1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
Return-Path: <kkarasavvas@gmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 9B5B0C002B
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Feb 2023 08:37:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 836AA60BDE
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Feb 2023 08:37:05 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 836AA60BDE
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=SRRH65uU
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0-usLM8fK_wo
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Feb 2023 08:37:04 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 35F6760BB5
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com
[IPv6:2607:f8b0:4864:20::1129])
by smtp3.osuosl.org (Postfix) with ESMTPS id 35F6760BB5
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 1 Feb 2023 08:37:04 +0000 (UTC)
Received: by mail-yw1-x1129.google.com with SMTP id
00721157ae682-506609635cbso236588447b3.4
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 01 Feb 2023 00:37:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=Evj34jMX8euWK/OMnSx2quEdO7wGczA1tdKZgHzwIoo=;
b=SRRH65uU4lQsdFYVXZManqopZKOGKauDj0ICfacL+kUhKswi3PQeLU3ODk2Vwjd5DZ
HC5+f2LjiAC/nwlfXSFm85u1EoyQe0QX90tL9VpaHZootg+Tnee1M7cmGzfFAC6b63g1
6JPXFjStmmJ8Vu5P5zrBd5Jd0Icaw9/BtGGaMyz9497iZCnxQSfyDCRL2EprzXB9BrEf
nUxhpKlpzEz1Pcd7g1mfgbw19jpBl2ky5IUhr2+51LqHNMi4HBRI72ce5+flIxcT/d3m
Khqhd/kVtcLW31jgzqvTiYhQLHSbQK2pf+UbHBa73zjKqmgODagmOs6NYqXtT4Ji8stb
9A9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=Evj34jMX8euWK/OMnSx2quEdO7wGczA1tdKZgHzwIoo=;
b=kVuzSpHDBEkdRxx6wkc58NbcG56U0tpv+93Nmq+PRwXkYJg2M0wbeAGZ5xSTxKnLdh
a7B0CI5lIgPz5g7P3dLKT4jnnBVSl27qEtpt6IZ7diROyGxTGVkNLCKu8yxnjzcLGoNG
Tm4mjriCwiJv2wXwYN/V2RatKOzXVQuDnV4iq1qOW3C2JG4qEW3hFP451hRncHo07POK
4y+ZV/q8f2J5UXMjW1ZfUmYpf++cApehfG+uJqchCgd6U9je7nLAaFHsABvU6cTjff9f
+bu9XjTaCMzs4GWz/kvU4lsS8pYuV7XFinQXGb+SfgFqNWcnfo0XPgysWJdSIXVcHRh1
flqQ==
X-Gm-Message-State: AO0yUKUiJRy0J3wWqz9vAVOt2D1gO8Wh3Fz3tJSPkhNCbeVVJv5umLCU
XLYXjyWyjQt78BIa1IKbbdIhwpkhcFuuXarEBEM=
X-Google-Smtp-Source: AK7set+RsiTNV78tEgyOq6Z8nx1turbYbbSadS8x+ZQD+1PuDt4bF9lMk+zi6L1ZV8Ywscbd3zTCyPJSo2xmuCqYZ0k=
X-Received: by 2002:a81:6541:0:b0:4d7:eb11:6bf7 with SMTP id
z62-20020a816541000000b004d7eb116bf7mr175330ywb.235.1675240622952; Wed, 01
Feb 2023 00:37:02 -0800 (PST)
MIME-Version: 1.0
References: <CACrqygAMsO1giYuxm=DZUqfeRjEqGM7msmEnZ-AHws3oA2=aqw@mail.gmail.com>
<764E460B-C0C6-47B8-A97E-F7CBC81FD645@petertodd.org>
<CACrqygD8ZF-PqKuFK7-SgiPdZQ9ewt+9QGXytpf8+NYjjNjyfA@mail.gmail.com>
In-Reply-To: <CACrqygD8ZF-PqKuFK7-SgiPdZQ9ewt+9QGXytpf8+NYjjNjyfA@mail.gmail.com>
From: Kostas Karasavvas <kkarasavvas@gmail.com>
Date: Wed, 1 Feb 2023 10:36:52 +0200
Message-ID: <CABE6yHtbgD_5kCHMu9P9ThbqRHnzXMERRZsu7_6H20CAcQuEww@mail.gmail.com>
To: Christopher Allen <ChristopherA@lifewithalacrity.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000003e96ad05f39f5a90"
X-Mailman-Approved-At: Wed, 01 Feb 2023 14:08:38 +0000
Subject: Re: [bitcoin-dev] Debate: 64 bytes in OP_RETURN VS taproot OP_FALSE
OP_IF OP_PUSH
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2023 08:37:05 -0000
--0000000000003e96ad05f39f5a90
Content-Type: text/plain; charset="UTF-8"
With OP_RETURN you publish some data that are immediately visible in the
blockchain. I would consider this better (more straightforward) for things
like time-stamping.
With Taproot you need to spend the utxo to make the script visible. This
seems better when you don't want the data public but you need to be able to
reveal the data when the time comes.
Unless it is important to reveal later, it seems to me that for 80 bytes or
less OP_RETURN is still the way to go post-taproot.
On Wed, 1 Feb 2023, 04:30 Christopher Allen via bitcoin-dev, <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> I don't have a concrete proposal in mind, I'm just trying to understand
> various tradeoffs in post-taproot bitcoin in more detail.
>
> On Tue, Jan 31, 2023 at 6:07 PM Peter Todd <pete@petertodd.org> wrote:
>
>>
>> >OP_FALSE
>> >OP_IF
>> >OP_PUSH my64bytes
>> >OP_ENDIF
>>
>> What's wrong with OpPush <data> OpDrop?
>>
>
> I'm not sure pro or con of either. I just saw that proposal above recently.
>
>
>> Also, it is incorrect to say that OpReturn outputs "clog UTXO space". The
>> whole point of OpReturn is to standardize a way to keep such outputs out of
>> the UTXO set. There is the 75% discount to using witness space. But
>> considering the size of a transaction as a whole using taproot instead of
>> OpReturn doesn't save much.
>>
>
> There are OP_RETURN tricks in production that do clog UTXO space. I was
> trying to avoid consideration of those by just saying to compare apples vs.
> apples, by presuming that any form of these transactions holding the 64
> bytes is a spent transaction.
>
> Finally, _64_ bytes is more than a mere 32 byte commitment. What specific
>> use case do you actually have in mind here? Are you actually publishing
>> data, or simply committing to data? If the latter, you can use ECC
>> commitments and have no extra space at all.
>>
>
> I chose 64 bytes for this exercise, as I know there are tricks hiding 32
> bytes as keys. As almost every op_return live out there is >32 bytes, I
> wanted an example that could be a signature, two hashes, a hash plus some
> metadata, etc. I also considered 96 bytes (for instance a hash and a
> signature), but as that doesn't fit into OP_RETURN's 80 bytes, that choice
> prohibits comparing the different approaches side-by-side.
>
> To come back to my question another way, if you ignore the people who say
> "never put anything except data facilitating coin transactions into the
> bitcoin blockchain", but if you also are not trying to use the bitcoin
> blockchain as a world database (ala ETH), what is the most pragmatic way to
> do so that minimizes any potential harm? The answer pre-taproot was
> OP_RETURN. What is it now?
>
> -- Christopher Allen
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--0000000000003e96ad05f39f5a90
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto"><div>With OP_RETURN you publish some data that are immedi=
ately visible in the blockchain. I would consider this better (more straigh=
tforward) for things like time-stamping.<div dir=3D"auto"><br></div><div di=
r=3D"auto">With Taproot you need to spend the utxo to make the script visib=
le. This seems better when you don't want the data public but you need =
to be able to reveal the data when the time comes.</div><div dir=3D"auto"><=
br></div><div dir=3D"auto">Unless it is important to reveal later, it seems=
to me that for 80 bytes or less OP_RETURN is still the way to go post-tapr=
oot.</div><div dir=3D"auto"><br></div><br><br><div class=3D"gmail_quote"><d=
iv dir=3D"ltr" class=3D"gmail_attr">On Wed, 1 Feb 2023, 04:30 Christopher A=
llen via bitcoin-dev, <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundati=
on.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex"><div dir=3D"ltr"><div>I don't have a concrete=
proposal in mind, I'm just trying to understand various tradeoffs in p=
ost-taproot bitcoin in more detail.</div><div><br></div><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Jan 31, 2023 at 6:07 =
PM Peter Todd <<a href=3D"mailto:pete@petertodd.org" target=3D"_blank" r=
el=3D"noreferrer">pete@petertodd.org</a>> wrote:<br></div><blockquote cl=
ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px=
;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1e=
x"><br>
>OP_FALSE<br>
>OP_IF<br>
>OP_PUSH my64bytes<br>
>OP_ENDIF<br>
<br>
What's wrong with OpPush <data> OpDrop?<br></blockquote><div><br>=
</div><div>I'm not sure pro or con of either. I just saw that proposal =
above recently.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:soli=
d;border-left-color:rgb(204,204,204);padding-left:1ex">Also, it is incorrec=
t to say that OpReturn outputs "clog UTXO space". The whole point=
of OpReturn is to standardize a way to keep such outputs out of the UTXO s=
et. There is the 75% discount to using witness space. But considering the s=
ize of a transaction as a whole using taproot instead of OpReturn doesn'=
;t save much.<br></blockquote><div><br></div><div>There are OP_RETURN trick=
s in production that do clog UTXO space. I was trying to avoid consideratio=
n of those by just saying to compare apples vs. apples, by presuming that a=
ny form of these transactions holding the 64 bytes is a spent transaction.<=
/div><div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-colo=
r:rgb(204,204,204);padding-left:1ex">Finally, _64_ bytes is more than a mer=
e 32 byte commitment. What specific use case do you actually have in mind h=
ere? Are you actually publishing data, or simply committing to data? If the=
latter, you can use ECC commitments and have no extra space at all.<br></b=
lockquote><div><br></div><div>I chose 64 bytes for this exercise, as I know=
there are tricks hiding 32 bytes as keys. As almost every op_return live o=
ut there is >32 bytes, I wanted an example that could be a signature, tw=
o hashes, a hash plus some metadata, etc. I also considered 96 bytes (for i=
nstance a hash and a signature), but as that doesn't fit into OP_RETURN=
's 80 bytes, that choice prohibits comparing the different approaches s=
ide-by-side.</div><div><br></div><div>To come back to my question another w=
ay, if you ignore the people who say "never put anything except data f=
acilitating coin transactions into the bitcoin blockchain", but if you=
also are not trying to use the bitcoin blockchain as a world database (ala=
ETH), what is the most pragmatic way to do so that minimizes any potential=
harm? The answer pre-taproot was OP_RETURN. What is it now?</div><div><br>=
</div><div>-- Christopher Allen</div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div></div></div>
--0000000000003e96ad05f39f5a90--
|