From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 09 Jul 2025 11:57:05 -0700 Received: from mail-ot1-f58.google.com ([209.85.210.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uZZya-0006Hu-Kt for bitcoindev@gnusha.org; Wed, 09 Jul 2025 11:57:05 -0700 Received: by mail-ot1-f58.google.com with SMTP id 46e09a7af769-7387447988bsf66685a34.3 for ; Wed, 09 Jul 2025 11:57:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1752087418; x=1752692218; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:sender:from:to:cc:subject:date :message-id:reply-to; bh=IR1zkO8D1tG6rIJh9/AZaF4RYNYmiZ0VehvHplvEduc=; b=KwitbbSiBl9/NgFYvSyBmh/ZEqJHum+YenAvLinQGsppVDBgPAsAGdUnnhMEu+Bdnc Vat4azxvEuEAnjdTnxQrwMax4Su3u9Bxq73u6kmumneMo7ULZD19Mf05o0rGR8I3Xokd onKwtQ0Ogvz1xFSr96KjYji/Ve4YWkYrb3TKmqpnw3l1xx70ETvs9U/PYEh5qGbHgln/ O/9+k+vEoXaI5MLyDCjQXvvHeakZ1TTrd96+So4RVXUvWSE4JlUKVwH56xX8xXjYpNXn /5bSG1NqxZ/dJUzWZiouzIl2syVsieoNSAxndgyGe9pd1oFcgOdBdd35/lJk3dTL7Fix 20Kw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1752087418; x=1752692218; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=IR1zkO8D1tG6rIJh9/AZaF4RYNYmiZ0VehvHplvEduc=; b=QA8wC9uxJDYtRSnqsrppsFSHeYyhV4HFxwMY3Z4r0ZrRDruIzsUvDFFGnT4wVbwq/z RhpfzQGuOmS2RuqTcNrsKaouAf/Nl8h4RwAe9SLMdii5U6S3ed9ZONxJ4P512M3ipNC1 LLa/wIzlJNgcscUdBlsv5CIKWuKdAP7ewUSXZ2UqYTXj+mMaipyePPnYQY2s5l04ljXA dwj+6RW2cZcuJNi4IkzPf7u1Hw5g/vGLTHDqEKbI8CGWnOptvkFIiMZ/MHfiZg1opOd0 bkiKfJS8TVko9fVTugS61c3kLPJwr/Duaw8OozKn7dsOvCekSvyL+Yk3BtpaZKqbI2Hn 0nqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752087418; x=1752692218; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=IR1zkO8D1tG6rIJh9/AZaF4RYNYmiZ0VehvHplvEduc=; b=Q2irZtGak3Xk5hMpx0H2gshLh3O0hnoh/N+VvG7DuU+bCUCO/jM/tweR9lCUEkb/SC FSOZJnmkoaDODX3y8avWxNUl54xO6oPxA6KrqWWitfgETeyYXTfupJUsl7hR+Lr482qn hT7B/aJHvZkmhdzSqJdZWgyhA4QOdTutTQSxfl4uGma9OtbAS/nYCABz1Oe3y68my1CH plHvDncQFOmLfsUwNZzbJkmri2sOug0lSd3/cYs7GIYX/1PDHSzkrYMQCFUJNHAgimel 99ziLnBjrE3G3/LCUjpZbCp5DJfLCmxdEoMsMcxJFFVOebZj8yw6sucDcos3mbPLaSNd 7k9g== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCUGMnFkpOTUE/0DYRkJ1EIaHBpeadvN4gRUZFe2QcxLImq1WZLjArysipPLP3BVobAF7zkqtnix/vJR@gnusha.org X-Gm-Message-State: AOJu0YzfYIpq22pd/bIazoXg/N2CZHym7wil3QeapP9itez7gSoxtSvh 3Fm99vaA3OtmT0GuyOcUgdse2FMZaKI1r6kreURyXsBAPSmlgX4bwkrm X-Google-Smtp-Source: AGHT+IF2FFTJXPgmWCIglbR13DymOmOHpas7Z+Hj7KDf3d6BCs3WLk1dehVelU4D1g7e7ma60FfhrQ== X-Received: by 2002:a05:6830:4429:b0:73a:70a9:d59c with SMTP id 46e09a7af769-73ce63b0ac1mr2837794a34.26.1752087418226; Wed, 09 Jul 2025 11:56:58 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZdKXVRTRNugNKVKde0KEMb/SBUSN2bw9Ijn7D3DTvVX0g== Received: by 2002:a05:6820:2881:b0:611:6776:43c5 with SMTP id 006d021491bc7-613d7d07357ls58763eaf.2.-pod-prod-09-us; Wed, 09 Jul 2025 11:56:54 -0700 (PDT) X-Received: by 2002:a05:6808:171a:b0:406:4e17:4ec5 with SMTP id 5614622812f47-412baec98b9mr2284589b6e.16.1752087414780; Wed, 09 Jul 2025 11:56:54 -0700 (PDT) Received: by 2002:a05:690c:d8b:b0:710:f35d:a3b2 with SMTP id 00721157ae682-7166a91b6ffms7b3; Wed, 9 Jul 2025 11:19:24 -0700 (PDT) X-Received: by 2002:a05:690c:fd4:b0:70e:142d:9c56 with SMTP id 00721157ae682-717b19e2d8bmr58126787b3.26.1752085163202; Wed, 09 Jul 2025 11:19:23 -0700 (PDT) Date: Wed, 9 Jul 2025 11:19:22 -0700 (PDT) From: Greg Sanders To: Bitcoin Development Mailing List Message-Id: <26b96fb1-d916-474a-bd23-920becc3412cn@googlegroups.com> Subject: [bitcoindev] A Taproot-native (re-)bindable transaction bundle proposal MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_598116_1101759712.1752085162854" X-Original-Sender: gsanders87@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_598116_1101759712.1752085162854 Content-Type: multipart/alternative; boundary="----=_Part_598117_593389447.1752085162854" ------=_Part_598117_593389447.1752085162854 Content-Type: text/plain; charset="UTF-8" Hello all, This is a bit of a follow-up from "What's a good stopping point? ... CTV/CSFS..." from [^1] > There has been several objections to this proposal, which we can group into three categories: exploration of alternatives, demonstration of usage, and design of the operations to achieve these capabilities For this e-mail I would like to address the third point proactively: design of the operations to achieve these capabilities. Antoine Poinsot, Steven Roose, and I have been working on a familiar, yet concrete technical proposal that focuses on three well-understood capabilities: 1. "Next transaction" capability, ala BIP119 2. "Verify signature of message on stack", ala BIP348 3. "Push taproot internal key onto stack", ala BIP349 These first two capabilities can offer radical simplifications to well-understood systems when combined. The third is a simple update that dovetails with the first two. The BIP text is here(https://github.com/instagibbs/bips/blob/bip_op_templatehash/bip-templatehash-csfs-ik.md) and PR here(https://github.com/instagibbs/bips/pull/1), with full motivation for this particular bundle and rationale discussing alternatives. Our main contribution is a fully specified `OP_TEMPLATEHASH` as a drop-in replacement for BIP119 `OP_CHECKTEMPLATEVERIFY`. `OP_TEMPLATEHASH` is a simpler and more modern implementation of the "next transaction" capability. It differs in committing to the Taproot annex and being otherwise Taproot native, which allows us to: - Use the `OP_SUCCESS` upgrade hooks in place of legacy `OP_NOP`s and be able to push the template hash on the stack making the flagship use case of rebindable signatures more efficient. - Re-use the existing pre-computed Taproot sighash fields only instead of introducing new ones (substantially simplifying the implementation and review of the specifications). - Not commit to the spending transaction's scriptSigs (which are both unecessary and may incentivize ad-hoc uses of legacy input scripts as programs). - Not unnecessarily modify the less well-understood legacy Script. Another notable difference is the lack of "bare CTV" analogue, which is implemented here(https://github.com/instagibbs/bitcoin/tree/p2th) but left out of the bundle due to lack of demonstrated utility. The BIP for `OP_TEMPLATEHASH` is here(https://github.com/instagibbs/bips/blob/bip_op_templatehash/bip-templatehash.md) and a complete implementation is provided here(https://github.com/instagibbs/bitcoin/pull/3). The bundle itself is heavily inspired by "LNHANCE"(https://delvingbitcoin.org/t/lnhance-bips-and-implementation/376). We are hopeful that an opcode/implementation-focused discussion can be held concurrently with other efforts such as discussions as to whether or not this capability set is a good stopping point, including whether this bundle is worth implementing on its own at all, as well as what level of assurances we should have as far as tooling and proof of concepts is concerned. Best, Greg (1) https://groups.google.com/g/bitcoindev/c/-qJc1EWQzY0 -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/26b96fb1-d916-474a-bd23-920becc3412cn%40googlegroups.com. ------=_Part_598117_593389447.1752085162854 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello all,

This is a bit of a follow-up from "What's a good stop= ping point? ... CTV/CSFS..." from [^1]

> There has been sever= al objections to this proposal, which we can group into three categories:exploration of alternatives, demonstration of usage, and design of the = operations to achieve these capabilities

For this e-mail I would= like to address the third point proactively: design of the operations to a= chieve these capabilities.

Antoine Poinsot, Steven Roose, and I = have been working on a familiar, yet concrete technical proposal that focus= es on three well-understood capabilities:

1. "Next transaction" = capability, ala BIP119
2. "Verify signature of message on stack", ala = BIP348
3. "Push taproot internal key onto stack", ala BIP349

These first two capabilities can offer radical simplifications
to we= ll-understood systems when combined. The third is a simple
update that= dovetails with the first two.

The BIP text is here(https://gith= ub.com/instagibbs/bips/blob/bip_op_templatehash/bip-templatehash-csfs-ik.md= ) and PR here(https://github.com/instagibbs/bips/pull/1), with full motivat= ion for this particular bundle and rationale discussing alternatives. Our m= ain contribution is a fully specified `OP_TEMPLATEHASH` as a drop-in replac= ement for BIP119 `OP_CHECKTEMPLATEVERIFY`. `OP_TEMPLATEHASH` is a simpler a= nd more modern implementation of the "next transaction" capability. It diff= ers in committing to the Taproot annex and being otherwise Taproot native, = which allows us to:

- Use the `OP_SUCCESS` upgrade hooks in place= of legacy `OP_NOP`s and be able to push the template hash on the stack mak= ing the flagship use case of rebindable signatures more efficient.
- R= e-use the existing pre-computed Taproot sighash fields only instead of intr= oducing new ones (substantially simplifying the implementation and review o= f the specifications).
- Not commit to the spending transaction's scri= ptSigs (which are both unecessary and may incentivize ad-hoc uses of legacy= input scripts as programs).
- Not unnecessarily modify the less well-= understood legacy Script.

Another notable difference is the lack= of "bare CTV" analogue, which is implemented here(https://github.com/insta= gibbs/bitcoin/tree/p2th) but left out of the bundle due to lack of demonstr= ated utility.

The BIP for `OP_TEMPLATEHASH` is here(https://gith= ub.com/instagibbs/bips/blob/bip_op_templatehash/bip-templatehash.md) and a = complete implementation is provided here(https://github.com/instagibbs/bitc= oin/pull/3). The bundle itself is heavily inspired by "LNHANCE"(https://del= vingbitcoin.org/t/lnhance-bips-and-implementation/376).

We are h= opeful that an opcode/implementation-focused discussion can be held
co= ncurrently with other efforts such as discussions as to whether
or not= this capability set is a good stopping point, including whether
this = bundle is worth implementing on its own at all, as well as what
level = of assurances we should have as far as tooling and proof of concepts
i= s concerned.

Best,
Greg

(1) https://groups.googl= e.com/g/bitcoindev/c/-qJc1EWQzY0

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/26b96fb1-d916-474a-bd23-920becc3412cn%40googlegroups.com.
------=_Part_598117_593389447.1752085162854-- ------=_Part_598116_1101759712.1752085162854--