Re: [bitcoin-dev] Implementing Covenants with OP_CHECKSIGFROMSTACKVERIFY

From: Daniel Robinson <danrobinson010@gmail.com>
To: "Russell O'Connor" <roconnor@blockstream.io>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>,
	Johnson Lau <jl2012@xbt.hk>
Subject: Re: [bitcoin-dev] Implementing Covenants with OP_CHECKSIGFROMSTACKVERIFY
Date: Thu, 03 Nov 2016 07:37:29 +0000	[thread overview]
Message-ID: <CAD438HsZRZcRWu=++3kuvyA5Ns9cU360utJMCyc6bROT-fdcHg@mail.gmail.com> (raw)
In-Reply-To: <CAMZUoKmnkk=q7GkkvA+Q4-r64JCQ+kPRPdoEN8bnAwd2YGMH+Q@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2607 bytes --]

Really cool!

How about "poison transactions," the other covenants use case proposed by
Möser, Eyal, and Sirer? (I think OP_CHECKSIGFROMSTACKVERIFY will also make
it easier to check fraud proofs, the other prerequisite for poison
transactions.)

Seems a little wasteful to do those two "unnecessary" signature checks, and
to have to construct the entire transaction data structure, just to verify
a single output in the transaction. Any plans to add more flexible
introspection opcodes to Elements, such as OP_CHECKOUTPUTVERIFY?

Really minor nit: "Notice that we have appended 0x83 to the end of the
transaction data"—should this say "to the end of the signature"?

On Thu, Nov 3, 2016 at 12:28 AM Russell O'Connor via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

Right.  There are minor trade-offs to be made with regards to that design
point of OP_CHECKSIGFROMSTACKVERIFY.  Fortunately this covenant
construction isn't sensitive to that choice and can be made to work with
either implementation of OP_CHECKSIGFROMSTACKVERIFY.

On Wed, Nov 2, 2016 at 11:35 PM, Johnson Lau <jl2012@xbt.hk> wrote:

Interesting. I have implemented OP_CHECKSIGFROMSTACKVERIFY in a different
way from the Elements. Instead of hashing the data on stack, I directly put
the 32 byte hash to the stack. This should be more flexible as not every
system are using double-SHA256

https://github.com/jl2012/bitcoin/commits/mast_v3_master

On 3 Nov 2016, at 01:30, Russell O'Connor via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

Hi all,

It is possible to implement covenants using two script extensions: OP_CAT
and OP_CHECKSIGFROMSTACKVERIFY.  Both of these op codes are already
available in the Elements Alpha sidechain, so it is possible to construct
covenants in Elements Alpha today.  I have detailed how the construction
works in a blog post at <
https://blockstream.com/2016/11/02/covenants-in-elements-alpha.html>.  As
an example, I've constructed scripts for the Moeser-Eyal-Sirer vault.

I'm interested in collecting and implementing other useful covenants, so if
people have ideas, please post them.

If there are any questions, I'd be happy to answer.

-- 
Russell O'Connor
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 6751 bytes --]