public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Brandon Black <freedom@reardencode.com>
To: bitcoindev@googlegroups.com
Subject: [bitcoindev] BIP for OP_INTERNALKEY
Date: Wed, 24 Apr 2024 22:22:13 -0700	[thread overview]
Message-ID: <Zinohf1n8-aWN6G9@console> (raw)

Hello list,

I'm currently failing to find the original reference discussion for
adding OP_INTERNALKEY to tapscript. I believe it was in the context of
the SIGHASH_ANYPREVOUT proposal which opted instead to access the
internalkey as a special key with value `0x01`. Regardless, here[0] is a
BIP for adding OP_INTERNALKEY to tapscript to allow access to the
taproot internal key. As noted below, this helps certain classes of
script come closer to matching segwitv0 in byte efficiency, which can be
particularly useful for protocols such as Lightning where the same
signers may need to sign a script path in some cases, and a key path in
others.

------------
## Abstract

This BIP describes a new tapscript opcode (`OP_INTERNALKEY`) which
pushes the taproot internal key to the stack.

## Specification

When verifying taproot script spends having leaf version `0xc0` (as
defined in [BIP 342]), `OP_INTERNALKEY` replaces `OP_SUCCESS203` (0xcb).
`OP_INTERNALKEY` pushes the taproot internal key, as defined in [BIP
341], to the stack.

## Motivation

### Key spend with additional conditions

When building taproot outputs, especially those secured by an aggregate
key representing more than one signer, the parties may wish to
collaborate on signing with the taproot internal key, but only with
additional script restrictions. In this case, `OP_INTERNALKEY` saves 8
vBytes.

### Mitigated control block overhead for scripts using hash locks

In cases where script path spending is not desired, the internal key may
be set to a NUMS point whose bytes would otherwise be required in a
tapscript. This could be used with any hash locked transaction, for
example, to save 8 vBytes.

Note: The internal key must be the X coordinate of a point on the
SECP256K1 curve, so any such hash must be checked and modified until it
is such an X coordinate. This will typically take approximately 2
attempts.

## Reference Implementation

A reference implementation is provided here:

https://github.com/bitcoin/bitcoin/pull/29269

## Backward Compatibility

By constraining the behavior of an OP_SUCCESS opcode, deployment of the
BIP can be done in a backwards compatible, soft-fork manner. If anyone
were to rely on the OP_SUCCESS behavior of `OP_SUCCESS203`,
`OP_INTERNALKEY` would invalidate their spend.

## Deployment

TBD

## Copyright

This document is licensed under the 3-clause BSD license.

[BIP 341]: https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki

[BIP 342]: https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki

------------

[0]: https://github.com/bitcoin/bips/pull/1534

-- 
--Brandon

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/Zinohf1n8-aWN6G9%40console.


             reply	other threads:[~2024-04-25 10:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-25  5:22 Brandon Black [this message]
2024-04-26  8:09 ` [bitcoindev] Re: BIP for OP_INTERNALKEY Garlo Nicon
2024-04-26 16:03   ` Brandon Black

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zinohf1n8-aWN6G9@console \
    --to=freedom@reardencode.com \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox