From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 35BF4DA7 for ; Wed, 9 Oct 2019 21:34:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B340714D for ; Wed, 9 Oct 2019 21:34:44 +0000 (UTC) Received: by mail-oi1-f174.google.com with SMTP id t84so3068485oih.10 for ; Wed, 09 Oct 2019 14:34:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=owpB/5yp6LDi4TejLkHeKHPT095xfgvDiQOhf0eOcGo=; b=KzZkp5baIt8ms1UcdIhXLcmx6FHrOI5rom2bdgIr/Am47psNVavo6xBXzJIspGwkhP bPHhym2kyMX5rNUwDJtU//rxZdXRap5Qev+vc915j+z+XYZjSlYNeTpX1dzszJ+Jr9ST t8HBzgxyw/nMpwOvc1uHfcr3mOa6J/BT7K1+ToIxygHsB4Z0tgBnJvs2Iwcqv9ZEOw5J 8UhZgW2HCpl6wFF2J5fLKLZGgAyyOwnu2mCGsjFWUOB0y3uTNvgTfrtNpDrg8CZZgVtR 2UWsdkvmeWcvnU2Y3Gn2CjzLwGakLESjLJ6wu4ibItwI7tRA078lR7FPJatNwkCqVppb 2zOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=owpB/5yp6LDi4TejLkHeKHPT095xfgvDiQOhf0eOcGo=; b=bwqwEOt9eut2cyjj9fQOpAA5qvUe6jRSCZncreyUvI/QpJ7J4qiofvzDbNRZl0/cdU H1wOLJ8WpajMZevEIvqjriswO8hpcD80PCWTCALP3Ptqi2ZLkGwuaWsqv3rlT5Uqzm94 eYuH1GFQ8Z1D2uxnAKPJCQGBnyREHU4ZcJs2PnRVYGgssnOMrBtZuQ8eNNrSnPDO5hiZ Cpy727FkFk6VY7pKdfpUoJPOW68K8gbHHYqC/qeQDZo7ftOTSRcTQhg+5IV0b69sPytm Yza0RJp8G6iWVJXYtyJF3eiAnsYWPv5PNfKfP4a5jdZv9YEE7YGTfLEy9iskOnXvJ5zX lQMg== X-Gm-Message-State: APjAAAWjo9HWrRAuw6FESFnjQsHeVmeSE4+F1ooqugqI4XSBSKl7nGgv VGjz+dPS5dTtrieDcCgVuSfBoTlWN4ZjojwlPPp5PbSm X-Google-Smtp-Source: APXvYqyIoS8XGC0Jv22nNSCswMqoh01M+ob84pwIXUgUtXVBPq7be+cC9AzqsO4kddUyWhVxxwMv65AVz40H7d9gqP0= X-Received: by 2002:aca:1c02:: with SMTP id c2mr4350366oic.73.1570656883580; Wed, 09 Oct 2019 14:34:43 -0700 (PDT) MIME-Version: 1.0 From: Pieter Wuille Date: Wed, 9 Oct 2019 14:34:32 -0700 Message-ID: To: Bitcoin Dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DOS_RCVD_IP_TWICE_B, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Taproot updates X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 21:34:45 -0000 Hi all, I wanted to give an update on some of the changes we've made to the bip-schnorr/taproot/tapscript drafts following discussions on this list: * The original post: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-May/016914.html and follow-ups * Using 2 or 4 byte indexes: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-June/017046.html * 32-byte public keys: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017247.html * Resource limits: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-September/017306.html * P2SH support or not: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-September/017297.html). We've made the following semantical changes to the proposal: * 32-byte public keys everywhere instead of 33-byte ones: dropping one byte that provably does not contribute to security, while remaining compatible with existing BIP32 and other key generation algorithms. * No more P2SH support: more efficient chain usage, no gratuitous fungibility loss from having 2 versions, no mode limited to 80-bit security for non-interactive multiuser constructs; however senders will need bech32 support to send to Taproot outputs. * 32-bit txin position and codesep position indexes instead of 16-bits ones. * Tagged hashes also in bip-schnorr: the signature and nonce generation now also use tagged hashes, rather than direct SHA256 (previously tagged hashes were only used in bip-taproot and bip-tapscript) * Dropping the 10000 byte script limit and 201 non-push opcode limit: as no operations remain whose validation performance depends on the size of scripts or number of executed opcodes, these limits serve no purpose, but complicate creation of Scripts. * Increased the limit on the depth of Merkle trees from 32 to 128: a limit of 32 would necessitate suboptimal trees in some cases, but more than 128 levels are only necessary when dealing with leaves that have a chance of ~1/2^128 of being executed, which our security level treats as impossible anyway. See the updated documents: * https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki * https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki * https://github.com/sipa/bips/blob/bip-schnorr/bip-tapscript.mediawiki In addition, a lot of clarifications and rationales were added. The reference implementation on https://github.com/sipa/bitcoin/commits/taproot was also updated to reflect these changes, has a cleaner commit history now, and improved tests (though those can still use a lot of work). Cheers, -- Pieter