P2PKH with invalid sighashtype and STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigECDSA(keys.key0, SigHashType(0x21), 32, 32,
                                       Amount::zero(), SCRIPT_VERIFY_STRICTENC)
                         .Push(keys.pubkey0)
                         // Should fail for STRICTENC
                         .SetScriptError(ScriptError::SIG_HASHTYPE));
 
     // Generate P2SH tests for invalid SigHashType
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2SH(P2PK) with invalid sighashtype", SCRIPT_VERIFY_P2SH,
                     true)
             .PushSigECDSA(keys.key1, SigHashType(0x21))
             .PushRedeem());
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "P2SH(P2PK) with invalid sighashtype and STRICTENC",
                     SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC, true)
             .PushSigECDSA(keys.key1, SigHashType(0x21))
             .PushRedeem()
             // Should fail for STRICTENC
             .SetScriptError(ScriptError::SIG_HASHTYPE));
 
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
             "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC",
             0)
             .PushSigECDSA(keys.key1, SigHashType(5))
             .DamagePush(10));
     tests.push_back(
         TestBuilder(CScript()
                         << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
                     "P2PK NOT with invalid sig and undefined hashtype",
                     SCRIPT_VERIFY_STRICTENC)
             .PushSigECDSA(keys.key1, SigHashType(5))
             .DamagePush(10)
             .SetScriptError(ScriptError::SIG_HASHTYPE));
 
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "3-of-3 with nonzero dummy but no NULLDUMMY", 0)
                         .Num(1)
                         .PushSigECDSA(keys.key0)
                         .PushSigECDSA(keys.key1)
                         .PushSigECDSA(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "3-of-3 with nonzero dummy",
                                 SCRIPT_VERIFY_NULLDUMMY)
                         .Num(1)
                         .PushSigECDSA(keys.key0)
                         .PushSigECDSA(keys.key1)
                         .PushSigECDSA(keys.key2)
                         .SetScriptError(ScriptError::SIG_NULLDUMMY));
     tests.push_back(
         TestBuilder(
             CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C)
                       << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG
                       << OP_NOT,
             "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0)
             .Num(1)
             .PushSigECDSA(keys.key0)
             .PushSigECDSA(keys.key1)
             .PushSigECDSA(keys.key2)
             .DamagePush(10));
     tests.push_back(
         TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG << OP_NOT,
                     "3-of-3 NOT with invalid sig with nonzero dummy",
                     SCRIPT_VERIFY_NULLDUMMY)
             .Num(1)
             .PushSigECDSA(keys.key0)
             .PushSigECDSA(keys.key1)
             .PushSigECDSA(keys.key2)
             .DamagePush(10)
             .SetScriptError(ScriptError::SIG_NULLDUMMY));
 
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey1C) << OP_2
                                           << OP_CHECKMULTISIG,
                                 "2-of-2 with two identical keys and sigs "
                                 "pushed using OP_DUP but no SIGPUSHONLY",
                                 0)
                         .Num(0)
                         .PushSigECDSA(keys.key1)
                         .Add(CScript() << OP_DUP));
     tests.push_back(
         TestBuilder(
             CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                       << ToByteVector(keys.pubkey1C) << OP_2
                       << OP_CHECKMULTISIG,
             "2-of-2 with two identical keys and sigs pushed using OP_DUP",
             SCRIPT_VERIFY_SIGPUSHONLY)
             .Num(0)
             .PushSigECDSA(keys.key1)
             .Add(CScript() << OP_DUP)
             .SetScriptError(ScriptError::SIG_PUSHONLY));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
             "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0,
             true)
             .PushSigECDSA(keys.key2)
             .Add(CScript() << OP_NOP8)
             .PushRedeem());
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2PK with non-push scriptSig but with P2SH validation", 0)
             .PushSigECDSA(keys.key2)
             .Add(CScript() << OP_NOP8));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY",
                     SCRIPT_VERIFY_P2SH, true)
             .PushSigECDSA(keys.key2)
             .Add(CScript() << OP_NOP8)
             .PushRedeem()
             .SetScriptError(ScriptError::SIG_PUSHONLY));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                     "P2SH(P2PK) with non-push scriptSig but not P2SH",
                     SCRIPT_VERIFY_SIGPUSHONLY, true)
             .PushSigECDSA(keys.key2)
             .Add(CScript() << OP_NOP8)
             .PushRedeem()
             .SetScriptError(ScriptError::SIG_PUSHONLY));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey1C) << OP_2
                               << OP_CHECKMULTISIG,
                     "2-of-2 with two identical keys and sigs pushed",
                     SCRIPT_VERIFY_SIGPUSHONLY)
             .Num(0)
             .PushSigECDSA(keys.key1)
             .PushSigECDSA(keys.key1));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK with unnecessary input but no CLEANSTACK",
                     SCRIPT_VERIFY_P2SH)
             .Num(11)
             .PushSigECDSA(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK with unnecessary input",
                     SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH)
             .Num(11)
             .PushSigECDSA(keys.key0)
             .SetScriptError(ScriptError::CLEANSTACK));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2SH with unnecessary input but no CLEANSTACK",
                     SCRIPT_VERIFY_P2SH, true)
             .Num(11)
             .PushSigECDSA(keys.key0)
             .PushRedeem());
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2SH with unnecessary input",
                     SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true)
             .Num(11)
             .PushSigECDSA(keys.key0)
             .PushRedeem()
             .SetScriptError(ScriptError::CLEANSTACK));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2SH with CLEANSTACK",
                     SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true)
             .PushSigECDSA(keys.key0)
             .PushRedeem());
 
     static const Amount TEST_AMOUNT(int64_t(12345000000000) * SATOSHI);
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK FORKID", SCRIPT_ENABLE_SIGHASH_FORKID, false,
                     TEST_AMOUNT)
             .PushSigECDSA(keys.key0, SigHashType().withForkId(), 32, 32,
                           TEST_AMOUNT));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK INVALID AMOUNT", SCRIPT_ENABLE_SIGHASH_FORKID, false,
                     TEST_AMOUNT)
             .PushSigECDSA(keys.key0, SigHashType().withForkId(), 32, 32,
                           TEST_AMOUNT + SATOSHI)
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK INVALID FORKID", SCRIPT_VERIFY_STRICTENC, false,
                     TEST_AMOUNT)
             .PushSigECDSA(keys.key0, SigHashType().withForkId(), 32, 32,
                           TEST_AMOUNT)
             .SetScriptError(ScriptError::ILLEGAL_FORKID));
 
     // Test replay protection
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK REPLAY PROTECTED",
                     SCRIPT_ENABLE_SIGHASH_FORKID |
                         SCRIPT_ENABLE_REPLAY_PROTECTION,
                     false, TEST_AMOUNT)
             .PushSigECDSA(keys.key0, SigHashType().withForkId(), 32, 32,
                           TEST_AMOUNT,
                           SCRIPT_ENABLE_SIGHASH_FORKID |
                               SCRIPT_ENABLE_REPLAY_PROTECTION));
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "P2PK REPLAY PROTECTED",
                     SCRIPT_ENABLE_SIGHASH_FORKID |
                         SCRIPT_ENABLE_REPLAY_PROTECTION,
                     false, TEST_AMOUNT)
             .PushSigECDSA(keys.key0, SigHashType().withForkId(), 32, 32,
                           TEST_AMOUNT, SCRIPT_ENABLE_SIGHASH_FORKID)
             .SetScriptError(ScriptError::EVAL_FALSE));
 
     // Test OP_CHECKDATASIG
     const uint32_t checkdatasigflags =
         SCRIPT_VERIFY_STRICTENC | SCRIPT_VERIFY_NULLFAIL;
 
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
                     "Standard CHECKDATASIG", checkdatasigflags)
             .PushDataSigECDSA(keys.key1, {})
             .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIG << OP_NOT,
                                 "CHECKDATASIG with NULLFAIL flags",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key1, {})
                         .Num(1)
                         .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIG << OP_NOT,
                                 "CHECKDATASIG without NULLFAIL flags",
                                 checkdatasigflags & ~SCRIPT_VERIFY_NULLFAIL)
                         .PushDataSigECDSA(keys.key1, {})
                         .Num(1));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIG << OP_NOT,
                                 "CHECKDATASIG empty signature",
                                 checkdatasigflags)
                         .Num(0)
                         .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
                     "CHECKDATASIG with High S but no Low S", checkdatasigflags)
             .PushDataSigECDSA(keys.key1, {}, 32, 33)
             .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
                     "CHECKDATASIG with High S",
                     checkdatasigflags | SCRIPT_VERIFY_LOW_S)
             .PushDataSigECDSA(keys.key1, {}, 32, 33)
             .Num(0)
             .SetScriptError(ScriptError::SIG_HIGH_S));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
                     "CHECKDATASIG with too little R padding but no DERSIG",
                     checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
             .PushDataSigECDSA(keys.key1, {}, 33, 32)
             .EditPush(1, "45022100", "440220")
             .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
                     "CHECKDATASIG with too little R padding", checkdatasigflags)
             .PushDataSigECDSA(keys.key1, {}, 33, 32)
             .EditPush(1, "45022100", "440220")
             .Num(0)
             .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
                     "CHECKDATASIG with hybrid pubkey but no STRICTENC",
                     checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
             .PushDataSigECDSA(keys.key0, {})
             .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
                     "CHECKDATASIG with hybrid pubkey", checkdatasigflags)
             .PushDataSigECDSA(keys.key0, {})
             .Num(0)
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG
                               << OP_NOT,
                     "CHECKDATASIG with invalid hybrid pubkey but no STRICTENC",
                     0)
             .PushDataSigECDSA(keys.key0, {})
             .DamagePush(10)
             .Num(0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
                     "CHECKDATASIG with invalid hybrid pubkey",
                     checkdatasigflags)
             .PushDataSigECDSA(keys.key0, {})
             .DamagePush(10)
             .Num(0)
             .SetScriptError(ScriptError::PUBKEYTYPE));
 
     // Test OP_CHECKDATASIGVERIFY
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "Standard CHECKDATASIGVERIFY",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key1, {})
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY with NULLFAIL flags",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key1, {})
                         .Num(1)
                         .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY without NULLFAIL flags",
                                 checkdatasigflags & ~SCRIPT_VERIFY_NULLFAIL)
                         .PushDataSigECDSA(keys.key1, {})
                         .Num(1)
                         .SetScriptError(ScriptError::CHECKDATASIGVERIFY));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY empty signature",
                                 checkdatasigflags)
                         .Num(0)
                         .Num(0)
                         .SetScriptError(ScriptError::CHECKDATASIGVERIFY));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIG with High S but no Low S",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key1, {}, 32, 33)
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIG with High S",
                                 checkdatasigflags | SCRIPT_VERIFY_LOW_S)
                         .PushDataSigECDSA(keys.key1, {}, 32, 33)
                         .Num(0)
                         .SetScriptError(ScriptError::SIG_HIGH_S));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIGVERIFY
                       << OP_TRUE,
             "CHECKDATASIGVERIFY with too little R padding but no DERSIG",
             checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
             .PushDataSigECDSA(keys.key1, {}, 33, 32)
             .EditPush(1, "45022100", "440220")
             .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY with too little R padding",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key1, {}, 33, 32)
                         .EditPush(1, "45022100", "440220")
                         .Num(0)
                         .SetScriptError(ScriptError::SIG_DER));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                               << OP_CHECKDATASIGVERIFY << OP_TRUE,
                     "CHECKDATASIGVERIFY with hybrid pubkey but no STRICTENC",
                     checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
             .PushDataSigECDSA(keys.key0, {})
             .Num(0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY with hybrid pubkey",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key0, {})
                         .Num(0)
                         .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIGVERIFY
                       << OP_TRUE,
             "CHECKDATASIGVERIFY with invalid hybrid pubkey but no STRICTENC", 0)
             .PushDataSigECDSA(keys.key0, {})
             .DamagePush(10)
             .Num(0)
             .SetScriptError(ScriptError::CHECKDATASIGVERIFY));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
                                           << OP_CHECKDATASIGVERIFY << OP_TRUE,
                                 "CHECKDATASIGVERIFY with invalid hybrid pubkey",
                                 checkdatasigflags)
                         .PushDataSigECDSA(keys.key0, {})
                         .DamagePush(10)
                         .Num(0)
                         .SetScriptError(ScriptError::PUBKEYTYPE));
 
     // Test all six CHECK*SIG* opcodes with Schnorr signatures.
     // - STRICTENC flag on/off.
     // - test with different key / mismatching key
 
     // CHECKSIG and Schnorr
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "CHECKSIG Schnorr", 0)
             .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "CHECKSIG Schnorr w/ STRICTENC", SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "CHECKSIG Schnorr other key", SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key1));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIG << OP_NOT,
                                 "CHECKSIG Schnorr mismatched key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigSchnorr(keys.key1));
 
     // CHECKSIGVERIFY and Schnorr
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIGVERIFY << OP_1,
                                 "CHECKSIGVERIFY Schnorr", 0)
                         .PushSigSchnorr(keys.key0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIGVERIFY << OP_1,
                                 "CHECKSIGVERIFY Schnorr w/ STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigSchnorr(keys.key0));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1)
                                           << OP_CHECKSIGVERIFY << OP_1,
                                 "CHECKSIGVERIFY Schnorr other key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigSchnorr(keys.key1));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIGVERIFY << OP_1,
                                 "CHECKSIGVERIFY Schnorr mismatched key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigSchnorr(keys.key1)
                         .SetScriptError(ScriptError::CHECKSIGVERIFY));
 
     // CHECKDATASIG and Schnorr
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIG,
                                 "CHECKDATASIG Schnorr", 0)
                         .PushDataSigSchnorr(keys.key0, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIG,
                                 "CHECKDATASIG Schnorr w/ STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key0, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIG,
                                 "CHECKDATASIG Schnorr other key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIG << OP_NOT,
                                 "CHECKDATASIG Schnorr mismatched key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {}));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIG,
                                 "CHECKDATASIG Schnorr other message",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {1}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIG << OP_NOT,
                                 "CHECKDATASIG Schnorr wrong message",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {1}));
 
     // CHECKDATASIGVERIFY and Schnorr
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr", 0)
                         .PushDataSigSchnorr(keys.key0, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr w/ STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key0, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr other key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey0)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr mismatched key",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {})
                         .SetScriptError(ScriptError::CHECKDATASIGVERIFY));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr other message",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {1}));
     tests.push_back(TestBuilder(CScript() << OP_0 << ToByteVector(keys.pubkey1)
                                           << OP_CHECKDATASIGVERIFY << OP_1,
                                 "CHECKDATASIGVERIFY Schnorr wrong message",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushDataSigSchnorr(keys.key1, {1})
                         .SetScriptError(ScriptError::CHECKDATASIGVERIFY));
 
     // CHECKMULTISIG 1-of-1 and Schnorr
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0)
                                           << OP_1 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG Schnorr w/ no STRICTENC", 0)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0)
                                           << OP_1 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG Schnorr w/ STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
 
     // Test multisig with multiple Schnorr signatures
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "Schnorr 3-of-3", 0)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "Schnorr-ECDSA-mixed 3-of-3", 0)
                         .Num(0)
                         .PushSigECDSA(keys.key0)
                         .PushSigECDSA(keys.key1)
                         .PushSigSchnorr(keys.key2)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
 
     // CHECKMULTISIGVERIFY 1-of-1 and Schnorr
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0) << OP_1
                               << OP_CHECKMULTISIGVERIFY << OP_1,
                     "CHECKMULTISIGVERIFY Schnorr w/ no STRICTENC", 0)
             .Num(0)
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(TestBuilder(CScript()
                                     << OP_1 << ToByteVector(keys.pubkey0)
                                     << OP_1 << OP_CHECKMULTISIGVERIFY << OP_1,
                                 "CHECKMULTISIGVERIFY Schnorr w/ STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
 
     // Test damaged Schnorr signatures
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIG << OP_NOT,
                                 "Schnorr P2PK, bad sig", 0)
                         .PushSigSchnorr(keys.key0)
                         .DamagePush(10));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIG << OP_NOT,
                                 "Schnorr P2PK, bad sig STRICTENC",
                                 SCRIPT_VERIFY_STRICTENC)
                         .PushSigSchnorr(keys.key0)
                         .DamagePush(10));
     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0)
                                           << OP_CHECKSIG << OP_NOT,
                                 "Schnorr P2PK, bad sig NULLFAIL",
                                 SCRIPT_VERIFY_NULLFAIL)
                         .PushSigSchnorr(keys.key0)
                         .DamagePush(10)
                         .SetScriptError(ScriptError::SIG_NULLFAIL));
 
     // Make sure P2PKH works with Schnorr
     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160
                                           << ToByteVector(keys.pubkey1C.GetID())
                                           << OP_EQUALVERIFY << OP_CHECKSIG,
                                 "Schnorr P2PKH", 0)
                         .PushSigSchnorr(keys.key1)
                         .Push(keys.pubkey1C));
 
     // Test of different pubkey encodings with Schnorr
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                     "Schnorr P2PK with compressed pubkey",
                     SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key0, SigHashType()));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "Schnorr P2PK with uncompressed pubkey",
                     SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key0, SigHashType()));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                     "Schnorr P2PK with uncompressed pubkey but "
                     "COMPRESSED_PUBKEYTYPE set",
                     SCRIPT_VERIFY_STRICTENC |
                         SCRIPT_VERIFY_COMPRESSED_PUBKEYTYPE)
             .PushSigSchnorr(keys.key0, SigHashType())
             .SetScriptError(ScriptError::NONCOMPRESSED_PUBKEY));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                     "Schnorr P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key0, SigHashType())
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                     "Schnorr P2PK with hybrid pubkey but no STRICTENC", 0)
             .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(
             CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
             "Schnorr P2PK NOT with damaged hybrid pubkey but no STRICTENC", 0)
             .PushSigSchnorr(keys.key0)
             .DamagePush(10));
 
     // Ensure sighash types get checked with schnorr
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK with undefined basehashtype and STRICTENC",
                     SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key1, SigHashType(5))
             .SetScriptError(ScriptError::SIG_HASHTYPE));
     tests.push_back(
         TestBuilder(CScript() << OP_DUP << OP_HASH160
                               << ToByteVector(keys.pubkey0.GetID())
                               << OP_EQUALVERIFY << OP_CHECKSIG,
                     "Schnorr P2PKH with invalid sighashtype but no STRICTENC",
                     0)
             .PushSigSchnorr(keys.key0, SigHashType(0x21), Amount::zero(), 0)
             .Push(keys.pubkey0));
     tests.push_back(
         TestBuilder(CScript() << OP_DUP << OP_HASH160
                               << ToByteVector(keys.pubkey0.GetID())
                               << OP_EQUALVERIFY << OP_CHECKSIG,
                     "Schnorr P2PKH with invalid sighashtype and STRICTENC",
                     SCRIPT_VERIFY_STRICTENC)
             .PushSigSchnorr(keys.key0, SigHashType(0x21), Amount::zero(),
                             SCRIPT_VERIFY_STRICTENC)
             .Push(keys.pubkey0)
             .SetScriptError(ScriptError::SIG_HASHTYPE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK anyonecanpay", 0)
             .PushSigSchnorr(keys.key1, SigHashType().withAnyoneCanPay()));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK anyonecanpay marked with normal hashtype", 0)
             .PushSigSchnorr(keys.key1, SigHashType().withAnyoneCanPay())
             .EditPush(64, "81", "01")
             .SetScriptError(ScriptError::EVAL_FALSE));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK with forkID",
                     SCRIPT_VERIFY_STRICTENC | SCRIPT_ENABLE_SIGHASH_FORKID)
             .PushSigSchnorr(keys.key1, SigHashType().withForkId()));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK with non-forkID sig",
                     SCRIPT_VERIFY_STRICTENC | SCRIPT_ENABLE_SIGHASH_FORKID)
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::MUST_USE_FORKID));
     tests.push_back(
         TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                     "Schnorr P2PK with cheater forkID bit",
                     SCRIPT_VERIFY_STRICTENC | SCRIPT_ENABLE_SIGHASH_FORKID)
             .PushSigSchnorr(keys.key1)
             .EditPush(64, "01", "41")
             .SetScriptError(ScriptError::EVAL_FALSE));
 
     {
         // There is a point with x = 7 + order but not x = 7.
         // Since r = x mod order, this can have valid signatures, as
         // demonstrated here.
         std::vector<uint8_t> rdata{7};
         std::vector<uint8_t> sdata{7};
         tests.push_back(TestBuilder(CScript() << OP_CHECKSIG,
                                     "recovered-pubkey CHECKSIG 7,7 (wrapped r)",
                                     SCRIPT_VERIFY_STRICTENC)
                             .PushECDSASigFromParts(rdata, sdata)
                             .PushECDSARecoveredPubKey(rdata, sdata));
     }
     {
         // Arbitrary r value that is 29 bytes long, to give room for varying
         // the length of s:
         std::vector<uint8_t> rdata = ParseHex(
             "776879206d757374207765207375666665722077697468206563647361");
         std::vector<uint8_t> sdata(58 - rdata.size() - 1, 33);
         tests.push_back(
             TestBuilder(CScript() << OP_CHECKSIG,
                         "recovered-pubkey CHECKSIG with 63-byte DER",
                         SCRIPT_VERIFY_STRICTENC)
                 .PushECDSASigFromParts(rdata, sdata)
                 .PushECDSARecoveredPubKey(rdata, sdata));
     }
     {
         // 64-byte ECDSA sig does not work.
         std::vector<uint8_t> rdata = ParseHex(
             "776879206d757374207765207375666665722077697468206563647361");
         std::vector<uint8_t> sdata(58 - rdata.size(), 33);
         tests.push_back(
             TestBuilder(CScript() << OP_CHECKSIG,
                         "recovered-pubkey CHECKSIG with 64-byte DER",
                         SCRIPT_VERIFY_STRICTENC)
                 .PushECDSASigFromParts(rdata, sdata)
                 .PushECDSARecoveredPubKey(rdata, sdata)
                 .SetScriptError(ScriptError::EVAL_FALSE));
     }
     {
         std::vector<uint8_t> rdata = ParseHex(
             "776879206d757374207765207375666665722077697468206563647361");
         std::vector<uint8_t> sdata(58 - rdata.size() + 1, 33);
         tests.push_back(
             TestBuilder(CScript() << OP_CHECKSIG,
                         "recovered-pubkey CHECKSIG with 65-byte DER",
                         SCRIPT_VERIFY_STRICTENC)
                 .PushECDSASigFromParts(rdata, sdata)
                 .PushECDSARecoveredPubKey(rdata, sdata));
     }
     {
         // Try 64-byte ECDSA sig again, in multisig.
         std::vector<uint8_t> rdata = ParseHex(
             "776879206d757374207765207375666665722077697468206563647361");
         std::vector<uint8_t> sdata(58 - rdata.size(), 33);
         tests.push_back(
             TestBuilder(CScript()
                             << OP_1 << OP_SWAP << OP_1 << OP_CHECKMULTISIG,
                         "recovered-pubkey CHECKMULTISIG with 64-byte DER",
                         SCRIPT_VERIFY_STRICTENC)
                 .Num(0)
                 .PushECDSASigFromParts(rdata, sdata)
                 .PushECDSARecoveredPubKey(rdata, sdata)
                 .SetScriptError(ScriptError::SIG_BADLENGTH));
     }
 
     // New-multisig tests follow. New multisig will activate with a bunch of
     // related flags active from other upgrades, so we do tests with this group
     // of flags turned on:
     uint32_t newmultisigflags =
         SCRIPT_ENABLE_SCHNORR_MULTISIG | SCRIPT_VERIFY_NULLFAIL |
         SCRIPT_VERIFY_MINIMALDATA | SCRIPT_VERIFY_STRICTENC;
 
     // Tests of the legacy multisig (null dummy element), but with the
     // SCRIPT_ENABLE_SCHNORR_MULTISIG flag turned on. These show the desired
     // legacy behaviour that should be retained.
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H)
                               << ToByteVector(keys.pubkey1C) << OP_2
                               << OP_CHECKMULTISIG,
                     "1-of-2 with unchecked hybrid pubkey with SCHNORR_MULTISIG",
                     newmultisigflags)
             .Num(0)
             .PushSigECDSA(keys.key1));
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey0H) << OP_2
                               << OP_CHECKMULTISIG,
                     "1-of-2 with checked hybrid pubkey with SCHNORR_MULTISIG",
                     newmultisigflags)
             .Num(0)
             .PushSigECDSA(keys.key1)
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(
             CScript() << OP_1 << ToByteVector(keys.pubkey0) << OP_1
                       << OP_CHECKMULTISIG,
             "Legacy 1-of-1 Schnorr w/ SCHNORR_MULTISIG but no STRICTENC",
             newmultisigflags & ~SCRIPT_VERIFY_STRICTENC)
             .Num(0)
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0)
                                           << OP_1 << OP_CHECKMULTISIG,
                                 "Legacy 1-of-1 Schnorr w/ SCHNORR_MULTISIG",
                                 newmultisigflags)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "Legacy 3-of-3 Schnorr w/ SCHNORR_MULTISIG",
                                 newmultisigflags)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(
         TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "Legacy 3-of-3 mixed Schnorr-ECDSA w/ SCHNORR_MULTISIG",
                     newmultisigflags)
             .Num(0)
             .PushSigECDSA(keys.key0)
             .PushSigECDSA(keys.key1)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::SIG_BADLENGTH));
     {
         // Try valid 64-byte ECDSA sig in multisig.
         std::vector<uint8_t> rdata = ParseHex(
             "776879206d757374207765207375666665722077697468206563647361");
         std::vector<uint8_t> sdata(58 - rdata.size(), 33);
         tests.push_back(TestBuilder(CScript() << OP_1 << OP_SWAP << OP_1
                                               << OP_CHECKMULTISIG,
                                     "recovered-pubkey CHECKMULTISIG with "
                                     "64-byte DER w/ SCHNORR_MULTISIG",
                                     newmultisigflags)
                             .Num(0)
                             .PushECDSASigFromParts(rdata, sdata)
                             .PushECDSARecoveredPubKey(rdata, sdata)
                             .SetScriptError(ScriptError::SIG_BADLENGTH));
     }
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG << OP_NOT,
                                 "CHECKMULTISIG 2-of-3 w/ SCHNORR_MULTISIG "
                                 "(return-false still valid via legacy mode)",
                                 newmultisigflags)
                         .Num(0)
                         .Num(0)
                         .Num(0));
     tests.push_back(TestBuilder(CScript() << OP_0 << OP_0 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 0-of-0 w/ SCHNORR_MULTISIG",
                                 newmultisigflags)
                         .Num(0));
     tests.push_back(
         TestBuilder(CScript() << OP_0 << ToByteVector(ParseHex("BEEF")) << OP_1
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 0-of-1 w/ SCHNORR_MULTISIG, null dummy",
                     newmultisigflags)
             .Num(0));
 
     // Tests of schnorr checkmultisig actually turned on (flag on & dummy
     // element is not null).
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0)
                                           << OP_1 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 1-of-1 Schnorr",
                                 newmultisigflags)
                         .Num(0b1)
                         .PushSigSchnorr(keys.key0));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0)
                                           << OP_1 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 1-of-1 Schnorr, nonminimal bits",
                                 newmultisigflags)
                         .Push("0100")
                         .PushSigSchnorr(keys.key0)
                         .SetScriptError(ScriptError::INVALID_BITFIELD_SIZE));
     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 3-of-3 Schnorr",
                                 newmultisigflags)
                         .Num(0b111)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_4 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 4-of-3 Schnorr",
                                 newmultisigflags)
                         .Num(0b1111)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2)
                         .SetScriptError(ScriptError::SIG_COUNT));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 2-of-3 (110) Schnorr",
                                 newmultisigflags)
                         .Num(0b110)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 2-of-3 (101) Schnorr",
                                 newmultisigflags)
                         .Num(0b101)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key2));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 2-of-3 (011) Schnorr",
                                 newmultisigflags)
                         .Num(0b011)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, mismatched bits Schnorr",
                     newmultisigflags)
             .Num(0b011)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 2-of-3 Schnorr, all bits set",
                                 newmultisigflags)
                         .Num(0b111)
                         .PushSigSchnorr(keys.key1)
                         .PushSigSchnorr(keys.key2)
                         .SetScriptError(ScriptError::INVALID_BIT_COUNT));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, extra high bit set",
                     newmultisigflags)
             .Num(0b1110)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::INVALID_BIT_RANGE));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, too high bit set",
                     newmultisigflags)
             .Num(0b1010)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::INVALID_BIT_RANGE));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, too few bits set",
                     newmultisigflags)
             .Num(0b010)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::INVALID_BIT_COUNT));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, with no bits set "
                     "(attempt to malleate return-false)",
                     newmultisigflags)
             .Push("00")
             .Num(0)
             .Num(0)
             .SetScriptError(ScriptError::INVALID_BIT_COUNT));
     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << ToByteVector(keys.pubkey2C) << OP_3
                                           << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG null dummy with schnorr sigs "
                                 "(with SCHNORR_MULTISIG on)",
                                 newmultisigflags)
                         .Num(0)
                         .PushSigSchnorr(keys.key0)
                         .PushSigSchnorr(keys.key1)
                         .SetScriptError(ScriptError::SIG_BADLENGTH));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 Schnorr, misordered signatures",
                     newmultisigflags)
             .Num(0b011)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(
         TestBuilder(
             CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C) << OP_DUP << OP_2DUP
                       << OP_2DUP << ToByteVector(keys.pubkey2C) << OP_8
                       << OP_CHECKMULTISIG,
             "CHECKMULTISIG 2-of-8 Schnorr, right way to represent 0b10000001",
             newmultisigflags)
             .Num(-1)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key2));
     tests.push_back(
         TestBuilder(
             CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C) << OP_DUP << OP_2DUP
                       << OP_2DUP << ToByteVector(keys.pubkey2C) << OP_8
                       << OP_CHECKMULTISIG,
             "CHECKMULTISIG 2-of-8 Schnorr, wrong way to represent 0b10000001",
             newmultisigflags)
             .Num(0b10000001)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::INVALID_BITFIELD_SIZE));
     tests.push_back(
         TestBuilder(CScript()
                         << OP_OVER << OP_DUP << OP_DUP << OP_2DUP << OP_3DUP
                         << OP_3DUP << OP_3DUP << OP_3DUP << 20
                         << ToByteVector(keys.pubkey0C)
                         << ToByteVector(keys.pubkey1C)
                         << ToByteVector(keys.pubkey2C) << OP_OVER << OP_DUP
                         << OP_DUP << OP_2DUP << OP_3DUP << OP_3DUP << OP_3DUP
                         << OP_3DUP << 20 << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 20-of-20 Schnorr", newmultisigflags)
             .Push("ffff0f")
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key2));
     tests.push_back(
         TestBuilder(
             CScript() << OP_OVER << OP_DUP << OP_DUP << OP_2DUP << OP_3DUP
                       << OP_3DUP << OP_3DUP << OP_3DUP << 20
                       << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C)
                       << ToByteVector(keys.pubkey2C) << OP_OVER << OP_DUP
                       << OP_DUP << OP_2DUP << OP_3DUP << OP_3DUP << OP_3DUP
                       << OP_3DUP << 20 << OP_CHECKMULTISIG,
             "CHECKMULTISIG 20-of-20 Schnorr, checkbits +1", newmultisigflags)
             .Push("000010")
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::INVALID_BIT_RANGE));
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0C) << OP_DUP
                               << ToByteVector(keys.pubkey1C) << OP_3DUP
                               << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP
                               << OP_3DUP << 21 << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 1-of-21 Schnorr", newmultisigflags)
             .Push("000010")
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::PUBKEY_COUNT));
     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0C)
                                           << ToByteVector(keys.pubkey1C)
                                           << OP_DUP << OP_2DUP << OP_3DUP
                                           << OP_3DUP << OP_3DUP << OP_3DUP
                                           << OP_3DUP << 20 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 1-of-20 Schnorr, first key",
                                 newmultisigflags)
                         .Push("010000")
                         .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(
             CScript() << OP_1 << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C) << OP_DUP << OP_2DUP
                       << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP
                       << 20 << OP_CHECKMULTISIG,
             "CHECKMULTISIG 1-of-20 Schnorr, first key, wrong endianness",
             newmultisigflags)
             .Push("000001")
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(
         TestBuilder(
             CScript() << OP_1 << ToByteVector(keys.pubkey0C) << OP_2DUP
                       << OP_2DUP << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP
                       << OP_3DUP << 20 << OP_CHECKMULTISIG,
             "CHECKMULTISIG 1-of-20 Schnorr, truncating zeros not allowed",
             newmultisigflags)
             .Num(1)
             .PushSigSchnorr(keys.key0)
             .SetScriptError(ScriptError::INVALID_BITFIELD_SIZE));
     tests.push_back(
         TestBuilder(CScript()
                         << OP_1 << ToByteVector(keys.pubkey0C) << OP_DUP
                         << OP_2DUP << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP
                         << OP_3DUP << ToByteVector(keys.pubkey1C) << 20
                         << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 1-of-20 Schnorr, last key", newmultisigflags)
             .Push("000008")
             .PushSigSchnorr(keys.key1));
     tests.push_back(
         TestBuilder(CScript()
                         << OP_1 << ToByteVector(keys.pubkey0C) << OP_DUP
                         << OP_2DUP << OP_3DUP << OP_3DUP << OP_3DUP << OP_3DUP
                         << OP_3DUP << ToByteVector(keys.pubkey1C) << 20
                         << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 1-of-20 Schnorr, last key, wrong endianness",
                     newmultisigflags)
             .Push("080000")
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::SIG_NULLFAIL));
     tests.push_back(TestBuilder(CScript()
                                     << OP_1 << ToByteVector(keys.pubkey0C)
                                     << OP_DUP << OP_2DUP << OP_3DUP << OP_3DUP
                                     << OP_3DUP << OP_3DUP << OP_3DUP
                                     << ToByteVector(keys.pubkey1C) << 20
                                     << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 1-of-20 Schnorr, last key, "
                                 "truncating zeros not allowed",
                                 newmultisigflags)
                         .Push("0800")
                         .PushSigSchnorr(keys.key1)
                         .SetScriptError(ScriptError::INVALID_BITFIELD_SIZE));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(ParseHex("BEEF"))
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 (110) Schnorr, first key garbage",
                     newmultisigflags)
             .Num(0b110)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key2));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(ParseHex("BEEF"))
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(keys.pubkey2C) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 (011) Schnorr, first key garbage",
                     newmultisigflags)
             .Num(0b011)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1)
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(ParseHex("BEEF")) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 (011) Schnorr, last key garbage",
                     newmultisigflags)
             .Num(0b011)
             .PushSigSchnorr(keys.key0)
             .PushSigSchnorr(keys.key1));
     tests.push_back(
         TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C)
                               << ToByteVector(keys.pubkey1C)
                               << ToByteVector(ParseHex("BEEF")) << OP_3
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 2-of-3 (110) Schnorr, last key garbage",
                     newmultisigflags)
             .Num(0b110)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::PUBKEYTYPE));
     tests.push_back(
         TestBuilder(
             CScript() << OP_0 << OP_0 << OP_CHECKMULTISIG,
             "CHECKMULTISIG 0-of-0 with SCHNORR_MULTISIG, dummy must be null",
             newmultisigflags)
             .Push("00")
             .SetScriptError(ScriptError::INVALID_BITFIELD_SIZE));
     tests.push_back(TestBuilder(CScript()
                                     << OP_0 << ToByteVector(ParseHex("BEEF"))
                                     << OP_1 << OP_CHECKMULTISIG,
                                 "CHECKMULTISIG 0-of-1 with SCHNORR_MULTISIG, "
                                 "dummy need not be null",
                                 newmultisigflags)
                         .Push("00"));
     tests.push_back(
         TestBuilder(
             CScript() << OP_1 << ToByteVector(keys.pubkey0) << OP_1
                       << OP_CHECKMULTISIG,
             "SCHNORR_MULTISIG implies that NULLDUMMY flag has no effect",
             newmultisigflags | SCRIPT_VERIFY_NULLDUMMY)
             .Num(0b1)
             .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0) << OP_1
                               << OP_CHECKMULTISIGVERIFY << OP_1,
                     "OP_CHECKMULTISIGVERIFY Schnorr", newmultisigflags)
             .Num(0b1)
             .PushSigSchnorr(keys.key0));
     tests.push_back(
         TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0) << OP_1
                               << OP_CHECKMULTISIG,
                     "CHECKMULTISIG 1-of-1 ECDSA signature in Schnorr mode",
                     newmultisigflags)
             .Num(0b1)
             .PushSigECDSA(keys.key0)
             .SetScriptError(ScriptError::SIG_NONSCHNORR));
     tests.push_back(
         TestBuilder(
             CScript() << OP_3 << ToByteVector(keys.pubkey0C)
                       << ToByteVector(keys.pubkey1C)
                       << ToByteVector(keys.pubkey2C) << OP_3
                       << OP_CHECKMULTISIG,
             "CHECKMULTISIG 3-of-3 Schnorr with mixed-in ECDSA signature",
             newmultisigflags)
             .Num(0b111)
             .PushSigECDSA(keys.key0)
             .PushSigSchnorr(keys.key1)
             .PushSigSchnorr(keys.key2)
             .SetScriptError(ScriptError::SIG_NONSCHNORR));
 
     std::set<std::string> tests_set;
 
     {
         UniValue json_tests = read_json(std::string(
             json_tests::script_tests,
             json_tests::script_tests + sizeof(json_tests::script_tests)));
 
         for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
             const UniValue &tv = json_tests[idx];
             tests_set.insert(JSONPrettyPrint(tv.get_array()));
         }
     }
 
 #ifdef UPDATE_JSON_TESTS
     std::string strGen;
 #endif
 
     for (TestBuilder &test : tests) {
         test.Test();
         std::string str = JSONPrettyPrint(test.GetJSON());
 #ifdef UPDATE_JSON_TESTS
         strGen += str + ",\n";
 #else
         if (tests_set.count(str) == 0) {
             BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " +
                                            test.GetComment());
         }
 #endif
     }
 
 #ifdef UPDATE_JSON_TESTS
     FILE *file = fopen("script_tests.json.gen", "w");
     fputs(strGen.c_str(), file);
     fclose(file);
 #endif
 }
 
 BOOST_AUTO_TEST_CASE(script_json_test) {
     // Read tests from test/data/script_tests.json
     // Format is an array of arrays
     // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey",
     // "flags", "expected_scripterror" ]
     // ... where scriptSig and scriptPubKey are stringified
     // scripts.
     UniValue tests = read_json(std::string(
         json_tests::script_tests,
         json_tests::script_tests + sizeof(json_tests::script_tests)));
 
     for (unsigned int idx = 0; idx < tests.size(); idx++) {
         UniValue test = tests[idx];
         std::string strTest = test.write();
         Amount nValue = Amount::zero();
         unsigned int pos = 0;
         if (test.size() > 0 && test[pos].isArray()) {
             nValue = AmountFromValue(test[pos][0]);
             pos++;
         }
 
         // Allow size > 3; extra stuff ignored (useful for comments)
         if (test.size() < 4 + pos) {
             if (test.size() != 1) {
                 BOOST_ERROR("Bad test: " << strTest);
             }
             continue;
         }
 
         std::string scriptSigString = test[pos++].get_str();
         std::string scriptPubKeyString = test[pos++].get_str();
         try {
             CScript scriptSig = ParseScript(scriptSigString);
             CScript scriptPubKey = ParseScript(scriptPubKeyString);
             unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
             ScriptError scriptError = ParseScriptError(test[pos++].get_str());
 
             DoTest(scriptPubKey, scriptSig, scriptflags, strTest, scriptError,
                    nValue);
         } catch (std::runtime_error &e) {
             BOOST_TEST_MESSAGE("Script test failed.  scriptSig:  "
                                << scriptSigString
                                << " scriptPubKey: " << scriptPubKeyString);
             BOOST_TEST_MESSAGE("Exception: " << e.what());
             throw;
         }
     }
 }
 
 BOOST_AUTO_TEST_CASE(script_PushData) {
     // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
     // the stack as the 1-75 opcodes do.
     static const uint8_t direct[] = {1, 0x5a};
     static const uint8_t pushdata1[] = {OP_PUSHDATA1, 1, 0x5a};
     static const uint8_t pushdata2[] = {OP_PUSHDATA2, 1, 0, 0x5a};
     static const uint8_t pushdata4[] = {OP_PUSHDATA4, 1, 0, 0, 0, 0x5a};
 
     ScriptError err;
     std::vector<std::vector<uint8_t>> directStack;
     BOOST_CHECK(EvalScript(directStack,
                            CScript(&direct[0], &direct[sizeof(direct)]),
                            SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     std::vector<std::vector<uint8_t>> pushdata1Stack;
     BOOST_CHECK(EvalScript(
         pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]),
         SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
     BOOST_CHECK(pushdata1Stack == directStack);
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     std::vector<std::vector<uint8_t>> pushdata2Stack;
     BOOST_CHECK(EvalScript(
         pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]),
         SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
     BOOST_CHECK(pushdata2Stack == directStack);
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     std::vector<std::vector<uint8_t>> pushdata4Stack;
     BOOST_CHECK(EvalScript(
         pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]),
         SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
     BOOST_CHECK(pushdata4Stack == directStack);
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 }
 
 static CScript sign_multisig(const CScript &scriptPubKey,
                              const std::vector<CKey> &keys,
                              const CTransaction &transaction) {
     uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SigHashType(),
                                  Amount::zero());
 
     CScript result;
     //
     // NOTE: CHECKMULTISIG has an unfortunate bug; it requires one extra item on
     // the stack, before the signatures. Putting OP_0 on the stack is the
     // workaround; fixing the bug would mean splitting the block chain (old
     // clients would not accept new CHECKMULTISIG transactions, and vice-versa)
     //
     result << OP_0;
     for (const CKey &key : keys) {
         std::vector<uint8_t> vchSig;
         BOOST_CHECK(key.SignECDSA(hash, vchSig));
         vchSig.push_back(uint8_t(SIGHASH_ALL));
         result << vchSig;
     }
 
     return result;
 }
 
 static CScript sign_multisig(const CScript &scriptPubKey, const CKey &key,
                              const CTransaction &transaction) {
     std::vector<CKey> keys;
     keys.push_back(key);
     return sign_multisig(scriptPubKey, keys, transaction);
 }
 
 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12) {
     ScriptError err;
     CKey key1, key2, key3;
     key1.MakeNewKey(true);
     key2.MakeNewKey(false);
     key3.MakeNewKey(true);
 
     CScript scriptPubKey12;
     scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey())
                    << ToByteVector(key2.GetPubKey()) << OP_2
                    << OP_CHECKMULTISIG;
 
     const CTransaction txFrom12{
         BuildCreditingTransaction(scriptPubKey12, Amount::zero())};
     CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), txFrom12);
 
     CScript goodsig1 =
         sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
     BOOST_CHECK(VerifyScript(
         goodsig1, scriptPubKey12, gFlags,
         MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
     txTo12.vout[0].nValue = 2 * SATOSHI;
     BOOST_CHECK(!VerifyScript(
         goodsig1, scriptPubKey12, gFlags,
         MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     CScript goodsig2 =
         sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
     BOOST_CHECK(VerifyScript(
         goodsig2, scriptPubKey12, gFlags,
         MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
     BOOST_CHECK(!VerifyScript(
         badsig1, scriptPubKey12, gFlags,
         MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 }
 
 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23) {
     ScriptError err;
     CKey key1, key2, key3, key4;
     key1.MakeNewKey(true);
     key2.MakeNewKey(false);
     key3.MakeNewKey(true);
     key4.MakeNewKey(false);
 
     CScript scriptPubKey23;
     scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey())
                    << ToByteVector(key2.GetPubKey())
                    << ToByteVector(key3.GetPubKey()) << OP_3
                    << OP_CHECKMULTISIG;
 
     const CTransaction txFrom23{
         BuildCreditingTransaction(scriptPubKey23, Amount::zero())};
     CMutableTransaction mutableTxTo23 =
         BuildSpendingTransaction(CScript(), txFrom23);
 
     // after it has been set up, mutableTxTo23 does not change in this test, so
     // we can convert it to readonly transaction and use
     // TransactionSignatureChecker instead of MutableTransactionSignatureChecker
     const CTransaction txTo23(mutableTxTo23);
 
     std::vector<CKey> keys;
     keys.push_back(key1);
     keys.push_back(key2);
     CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(VerifyScript(
         goodsig1, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key1);
     keys.push_back(key3);
     CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(VerifyScript(
         goodsig2, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key2);
     keys.push_back(key3);
     CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(VerifyScript(
         goodsig3, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key2);
     keys.push_back(key2); // Can't re-use sig
     CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig1, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key2);
     keys.push_back(key1); // sigs must be in correct order
     CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig2, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key3);
     keys.push_back(key2); // sigs must be in correct order
     CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig3, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key4);
     keys.push_back(key2); // sigs must match pubkeys
     CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig4, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     keys.clear();
     keys.push_back(key1);
     keys.push_back(key4); // sigs must match pubkeys
     CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig5, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::EVAL_FALSE, ScriptErrorString(err));
 
     keys.clear(); // Must have signatures
     CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
     BOOST_CHECK(!VerifyScript(
         badsig6, scriptPubKey23, gFlags,
         TransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue),
         &err));
     BOOST_CHECK_MESSAGE(err == ScriptError::INVALID_STACK_OPERATION,
                         ScriptErrorString(err));
 }
 
 /* Wrapper around ProduceSignature to combine two scriptsigs */
 SignatureData CombineSignatures(const CTxOut &txout,
                                 const CMutableTransaction &tx,
                                 const SignatureData &scriptSig1,
                                 const SignatureData &scriptSig2) {
     SignatureData data;
     data.MergeSignatureData(scriptSig1);
     data.MergeSignatureData(scriptSig2);
     ProduceSignature(DUMMY_SIGNING_PROVIDER,
                      MutableTransactionSignatureCreator(&tx, 0, txout.nValue),
                      txout.scriptPubKey, data);
     return data;
 }
 
 BOOST_AUTO_TEST_CASE(script_combineSigs) {
     // Test the ProduceSignature's ability to combine signatures function
     CBasicKeyStore keystore;
     std::vector<CKey> keys;
     std::vector<CPubKey> pubkeys;
     for (int i = 0; i < 3; i++) {
         CKey key;
         key.MakeNewKey(i % 2 == 1);
         keys.push_back(key);
         pubkeys.push_back(key.GetPubKey());
         keystore.AddKey(key);
     }
 
     CMutableTransaction txFrom = BuildCreditingTransaction(
         GetScriptForDestination(keys[0].GetPubKey().GetID()), Amount::zero());
     CMutableTransaction txTo =
         BuildSpendingTransaction(CScript(), CTransaction(txFrom));
     CScript &scriptPubKey = txFrom.vout[0].scriptPubKey;
     SignatureData scriptSig;
 
     SignatureData empty;
     SignatureData combined =
         CombineSignatures(txFrom.vout[0], txTo, empty, empty);
     BOOST_CHECK(combined.scriptSig.empty());
 
     // Single signature case:
     SignSignature(keystore, CTransaction(txFrom), txTo, 0,
                   SigHashType().withForkId());
     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
     SignatureData scriptSigCopy = scriptSig;
     // Signing again will give a different, valid signature:
     SignSignature(keystore, CTransaction(txFrom), txTo, 0,
                   SigHashType().withForkId());
     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig ||
                 combined.scriptSig == scriptSig.scriptSig);
 
     // P2SH, single-signature case:
     CScript pkSingle;
     pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
     keystore.AddCScript(pkSingle);
     scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
     SignSignature(keystore, CTransaction(txFrom), txTo, 0,
                   SigHashType().withForkId());
     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
     scriptSigCopy = scriptSig;
     SignSignature(keystore, CTransaction(txFrom), txTo, 0,
                   SigHashType().withForkId());
     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig ||
                 combined.scriptSig == scriptSig.scriptSig);
 
     // Hardest case:  Multisig 2-of-3
     scriptPubKey = GetScriptForMultisig(2, pubkeys);
     keystore.AddCScript(scriptPubKey);
     SignSignature(keystore, CTransaction(txFrom), txTo, 0,
                   SigHashType().withForkId());
     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
 
     // A couple of partially-signed versions:
     std::vector<uint8_t> sig1;
     uint256 hash1 = SignatureHash(scriptPubKey, CTransaction(txTo), 0,
                                   SigHashType().withForkId(), Amount::zero());
     BOOST_CHECK(keys[0].SignECDSA(hash1, sig1));
     sig1.push_back(SIGHASH_ALL | SIGHASH_FORKID);
     std::vector<uint8_t> sig2;
     uint256 hash2 = SignatureHash(
         scriptPubKey, CTransaction(txTo), 0,
         SigHashType().withBaseType(BaseSigHashType::NONE).withForkId(),
         Amount::zero());
     BOOST_CHECK(keys[1].SignECDSA(hash2, sig2));
     sig2.push_back(SIGHASH_NONE | SIGHASH_FORKID);
     std::vector<uint8_t> sig3;
     uint256 hash3 = SignatureHash(
         scriptPubKey, CTransaction(txTo), 0,
         SigHashType().withBaseType(BaseSigHashType::SINGLE).withForkId(),
         Amount::zero());
     BOOST_CHECK(keys[2].SignECDSA(hash3, sig3));
     sig3.push_back(SIGHASH_SINGLE | SIGHASH_FORKID);
 
     // Not fussy about order (or even existence) of placeholders or signatures:
     CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
     CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
     CScript partial2a = CScript() << OP_0 << sig2;
     CScript partial2b = CScript() << sig2 << OP_0;
     CScript partial3a = CScript() << sig3;
     CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
     CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
     CScript complete12 = CScript() << OP_0 << sig1 << sig2;
     CScript complete13 = CScript() << OP_0 << sig1 << sig3;
     CScript complete23 = CScript() << OP_0 << sig2 << sig3;
     SignatureData partial1_sigs;
     partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(),
                                      SigPair(keys[0].GetPubKey(), sig1));
     SignatureData partial2_sigs;
     partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(),
                                      SigPair(keys[1].GetPubKey(), sig2));
     SignatureData partial3_sigs;
     partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(),
                                      SigPair(keys[2].GetPubKey(), sig3));
 
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
     BOOST_CHECK(combined.scriptSig == partial1a);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
     BOOST_CHECK(combined.scriptSig == complete12);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
     BOOST_CHECK(combined.scriptSig == complete12);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
     BOOST_CHECK(combined.scriptSig == complete12);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
     BOOST_CHECK(combined.scriptSig == complete13);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
     BOOST_CHECK(combined.scriptSig == complete23);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
     BOOST_CHECK(combined.scriptSig == complete23);
     combined =
         CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
     BOOST_CHECK(combined.scriptSig == partial3c);
 }
 
 BOOST_AUTO_TEST_CASE(script_standard_push) {
     ScriptError err;
     for (int i = 0; i < 67000; i++) {
         CScript script;
         script << i;
         BOOST_CHECK_MESSAGE(script.IsPushOnly(),
                             "Number " << i << " is not pure push.");
         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1,
                                          SCRIPT_VERIFY_MINIMALDATA,
                                          BaseSignatureChecker(), &err),
                             "Number " << i << " push is not minimal data.");
         BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
     }
 
     for (unsigned int i = 0; i <= MAX_SCRIPT_ELEMENT_SIZE; i++) {
         std::vector<uint8_t> data(i, '\111');
         CScript script;
         script << data;
         BOOST_CHECK_MESSAGE(script.IsPushOnly(),
                             "Length " << i << " is not pure push.");
         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1,
                                          SCRIPT_VERIFY_MINIMALDATA,
                                          BaseSignatureChecker(), &err),
                             "Length " << i << " push is not minimal data.");
         BOOST_CHECK_MESSAGE(err == ScriptError::OK, ScriptErrorString(err));
     }
 }
 
 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts) {
     // IsPushOnly returns false when given a script containing only pushes that
     // are invalid due to truncation. IsPushOnly() is consensus critical because
     // P2SH evaluation uses it, although this specific behavior should not be
     // consensus critical as the P2SH evaluation would fail first due to the
     // invalid push. Still, it doesn't hurt to test it explicitly.
     static const uint8_t direct[] = {1};
     BOOST_CHECK(!CScript(direct, direct + sizeof(direct)).IsPushOnly());
 }
 
 BOOST_AUTO_TEST_CASE(script_GetScriptAsm) {
     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY",
                       ScriptToAsmStr(CScript() << OP_NOP2, true));
     BOOST_CHECK_EQUAL(
         "OP_CHECKLOCKTIMEVERIFY",
         ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY",
                       ScriptToAsmStr(CScript() << OP_NOP2));
     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY",
                       ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
 
     std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e"
                        "3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38"
                        "d782e53023ee313d741ad0cfbc0c5090");
     std::string pubKey(
         "03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
     std::vector<uint8_t> vchPubKey = ToByteVector(ParseHex(pubKey));
 
     BOOST_CHECK_EQUAL(
         derSig + "00 " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "80 " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[ALL] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[ALL|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[ALL|FORKID] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "41"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[ALL|FORKID|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "c1"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[NONE] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[NONE|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[NONE|FORKID] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "42"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[NONE|FORKID|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "c2"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[SINGLE] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[SINGLE|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[SINGLE|FORKID] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "43"))
                                  << vchPubKey,
                        true));
     BOOST_CHECK_EQUAL(
         derSig + "[SINGLE|FORKID|ANYONECANPAY] " + pubKey,
         ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "c3"))
                                  << vchPubKey,
                        true));
 
     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "00"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "80"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "01 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "01"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "02 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "02"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "03 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "03"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "81 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "81"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "82 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "82"))
                                      << vchPubKey));
     BOOST_CHECK_EQUAL(derSig + "83 " + pubKey,
                       ScriptToAsmStr(CScript()
                                      << ToByteVector(ParseHex(derSig + "83"))
                                      << vchPubKey));
 }
 
 static CScript ScriptFromHex(const char *hex) {
     std::vector<uint8_t> data = ParseHex(hex);
     return CScript(data.begin(), data.end());
 }
 
 BOOST_AUTO_TEST_CASE(script_FindAndDelete) {
     // Exercise the FindAndDelete functionality
     CScript s;
     CScript d;
     CScript expect;
 
     s = CScript() << OP_1 << OP_2;
     // delete nothing should be a no-op
     d = CScript();
     expect = s;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
     BOOST_CHECK(s == expect);
 
     s = CScript() << OP_1 << OP_2 << OP_3;
     d = CScript() << OP_2;
     expect = CScript() << OP_1 << OP_3;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
     d = CScript() << OP_3;
     expect = CScript() << OP_1 << OP_4;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 4);
     BOOST_CHECK(s == expect);
 
     // PUSH 0x02ff03 onto stack
     s = ScriptFromHex("0302ff03");
     d = ScriptFromHex("0302ff03");
     expect = CScript();
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     // PUSH 0x2ff03 PUSH 0x2ff03
     s = ScriptFromHex("0302ff030302ff03");
     d = ScriptFromHex("0302ff03");
     expect = CScript();
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
     BOOST_CHECK(s == expect);
 
     s = ScriptFromHex("0302ff030302ff03");
     d = ScriptFromHex("02");
     expect = s; // FindAndDelete matches entire opcodes
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
     BOOST_CHECK(s == expect);
 
     s = ScriptFromHex("0302ff030302ff03");
     d = ScriptFromHex("ff");
     expect = s;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
     BOOST_CHECK(s == expect);
 
     // This is an odd edge case: strip of the push-three-bytes prefix, leaving
     // 02ff03 which is push-two-bytes:
     s = ScriptFromHex("0302ff030302ff03");
     d = ScriptFromHex("03");
     expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
     BOOST_CHECK(s == expect);
 
     // Byte sequence that spans multiple opcodes:
     // PUSH(0xfeed) OP_1 OP_VERIFY
     s = ScriptFromHex("02feed5169");
     d = ScriptFromHex("feed51");
     expect = s;
     // doesn't match 'inside' opcodes
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
     BOOST_CHECK(s == expect);
 
     // PUSH(0xfeed) OP_1 OP_VERIFY
     s = ScriptFromHex("02feed5169");
     d = ScriptFromHex("02feed51");
     expect = ScriptFromHex("69");
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     s = ScriptFromHex("516902feed5169");
     d = ScriptFromHex("feed51");
     expect = s;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
     BOOST_CHECK(s == expect);
 
     s = ScriptFromHex("516902feed5169");
     d = ScriptFromHex("02feed51");
     expect = ScriptFromHex("516969");
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
     d = CScript() << OP_0 << OP_1;
     // FindAndDelete is single-pass
     expect = CScript() << OP_0 << OP_1;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
     d = CScript() << OP_0 << OP_1;
     // FindAndDelete is single-pass
     expect = CScript() << OP_0 << OP_1;
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
     BOOST_CHECK(s == expect);
 
     // Another weird edge case:
     // End with invalid push (not enough data)...
     s = ScriptFromHex("0003feed");
     // ... can remove the invalid push
     d = ScriptFromHex("03feed");
     expect = ScriptFromHex("00");
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 
     s = ScriptFromHex("0003feed");
     d = ScriptFromHex("00");
     expect = ScriptFromHex("03feed");
     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
     BOOST_CHECK(s == expect);
 }
 
 BOOST_AUTO_TEST_CASE(IsWitnessProgram) {
     // Valid version: [0,16]
     // Valid program_len: [2,40]
     for (int version = -1; version <= 17; version++) {
         for (unsigned int program_len = 1; program_len <= 41; program_len++) {
             CScript script;
             std::vector<uint8_t> program(program_len, '\42');
             int parsed_version;
             std::vector<uint8_t> parsed_program;
             script << version << program;
             bool result =
                 script.IsWitnessProgram(parsed_version, parsed_program);
             bool expected = version >= 0 && version <= 16 && program_len >= 2 &&
                             program_len <= 40;
             BOOST_CHECK_EQUAL(result, expected);
             if (result) {
                 BOOST_CHECK_EQUAL(version, parsed_version);
                 BOOST_CHECK(program == parsed_program);
             }
         }
     }
     // Tests with 1 and 3 stack elements
     {
         CScript script;
         script << OP_0;
         BOOST_CHECK_MESSAGE(
             !script.IsWitnessProgram(),
             "Failed IsWitnessProgram check with 1 stack element");
     }
     {
         CScript script;
         script << OP_0 << std::vector<uint8_t>(20, '\42') << OP_1;
         BOOST_CHECK_MESSAGE(
             !script.IsWitnessProgram(),
             "Failed IsWitnessProgram check with 3 stack elements");
     }
 }
 
 BOOST_AUTO_TEST_CASE(script_HasValidOps) {
     // Exercise the HasValidOps functionality
     CScript script;
     // Normal script
     script =
         ScriptFromHex("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
     BOOST_CHECK(script.HasValidOps());
     script =
         ScriptFromHex("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
     BOOST_CHECK(script.HasValidOps());
     // Script with OP_INVALIDOPCODE explicit
     script = ScriptFromHex("ff88ac");
     BOOST_CHECK(!script.HasValidOps());
     // Script with undefined opcode
     script = ScriptFromHex("88acc0");
     BOOST_CHECK(!script.HasValidOps());
 
     // Check all non push opcodes.
     for (uint8_t opcode = OP_1NEGATE; opcode < FIRST_UNDEFINED_OP_VALUE;
          opcode++) {
         script = CScript() << opcode;
         BOOST_CHECK(script.HasValidOps());
     }
 
     script = CScript() << FIRST_UNDEFINED_OP_VALUE;
     BOOST_CHECK(!script.HasValidOps());
 }
 
 BOOST_AUTO_TEST_CASE(script_can_append_self) {
     CScript s, d;
 
     s = ScriptFromHex("00");
     s += s;
     d = ScriptFromHex("0000");
     BOOST_CHECK(s == d);
 
     // check doubling a script that's large enough to require reallocation
     static const char hex[] =
         "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6"
         "bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f";
     s = CScript() << ParseHex(hex) << OP_CHECKSIG;
     d = CScript() << ParseHex(hex) << OP_CHECKSIG << ParseHex(hex)
                   << OP_CHECKSIG;
     s += s;
     BOOST_CHECK(s == d);
 }
 
 BOOST_AUTO_TEST_SUITE_END()
diff --git a/test/functional/data/rpc_psbt.json b/test/functional/data/rpc_psbt.json
index cae42d73f..da3dcc221 100644
--- a/test/functional/data/rpc_psbt.json
+++ b/test/functional/data/rpc_psbt.json
@@ -1,94 +1,86 @@
 {
     "invalid" : [
         "AgAAAAEmgXE3Ht/yhek3re6ks3t4AAwFZsuzrWRkFxPKQhcb9gAAAABqRzBEAiBwsiRRI+a/R01gxbUMBD1MaRpdJDXwmjSnZiqdwlF5CgIgATKcqdrPKAvfMHQOwDkEIkIsgctFg5RXrrdvwS7dlbMBIQJlfRGNM1e44PTCzUbbezn22cONmnCry5st5dyNv+TOMf7///8C09/1BQAAAAAZdqkU0MWZA8W6woaHYOkP1SGkZlqnZSCIrADh9QUAAAAAF6kUNUXm4zuDLEcFDyTT7rk8nAOUi8eHsy4TAA==",
         "cHNidP8BAHUCAAAAASaBcTce3/KF6Tet7qSze3gADAVmy7OtZGQXE8pCFxv2AAAAAAD+////AtPf9QUAAAAAGXapFNDFmQPFusKGh2DpD9UhpGZap2UgiKwA4fUFAAAAABepFDVF5uM7gyxHBQ8k0+65PJwDlIvHh7MuEwAAAQCsAQAAAAABAomjxx6rTSDgNxu7pMxpj6KVyUY6+i45f4UzzLYvlWflAQAAABcWABS+GNFSqbASA52vPafeT1M0nuy5hf////+G+KpDpx3/FEiJOlMKcjfva0YIu7LdLQFx5jrsakiQtAEAAAAXFgAU/j6e8adF6XTZAsQ1WUOryzS9U1P/////AgDC6wsAAAAAGXapFIXP8Ql/2eAIuzSvcJxiGXs4l4pIiKxy/gA=",
         "cHNidP8BAP0KAQIAAAACqwlJoIxa98SbghL0F+LxWrP1wz3PFTghqBOfh3pbe+QAAAAAakcwRAIgR1lmF5fAGwNrJZKJSGhiGDR9iYZLcZ4ff89X0eURZYcCIFMJ6r9Wqk2Ikf/REf3xM286KdqGbX+EhtdVRs7tr5MZASEDXNxh/HupccC1AaZGoqg7ECy0OIEhfKaC3Ibi1z+ogpL+////qwlJoIxa98SbghL0F+LxWrP1wz3PFTghqBOfh3pbe+QBAAAAAP7///8CYDvqCwAAAAAZdqkUdopAu9dAy+gdmI5x3ipNXHE5ax2IrI4kAAAAAAAAGXapFG9GILVT+glechue4O/p+gOcykWXiKwAAAAAAAABASAA4fUFAAAAABepFDVF5uM7gyxHBQ8k0+65PJwDlIvHhwEEFgAUhdE1N/LiZUBaNNuvqePdoB+4IwgAAAA=",
         "cHNidP8AAQD9pQEBAAAAAAECiaPHHqtNIOA3G7ukzGmPopXJRjr6Ljl/hTPMti+VZ+UBAAAAFxYAFL4Y0VKpsBIDna89p95PUzSe7LmF/////4b4qkOnHf8USIk6UwpyN+9rRgi7st0tAXHmOuxqSJC0AQAAABcWABT+Pp7xp0XpdNkCxDVZQ6vLNL1TU/////8CAMLrCwAAAAAZdqkUhc/xCX/Z4Ai7NK9wnGIZeziXikiIrHL++E4sAAAAF6kUM5cluiHv1irHU6m80GfWx6ajnQWHAkcwRAIgJxK+IuAnDzlPVoMR3HyppolwuAJf3TskAinwf4pfOiQCIAGLONfc0xTnNMkna9b7QPZzMlvEuqFEyADS8vAtsnZcASED0uFWdJQbrUqZY3LLh+GFbTZSYG2YVi/jnF6efkE/IQUCSDBFAiEA0SuFLYXc2WHS9fSrZgZU327tzHlMDDPOXMMJ/7X85Y0CIGczio4OFyXBl/saiK9Z9R5E5CVbIBZ8hoQDHAXR8lkqASECI7cr7vCWXRC+B3jv7NYfysb3mk6haTkzgHNEZPhPKrMAAAAAAA==",
         "cHNidP8BAHUCAAAAASaBcTce3/KF6Tet7qSze3gADAVmy7OtZGQXE8pCFxv2AAAAAAD+////AtPf9QUAAAAAGXapFNDFmQPFusKGh2DpD9UhpGZap2UgiKwA4fUFAAAAABepFDVF5uM7gyxHBQ8k0+65PJwDlIvHh7MuEwAAAQDpAomjxx6rTSDgNxu7pMxpj6KVyUY6+i45f4UzzLYvlWflAQAAABcWABS+GNFSqbASA52vPafeT1M0nuy5hf////+G+KpDpx3/FEiJOlMKcjfva0YIu7LdLQFx5jrsakiQtAEAAAAXFgAU/j6e8adF6XTZAsQ1WUOryzS9U1P/////AgDC6wsAAAAAGXapFIXP8Ql/2eAIuzSvcJxiGXs4l4pIiKxy/vhOLAAAABepFDOXJboh79Yqx1OpvNBn1semo50FhwJHMEQCICcSviLgJw85T1aDEdx8qaaJcLgCX907JAIp8H+KXzoBAAwAAAAAAAAAAANqAQAAAAA=",
         "cHNidP8CAABVAgAAAAEnmiMjpd+1H8RfIg+liw/BPh4zQnkqhdfjbNYzO1y8OQAAAAAA/////wGgWuoLAAAAABl2qRT/6cAGEJfMO2NvLLBGD6T8Qn0rRYisAAAAAAABACCVXuoLAAAAABepFGNFIA9o0YnhrcDfHE0W6o8UwNvrhyICA7E0HMunaDtq9PEjjNbpfnFn1Wn6xH8eSNR1QYRDVb1GRjBDAiAEJLWO/6qmlOFVnqXJO7/UqJBkIkBVzfBwtncUaUQtBwIfXI6w/qZRbWC4rLM61k7eYOh4W/s6qUuZvfhhUduamgEBBCIAIHcf0YrUWWZt1J89Vk49vEL0yEd042CtoWgWqO1IjVaBIgYDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYQtKa6ZwAAAIAAAACABAAAgCIGA95V0eHayAXj+KWMH7+blMAvPbqv4Sf+/KSZXyb4IIO9ELSmumcAAACAAAAAgAUAAIABBUdSIQOxNBzLp2g7avTxI4zW6X5xZ9Vp+sR/HkjUdUGEQ1W9RiED3lXR4drIBeP4pYwfv5uUwC89uq/hJ/78pJlfJvggg71SrgAA",
         "cHNidP8BAFUCAAAAASeaIyOl37UfxF8iD6WLD8E+HjNCeSqF1+Ns1jM7XLw5AAAAAAD/////AaBa6gsAAAAAGXapFP/pwAYQl8w7Y28ssEYPpPxCfStFiKwAAAAAAAIAACCVXuoLAAAAABepFGNFIA9o0YnhrcDfHE0W6o8UwNvrhyICA7E0HMunaDtq9PEjjNbpfnFn1Wn6xH8eSNR1QYRDVb1GRjBDAiAEJLWO/6qmlOFVnqXJO7/UqJBkIkBVzfBwtncUaUQtBwIfXI6w/qZRbWC4rLM61k7eYOh4W/s6qUuZvfhhUduamgEBBCIAIHcf0YrUWWZt1J89Vk49vEL0yEd042CtoWgWqO1IjVaBIgYDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYQtKa6ZwAAAIAAAACABAAAgCIGA95V0eHayAXj+KWMH7+blMAvPbqv4Sf+/KSZXyb4IIO9ELSmumcAAACAAAAAgAUAAIABBUdSIQOxNBzLp2g7avTxI4zW6X5xZ9Vp+sR/HkjUdUGEQ1W9RiED3lXR4drIBeP4pYwfv5uUwC89uq/hJ/78pJlfJvggg71SrgAA",
         "cHNidP8BAFUCAAAAASeaIyOl37UfxF8iD6WLD8E+HjNCeSqF1+Ns1jM7XLw5AAAAAAD/////AaBa6gsAAAAAGXapFP/pwAYQl8w7Y28ssEYPpPxCfStFiKwAAAAAAAEAIJVe6gsAAAAAF6kUY0UgD2jRieGtwN8cTRbqjxTA2+uHIQIDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYwQwIgBCS1jv+qppThVZ6lyTu/1KiQZCJAVc3wcLZ3FGlELQcCH1yOsP6mUW1guKyzOtZO3mDoeFv7OqlLmb34YVHbmpoBAQQiACB3H9GK1FlmbdSfPVZOPbxC9MhHdONgraFoFqjtSI1WgSIGA7E0HMunaDtq9PEjjNbpfnFn1Wn6xH8eSNR1QYRDVb1GELSmumcAAACAAAAAgAQAAIAiBgPeVdHh2sgF4/iljB+/m5TALz26r+En/vykmV8m+CCDvRC0prpnAAAAgAAAAIAFAACAAQVHUiEDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYhA95V0eHayAXj+KWMH7+blMAvPbqv4Sf+/KSZXyb4IIO9Uq4AAA==",
         "cHNidP8BAFUCAAAAASeaIyOl37UfxF8iD6WLD8E+HjNCeSqF1+Ns1jM7XLw5AAAAAAD/////AaBa6gsAAAAAGXapFP/pwAYQl8w7Y28ssEYPpPxCfStFiKwAAAAAAAEAIJVe6gsAAAAAF6kUY0UgD2jRieGtwN8cTRbqjxTA2+uHIgIDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUZGMEMCIAQktY7/qqaU4VWepck7v9SokGQiQFXN8HC2dxRpRC0HAh9cjrD+plFtYLisszrWTt5g6Hhb+zqpS5m9+GFR25qaAQIEACIAIHcf0YrUWWZt1J89Vk49vEL0yEd042CtoWgWqO1IjVaBIgYDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYQtKa6ZwAAAIAAAACABAAAgCIGA95V0eHayAXj+KWMH7+blMAvPbqv4Sf+/KSZXyb4IIO9ELSmumcAAACAAAAAgAUAAIABBUdSIQOxNBzLp2g7avTxI4zW6X5xZ9Vp+sR/HkjUdUGEQ1W9RiED3lXR4drIBeP4pYwfv5uUwC89uq/hJ/78pJlfJvggg71SrgAA",
         "cHNidP8BAFUCAAAAASeaIyOl37UfxF8iD6WLD8E+HjNCeSqF1+Ns1jM7XLw5AAAAAAD/////AaBa6gsAAAAAGXapFP/pwAYQl8w7Y28ssEYPpPxCfStFiKwAAAAAAAEAIJVe6gsAAAAAF6kUY0UgD2jRieGtwN8cTRbqjxTA2+uHIgIDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUZGMEMCIAQktY7/qqaU4VWepck7v9SokGQiQFXN8HC2dxRpRC0HAh9cjrD+plFtYLisszrWTt5g6Hhb+zqpS5m9+GFR25qaAQEEIgAgdx/RitRZZm3Unz1WTj28QvTIR3TjYK2haBao7UiNVoEhBgOxNBzLp2g7avTxI4zW6X5xZ9Vp+sR/HkjUdUGEQ1W9ELSmumcAAACAAAAAgAQAAIAiBgPeVdHh2sgF4/iljB+/m5TALz26r+En/vykmV8m+CCDvRC0prpnAAAAgAAAAIAFAACAAQVHUiEDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUYhA95V0eHayAXj+KWMH7+blMAvPbqv4Sf+/KSZXyb4IIO9Uq4AAA==",
         "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAgcA2gBHMEQCIHQBitQYAJe4czI8ABVyCzaEzIEjiRBI59vNm1WtZ5yZAiBz02m3QOPrU9zvozgjyAcFFMpVp92VRPFXwWeRMmERjAFIMEUCIQD2EDizCNwdqGWjSFJ0bwFXcpNCCMbSRFQ5PNmb3yIXdwIgBW5nWmdabQoCuFsU5eKQdNiiWptXYL6igW9mGRCgBuoBR1IhApWDvzmuCmCXR60Zmt3WNPphCFWdbFzTm0whg/GrluB/IQLath/0mhTban0CsM0fu3j8SxgxK1tOVNrk26L7/vU211KuAAEAIADC6wsAAAAAF6kUt/X69A49QKWkWbHbNTXyty+pIeiHAgcAIyIAIIwjUxc3Q7WV37Sge3K6jkLjeX2nTof+fZ10l+OyAokDAQjaBABHMEQCIGLrelVhB6fHP0WsSrWh3d9vcHX7EnWWmn84Pv/3hLyyAiAMBdu3Rw2/LwhVfdNWxzJcHtMJE+mWzThAlF2xIijaXwFHMEQCIGX0W6WZi1mif/4ae+0BavHx+Q1Us6qPdFCqX1aiUQO9AiB/ckcDrR7blmgLKEtW1P/LiPf7dZ6rvgiqMPKbhROD0gFHUiEDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwhAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zUq4AIgIDqaTDf1mW06ol26xrVwrwZQOUSSlCRgs1R1Ptnuylh3EQ2QxqTwAAAIAAAACABAAAgAAiAgJ/Y5l1fS7/VaE2rQLGhLGDi2VW5fG2s0KCqUtrUAUQlhDZDGpPAAAAgAAAAIAFAACAAA==",
         "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAQfaAEcwRAIgdAGK1BgAl7hzMjwAFXILNoTMgSOJEEjn282bVa1nnJkCIHPTabdA4+tT3O+jOCPIBwUUylWn3ZVE8VfBZ5EyYRGMAUgwRQIhAPYQOLMI3B2oZaNIUnRvAVdyk0IIxtJEVDk82ZvfIhd3AiAFbmdaZ1ptCgK4WxTl4pB02KJam1dgvqKBb2YZEKAG6gFHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4AAQAgAMLrCwAAAAAXqRS39fr0Dj1ApaRZsds1NfK3L6kh6IcBByMiACCMI1MXN0O1ld+0oHtyuo5C43l9p06H/n2ddJfjsgKJAwEI2gQARzBEAiBi63pVYQenxz9FrEq1od3fb3B1+xJ1lpp/OD7/94S8sgIgDAXbt0cNvy8IVX3TVscyXB7TCRPpls04QJRdsSIo2l8BRzBEAiBl9FulmYtZon/+GnvtAWrx8fkNVLOqj3RQql9WolEDvQIgf3JHA60e25ZoCyhLVtT/y4j3+3Weq74IqjDym4UTg9IBR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACECA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYcQ2QxqTwAAAIAAAACABAAAgAAiAgJ/Y5l1fS7/VaE2rQLGhLGDi2VW5fG2s0KCqUtrUAUQlhDZDGpPAAAAgAAAAIAFAACAAA==",
         "cHNidP8BAHMCAAAAATAa6YblFqHsisW0vGVz0y+DtGXiOtdhZ9aLOOcwtNvbAAAAAAD/////AnR7AQAAAAAAF6kUA6oXrogrXQ1Usl1jEE5P/s57nqKHYEOZOwAAAAAXqRS5IbG6b3IuS/qDtlV6MTmYakLsg4cAAAAAAAEAHwDKmjsAAAAAFgAU0tlLZK4IWH7vyO6xh8YB6Tn5A3wCAwAEQQAAAAABABYAFGLp6YL/803YI5YQMWsJDNKjt0fLAAEAIgAgh2utgy8dFoAV7UEjKp6mWhgV2e8TwO+HWfZLWysnimUBASVRIQO3ziOgHFtL8ApkJTfN+rsxW2aDMoZ0eO9RMJ0r1X+Kh1GuAA==",
         "cHNidP8BAHMCAAAAATAa6YblFqHsisW0vGVz0y+DtGXiOtdhZ9aLOOcwtNvbAAAAAAD/////AnR7AQAAAAAAF6kUA6oXrogrXQ1Usl1jEE5P/s57nqKHYEOZOwAAAAAXqRS5IbG6b3IuS/qDtlV6MTmYakLsg4cAAAAAAAACAAAWABRi6emC//NN2COWEDFrCQzSo7dHywACAAAiACCHa62DLx0WgBXtQSMqnqZaGBXZ7xPA74dZ9ktbKyeKZQEBJVEhA7fOI6AcW0vwCmQlN836uzFbZoMyhnR471EwnSvVf4qHUa4A"
     ],
     "valid" : [
         "cHNidP8BAHUCAAAAASaBcTce3/KF6Tet7qSze3gADAVmy7OtZGQXE8pCFxv2AAAAAAD+////AtPf9QUAAAAAGXapFNDFmQPFusKGh2DpD9UhpGZap2UgiKwA4fUFAAAAABepFDVF5uM7gyxHBQ8k0+65PJwDlIvHh7MuEwAAAQAiAMLrCwAAAAAZdqkUhc/xCX/Z4Ai7NK9wnGIZeziXikiIrAAAAA==",
         "cHNidP8BAKACAAAAAqsJSaCMWvfEm4IS9Bfi8Vqz9cM9zxU4IagTn4d6W3vkAAAAAAD+////qwlJoIxa98SbghL0F+LxWrP1wz3PFTghqBOfh3pbe+QBAAAAAP7///8CYDvqCwAAAAAZdqkUdopAu9dAy+gdmI5x3ipNXHE5ax2IrI4kAAAAAAAAGXapFG9GILVT+glechue4O/p+gOcykWXiKwAAAAAAAEHakcwRAIgR1lmF5fAGwNrJZKJSGhiGDR9iYZLcZ4ff89X0eURZYcCIFMJ6r9Wqk2Ikf/REf3xM286KdqGbX+EhtdVRs7tr5MZASEDXNxh/HupccC1AaZGoqg7ECy0OIEhfKaC3Ibi1z+ogpIAAQEgAOH1BQAAAAAXqRQ1RebjO4MsRwUPJNPuuTycA5SLx4cBBBYAFIXRNTfy4mVAWjTbr6nj3aAfuCMIAAAA",
         "cHNidP8BAHUCAAAAASaBcTce3/KF6Tet7qSze3gADAVmy7OtZGQXE8pCFxv2AAAAAAD+////AtPf9QUAAAAAGXapFNDFmQPFusKGh2DpD9UhpGZap2UgiKwA4fUFAAAAABepFDVF5uM7gyxHBQ8k0+65PJwDlIvHh7MuEwAAAQAiAMLrCwAAAAAZdqkUhc/xCX/Z4Ai7NK9wnGIZeziXikiIrAEDBEEAAAAAAAA=",
         "cHNidP8BAKACAAAAAqsJSaCMWvfEm4IS9Bfi8Vqz9cM9zxU4IagTn4d6W3vkAAAAAAD+////qwlJoIxa98SbghL0F+LxWrP1wz3PFTghqBOfh3pbe+QBAAAAAP7///8CYDvqCwAAAAAZdqkUdopAu9dAy+gdmI5x3ipNXHE5ax2IrI4kAAAAAAAAGXapFG9GILVT+glechue4O/p+gOcykWXiKwAAAAAAAEAIgDC6wsAAAAAGXapFIXP8Ql/2eAIuzSvcJxiGXs4l4pIiKwAAQAgAOH1BQAAAAAXqRQ1RebjO4MsRwUPJNPuuTycA5SLx4cBBBYAFIXRNTfy4mVAWjTbr6nj3aAfuCMIACICAurVlmh8qAYEPtw94RbN8p1eklfBls0FXPaYyNAr8k6ZELSmumcAAACAAAAAgAIAAIAAIgIDlPYr6d8ZlSxVh3aK63aYBhrSxKJciU9H2MFitNchPQUQtKa6ZwAAAIABAACAAgAAgAA=",
         "cHNidP8BAFUCAAAAASeaIyOl37UfxF8iD6WLD8E+HjNCeSqF1+Ns1jM7XLw5AAAAAAD/////AaBa6gsAAAAAGXapFP/pwAYQl8w7Y28ssEYPpPxCfStFiKwAAAAAAAEBIJVe6gsAAAAAF6kUY0UgD2jRieGtwN8cTRbqjxTA2+uHIgIDsTQcy6doO2r08SOM1ul+cWfVafrEfx5I1HVBhENVvUZGMEMCIAQktY7/qqaU4VWepck7v9SokGQiQFXN8HC2dxRpRC0HAh9cjrD+plFtYLisszrWTt5g6Hhb+zqpS5m9+GFR25qaAQEEIgAgdx/RitRZZm3Unz1WTj28QvTIR3TjYK2haBao7UiNVoEBBUdSIQOxNBzLp2g7avTxI4zW6X5xZ9Vp+sR/HkjUdUGEQ1W9RiED3lXR4drIBeP4pYwfv5uUwC89uq/hJ/78pJlfJvggg71SriIGA7E0HMunaDtq9PEjjNbpfnFn1Wn6xH8eSNR1QYRDVb1GELSmumcAAACAAAAAgAQAAIAiBgPeVdHh2sgF4/iljB+/m5TALz26r+En/vykmV8m+CCDvRC0prpnAAAAgAAAAIAFAACAAAA="
     ],
     "creator" : [
         {
             "inputs" : [
                 {
                     "txid":"75ddabb27b8845f5247975c8a5ba7c6f336c4570708ebe230caf6db5217ae858",
                     "vout":0
                 },
                 {
                     "txid":"1dea7cd05979072a3578cab271c02244ea8a090bbb46aa680a65ecd027048d83",
                     "vout":1
                 }
             ],
             "outputs" : [
                 {
                     "bchreg:qrv9c2m36qrqkzwf3p4whq272zv3mksjf5ln6v9le5": 1.49990000
                 },
                 {
                     "bchreg:qqq2a2dzuhc0sa493r0423hgwsk3mpcq3upac4z3wr": 1
                 }
             ],
             "result" : "cHNidP8BAKACAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAZdqkU2FwrcdAGCwnJiGrrgV5QmR3aEk2IrADh9QUAAAAAGXapFACuqaLl8Ph2pYjfVUbodC0dhwCPiKwAAAAAAAAAAAA="
         }
     ],
     "signer" : [
         {
             "privkeys" : [
                 "cP53pDbR5WtAD8dYAW9hhTjuvvTVaEiQBdrz9XPrgLBeRFiyCbQr",
                 "cR6SXDoyfQrcp4piaiHE97Rsgta9mNhGTen9XeonVgwsh4iSgw6d"
             ],
             "psbt" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAQMEQQAAAAEER1IhApWDvzmuCmCXR60Zmt3WNPphCFWdbFzTm0whg/GrluB/IQLath/0mhTban0CsM0fu3j8SxgxK1tOVNrk26L7/vU211KuIgYClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8Q2QxqTwAAAIAAAACAAAAAgCIGAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXENkMak8AAACAAAAAgAEAAIAAAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYcBAwRBAAAAAQRHUiEDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwhAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zUq4iBgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8OcxDZDGpPAAAAgAAAAIADAACAIgYDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwQ2QxqTwAAAIAAAACAAgAAgAEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA=",
             "result" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H9HMEQCIFeeX7PDIvPZfNrFqWNn0HYRnoT1rlK5Z6WDG3bEROr1AiB2sWDcIhR/xfSYYn09htmayTznOW5Qm2bPIpe3y5lN3EEBAwRBAAAAAQRHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4iBgKVg785rgpgl0etGZrd1jT6YQhVnWxc05tMIYPxq5bgfxDZDGpPAAAAgAAAAIAAAACAIgYC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtcQ2QxqTwAAAIAAAACAAQAAgAABACAAwusLAAAAABepFPZTkwfjpI0eATbQYfXR/hnhokCJhyICAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcRzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBAQMEQQAAAAEER1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuIgYCOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnMQ2QxqTwAAAIAAAACAAwAAgCIGAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcENkMak8AAACAAAAAgAIAAIABBUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgAiAgOppMN/WZbTqiXbrGtXCvBlA5RJKUJGCzVHU+2e7KWHcRDZDGpPAAAAgAAAAIAEAACAACICAn9jmXV9Lv9VoTatAsaEsYOLZVbl8bazQoKpS2tQBRCWENkMak8AAACAAAAAgAUAAIAA"
-        },
-        {
-            "privkeys" : [
-                "cT7J9YpCwY3AVRFSjN6ukeEeWY6mhpbJPxRaDaP5QTdygQRxP9Au",
-                "cNBc3SWUip9PPm1GjRoLEJT6T41iNzCYtD7qro84FMnM5zEqeJsE"
-            ],
-            "psbt" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAQMEQQAAAAEER1IhApWDvzmuCmCXR60Zmt3WNPphCFWdbFzTm0whg/GrluB/IQLath/0mhTban0CsM0fu3j8SxgxK1tOVNrk26L7/vU211KuIgYClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8Q2QxqTwAAAIAAAACAAAAAgCIGAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXENkMak8AAACAAAAAgAEAAIAAAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYcBAwRBAAAAAQRHUiEDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwhAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zUq4iBgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8OcxDZDGpPAAAAgAAAAIADAACAIgYDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwQ2QxqTwAAAIAAAACAAgAAgAEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA=",
-            "result" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtdIMEUCIQC4KZqvFEgiBXP/DSl7MJWuNK4jWoaSxkV49PQymsSmXQIgZEJJTLiXqYesRIJn+5rpHOzzEc+UvVyBhl4iRJDa/lZBAQMEQQAAAAEER1IhApWDvzmuCmCXR60Zmt3WNPphCFWdbFzTm0whg/GrluB/IQLath/0mhTban0CsM0fu3j8SxgxK1tOVNrk26L7/vU211KuIgYClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8Q2QxqTwAAAIAAAACAAAAAgCIGAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXENkMak8AAACAAAAAgAEAAIAAAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYciAgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc0gwRQIhAPnp+xxMInl3CosPo889LXOd7tusAnUZQYscGdNuJAZrAiBResVBqwycuwTarMk8X4focnvDwzVFrdydyZ2mfIus0UEBAwRBAAAAAQRHUiEDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwhAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zUq4iBgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8OcxDZDGpPAAAAgAAAAIADAACAIgYDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwQ2QxqTwAAAIAAAACAAgAAgAEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA="
         }
     ],
     "combiner" : [
         {
             "combine" : [
                 "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H9HMEQCIFeeX7PDIvPZfNrFqWNn0HYRnoT1rlK5Z6WDG3bEROr1AiB2sWDcIhR/xfSYYn09htmayTznOW5Qm2bPIpe3y5lN3EEBAwRBAAAAAQRHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4iBgKVg785rgpgl0etGZrd1jT6YQhVnWxc05tMIYPxq5bgfxDZDGpPAAAAgAAAAIAAAACAIgYC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtcQ2QxqTwAAAIAAAACAAQAAgAABACAAwusLAAAAABepFPZTkwfjpI0eATbQYfXR/hnhokCJhyICAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcRzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBAQMEQQAAAAEER1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuIgYCOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnMQ2QxqTwAAAIAAAACAAwAAgCIGAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcENkMak8AAACAAAAAgAIAAIABBUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgAiAgOppMN/WZbTqiXbrGtXCvBlA5RJKUJGCzVHU+2e7KWHcRDZDGpPAAAAgAAAAIAEAACAACICAn9jmXV9Lv9VoTatAsaEsYOLZVbl8bazQoKpS2tQBRCWENkMak8AAACAAAAAgAUAAIAA",
                 "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtdIMEUCIQC4KZqvFEgiBXP/DSl7MJWuNK4jWoaSxkV49PQymsSmXQIgZEJJTLiXqYesRIJn+5rpHOzzEc+UvVyBhl4iRJDa/lZBAQMEQQAAAAEER1IhApWDvzmuCmCXR60Zmt3WNPphCFWdbFzTm0whg/GrluB/IQLath/0mhTban0CsM0fu3j8SxgxK1tOVNrk26L7/vU211KuIgYClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8Q2QxqTwAAAIAAAACAAAAAgCIGAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXENkMak8AAACAAAAAgAEAAIAAAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYciAgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc0gwRQIhAPnp+xxMInl3CosPo889LXOd7tusAnUZQYscGdNuJAZrAiBResVBqwycuwTarMk8X4focnvDwzVFrdydyZ2mfIus0UEBAwRBAAAAAQRHUiEDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwhAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zUq4iBgI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8OcxDZDGpPAAAAgAAAAIADAACAIgYDCJ3BDHrG21T5EymvYXMz2ziM6tDCMfcjN50bmQMLAtwQ2QxqTwAAAIAAAACAAgAAgAEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA="
             ],
             "result" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtdIMEUCIQC4KZqvFEgiBXP/DSl7MJWuNK4jWoaSxkV49PQymsSmXQIgZEJJTLiXqYesRIJn+5rpHOzzEc+UvVyBhl4iRJDa/lZBIgIClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H9HMEQCIFeeX7PDIvPZfNrFqWNn0HYRnoT1rlK5Z6WDG3bEROr1AiB2sWDcIhR/xfSYYn09htmayTznOW5Qm2bPIpe3y5lN3EEBAwRBAAAAAQRHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4iBgKVg785rgpgl0etGZrd1jT6YQhVnWxc05tMIYPxq5bgfxDZDGpPAAAAgAAAAIAAAACAIgYC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtcQ2QxqTwAAAIAAAACAAQAAgAABACAAwusLAAAAABepFPZTkwfjpI0eATbQYfXR/hnhokCJhyICAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zSDBFAiEA+en7HEwieXcKiw+jzz0tc53u26wCdRlBixwZ024kBmsCIFF6xUGrDJy7BNqsyTxfh+hye8PDNUWt3J3JnaZ8i6zRQSICAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcRzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBAQMEQQAAAAEER1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuIgYCOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnMQ2QxqTwAAAIAAAACAAwAAgCIGAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcENkMak8AAACAAAAAgAIAAIABBUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgAiAgOppMN/WZbTqiXbrGtXCvBlA5RJKUJGCzVHU+2e7KWHcRDZDGpPAAAAgAAAAIAEAACAACICAn9jmXV9Lv9VoTatAsaEsYOLZVbl8bazQoKpS2tQBRCWENkMak8AAACAAAAAgAUAAIAA"
         },
         {
             "combine" : [
                 "cHNidP8BAD8CAAAAAf//////////////////////////////////////////AAAAAAD/////AQAAAAAAAAAAA2oBAAAAAAAKDwECAwQFBgcICQ8BAgMEBQYHCAkKCwwNDg8ACg8BAgMEBQYHCAkPAQIDBAUGBwgJCgsMDQ4PAAoPAQIDBAUGBwgJDwECAwQFBgcICQoLDA0ODwA=",
                 "cHNidP8BAD8CAAAAAf//////////////////////////////////////////AAAAAAD/////AQAAAAAAAAAAA2oBAAAAAAAKDwECAwQFBgcIEA8BAgMEBQYHCAkKCwwNDg8ACg8BAgMEBQYHCBAPAQIDBAUGBwgJCgsMDQ4PAAoPAQIDBAUGBwgQDwECAwQFBgcICQoLDA0ODwA="
             ],
             "result" : "cHNidP8BAD8CAAAAAf//////////////////////////////////////////AAAAAAD/////AQAAAAAAAAAAA2oBAAAAAAAKDwECAwQFBgcICQ8BAgMEBQYHCAkKCwwNDg8KDwECAwQFBgcIEA8BAgMEBQYHCAkKCwwNDg8ACg8BAgMEBQYHCAkPAQIDBAUGBwgJCgsMDQ4PCg8BAgMEBQYHCBAPAQIDBAUGBwgJCgsMDQ4PAAoPAQIDBAUGBwgJDwECAwQFBgcICQoLDA0ODwoPAQIDBAUGBwgQDwECAwQFBgcICQoLDA0ODwA="
         }
     ],
     "finalizer" : [
         {
             "finalize" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHIgIC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtdIMEUCIQC4KZqvFEgiBXP/DSl7MJWuNK4jWoaSxkV49PQymsSmXQIgZEJJTLiXqYesRIJn+5rpHOzzEc+UvVyBhl4iRJDa/lZBIgIClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H9HMEQCIFeeX7PDIvPZfNrFqWNn0HYRnoT1rlK5Z6WDG3bEROr1AiB2sWDcIhR/xfSYYn09htmayTznOW5Qm2bPIpe3y5lN3EEBAwRBAAAAAQRHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4iBgKVg785rgpgl0etGZrd1jT6YQhVnWxc05tMIYPxq5bgfxDZDGpPAAAAgAAAAIAAAACAIgYC2rYf9JoU22p9ArDNH7t4/EsYMStbTlTa5Nui+/71NtcQ2QxqTwAAAIAAAACAAQAAgAABACAAwusLAAAAABepFPZTkwfjpI0eATbQYfXR/hnhokCJhyICAjrdkE89bc9Z3bkGsN7iNSm3/7ntUOXoYVGSaGAiHw5zSDBFAiEA+en7HEwieXcKiw+jzz0tc53u26wCdRlBixwZ024kBmsCIFF6xUGrDJy7BNqsyTxfh+hye8PDNUWt3J3JnaZ8i6zRQSICAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcRzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBAQMEQQAAAAEER1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuIgYCOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnMQ2QxqTwAAAIAAAACAAwAAgCIGAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcENkMak8AAACAAAAAgAIAAIABBUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgAiAgOppMN/WZbTqiXbrGtXCvBlA5RJKUJGCzVHU+2e7KWHcRDZDGpPAAAAgAAAAIAEAACAACICAn9jmXV9Lv9VoTatAsaEsYOLZVbl8bazQoKpS2tQBRCWENkMak8AAACAAAAAgAUAAIAA",
             "result" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAQfaAEcwRAIgV55fs8Mi89l82sWpY2fQdhGehPWuUrlnpYMbdsRE6vUCIHaxYNwiFH/F9JhifT2G2ZrJPOc5blCbZs8il7fLmU3cQUgwRQIhALgpmq8USCIFc/8NKXswla40riNahpLGRXj09DKaxKZdAiBkQklMuJeph6xEgmf7mukc7PMRz5S9XIGGXiJEkNr+VkFHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4AAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYcBB9oARzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBSDBFAiEA+en7HEwieXcKiw+jzz0tc53u26wCdRlBixwZ024kBmsCIFF6xUGrDJy7BNqsyTxfh+hye8PDNUWt3J3JnaZ8i6zRQUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA="
         }
     ],
     "extractor" : [
         {
             "extract" : "cHNidP8BAJoCAAAAAljoeiG1ba8MI76OcHBFbDNvfLqlyHV5JPVFiHuyq911AAAAAAD/////g40EJ9DsZQpoqka7CwmK6kQiwHGyyng1Kgd5WdB86h0BAAAAAP////8CcKrwCAAAAAAWABTYXCtx0AYLCcmIauuBXlCZHdoSTQDh9QUAAAAAFgAUAK6pouXw+HaliN9VRuh0LR2HAI8AAAAAAAEAIIDw+gIAAAAAF6kUD7lGNCFpa4LIM68kHHjBfdveSTSHAQfaAEcwRAIgV55fs8Mi89l82sWpY2fQdhGehPWuUrlnpYMbdsRE6vUCIHaxYNwiFH/F9JhifT2G2ZrJPOc5blCbZs8il7fLmU3cQUgwRQIhALgpmq8USCIFc/8NKXswla40riNahpLGRXj09DKaxKZdAiBkQklMuJeph6xEgmf7mukc7PMRz5S9XIGGXiJEkNr+VkFHUiEClYO/Oa4KYJdHrRma3dY0+mEIVZ1sXNObTCGD8auW4H8hAtq2H/SaFNtqfQKwzR+7ePxLGDErW05U2uTbovv+9TbXUq4AAQAgAMLrCwAAAAAXqRT2U5MH46SNHgE20GH10f4Z4aJAiYcBB9oARzBEAiBnrEB7WcwLuWdisBpe6dVj/d3RTo0CCmRQJjnWVNBCDQIgH3K+5DYrjna1qu3uYVvW81W5g9tGDs9qfelLV5uyeTtBSDBFAiEA+en7HEwieXcKiw+jzz0tc53u26wCdRlBixwZ024kBmsCIFF6xUGrDJy7BNqsyTxfh+hye8PDNUWt3J3JnaZ8i6zRQUdSIQMIncEMesbbVPkTKa9hczPbOIzq0MIx9yM3nRuZAwsC3CECOt2QTz1tz1nduQaw3uI1Kbf/ue1Q5ehhUZJoYCIfDnNSrgEFR1IhAwidwQx6xttU+RMpr2FzM9s4jOrQwjH3IzedG5kDCwLcIQI63ZBPPW3PWd25BrDe4jUpt/+57VDl6GFRkmhgIh8Oc1KuACICA6mkw39ZltOqJdusa1cK8GUDlEkpQkYLNUdT7Z7spYdxENkMak8AAACAAAAAgAQAAIAAIgICf2OZdX0u/1WhNq0CxoSxg4tlVuXxtrNCgqlLa1AFEJYQ2QxqTwAAAIAAAACABQAAgAA=",
             "result" : "020000000258e87a21b56daf0c23be8e7070456c336f7cbaa5c8757924f545887bb2abdd7500000000da004730440220579e5fb3c322f3d97cdac5a96367d076119e84f5ae52b967a5831b76c444eaf5022076b160dc22147fc5f498627d3d86d99ac93ce7396e509b66cf2297b7cb994ddc41483045022100b8299aaf1448220573ff0d297b3095ae34ae235a8692c64578f4f4329ac4a65d02206442494cb897a987ac448267fb9ae91cecf311cf94bd5c81865e224490dafe5641475221029583bf39ae0a609747ad199addd634fa6108559d6c5cd39b4c2183f1ab96e07f2102dab61ff49a14db6a7d02b0cd1fbb78fc4b18312b5b4e54dae4dba2fbfef536d752aeffffffff838d0427d0ec650a68aa46bb0b098aea4422c071b2ca78352a077959d07cea1d01000000da00473044022067ac407b59cc0bb96762b01a5ee9d563fdddd14e8d020a64502639d654d0420d02201f72bee4362b8e76b5aaedee615bd6f355b983db460ecf6a7de94b579bb2793b41483045022100f9e9fb1c4c2279770a8b0fa3cf3d2d739deedbac027519418b1c19d36e24066b0220517ac541ab0c9cbb04daacc93c5f87e8727bc3c33545addc9dc99da67c8bacd14147522103089dc10c7ac6db54f91329af617333db388cead0c231f723379d1b99030b02dc21023add904f3d6dcf59ddb906b0dee23529b7ffb9ed50e5e86151926860221f0e7352aeffffffff0270aaf00800000000160014d85c2b71d0060b09c9886aeb815e50991dda124d00e1f5050000000016001400aea9a2e5f0f876a588df5546e8742d1d87008f00000000"
         }
     ]
 }
\ No newline at end of file
diff --git a/test/util/data/txcreatesignv2.hex b/test/util/data/txcreatesignv2.hex
index 3c9716629..a102a6774 100644
--- a/test/util/data/txcreatesignv2.hex
+++ b/test/util/data/txcreatesignv2.hex
@@ -1 +1 @@
-02000000018594c5bdcaec8f06b78b596f31cd292a294fd031e24eec716f43dac91ea7494d000000008b483045022100c8409b51f558d853f862a88a50f8c0a45f8d0689b339f518ceb16fc38146d85c02202e703515d1c5cce477fd3e51de7f18d31884b57900cf09018163e3257a63517b01410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8ffffffff01a0860100000000001976a9145834479edbbe0539b31ffd3a8f8ebadc2165ed0188ac00000000
+02000000018594c5bdcaec8f06b78b596f31cd292a294fd031e24eec716f43dac91ea7494d000000008a47304402205338be788a5c8ec16624f60c244927054e7b07bc8e540b14b1f4a16842ddefd102204e4db3e867caa416a6ec592addc30ba379c1e899913caf97214ed3e0aa3c866a01410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8ffffffff01a0860100000000001976a9145834479edbbe0539b31ffd3a8f8ebadc2165ed0188ac00000000