From: Mark Friedenbach <mark@friedenbach.org>
To: Luke Dashjr <luke@dashjr.org>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Version 1 witness programs (first draft)
Date: Thu, 5 Oct 2017 13:33:56 -0700 [thread overview]
Message-ID: <AEABDAC5-AAFB-4345-BD0D-4F61CA075A1C@friedenbach.org> (raw)
In-Reply-To: <201710010113.30518.luke@dashjr.org>
Here’s an additional (uncontroversial?) idea due to Russell O’Connor:
Instead of requiring that the last item popped off the stack in a CHECKMULTISIG be zero, have it instead be required that it is a bitfield specifying which pubkeys are used, or more likely the complement thereof. This allows signatures to be matched to pubkeys in the order given, and batch validated, with no risk of 3rd party malleability.
Mark
> On Sep 30, 2017, at 6:13 PM, Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> I've put together a first draft for what I hope to be a good next step for
> Segwit and Bitcoin scripting:
> https://github.com/luke-jr/bips/blob/witnessv1/bip-witnessv1.mediawiki
>
> This introduces 5 key changes:
>
> 1. Minor versions for witnesses, inside the witness itself. Essentially the
> witness [major] version 1 simply indicates the witness commitment is SHA256d,
> and nothing more.
>
> The remaining two are witness version 1.0 (major 1, minor 0):
>
> 2. As previously discussed, undefined opcodes immediately cause the script to
> exit with success, making future opcode softforks a lot more flexible.
>
> 3. If the final stack element is not exactly true or false, it is interpreted
> as a tail-call Script and executed. (Credit to Mark Friedenbach)
>
> 4. A new shorter fixed-length signature format, eliminating the need to guess
> the signature size in advance. All signatures are 65 bytes, unless a condition
> script is included (see #5).
>
> 5. The ability for signatures to commit to additional conditions, expressed in
> the form of a serialized Script in the signature itself. This would be useful
> in combination with OP_CHECKBLOCKATHEIGHT (BIP 115), hopefully ending the
> whole replay protection argument by introducing it early to Bitcoin before any
> further splits.
>
> This last part is a big ugly right now: the signature must commit to the
> script interpreter flags and internal "sigversion", which basically serve the
> same purpose. The reason for this, is that otherwise someone could move the
> signature to a different context in an attempt to exploit differences in the
> various Script interpretation modes. I don't consider the BIP deployable
> without this getting resolved, but I'm not sure what the best approach would
> be. Maybe it should be replaced with a witness [major] version and witness
> stack?
>
> There is also draft code implementing [the consensus side of] this:
> https://github.com/bitcoin/bitcoin/compare/master...luke-jr:witnessv1
>
> Thoughts? Anything I've overlooked / left missing that would be
> uncontroversial and desirable? (Is any of this unexpectedly controversial for
> some reason?)
>
> Luke
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
next prev parent reply other threads:[~2017-10-05 20:33 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-01 1:13 [bitcoin-dev] Version 1 witness programs (first draft) Luke Dashjr
2017-10-01 2:23 ` Mark Friedenbach
2017-10-01 2:47 ` Luke Dashjr
2017-10-01 5:04 ` Mark Friedenbach
2017-10-01 11:22 ` Felix Weis
2017-10-01 17:36 ` Luke Dashjr
2017-10-01 19:05 ` Russell O'Connor
2017-10-01 19:27 ` Mark Friedenbach
2017-10-01 19:41 ` Russell O'Connor
2017-10-01 20:39 ` Mark Friedenbach
2017-10-01 20:43 ` Luke Dashjr
2017-10-02 20:38 ` Russell O'Connor
2017-10-01 18:34 ` Mark Friedenbach
2017-10-01 21:32 ` Johnson Lau
2017-10-02 0:35 ` Mark Friedenbach
2017-10-02 2:56 ` Luke Dashjr
2017-10-02 9:09 ` Sjors Provoost
2017-10-02 0:45 ` Luke Dashjr
2017-10-05 20:33 ` Mark Friedenbach [this message]
2017-10-05 21:28 ` Russell O'Connor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AEABDAC5-AAFB-4345-BD0D-4F61CA075A1C@friedenbach.org \
--to=mark@friedenbach.org \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=luke@dashjr.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox