Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id C8833C002D for ; Wed, 10 Aug 2022 13:53:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 8CC5E80C2B for ; Wed, 10 Aug 2022 13:53:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 8CC5E80C2B Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=notatether.com header.i=@notatether.com header.a=rsa-sha256 header.s=protonmail header.b=LchsJwC8 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqsfYeAUd6fn for ; Wed, 10 Aug 2022 13:53:31 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BB73380B37 Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) by smtp1.osuosl.org (Postfix) with ESMTPS id BB73380B37 for ; Wed, 10 Aug 2022 13:53:30 +0000 (UTC) Date: Wed, 10 Aug 2022 13:53:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=notatether.com; s=protonmail; t=1660139608; x=1660398808; bh=QCgznMebjIyz+i5Yq4ypVNjflctjbS6e9K+uro2rXFs=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=LchsJwC8wZIUnJ6I1r1SxG38PRwxQQN5wprSMANxPETP8LpnaaxtUPBwkxfHyjT6z 39bnsqZZDm2q3ZT9yNzc6nnbNhWmXVLCMiqoC9w8q1Q551DhaT2fYHdq7DHSNsX+rT fK2rJiQyPyNSKWn9V0kcC5WsBBnehek0zliHOAan7dXPwLN2dtosTUc4j4st/n5qmz Eh7F24ClLBKuJ4gSfWIIGajmO4jlGQehCBmmBue4dEI5GLvanckCZNaHioNvM5szyd b6O0z93xZpaKPxoDU4fIfnvjbbVBan/FaR0qYl0cJO3W8qaT9GQi3fodOjSejlo2A3 5wf+B5F4NK1Mw== To: vjudeu@gazeta.pl From: Ali Sherief Reply-To: Ali Sherief Message-ID: <20220810135313.qxhshtuq3wx64osz@artanis> In-Reply-To: References: Feedback-ID: 34210769:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Wed, 10 Aug 2022 14:01:44 +0000 Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Regarding BIP322 edge cases X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2022 13:53:33 -0000 > Backward compatibility. If we don't have OP_CHECKDATASIG, then it has to = be somehow introduced to make it compatible with "Bitcoin Message". I suppose in the case of legacy P2PKH signing, a hypothetical OP_CHECKDATAS= IG can take off the stack and perform an ECDSA pub= lic key recovery, followed by SHA256/RIPEMD160, kind of like a hybrid betwe= en OP_DUP/OP_HASH160/OP_EQUALVERIFY and OP_CHECKSIG. But the implementations would have to decode the Base58 address into "0x00"= plus the address hash. As the only supported invoice type for the Legacy s= igning methods, this should be straight forward to do. > And we have opcodes like OP_RESERVED, that can be wrapped in OP_IF, then = it is "conditionally valid transaction". I'm not sure how an OP_RESERVED in an unexcuted OP_IF is going to help impl= ement an ECDSA pubkey recovery + DUP/HASH160/EQUALVERIFY hybrid instruction= . - Ali On Wed, 10 Aug 2022 04:59:46 +0200, vjudeu@gazeta.pl wrote: > > I'm not sure what is to be gained from adding an opcode > > Backward compatibility. If we don't have OP_CHECKDATASIG, then it has to = be somehow introduced to make it compatible with "Bitcoin Message". And we = have opcodes like OP_RESERVED, that can be wrapped in OP_IF, then it is "co= nditionally valid transaction". It is also possible to assign some unused o= pcode, but then it will be more complex, because in Script, those opcodes m= ake transaction invalid, but inside TapScript, those opcodes are defined as= OP_SUCCESS, and make things automatically valid. > > > On 2022-08-09 22:53:34 user Ali Sherief via bitcoin-dev wrote: > > Although there is a Github issue/PR at https://github.com/bitcoin/bips/= pull/1347 for addressing all the TODO items of BIP322, I decided to throw i= t in the mailing list again to see if anyone else has suggestions for deali= ng with them. > > So in an older copy of the draft at https://github.com/bitcoin/bips/blob/= b6b0126e2d04793ba52a40f05d24538fa3f2c9ad/bip-0322.mediawiki , I found the s= ome TODO items, and I will copy-paste the ones in the Specification section= (for full proofs) here: > > > TODO: How does this interact with as-of-yet-unspecified "Silent Transac= tions"? > > TODO: Some invalid opcode to allow only in various proof types? > > TODO: A way for the initial signer to delegate to another scriptPubKey;= needed for better privacy and CoinJoin/Lightning compatibility > > So to start with, I believe it will be very helpful to limit what opcodes= scriptPubKeys to be elligible to sign from them. The specification already= does so to a point, but in order for these to be recognizable, it's my opi= nion that one of the NOPs should be placed at the beginning of the script t= o activate proof parsing mode. > > Of course, an opcode is not necessary at all, if the program is able to i= nfer from context where the proof is coming from. After all, since they can= not be broadcasted, they can't be mined in blocks, so will never be encount= ered in a full node's usual verifier. I'm not sure what is to be gained fro= m adding an opcode - the only source for real transactions is from P2P-obta= ined blocks, so when a human inputs a signature to be verified, it can chec= k that a real transaction is not being inserted by looking for the invalid = input. > > For Silent Transactions, I have already given my suggestion in the PR, th= at some subsection can be made saying that it can operate with them by usin= g its scriptPubKey (and other stuff that may be necessary - I am not excatl= y sure what goes inside the Witness stack of message_signature). > > In the case of the last TODO, related to delegation to another scriptPubK= ey, I am not quite sure at the moment what to do about it - perhaps you guy= s can place a MAST (two Merkle branches, to be specific) - the first branch= has the original signer's scriptPubKey, the second branch contains the del= egated signer's scriptPubKey. > > - Ali