Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 78F2EA5D for ; Thu, 3 Nov 2016 20:02:56 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f181.google.com (mail-qt0-f181.google.com [209.85.216.181]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5C1B1194 for ; Thu, 3 Nov 2016 20:02:55 +0000 (UTC) Received: by mail-qt0-f181.google.com with SMTP id p16so35613802qta.0 for ; Thu, 03 Nov 2016 13:02:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blockstream-io.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SgZnd/Q8SCGt27RUqpNExoYjs+PY4tghHahJUAUkJ48=; b=q/HNNnEwxZ4Gl2WRLy+0eFAa75RFE/nPxdJwDg41vLeWYwK2RvGstxMluVpHYVd56s kWLPyp90NdcekA6c0U4E2eJuRGrHHsbLmOo9kcz9CEFYNetVmjV+5t4hz0c6gctE4Sd5 hCuEf6pi+qq0tb0rB/FsS8NFkvcWhUEHrfM7EOGbPL7lXF/aotqN1HyE1t3tsz3xEvwC PiHeSZ9NaIVwXvrPLY6/TyMb6Buqg/XxbFSsMMBbznSuf3g5v6wBApY66AetfDNLrg2b 7Hni89xEIs4UojxcLOTE+tYPLbq1H30s+EAU+b6huhZIwBdotcGMRjSFJfziqZu03ABv G1JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SgZnd/Q8SCGt27RUqpNExoYjs+PY4tghHahJUAUkJ48=; b=DFITOT+k/yATvwMI4tqe/+0BiZqcPV6eNos0YRuGmtpF7DX8l8kgt+wG9RXwx9BBV3 juCNycg12dePLhJPhuBHPCqbnUuP0NIWcNYfnIysqzJYSWrTzsKCpVKXdubU+ECoMft+ o7vMXrddQXTS7rNAZL2tlYRmshmEF+0kpc+BXOuWGv4Nt415ryo0350WjP+tDiBAqols +w8WBczt5VC0Lm/MfFRSHGo56DfcFuD1OSfkQF4PV+zUFRUKjx02qyg79QxrZTGi7//e pwkE89eCRGZLioV282/B1egAConeAt334qisbPxK2/UxQF56kySGxo2G9f5Vw+zrvVv8 p/8A== X-Gm-Message-State: ABUngveFKjWnsdQy2hltEXebORi2B3SVO3vKHyH2hSysD3MqwPaArQd/eLZ2KKAT+ouVqv7AffyX6Kvh13UlkkMZ X-Received: by 10.237.62.153 with SMTP id n25mr9368245qtf.50.1478203374361; Thu, 03 Nov 2016 13:02:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.164.195 with HTTP; Thu, 3 Nov 2016 13:02:33 -0700 (PDT) In-Reply-To: References: From: "Russell O'Connor" Date: Thu, 3 Nov 2016 16:02:33 -0400 Message-ID: To: Daniel Robinson Content-Type: multipart/alternative; boundary=001a113a1f1609133905406b0b7c X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_LOW, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Implementing Covenants with OP_CHECKSIGFROMSTACKVERIFY X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2016 20:02:56 -0000 --001a113a1f1609133905406b0b7c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Nov 3, 2016 at 3:37 AM, Daniel Robinson wrote: > Really cool! > > How about "poison transactions," the other covenants use case proposed by > M=C3=B6ser, Eyal, and Sirer? (I think OP_CHECKSIGFROMSTACKVERIFY will als= o make > it easier to check fraud proofs, the other prerequisite for poison > transactions.) > I admit I didn't study their poison transactions very carefully. It seemed specific to Bitcoin-NG. > Seems a little wasteful to do those two "unnecessary" signature checks, > and to have to construct the entire transaction data structure, just to > verify a single output in the transaction. Any plans to add more flexible > introspection opcodes to Elements, such as OP_CHECKOUTPUTVERIFY? > I used to be hesitant to the idea of adding transaction introspection operations, because the script design seemed to be deliberately avoiding doing that. One of the big takeaways from this work, for me at least, is that since the transaction data is so easily recoverable anyways, adding transaction introspection operations isn't really going to provide any more power to script; it will just save everyone a bunch of work. There are no specific plans to put transaction introspection opcodes into Elements at this moment, but I feel that the door for that possibility is wide open now= . Really minor nit: "Notice that we have appended 0x83 to the end of the > transaction data"=E2=80=94should this say "to the end of the signature"? > Probably should reed "Notice that we have appended 0x83000000 to the end of the transaction data". I'll make an update. > > On Thu, Nov 3, 2016 at 12:28 AM Russell O'Connor via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > Right. There are minor trade-offs to be made with regards to that design > point of OP_CHECKSIGFROMSTACKVERIFY. Fortunately this covenant > construction isn't sensitive to that choice and can be made to work with > either implementation of OP_CHECKSIGFROMSTACKVERIFY. > > On Wed, Nov 2, 2016 at 11:35 PM, Johnson Lau wrote: > > Interesting. I have implemented OP_CHECKSIGFROMSTACKVERIFY in a different > way from the Elements. Instead of hashing the data on stack, I directly p= ut > the 32 byte hash to the stack. This should be more flexible as not every > system are using double-SHA256 > > https://github.com/jl2012/bitcoin/commits/mast_v3_master > > > On 3 Nov 2016, at 01:30, Russell O'Connor via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > Hi all, > > It is possible to implement covenants using two script extensions: OP_CAT > and OP_CHECKSIGFROMSTACKVERIFY. Both of these op codes are already > available in the Elements Alpha sidechain, so it is possible to construct > covenants in Elements Alpha today. I have detailed how the construction > works in a blog post at 11/02/covenants-in-elements-alpha.html>. As an example, I've constructed > scripts for the Moeser-Eyal-Sirer vault. > > I'm interested in collecting and implementing other useful covenants, so > if people have ideas, please post them. > > If there are any questions, I'd be happy to answer. > > -- > Russell O'Connor > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a113a1f1609133905406b0b7c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Thu, Nov 3, 2016 at 3:37 AM, Daniel Robinson <<= a href=3D"mailto:danrobinson010@gmail.com" target=3D"_blank">danrobinson010= @gmail.com> wrote:
Really cool!

<= /div>
How about "po= ison transactions," the other covenants use case proposed by M=C3=B6se= r, Eyal, and Sirer? (I think OP_CHECKSIGFROMSTACKVERIFY will also make it e= asier to check fraud proofs, the other prerequisite for poison transactions= .)

I admit I didn&#= 39;t study their poison transactions very carefully.=C2=A0 It seemed specif= ic to Bitcoin-NG.
=C2=A0
Seems a l= ittle wasteful to do those two "unnecessary" signature checks, an= d to have to construct the entire transaction data structure, just to verif= y a single output in the transaction. Any plans to add more flexible intros= pection opcodes to Elements, such as OP_CHECKOUTPUTVERIFY?

I used to be hesit= ant to the idea of adding transaction introspection operations, because the= script design seemed to be deliberately avoiding doing that.=C2=A0 One of = the big takeaways from this work, for me at least, is that since the transa= ction data is so easily recoverable anyways, adding transaction introspecti= on operations isn't really going to provide any more power to script; i= t will just save everyone a bunch of work.=C2=A0 There are no specific plan= s to put transaction introspection opcodes into Elements at this moment, bu= t I feel that the door for that possibility is wide open now.

Really minor nit: "Notice that we have appended 0x83 t= o the end of the transaction data"=E2=80=94should this say "to th= e end of the signature"?

Probably shou= ld reed "Notice that we have appended 0x83000000 to the end of the tra= nsaction data".=C2=A0 I'll make an update.
=C2=A0

On Thu, Nov 3, 2016 at 12:28 AM Russell O'Connor via bit= coin-dev <bitcoin-dev@lis= ts.linuxfoundation.org> wrote:
Right.=C2=A0 There are minor trade-offs to be made= with regards to that design point of OP_CHECKSIGFROMSTACKVERIFY.=C2=A0 For= tunately this covenant construction isn't sensitive to that choice and = can be made to work with either implementation of OP_CHECKSIGFROMSTACKVERIF= Y.

On Wed, Nov 2, 2016 at 11:35 PM, Johnson Lau <jl2012@xbt.hk> wrote:
Interesting. I have implemented= =C2=A0OP_CHECKSIGFROMSTACKVERIFY in a different way from the Elements.= Instead of hashing the data on stack, I directly put the 32 byte hash to t= he stack. This should be more flexible as not every system are using double= -SHA256

On= 3 Nov 2016, at 01:30, Russell O'Connor via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.= org> wrote:

=
Hi a= ll,

It is possible to implement covenants using t= wo script extensions: OP_CAT and OP_CHECKSIGFROMSTACKVERIFY.=C2=A0 Both of = these op codes are already available in the Elements Alpha sidechain, so it= is possible to construct covenants in Elements Alpha today.=C2=A0 I have d= etailed how the construction works in a blog post at <https://blockstream.com= /2016/11/02/covenants-in-elements-alpha.html>.=C2=A0 As an= example, I've constructed scripts for the Moeser-Eyal-Sirer vault.

I'm interested in collecting and implementing ot= her useful covenants, so if people have ideas, please post them.

If there are any questions, I'd be happy to answer.= =C2=A0

--
Russell O'Connor
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin= -dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linux= foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

--001a113a1f1609133905406b0b7c--