From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 70587941 for ; Fri, 22 Sep 2017 20:33:38 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f53.google.com (mail-oi0-f53.google.com [209.85.218.53]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 18AD14BE for ; Fri, 22 Sep 2017 20:33:38 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id b1so123335oih.4 for ; Fri, 22 Sep 2017 13:33:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uJ/5aQsKrb6MZaRtD1IlKZ5bi/EC8NUnryIdJUfJw3Q=; b=ZOBOz7Kn3SYRlKHHto9mhSY6rgQ3lLFUNp5uygVNrHtYBedQgLgsFzU/fjtVfCKo6s 6fOqqjpEUjGcg3UI9LixvBBTnSZEfVjo7tf0g3jNf06K7fReuNrX2HuObxiZ3UaJEdjg dYgSBUrlzZMCo+/OJEv2BlkMCkUnwTL7XIj64AB6nj/F5g93Y1+UT06afNszslHyYayf dokT52gLup+H1Vl0vmhzQYDhHocszjPXSU3+lKKMPRxox9vCIMyuSuAyyYZfw6xkO385 1/oW3dsO4Fy6G6AQRDV8s1Kmk45ptAF/W73LuUy/xbro5GZU7C9gYGrK3DUWNEpP6eo+ WsuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uJ/5aQsKrb6MZaRtD1IlKZ5bi/EC8NUnryIdJUfJw3Q=; b=dZokeTroc/5UFvHQjuErT93aC0NGdCGyrTlETfTdSsFqWfMz1ssfqBVVBKBYB64Y72 CQICyhGLcZCQM9ogfRr2V4VT15zuL1//5qihJf84zBoZLHI6EoXDbFQ2cYgNoose81Hu SqY0CSr7mupC4yXbGsqCaQmAPdCK2Sa3LH39Kyoid3xElnI7oyfcCRclgaNvcc8+lWcL /LMyP59PphiCbfI9C5maiHrkSKlOcGVX5SoBsFuDucvLQ1Y27jHDboQX0mnmqm3XkERM qLw0/jbeHU+LTqfxkCw7CSnxwLZvrrLde5Rnp/CJYl61fRAk8n1+za3azugoUKTpAV6o ueyA== X-Gm-Message-State: AHPjjUgX7ktVcb0quVJVxuJSAbLw5uDwuk/h0iZOadgJpC9litL6m3RR TWQ0t4hSqCQGWmOTeppeShmjFGBX0umZKwGGJgo= X-Google-Smtp-Source: AOwi7QAR5CEdZDqDwPHgZE8pUkmg7FB1yVYuHiidNC81ctt+Ssmjs9Ja1BMIQgm7lToEnH1N5pLFjI6vjK1kfhnMWYY= X-Received: by 10.202.178.133 with SMTP id b127mr441100oif.319.1506112417370; Fri, 22 Sep 2017 13:33:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.85.72 with HTTP; Fri, 22 Sep 2017 13:32:56 -0700 (PDT) In-Reply-To: References: <5B6756D0-6BEF-4A01-BDB8-52C646916E29@friedenbach.org> <201709190309.08669.luke@dashjr.org> From: Sergio Demian Lerner Date: Fri, 22 Sep 2017 17:32:56 -0300 Message-ID: To: Mark Friedenbach , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="001a113b5e32a1198f0559cd1f8e" X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 22 Sep 2017 20:41:03 +0000 Subject: Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 20:33:38 -0000 --001a113b5e32a1198f0559cd1f8e Content-Type: text/plain; charset="UTF-8" > > There are other solutions to this problem that could have been taken > instead, such as committing to the number of items or maximum size of > the stack as part of the sighash data, but cleanstack was the approach > taken. The lack of signed maximum segwit stack size was one of the objections to segwit I presented last year. This together with the unlimited segwit stack size. However, committing to the maximum stack size (in bytes) for an input is tricky. The only place where this could be packed is in sequence_no, with a soft-fork. E.g. when transaction version is 2 and and only when lock_time is zero. For transactions with locktime >0, we could soft-fork so transactions add a last zero-satoshi output whose scriptPub contains OP_RETURN and followed by N VarInts, containing the maximum stack size of each input. Normally, for a 400 byte, 2-input transaction, this will add 11 bytes, or a 2.5% overhead. > Arguably for a future script version upgrade one of these other > approaches should be taken to allow for shorter tail-call scripts. > > Mark > > * Well, almost any. You could end the script with DEPTH EQUAL and that > is a compact way of ensuring the stack is clean (assuming the script > finished with just "true" on the stack). Nobody does this however > and burning two witness bytes of every redeem script going forward > as a protective measure seems like an unnecessary ask. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --001a113b5e32a1198f0559cd1f8e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

=

There are other solutions to this problem that could have been taken
instead, such as committing to the number of items or maximum size of
the stack as part of the sighash data, but cleanstack was the approach
taken.

The lack of signed=C2=A0maximum seg= wit stack size was one of the objections to segwit I presented last year. T= his together with the unlimited segwit stack size.

However, committing to the maximum stack size (in bytes) for an input is t= ricky. The only place where this could be packed is in=C2=A0sequence_no, wi= th a soft-fork. E.g. when transaction version is 2 and and only when lock_t= ime is zero.

For t= ransactions with locktime >0, we could soft-fork so transactions add a l= ast zero-satoshi output whose scriptPub contains OP_RETURN and followed by = N VarInts, containing the maximum stack size of each input.
Normally, f= or a 400 byte, 2-input transaction, this will add 11 bytes, or a 2.5% overh= ead.






=C2=A0
Arguably for a future scrip= t version upgrade one of these other
approaches should be taken to allow for shorter tail-call scripts.

Mark

* Well, almost any. You could end the script with DEPTH EQUAL and that
=C2=A0 is a compact way of ensuring the stack is clean (assuming the script=
=C2=A0 finished with just "true" on the stack). Nobody does this = however
=C2=A0 and burning two witness bytes of every redeem script going forward =C2=A0 as a protective measure seems like an unnecessary ask.
_______________________= ________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

--001a113b5e32a1198f0559cd1f8e--