1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
Return-Path: <joost.jager@gmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id C2D68C0029
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 16 Jun 2023 11:27:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 88A7F40125
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 16 Jun 2023 11:27:13 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 88A7F40125
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20221208 header.b=OabxVWJK
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id QnLd6E26-XV1
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 16 Jun 2023 11:27:12 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6996A418CD
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com
[IPv6:2a00:1450:4864:20::62c])
by smtp2.osuosl.org (Postfix) with ESMTPS id 6996A418CD
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 16 Jun 2023 11:27:12 +0000 (UTC)
Received: by mail-ej1-x62c.google.com with SMTP id
a640c23a62f3a-982c996a193so78039966b.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 16 Jun 2023 04:27:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1686914830; x=1689506830;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=6vxvCjXYxMDPDmNRHXl8wFE0htvEGWQZrddcTPJkBYs=;
b=OabxVWJKTDiFLawtUlmMVJJ/LLVjGMLRgP6jNWPs5h5D3HAMh2SK8CWjP1kwKUJpKY
3SetDN0DN3wUSy4HkSDWIMQ6jeA39YriZF5Vlm7ZHosrvUwJLO1DGohZJS9J4L3IoOFN
O8qPu3HpL5/ZoxIJoyPo3jYsm5nVpyuvllWv4KngOVQWLty4DfqaIO9Xwhaf9zb5WhQ9
7wGvl81k3oEhCG9J21jLGTSS79zuBvt3KM+6UeIcVQ66VRncgOSmWOYyXvkZSgeSQXAp
ilm1X4WcbSPZZD30sz8AQgIYjR4/vu/I7Jc1/USGPKhhrX3RcBsgIohEPmYDqtNUEZXf
NI/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1686914830; x=1689506830;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=6vxvCjXYxMDPDmNRHXl8wFE0htvEGWQZrddcTPJkBYs=;
b=KQc/HSq+DxxJnAIW6e8MbjZonmaOYl+peR7Vr1QNmbuhYiDduqPCfgHRI/wRES5aI/
nf7WEeaxOxQbiD3zMOymx0qOSFS8C90AFcnkxZ/86036yA76ng4u2fFoejLOodoqaLdh
BqyYIQd0X3WoFPK1j5ZSJgETXPMXG6N1L8bZzefRRq8SQizRIQAYaD1cb1ujMJCMhCE2
UNF2uz2qtOZh/HcpO6We3qddLa5moGqTzkHOjZ+q1Z/UfWmUVBRMJwW6wb39Gi8bMRYZ
mwIs2wkGALjxwHhiFZI7VEudRHQRFddx18u4zpLOOM0FFgU1k0NgJ7zCz6oM6mm2xozD
VCFg==
X-Gm-Message-State: AC+VfDyFt0V2TB1XV9HaoogRAHsOea4xpF3rg2jhha8fjMOwAQkThUvi
IK11oH9SFbXhaiHyvzi+r2Z2Ns4ZfpsQw4mGmMo=
X-Google-Smtp-Source: ACHHUZ6RbKmMgfMw0LoreD0vYsAo2gVuu9uhV6ZGgS3EFlBzJTsxGCKPbROAsLoVmOMEOx3tlk/uIN4AAGWAA4ES8lY=
X-Received: by 2002:a17:907:9303:b0:982:5fff:ffe9 with SMTP id
bu3-20020a170907930300b009825fffffe9mr1592345ejc.41.1686914830302; Fri, 16
Jun 2023 04:27:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAJBJmV-L4FusaMNV=_7L39QFDKnPKK_Z1QE6YU-wp2ZLjc=RrQ@mail.gmail.com>
<29ff546a6007cec1a0f85b91541f8e4d@dtrt.org>
<CAB3F3Dtad8Fqb4R1phFU33SQPoL66nRz3rSHNbAaDSF=RN1NOA@mail.gmail.com>
<CAJBJmV88j7i3=uqnU5OwMCKyZaP9v6cx9EKEuK1FYs6aL0r1uw@mail.gmail.com>
<CAB3F3DtLzemnNqj6skRcK22qGYVwuo5YCPhUXQDCUcEe3yKr7Q@mail.gmail.com>
In-Reply-To: <CAB3F3DtLzemnNqj6skRcK22qGYVwuo5YCPhUXQDCUcEe3yKr7Q@mail.gmail.com>
From: Joost Jager <joost.jager@gmail.com>
Date: Fri, 16 Jun 2023 13:26:34 +0200
Message-ID: <CAJBJmV_vPW1vBSfTeDOU_FecHk1sX2=uGUFYS9enC=hwvLpVQA@mail.gmail.com>
To: Greg Sanders <gsanders87@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000003a020905fe3d7797"
X-Mailman-Approved-At: Fri, 16 Jun 2023 13:13:13 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Standardisation of an unstructured taproot annex
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 11:27:13 -0000
--0000000000003a020905fe3d7797
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi Greg,
On Thu, Jun 15, 2023 at 12:39=E2=80=AFPM Greg Sanders <gsanders87@gmail.com=
> wrote:
> > Would it then still be necessary to restrict the annex to a maximum siz=
e?
>
> I think it's worth thinking about to protect the opt-in users, and can
> also be used for other anti-pinning efforts(though clearly not sufficient
> by itself for the many many pinning vectors we have :) )
>
Thinking about the most restrictive policy that would still enable
annex-vaults (which I believe has great potential for improving bitcoin
custody) and is in line with work already done, I get to:
* Opt-in annex (every input must commit to an annex even if its is empty)
-> make sure existing multi-party protocols remain unaffected
* Tlv format as defined in https://github.com/bitcoin/bips/pull/1381 ->
future extensibility
* Only allow tlv record 0 - unstructured data -> future extensibility
* Limit maximum size of the value to 256 bytes -> protect opt-in users
Unfortunately the limit of 126 bytes in
https://github.com/bitcoin-inquisition/bitcoin/pull/22 isn't sufficient for
these types of vaults. If there are two presigned txes (unvault and
emergency), those signatures would already take up 2*64=3D128 bytes. Then y=
ou
also want to store 32 bytes for the ephemeral key itself as the key can't
be reconstructed from the schnorr signature. The remaining bytes could be
used for a third presigned tx and/or additional vault parameters.
Can you think of remaining practical objections to making the annex
standard under the conditions listed above?
Joost
>
--0000000000003a020905fe3d7797
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Hi Greg,</div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr" class=3D"gmail_attr">On Thu, Jun 15, 2023 at 12:39=E2=80=AFPM Greg=
Sanders <<a href=3D"mailto:gsanders87@gmail.com">gsanders87@gmail.com</=
a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0p=
x 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><d=
iv dir=3D"ltr"><div>> Would it then still be necessary to restrict the a=
nnex to a maximum size?<br></div><div><br></div><div>I think it's worth=
thinking about to protect the opt-in users, and can also be used for other=
anti-pinning efforts(though clearly not sufficient by itself for the many =
many pinning vectors we have :) )</div></div></blockquote><div><br></div><d=
iv>Thinking about the most restrictive policy that would still enable annex=
-vaults (which I believe has great potential for improving bitcoin custody)=
and is in line with work already done, I get to:</div><div><br></div><div>=
* Opt-in annex (every input must commit to an annex even if its is empty) -=
> make sure existing multi-party protocols remain unaffected</div><div>*=
Tlv format as defined in=C2=A0<a href=3D"https://github.com/bitcoin/bips/p=
ull/1381">https://github.com/bitcoin/bips/pull/1381</a> -> future extens=
ibility<br>* Only allow tlv record 0 - unstructured data -> future exten=
sibility</div><div>* Limit maximum size of the value to 256 bytes -> pro=
tect opt-in users</div><div><br></div><div>Unfortunately the limit of 126 b=
ytes in=C2=A0<a href=3D"https://github.com/bitcoin-inquisition/bitcoin/pull=
/22">https://github.com/bitcoin-inquisition/bitcoin/pull/22</a> isn't s=
ufficient for these types of vaults. If there are two presigned txes (unvau=
lt and emergency), those signatures would already take up 2*64=3D128 bytes.=
Then you also want to store 32 bytes for the ephemeral key itself as the k=
ey can't be reconstructed from the schnorr signature. The remaining byt=
es could be used for a third presigned tx and/or additional vault parameter=
s.</div><div><br></div><div>Can you think of remaining practical objections=
to making the annex standard under the conditions listed above?</div><div>=
<br></div><div>Joost</div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">
</blockquote></div>
</blockquote></div></div>
--0000000000003a020905fe3d7797--
|