From: Sridhar G <sridhar87@gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Subject: [bitcoin-dev] CoinPools based on m-of-n Schnorr aggregated signatures
Date: Sun, 15 Nov 2020 23:18:17 +0100 [thread overview]
Message-ID: <CAF8yEM_gur=r2WvQ=y3bE53cfds=gQT3se-GAspHvMQzUnW-9Q@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 3134 bytes --]
Hi everyone,
N-of-n multisig transaction using Schnorr aggregate signature is trivial
and is similar to the current P2PKH. I would like to propose a model for
m-of-n multisig transactions using Schnorr aggregate signatures and use
this to enable CoinPools for off-chain scalability.
1. Creating the pool
A transaction is made on the bitcoin network with an output having the
following script:
<pub_key_1> <pub_key_2> <pub_key_3> .. <pub_key_N> N M OP_POOL
Bitcoin network will create a ‘pool’ with all the ‘N’ public keys and note
down the threshold M for this pool. This UTXO would be referred as <POOL_ID>
2. Depositing money to pool
Deposits can be made to a pool with <POOL_ID> with the following script
<POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY OP_CHECKSIG
3. Redeeming money from pool
Redeem script would contain the aggregated signature from all signers and
the bitmap of signers.
*<AGG_SIG> <SIGNERS_BITMAP>* <POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY
OP_CHECKSIG
With <AGG_SIG> <SIGNERS_BITMAP> provided by the person that redeems money
from a pool, where
<AGG_SIG> - is the aggregated signature
<SIGNERS_BITMAP> - Is a bitmap representing whether the member of the pool
at position 'i' of bitmap has signed or not(1 = signed, 0 - has not signed)
So we will be introducing two new opcodes:
1.
OP_POOL - this will be used to create a new coin pool.
2.
OP_LOAD_POOL_AGG_PUB_KEY - This opcode does three things
1.
loads the pool (POOL_ID)
2.
checks if there are atleast 'm' signers (based on SIGNERS_BITMAP)
3.
aggregates the public key of the signers. (based on SIGNERS_BITMAP)
The opcode uses the top two elements from the stack- the first
element from the stack specifies the POOL_ID to load, which will load the
public keys from the pool. This opcode also checks if there are ‘M’
signers(as specified at the time of creation of the pool) and aggregates
the public keys that have signed based on SIGNERS_BITMAP using Schnorr
aggregate signature scheme and puts back this aggregated public key onto
the stack.
SIGNERS_BITMAP is a 32 byte value, and represents a bitmap of which public
keys from the pool have signed the transaction.
Having this scheme would enable-
1.
Scalability of m-of-n multisig transactions - People can deposit money
to a pool(with 32 byte SIGNERS_BITMAP, we can allow for 256 possible
signers).
2.
Trust minimized off-chain scalability solutions due to the use of a
sufficiently large pool of signers. Most existing pools might allow for
only a few signers as having many signers would mean higher transaction
cost.
Downsides:
1.
We need to have the public keys of the members of the pool exposed.
Despite the downsides of exposing public keys, do you think this would be a
viable scheme for enabling CoinPool for the Bitcoin network? Or, any scheme
that may expose public keys is a no-go in the Bitcoin network?
Thanks! Looking for your feedback and thoughts on this.
-Sridhar
[-- Attachment #2: Type: text/html, Size: 15944 bytes --]
next reply other threads:[~2020-11-15 22:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-15 22:18 Sridhar G [this message]
2020-11-16 1:32 ` [bitcoin-dev] CoinPools based on m-of-n Schnorr aggregated signatures ZmnSCPxj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAF8yEM_gur=r2WvQ=y3bE53cfds=gQT3se-GAspHvMQzUnW-9Q@mail.gmail.com' \
--to=sridhar87@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox