From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 52DB1C000B for ; Tue, 8 Feb 2022 03:57:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 350C781777 for ; Tue, 8 Feb 2022 03:57:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.654 X-Spam-Level: X-Spam-Status: No, score=-1.654 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0FrDRfeEmu1 for ; Tue, 8 Feb 2022 03:57:36 +0000 (UTC) X-Greylist: delayed 00:10:01 by SQLgrey-1.8.0 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by smtp1.osuosl.org (Postfix) with ESMTPS id 7588581771 for ; Tue, 8 Feb 2022 03:57:36 +0000 (UTC) Received: by gandalf.ozlabs.org (Postfix, from userid 1011) id 4Jt80j3tcrz4xcq; Tue, 8 Feb 2022 14:40:21 +1100 (AEDT) From: Rusty Russell To: Russell O'Connor , Bitcoin Protocol Discussion , Bitcoin Protocol Discussion In-Reply-To: References: Date: Tue, 08 Feb 2022 14:10:15 +1030 Message-ID: <87leymuiu8.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [bitcoin-dev] TXHASH + CHECKSIGFROMSTACKVERIFY in lieu of CTV and ANYPREVOUT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2022 03:57:37 -0000 Russell O'Connor via bitcoin-dev writes: > Given the overlap in functionality between CTV and ANYPREVOUT, I think it > makes sense to decompose their operations into their constituent pieces and > reassemble their behaviour programmatically. To this end, I'd like to > instead propose OP_TXHASH and OP_CHECKSIGFROMSTACKVERIFY. > > OP_TXHASH would pop a txhash flag from the stack and compute a (tagged) > txhash in accordance with that flag, and push the resulting hash onto the > stack. It may be worth noting that OP_TXHASH can be further decomposed into OP_TX (and OP_TAGGEDHASH, or just reuse OP_SHA256). OP_TX would place the concatenated selected fields onto the stack (rather than hashing them) This is more compact for some tests (e.g. testing tx version for 2 is "OP_TX(version) 1 OP_EQUALS" vs "OP_TXHASH(version) 012345678...aabbccddeeff OP_EQUALS"), and also range testing (e.g amount less than X or greater than X, or less than 3 inputs). > I believe the difficulties with upgrading TXHASH can be mitigated by > designing a robust set of TXHASH flags from the start. For example having > bits to control whether (1) the version is covered; (2) the locktime is > covered; (3) txids are covered; (4) sequence numbers are covered; (5) input > amounts are covered; (6) input scriptpubkeys are covered; (7) number of > inputs is covered; (8) output amounts are covered; (9) output scriptpubkeys > are covered; (10) number of outputs is covered; (11) the tapbranch is > covered; (12) the tapleaf is covered; (13) the opseparator value is > covered; (14) whether all, one, or no inputs are covered; (15) whether all, > one or no outputs are covered; (16) whether the one input position is > covered; (17) whether the one output position is covered; (18) whether the > sighash flags are covered or not (note: whether or not the sighash flags > are or are not covered must itself be covered). Possibly specifying which > input or output position is covered in the single case and whether the > position is relative to the input's position or is an absolute position. These easily map onto OP_TX, "(1) the version is pushed as u32, (2) the locktime is pushed as u32, ...". We might want to push SHA256() of scripts instead of scripts themselves, to reduce possibility of DoS. I suggest, also, that 14 (and similarly 15) be defined two bits: 00 - no inputs 01 - all inputs 10 - current input 11 - pop number from stack, fail if >= number of inputs or no stack elems. Cheers, Rusty.