From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A6D44C87 for ; Wed, 20 Sep 2017 19:29:22 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f42.google.com (mail-pg0-f42.google.com [74.125.83.42]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DF8164C3 for ; Wed, 20 Sep 2017 19:29:20 +0000 (UTC) Received: by mail-pg0-f42.google.com with SMTP id k193so2222049pgc.8 for ; Wed, 20 Sep 2017 12:29:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=friedenbach-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZFnKcKeD6kpy1vkKlJ5NdBlDHdgv85Jtl/6guABWqdg=; b=Mi+5CmmkGimM62m2Xpd/6O+3IYoFeiG8eEnrzHPbsAef+NbD/aJr4FW1TChBAXcGLP NWofC9itPcUCGdIwlOn101egD5Y5W3G3gdVeip4eXsJn/xBS5/g5OxYvyBW2hkpKfSnI i5uxsp7MS9xSJxzNLfmcVo+ge9zWQJS1LXNkv4PwRGC8Rk415alrI8JIL5vMIG0NUzf6 F1YhJs9/Vy9Q/G+z8SZP2lLEyXb90lwImUOCNlkAkdtGJFOcIXThAKumOT80ZCshoq4u 0gZbMyOZso5y4t8ykqWAC4isUqw5mgTYVL+PqcOzTnpQ8TWzC7FOS+hOqJIx2GJMXBQl j0Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ZFnKcKeD6kpy1vkKlJ5NdBlDHdgv85Jtl/6guABWqdg=; b=uHmRby7HUnBH+GsUuUGK5SNG7jzWrC6u8WUoY907rn4BWRLogpH2yPGO+LMB0K2k+Y JFmLzdWU4/9FH2W6DRyBcW24wtWW3ZrSVUsAMzSYFqTvM000gVvTYNfnOJECDYkTvulW /toqcYzt0FoKDRanBKfvJM2/EhwSo9nxctZKTyCcu6446PJZw1u0+uhnnKxrYu9iOdhI T9RWrYM7FIPpP0srW28qA0ZOKLX0/K0YOVzZchMj8lFCbYGgVW5aroIZXIuul8RKDgR9 UEGDquCbQlxC0t9wkSmqC/jvMpx07C0t84ExQgEOfV5LgBTeG7TDMSahxsVG4O4MnfJc iJaw== X-Gm-Message-State: AHPjjUjNc4R9SONlqoCgICE73yDjbc3n34rgAPIZlo24IhO4awhPBKlm 9uzoXItGPJDx+/m+n5TPaUnUMF1qSmM= X-Google-Smtp-Source: AOwi7QBV83bUqcjwXj9IXKJLGLAAWUcLoYZ9z1nJ6anFR2JjH+FWJ16PNd3cTzwOMezEJJLlqUQb7g== X-Received: by 10.99.115.28 with SMTP id o28mr3258064pgc.374.1505935760327; Wed, 20 Sep 2017 12:29:20 -0700 (PDT) Received: from ?IPv6:2601:647:4600:9c66:ad56:e3e4:8af6:2572? ([2601:647:4600:9c66:ad56:e3e4:8af6:2572]) by smtp.gmail.com with ESMTPSA id 89sm9292476pfn.75.2017.09.20.12.29.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Sep 2017 12:29:18 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Mark Friedenbach In-Reply-To: Date: Wed, 20 Sep 2017 12:29:17 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <34163C93-5F2C-4DC8-9FB2-7E28805C0184@friedenbach.org> References: <5B6756D0-6BEF-4A01-BDB8-52C646916E29@friedenbach.org> <201709190309.08669.luke@dashjr.org> To: Johnson Lau X-Mailer: Apple Mail (2.3273) X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 20 Sep 2017 22:54:58 +0000 Cc: bitcoin-dev Subject: Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 19:29:22 -0000 > On Sep 19, 2017, at 10:13 PM, Johnson Lau wrote: >=20 > If we don=E2=80=99t want this ugliness, we could use a new script = version for every new op code we add. In the new BIP114 (see link = above), I suggest to move the script version to the witness, which is = cheaper. To be clear, I don=E2=80=99t think it is so much that the version should = be moved to the witness, but rather that there are two separate version = values here =E2=80=94 one in the scriptPubKey which specifies the format = and structure of the segwit commitment itself, and another in the = witness which gates functionality in script or whatever else is used by = that witness type. Segwit just unfortunately didn=E2=80=99t include the = latter, an oversight that should be corrected on the on the next upgrade = opportunity. The address-visible =E2=80=9Cscript version=E2=80=9D field should = probably be renamed =E2=80=9Cwitness type=E2=80=9D as it will only be = used in the future to encode how to check the witness commitment in the = scriptPubKey against the data provided in the witness. Upgrades and = improvements to the features supported by those witness types won=E2=80=99= t require new top-level witness types to be defined. Defining a new = opcode, even one with modifies the stack, doesn=E2=80=99t change the = hashing scheme used by the witness type. v0,32-bytes is presently defined to calculate the double-SHA256 hash of = the top-most serialized item on the stack, and compare that against the = 32-byte commitment value. Arguably it probably should have hashed the = top two values, one of which would have been the real script version. = This could be fixed however, even without introducing a new witness = type. Do a soft-fork upgrade that checks if the witness redeem script is = push-only, and if so then pop the last push off as the script version = (>=3D 1), and concatenate the rest to form the actual redeem script. We = inherit a little technical debt from having to deal with push limits, = but we avoid burning v0 in an upgrade to v1 that does little more than = add a script version. v1,32-bytes would then be used for a template version of MAST, or = whatever other idea comes along that fundamentally changes the way the = witness commitment is calculated. Mark=