From: David Vorick <david.vorick@gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Miniscript
Date: Tue, 20 Aug 2019 03:15:24 -0400 [thread overview]
Message-ID: <CAFVRnyp0Z997-UwJMFn3H7N0ogHTkxc+fDj-yROit3coUk1rxw@mail.gmail.com> (raw)
In-Reply-To: <CAPg+sBiknRwBc8RV62wtuRVYi6wE1HNw6_ePquYVMWvjwp46bg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4731 bytes --]
Glad to see this post. I have been following Miniscript for some time, and
the static
analysis that is possible with Miniscript is particularly interesting to me.
Today, new Bitcoin applications such as JoinMarket, Wasabi wallet, and
Arwen all
suffer from a problem of having novel bitcoin scripts. Bitcoin script is
not easy to
analyze, and historically it has been difficult for me to get comfortable
using these
applications because I have been unable to convince myself to have complete
confidence in the integrity of the transactions these applications want me
to sign.
Well established applications can eventually overcome this issue for users
by
getting sufficient expert review and commentary, however this proves as a
substantial barrier to entry in an ecosystem that is ideally as open as
possible.
Miniscript can make a huge difference here. With Miniscript, it possible to
create
hardware wallets that can perform static analysis on novel miniscripts and
provide
the user with assurances about the nature of the transactions. A hardware
wallet
with a Miniscript analyzer may not be able to tell you that a transaction
is a
CoinJoin transaction, but it will be able to tell you that under all
possible scenarios,
you end up with just as many coins in your addresses that you started with,
modulo
some transaction fee.
This is a big deal for novel application writers, as it significantly
reduces the barrier
for them to convince both themselves and others that the code they wrote
does not
risk user funds being lost, especially if all transactions are being
externally analyzed
and signed.
Miniscript is not of course a complete solution, for example it cannot
solve all of the
high-risk edge cases that are present in the lightning network, but it is a
big step
forward and I believe that widespread use of Miniscript would be a huge
boon to the
Bitcoin ecosystem.
On Mon, Aug 19, 2019 at 7:18 PM Pieter Wuille via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi all,
>
> Miniscript is a project we've been working on for the past year or so,
> and is now at a stage where I'd like to get it some more attention. It is
> joint
> work with Andrew Poelstra and Sanket Sanjalkar.
>
> It's a language for writing (a subset of) Bitcoin Scripts in a structured
> way,
> enabling analysis, composition, generic signing and more.
>
> For example the script
>
> <A> OP_CHECKSIG OP_IFDUP OP_NOTIF OP_DUP OP_HASH160 <hash160(B)>
> OP_EQUALVERIFY OP_CHECKSIGVERIFY <144> OP_CSV OP_ENDIF
>
> in Miniscript notation would be
>
> or_d(c:pk(A),and_v(vc:pk_h(B),older(144)))
>
> making it human (engineer?) readable that this is a script that permits A
> to
> take the coins at any time, and B after 1 day. A full description of the
> language can be found on the project website
> http://bitcoin.sipa.be/miniscript
>
> Using Miniscript it's possible to:
> * Write descriptors for addresses for scripts that implement things more
> complicated than multisig.
> * Make software that can deal with composition of policies (e.g. have funds
> in a 2-of-3 setup where one of the 3 "keys" is itself a policy that
> involves
> perhaps multiple devices and timeouts).
> * Compile complex spending policies to efficient scripts.
> * Figure out under what necessary and/or sufficient conditions a script
> can be
> satisfied.
> * Given signatures for a sufficient set of keys (and hash preimages, if
> needed),
> generically construct a witness for arbitrary scripts, without metadata
> apart from the script itself and public keys appearing in it. This means
> generic PSBT signers are possible for this class of scripts.
> * Compute the bounds on the size of a witness for arbitrary scripts.
> * Perform static analysis to see if any of Script's resource limitations
> (ops limit, stack size, ...) might interfere with the ability to spend.
> * Who knows what else...
>
> We have two implementations:
> * a C++ one (https://github.com/sipa/miniscript)
> * a Rust library (https://github.com/apoelstra/rust-miniscript).
>
> The implementations are a work in progress, but through large scale
> randomized
> tests we have confidence that the language design and associated witnesses
> are
> compatible with the existing consensus and standardness rules.
>
> To be clear: Miniscript is designed for Bitcoin as it exists today
> (primarily
> P2WSH), and does not need any consensus changes. That said, we plan to
> extend
> the design to support future script changes Bitcoin may include.
>
> Cheers,
>
> --
> Pieter
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 6021 bytes --]
next prev parent reply other threads:[~2019-08-20 7:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 23:17 [bitcoin-dev] Miniscript Pieter Wuille
2019-08-20 7:15 ` David Vorick [this message]
2019-08-20 8:14 ` ZmnSCPxj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFVRnyp0Z997-UwJMFn3H7N0ogHTkxc+fDj-yROit3coUk1rxw@mail.gmail.com \
--to=david.vorick@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=pieter.wuille@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox