From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E889EC9E for ; Tue, 4 Sep 2018 16:57:40 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f43.google.com (mail-oi0-f43.google.com [209.85.218.43]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 615CB7E0 for ; Tue, 4 Sep 2018 16:57:40 +0000 (UTC) Received: by mail-oi0-f43.google.com with SMTP id k12-v6so8053049oiw.8 for ; Tue, 04 Sep 2018 09:57:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=NmLuAyXmKjYY3Is/lQ6G1Ve/MK/4Nd9sFHG5qThxDiw=; b=U/d/IKJTGeJ9dPERLPxXhz0fcnRnkVlIyUpa0lPpaY9OSyFk7F0ZpiH6B1/zwox86o 0ruhFvoZYbbyQlP2hhiUlL8kg1ZLKIQGlk6RSVXkyXSXLI9q083jno/81mC5q1K/LMnl AWjiV4ymUtFZAafVt8+oM+E6/mA7AzS5A1XLINGGjXhDi/FzYzHKg0rx/ut18qhn7PDt HD1R6unn+8EfVUegWOjrnSoScI640jjUhkgS3xDZduq2sXQAUnqTOe72/kb7GFLe/y96 qSAKlngtC+sYGQyzdTwZo1jEALLlCRTzX1WoIus6kVnT/KlyI2UxeZTCumvBVEk8kN5L W9rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=NmLuAyXmKjYY3Is/lQ6G1Ve/MK/4Nd9sFHG5qThxDiw=; b=KOIrm8SjGs36jY9Pd+NP5HW3ypX4SurWQmgcwNvVHQTRafugE2L5t/n5ho0I7JM0H1 NAt2UffVVuT+1jMFs3irP7U/ezHwZYNVkxhn5YJkLlgF9Kc50nNCKJ3h33emsFr/gge6 wjA4R/wtOqgWaQF1SGLvgffoNNkMAPAUzRIbJISKdt7fZtGUNraio7kFA/fSfFq9F3XO MCXRltch6orU14x2LPhac1S2/pDhQa8kiIXWSJpnG1IZkbfxMEM7LwxDx46KWpHgOlNR 6UG6aNOp7Vf2VkVzxdmbXsoXaAjV5BcoFAq5/X+kAoCq0E720n+RCyEFE5imDb02s0kf Yztg== X-Gm-Message-State: APzg51BQoUsVuquh98DR16HTlyUHzFIj5Y4qNaAvREVh8hkBMV1rWGaL jXRRwWCk82dUUUCg361RAVEdPq92CPEnVyH7Hb0= X-Google-Smtp-Source: ANB0VdaV01TFQT8by1WeCACXqW6LV0ae12zJtVETocVNvq5kMHsnwGqhUoAZK9qbP5C+Qzda4THi7JyW+7RIk6zYmzQ= X-Received: by 2002:aca:b256:: with SMTP id b83-v6mr27193405oif.235.1536080259525; Tue, 04 Sep 2018 09:57:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Pieter Wuille Date: Tue, 4 Sep 2018 09:57:28 -0700 Message-ID: To: Alex Bosworth , Bitcoin Dev Content-Type: multipart/alternative; boundary="0000000000003730bb05750e8e38" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 04 Sep 2018 19:19:38 +0000 Subject: Re: [bitcoin-dev] Extending BIP174 for HTLCs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2018 16:57:41 -0000 --0000000000003730bb05750e8e38 Content-Type: text/plain; charset="UTF-8" On Tue, Sep 4, 2018, 04:32 Alex Bosworth via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I've been experimenting with a format tag for BIP 174 to help support > HTLC scripts I've been working with. > I've been thinking about this as well. A useful way to look at it IMHO is to see a hash as the analogue of a public key, and the preimage as the analogue of a signature. That would suggest adding two fields to PSBT: * A request for the preimage of a given hash (similar to the pubkey/path field currently) * A revealed preimage for a given hash (similar to the partial signature field currently). The workflow would in this case would be: * An updater recognizes an output/script as being one that requires a preimage, and adds a preimage request field to the input (along with pubkey fields for all involved keys). * A "signer" who knows the preimage sees the request field, verifies he's willing to divulge the secret, and adds a preimage field (along with any signatures he may be able to create). * A finalizer who is compatible with the type of hashlock script combines all signatures and preimages into a final scriptSig/witness stack. An obvious difficulty is having updaters and finalizers which are compatible with all possible variations of hashlocks and other scripts. Not sure on the best format for this, but what I have been thinking > about is a new input type that defines elements that should be > inserted in the final p2sh/p2wsh stack such as a preimage or a refund > path flag. > That's one approach to reducing the complexity of the finalizer: adding information about the composition of the scriptSig to the PSBT itself. However, I don't think that approach scales very well (you'd need new fields for all kinds of new script constructions). In particular, dealing with multiple possible satisfactions may complicate things, especially when the number of combinations is intractable. I've been working on another approach that doesn't involve changes to PSBT, but instead uses an easily-parsable subset of script (which includes and/or/threshold/pubkey/locktimes/hashlocks). I hope to publish something soon about it. Cheers, -- Pieter --0000000000003730bb05750e8e38 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


An obvious difficulty is having= updaters and finalizers which are compatible with all possible variations = of hashlocks and other scripts.

Not sure on the best format for this, but what I have been thinking
about is a new input type that defines elements that should be
inserted in the final p2sh/p2wsh stack such as a preimage or a refund
path flag.

That's one approach to reducing the complexity of the finaliz= er: adding information about the composition of the scriptSig to the PSBT i= tself. However, I don't think that approach scales very well (you'd= need new fields for all kinds of new script constructions). In particular,= dealing with multiple possible satisfactions may complicate things, especi= ally when the number of combinations is intractable.

I've been working on another approach that= doesn't involve changes to PSBT, but instead uses an easily-parsable s= ubset of script (which includes and/or/threshold/pubkey/locktimes/hashlocks= ). I hope to publish something soon about it.

Cheers,

--=C2=A0
Pieter

--0000000000003730bb05750e8e38--