From: "Russell O'Connor" <roconnor@blockstream.io>
To: Jeremy <jlrubin@mit.edu>
Cc: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] OP_SECURETHEBAG (supersedes OP_CHECKOUTPUTSVERIFY)
Date: Tue, 25 Jun 2019 13:05:39 -0400 [thread overview]
Message-ID: <CAMZUoKk-WHk8xz0vSs+xoPKPeMWV16bfP+mCt80jCZk8BQqx=w@mail.gmail.com> (raw)
In-Reply-To: <CAD5xwhjaC61jOLvPrMcsvL9ji5zUAP-=ai3NhBojeQcC4v8DpA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 5271 bytes --]
Bitcoin Core is somewhat outside my core competence, but the various
OP_PUSHDATA are already multi-byte opcodes and GetOp already has a data
return parameter that is suitable for returning the payload of an immediate
32-byte data variant of OP_SECURETHEBAG. All that I expect is needed is to
ensure that nowhere else is using a non-empty data-field as a proxy for a
non-empty push operation and fixing any such occurrences if they exist.
(AFAIKT there are only a handful of calls to GetOp).
It is probably worth updating the tapscript implementation to better
prepare it for new uses of OP_SUCCESSx. Parsing should halt when an
OP_SUCCESSx is encountered, by having GetScriptOp advance the pc to end
after encountering such a code (decoding Script is no longer meaningful
after an OP_SUCCESS is encountered). However, that means that GetScriptOp
needs to know what version of script it is expected to be parsing. This
could be done by sending down some versioning flags, possibly by adding a
versioning field to CScript that can be initialized @
https://github.com/sipa/bitcoin/blob/7ddc7027b2cbdd11416809400c588e585a8b44ed/src/script/interpreter.cpp#L1679
or some other mechanism (and at the same time perhaps having GetSigOpCount
return 0 for tapscript, since counting sigops is not really meaningful in
tapscript). There are probably other reasonable approaches too (e.g your
option 2 below). I could write some code to illustrate what I'm thinking
if you feel that would be helpful and I do think such changes around
OP_SUCCESS should be implemented regardless of whether we move forward with
OP_SECURETHEBAG or not.
It is probably worth doing this properly the first time around if we are
going to do it at all.
P.S. OP_RESERVED1 has been renamed to OP_SUCCESS137 in bip-tapscript.
>
> On Mon, Jun 24, 2019 at 6:47 PM Jeremy <jlrubin@mit.edu> wrote:
> I agree in principal, but I think that's just a bit of 'how things are'
> versus how they should be.
>
> I disagree that we get composability semantics because of OP_IF. E.g., the
> script "OP_IF .... " and "OP_END" are two scripts that separately are
> invalid as parsed, but together are valid. OP_IF already imposes some
> lookahead functionality... but as I understand it, it may be feasible to
> get rid of OP_IF for tapscripts anyways. Also in this bucket are P2SH and
> segwit, which I think breaks this because the concat of two p2sh scripts or
> segwit scripts is not the same as them severally.
>
> I also think that the OP_SECURETHEBAG use of pushdata is a backwards
> compatible hack: we can always later redefine the parser to parse
> OP_SECURETHEBAG as the 34 byte opcode, recapturing the purity of the
> semantics. We can also fix it to not use an extra byte in a future tapleaf
> version.
>
> In any case, I don't disagree with figuring out what patching the parser
> to handle multibyte opcodes would look like. If that sort of upgrade-path
> were readily available when I wrote this, it's how I would have done it.
> There are two approaches I looked at mostly:
>
> 1) Adding flags to GetOp to change how it parses
> a) Most of the same code paths used for new and old script
> b) Higher risk of breaking something in old script style/downstream
> c) Cleans up only one issue (multibyte opcodes) leaves other warts in
> place
> d) less bikesheddable design (mostly same as old script)
> e) code not increased in size
> 2) Adding a completely new interpreter for Tapscript
> a) Fork the existing interpreter code
> b) For all places where scripts are run, switch based on if it is
> tapscript or not
> c) Can clean up various semantics, can even do fancier things like
> huffman encode opcodes to less than a byte
> d) Can clearly separate parsing the script from executing it
> e) Can improve versioning techniques
> f) Low risk of breaking something in old script style/downstream
> g) Increases amount of code substantially
> h) Bikesheddable design (everything is on the table).
> i) probably a better general mechanism for future changes to script
> parsing, less consensus risk
> j) More compatible with templated script as well.
>
> If not clear, I think that 2 is probably a better approach, but I'm
> worried that 2.h means this would take a much longer time to implement.
>
> 2 can be segmented into two components:
>
> 1) the architecture of script parser versioning
> 2) the actual new script version
>
> I think that component 1 can be relatively non controversial, thankfully,
> using tapleaf versions (the architecture question is more around code
> structure). A proof of concept of this would be to have a fork that uses
> two independent, but identical, script parsers.
>
> Part two of this plan would be to modify one of the versions
> substantially. I'm not sure what exists on the laundry list, but I think it
> would be possible to pick a few worthwhile cleanups. E.g.:
>
> 1) Multibyte opcodes
> 2) Templated scripts
> 3) Huffman Encoding opcodes
> 4) OP_IF handling (maybe just get rid of it in favor of conditional Verify
> semantics)
>
> And make it clear that because we can add future script versions fairly
> easily, this is a sufficient step.
>
>
> Does that seem in line with your understanding of how this might be done?
>
[-- Attachment #2: Type: text/html, Size: 10622 bytes --]
prev parent reply other threads:[~2019-06-25 17:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-01 5:35 [bitcoin-dev] OP_SECURETHEBAG (supersedes OP_CHECKOUTPUTSVERIFY) Jeremy
2019-06-02 5:35 ` ZmnSCPxj
2019-06-02 14:32 ` Russell O'Connor
2019-06-02 21:32 ` Jeremy
2019-06-05 9:30 ` Anthony Towns
2019-06-06 7:30 ` ZmnSCPxj
2019-06-18 20:57 ` Russell O'Connor
2019-06-20 22:05 ` Anthony Towns
2019-06-23 6:43 ` Jeremy
2019-07-08 10:26 ` Dmitry Petukhov
2019-10-03 23:22 ` Jeremy
[not found] ` <CAD5xwhj8o8Vbrk2KADBOFGfkD3fW3eMZo5aHJytGAj_5LLhYCg@mail.gmail.com>
2019-06-23 13:11 ` ZmnSCPxj
2019-06-24 14:34 ` Russell O'Connor
2019-06-24 18:07 ` Jeremy
2019-06-24 18:48 ` Russell O'Connor
2019-06-24 22:47 ` Jeremy
2019-06-25 17:05 ` Russell O'Connor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMZUoKk-WHk8xz0vSs+xoPKPeMWV16bfP+mCt80jCZk8BQqx=w@mail.gmail.com' \
--to=roconnor@blockstream.io \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=jlrubin@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox