From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 15 Nov 2024 02:36:09 -0800 Received: from mail-ua1-f64.google.com ([209.85.222.64]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tBtgO-0005qj-FJ for bitcoindev@gnusha.org; Fri, 15 Nov 2024 02:36:08 -0800 Received: by mail-ua1-f64.google.com with SMTP id a1e0cc1a2514c-855c41b9f27sf642174241.1 for ; Fri, 15 Nov 2024 02:36:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1731666962; cv=pass; d=google.com; s=arc-20240605; b=NNYXAScN6Xf5nKIdYpSlXrddhOCht2DwF1V5RHPjPcwRVNOsFrZKVFdl9c7yXLRwez YefltBooZ/87DyHgyNu8LLfmghbH/gmwNhAA+N5kRobnfo9MY0kqA8GVEvTLwHc19AJD dT+POAElHTAPqaDsnxQFjEiyNOerIN8VVY0xUwn3BirmprMJmbKzZr6D2QMn/i9ogZrM B/87pK1n90/IbFiX0Idg8djWonVXIgOM8vvEnYrIMl4nfctRdUdne/T1edxVQAsjpXMf mfXjIMwNrsaqylzfDuA98QUtTFdywfZdCso8gvswnHkY4grAp7CqbQ8q9wwu2ENasM3l KwnQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:feedback-id :references:in-reply-to:message-id:subject:cc:from:to:date :dkim-signature; bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=; fh=847mV6iNg9X1/ZWsb2i5HtuZJNhTK/vHhkX4xAEga20=; b=Zup0VSSnM2V07Tk7uHsebH4TJaW6ih7z6r8xsG8GBi5VKZPdfuMN5raUiJJ3Ccf8z8 oxnvpmk9aha/f9yeuyycQevUw5TWqRviCI0Bid6nbfnKjqsvMoYN0d4hhDP1x4oKYimx zCL9LbvcHeK7I6QaqcrrePmIctGrJV8cd6XkfngV8HPqW344PXdk0i7DmPiTdz0wX3u5 EweTC2WDuWR60XhLmFgj2yl2xS0mQRutTjT7N4e3gdMkyuQuoc2KnopINxPRD8tfGK+S +pkpmZqWoLFRCTy9trt47viICeg6HOTY9U7UBBzO7WMEnY3kQWDz58CkoocbpIXYvZN6 TYkg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV; spf=pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1731666962; x=1732271762; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:from:to:cc:subject:date:message-id:reply-to; bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=; b=vWBZfmkZpvfsdBPiTpURdAgtuP0/kfYJtxInnKkuS8tD6A8aURtFGaLEG9pqM6qy8P 4V0QB/8+2m1EFMijgAuk150BDgHdXjSX9sUY1SLKxoAmsLmhJnrGcs7fSkjuXAZnt05f wAGiXEw1VQ70jFiIdzdi7OrRzL2O9KJUE/EIcaXoM9P18xOf1lPC6n1giBd6PIMWFfHG 8HjATZjr+xxeF3KMMdHKxVRMnVvjF/qGT6e7YCfmhocicy6YHKZ4QpsfY0KBcucuoIWB BiKPic2zn0r5qRhzt8OsS3bpO1NN1Hus7vdyiTTC9jw1r5Uan5GXMZnO3c1+YgFfXaXa RCtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731666962; x=1732271762; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=; b=aEnHZS8BSAPFkw5fOgmbiQhZRa6Yknr037M4gqh9opfnOV+EujxTQ0vbIW5pZa8RTT ylaNoFm8M8R0lyVs8iRHkMx3ETu9RSmnOmafMb769yBW3ImpCvjMDlHx6JBFkZFgnsy8 iBAyVQ6FOpRDlu57/PWl6jMnEW9RB+QQ+GI+82CNLKRlAveiU9JH32+QVyLMKt20RPnY ocYRLj3u9dLnyI2PFbud3a9yljQgwN/IC1K3tXD/MqbcHHPdOAGm8BV2yzXEY7SiljZ9 EOURjdNkJZRWKcjbP2/bySjCO0+VbCwBeyngt07xDJFkvGULBFwpF8hlvKvlpw3RRon7 kbSQ== X-Forwarded-Encrypted: i=2; AJvYcCV+Av27L6rC6qNdmJN3TiwZJuypsnvLJyMANTljRJ59/7NO4nN17d4+k9awpwH7qHeKxhVoIFbUX/V2@gnusha.org X-Gm-Message-State: AOJu0YxgOAyormW/2QJX8XpYX03OmNRQr+Y9mAGeL64Ynb5yJfQPVtn9 Tc2xQugc8kwrgX249QiqpQj89nSVDYQm2Sp1x+B/KQ1ZNIuElXT+ X-Google-Smtp-Source: AGHT+IEJUYkz6ov4vyX/kLPdc3hYQPO8SIpnIDuctJtK8jJPGEO/irjLpe9RmthPoRocDlVM447gqA== X-Received: by 2002:a05:6102:f07:b0:4ad:48f4:8be1 with SMTP id ada2fe7eead31-4ad62d519ebmr2435192137.25.1731666961715; Fri, 15 Nov 2024 02:36:01 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:622a:1a87:b0:458:2e21:e400 with SMTP id d75a77b69052e-46356ebe352ls26296951cf.0.-pod-prod-04-us; Fri, 15 Nov 2024 02:35:59 -0800 (PST) X-Received: by 2002:a05:620a:1a18:b0:7b1:880c:5834 with SMTP id af79cd13be357-7b362362696mr306477685a.48.1731666959037; Fri, 15 Nov 2024 02:35:59 -0800 (PST) Received: by 2002:a05:620a:111c:b0:7a1:d643:94b4 with SMTP id af79cd13be357-7b361857baems85a; Fri, 15 Nov 2024 02:14:58 -0800 (PST) X-Received: by 2002:a05:600c:384f:b0:42c:a8cb:6a75 with SMTP id 5b1f17b1804b1-432df7452a2mr18540845e9.17.1731665696770; Fri, 15 Nov 2024 02:14:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731665696; cv=none; d=google.com; s=arc-20240605; b=QlAh7yB1A46tLQAxHl0vS6RnVKF7P4CzHLZvHGhGlJkrKqVMV+QnHi0lYeAsFKpsay evUw6ZzTfUANxfMShBE/K9GF2jhq+ZByOJ7HM8OfEkKtA8ff6GbhurULFCJi/LrJNg7O m2oA4nK81ctPjOdFyUd4Rl0fVFJ2awpZJlIFFiEdyOW2h2auPJGnIn6hE6Nuqmy6OXZu g3vDvNmmdQXTApL8rOZAKQ4MDefIE+zaODr39VSkHJFswICEhAcQX7bpRySjKc5W536G mz3dqQ1oJutBQkpjyp34n7rkNHjQvb1VsY9Uxjf7os7+TadVgIRn24IAGHhDVGCUWVLi QHqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:cc:from:to:date:dkim-signature; bh=IiKEYE4Ys8AUdsIrFsRCEibsMUNYM6FGTXFd88IPHjw=; fh=0Bf8Ni34T2XO/uRpNwBN18lccMSbp9N/tGUNP10ZWls=; b=DhlGWz2pTPfknXyCctuIZ32iRBa0MODayG2kcb2VLoflIm6Lo9W5Tiw1k4BovROykJ +c+jp+P5tOTK0AXQ+P7u5iTGfbQi0e/AtecP1iLvhGO9XnIOeaN80fl1X3EWAnWGyyFs 4o5tnc19yKoW6wspEUp4Bvx0yVp/MkkSoNH2Dq16C5fBdyGLzF3lZ/iXDfktifk8/lRq NnXNTgmO+Hs46CMUPuab9GsDsflXuMuyczBR6q7dHttW+tIwbbQpLXRpm42D5y1e6GQl hADTTlJHx2pw+P77bzSDTfUXHbbH7NXJxhcCyYl7HewPgYmJHWVGfSI7uWKuMnoABK40 mJww==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV; spf=pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from mail-40135.protonmail.ch (mail-40135.protonmail.ch. [185.70.40.135]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-432d48b8f7dsi2966535e9.1.2024.11.15.02.14.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Nov 2024 02:14:56 -0800 (PST) Received-SPF: pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) client-ip=185.70.40.135; Date: Fri, 15 Nov 2024 10:14:52 +0000 To: Brandon Black From: "'moonsettler' via Bitcoin Development Mailing List" Cc: bitcoindev@googlegroups.com Subject: Re: [bitcoindev] CHECKSIGFROMSTACK(VERIFY/ADD) Message-ID: <83CBONdqGnLg2CP1tqiIPtOaG4Lx35UTqrmRBv2hagwsMlmZAMG0e165Wq_k43h-7pgS9yDdWx8qsAAB9AxQWr_RH_CaJdDZztNvXCGM6Rc=@protonmail.com> In-Reply-To: References: Feedback-ID: 38540639:user:proton X-Pm-Message-ID: b69ee0da77fbbe986b7a898bc20bc7b11df27281 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Original-Sender: moonsettler@protonmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV; spf=pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com X-Original-From: moonsettler Reply-To: moonsettler Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) Hi Brandon, For what it's worth, I also think signature aggregation will be the dominant form of CSFS use. LNhance at it's core is CTV + CSFS, and so it makes sense to have both of those available in pre-tapscript. No strong opinion on CHECKSIGFROMSTACKADD, agree with the general reasoning. It's a bit weird to backport Schnorr this way, and the NOP upgrade path leaving 3 elements on the stack is also unfortunate. On the other hand, reverting CSFSV to use ECDSA in pre-tapscript would force us to consider implementing script multisig, to do anything really worthwhile there. BR, moonsettler Sent with Proton Mail secure email. On Thursday, November 14th, 2024 at 11:02 PM, Brandon Black wrote: > Hi list, > > As we're working toward numbering and merge for the CHECKSIGFROMSTACK > (CSFS) BIP, there are 2 open questions[1] that may be worth resolving > before it is merged as a draft: > > * Should CHECKSIGFROMSTACKVERIFY (CSFSV) be added to pre-tapscript? > > The proposed opcode always evaluates BIP340 Schnorr signatures > regardless of script version, so making it available in earlier script > versions makes Schnorr signatures available on those script versions for > certain use cases. > > My personal thinking in initially including CSFSV in earlier script > versions was basically that it's compatible with NOP forking, so why > not. Because LNHANCE includes CTV which is designed as a NOP compatible > upgrade, also including CSFSV fits well with CTV. > > The other side of the argument is that we shouldn't include > compatibility with earlier script versions unless there's a concrete > benefit to doing so. For CTV, the possibility of bare CTV is a > compelling reason to add it to earlier script versions, but there's not > a similarly compelling reason to include CSFSV. > > Using a scarce NOP to provide Schnorr signed commitments to earlier > scripts may not be worthwhile. > > > * Should we include CHECKSIGFROMSTACKADD? > > Obviously, if script multisig is going to be a common use case for > checking signatures on stack data CHECKSIGFROMSTACKADD simplifies the > corresponding scripts by a few WU per key. As MuSig2 and FROST are > progressing in standardization and implementation, I do not expect > script multisig to be a dominant use for these opcodes, so I did not > include CSFSA initially. > > Here the argument is somewhat the inverse of CSFSV on legacy: We have > many OP_SUCCESSes available, so the cost of allocating one for CSFSA is > low, and the benefit is that making script multisigs with CSFSA (such as > those produced by miniscript) is simpler and less error prone. > > -- > > I would love to hear thoughts about both of these questions from the > list, and will update the BIP and implementations of CSFS(V/A) based on > your feedback. > > Thanks much! > > --Brandon > > [1]: https://github.com/bitcoin/bips/pull/1535#issuecomment-2111195930 > > -- > You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ZzZziZOy4IrTNbNG%40console. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/83CBONdqGnLg2CP1tqiIPtOaG4Lx35UTqrmRBv2hagwsMlmZAMG0e165Wq_k43h-7pgS9yDdWx8qsAAB9AxQWr_RH_CaJdDZztNvXCGM6Rc%3D%40protonmail.com.