Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C2D68C0029 for ; Fri, 16 Jun 2023 11:27:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 88A7F40125 for ; Fri, 16 Jun 2023 11:27:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 88A7F40125 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=OabxVWJK X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnLd6E26-XV1 for ; Fri, 16 Jun 2023 11:27:12 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6996A418CD Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by smtp2.osuosl.org (Postfix) with ESMTPS id 6996A418CD for ; Fri, 16 Jun 2023 11:27:12 +0000 (UTC) Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-982c996a193so78039966b.3 for ; Fri, 16 Jun 2023 04:27:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686914830; x=1689506830; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6vxvCjXYxMDPDmNRHXl8wFE0htvEGWQZrddcTPJkBYs=; b=OabxVWJKTDiFLawtUlmMVJJ/LLVjGMLRgP6jNWPs5h5D3HAMh2SK8CWjP1kwKUJpKY 3SetDN0DN3wUSy4HkSDWIMQ6jeA39YriZF5Vlm7ZHosrvUwJLO1DGohZJS9J4L3IoOFN O8qPu3HpL5/ZoxIJoyPo3jYsm5nVpyuvllWv4KngOVQWLty4DfqaIO9Xwhaf9zb5WhQ9 7wGvl81k3oEhCG9J21jLGTSS79zuBvt3KM+6UeIcVQ66VRncgOSmWOYyXvkZSgeSQXAp ilm1X4WcbSPZZD30sz8AQgIYjR4/vu/I7Jc1/USGPKhhrX3RcBsgIohEPmYDqtNUEZXf NI/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686914830; x=1689506830; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6vxvCjXYxMDPDmNRHXl8wFE0htvEGWQZrddcTPJkBYs=; b=KQc/HSq+DxxJnAIW6e8MbjZonmaOYl+peR7Vr1QNmbuhYiDduqPCfgHRI/wRES5aI/ nf7WEeaxOxQbiD3zMOymx0qOSFS8C90AFcnkxZ/86036yA76ng4u2fFoejLOodoqaLdh BqyYIQd0X3WoFPK1j5ZSJgETXPMXG6N1L8bZzefRRq8SQizRIQAYaD1cb1ujMJCMhCE2 UNF2uz2qtOZh/HcpO6We3qddLa5moGqTzkHOjZ+q1Z/UfWmUVBRMJwW6wb39Gi8bMRYZ mwIs2wkGALjxwHhiFZI7VEudRHQRFddx18u4zpLOOM0FFgU1k0NgJ7zCz6oM6mm2xozD VCFg== X-Gm-Message-State: AC+VfDyFt0V2TB1XV9HaoogRAHsOea4xpF3rg2jhha8fjMOwAQkThUvi IK11oH9SFbXhaiHyvzi+r2Z2Ns4ZfpsQw4mGmMo= X-Google-Smtp-Source: ACHHUZ6RbKmMgfMw0LoreD0vYsAo2gVuu9uhV6ZGgS3EFlBzJTsxGCKPbROAsLoVmOMEOx3tlk/uIN4AAGWAA4ES8lY= X-Received: by 2002:a17:907:9303:b0:982:5fff:ffe9 with SMTP id bu3-20020a170907930300b009825fffffe9mr1592345ejc.41.1686914830302; Fri, 16 Jun 2023 04:27:10 -0700 (PDT) MIME-Version: 1.0 References: <29ff546a6007cec1a0f85b91541f8e4d@dtrt.org> In-Reply-To: From: Joost Jager Date: Fri, 16 Jun 2023 13:26:34 +0200 Message-ID: To: Greg Sanders Content-Type: multipart/alternative; boundary="0000000000003a020905fe3d7797" X-Mailman-Approved-At: Fri, 16 Jun 2023 13:13:13 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Standardisation of an unstructured taproot annex X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jun 2023 11:27:13 -0000 --0000000000003a020905fe3d7797 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Greg, On Thu, Jun 15, 2023 at 12:39=E2=80=AFPM Greg Sanders wrote: > > Would it then still be necessary to restrict the annex to a maximum siz= e? > > I think it's worth thinking about to protect the opt-in users, and can > also be used for other anti-pinning efforts(though clearly not sufficient > by itself for the many many pinning vectors we have :) ) > Thinking about the most restrictive policy that would still enable annex-vaults (which I believe has great potential for improving bitcoin custody) and is in line with work already done, I get to: * Opt-in annex (every input must commit to an annex even if its is empty) -> make sure existing multi-party protocols remain unaffected * Tlv format as defined in https://github.com/bitcoin/bips/pull/1381 -> future extensibility * Only allow tlv record 0 - unstructured data -> future extensibility * Limit maximum size of the value to 256 bytes -> protect opt-in users Unfortunately the limit of 126 bytes in https://github.com/bitcoin-inquisition/bitcoin/pull/22 isn't sufficient for these types of vaults. If there are two presigned txes (unvault and emergency), those signatures would already take up 2*64=3D128 bytes. Then y= ou also want to store 32 bytes for the ephemeral key itself as the key can't be reconstructed from the schnorr signature. The remaining bytes could be used for a third presigned tx and/or additional vault parameters. Can you think of remaining practical objections to making the annex standard under the conditions listed above? Joost > --0000000000003a020905fe3d7797 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

*= Tlv format as defined in=C2=A0https://github.com/bitcoin/bips/pull/1381 -> future extens= ibility
* Only allow tlv record 0 - unstructured data -> future exten= sibility
* Limit maximum size of the value to 256 bytes -> pro= tect opt-in users

Unfortunately the limit of 126 b= ytes in=C2=A0https://github.com/bitcoin-inquisition/bitcoin/pull/22 isn't s= ufficient for these types of vaults. If there are two presigned txes (unvau= lt and emergency), those signatures would already take up 2*64=3D128 bytes.= Then you also want to store 32 bytes for the ephemeral key itself as the k= ey can't be reconstructed from the schnorr signature. The remaining byt= es could be used for a third presigned tx and/or additional vault parameter= s.

Can you think of remaining practical objections= to making the annex standard under the conditions listed above?
=
Joost
--0000000000003a020905fe3d7797--