From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 25 Apr 2024 04:45:19 -0700 Received: from mail-yw1-f188.google.com ([209.85.128.188]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rzxXT-0002tc-Bo for bitcoindev@gnusha.org; Thu, 25 Apr 2024 04:45:19 -0700 Received: by mail-yw1-f188.google.com with SMTP id 00721157ae682-618891b439esf13469247b3.3 for ; Thu, 25 Apr 2024 04:45:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714045513; cv=pass; d=google.com; s=arc-20160816; b=LoS7JdOaE8/+VksL1BlppWhEzNljcO7vZD+V5GzQd7oc8viyfnWBEC7eWD2SOLsLlG jx1uS7owUL3YPzyNNiQzcdJ6KOjgjUusO6Vl2NXRu7OygnS8hxAVIMn5TFayXLLMWoli c4igogRyo1QY52CPp3JfUX8Yl3GqoJPWiAdu/F04o3lP/M+rszYmwbj34sfvuqzYl2I6 I+Q56d0D0G1lomtaDISNhBs/WYwMZMVYQbyqWF2ZUd169yNvfJAOICHbG2hYbop4vLbA HxOb+b3ZyHe9hankpxkXvHOAoBs0SCOitpvX4WcP1/QtsotrQtRIBmc65991vQy1AONO 5Q4g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:to:from:date:sender :dkim-signature; bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=; fh=+C00It3dlWmyYTn4Qwcn+IUSf8cw4eY4sJA4W3pP5g0=; b=WXrCfp/mqSq2++UGEVzoz81trXd1jP1bQNvQvNPXhXCKYGRqr9Riru7O8BKo6mFqU2 +F4VEFy3m3RV9a+xpcvwxXBLIohCPWcYTTctOQKzbZufAFgKG7romhD5/Gp+Myb2Tkuc 4tVraUtxIYhilJOUD9O6J3mCXExD5Fpp77aoYktW7an2QA3DzE8PQjI7fNITgZTAavgC 3cKRJQ3EeHkzmoRvFIvMasvjJTg4tu45xFux5qUc+Mn2DlUDjsjESbsjs8JzlveDO+NY cMf0YzLehSOUee7rFQhh+3HCo3fUhiKJu6oenn+7+ELpOzJfOQJdzvCD30/vaD0Ij9Xh aOpA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj; spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1714045513; x=1714650313; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:to:from:date:sender:from:to:cc :subject:date:message-id:reply-to; bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=; b=UYmY7+mwSTDHDIE8L4IoEMJzCueelZRKhNEcX0yhlwLqxanK3zWjNQh3P05zlqshxU j+wRo47FmXtsl89e8fbGD61JTflEWjtPT7ItiVE5249QkccCxHBKcHq2kyreBvD17RNp 2GIwvoAqLnukma7Eb2tnH0z5DQ9h28udjyRRyr8WbjskId2MwKtnjjFfAunp6v7sJAzk xxwq8wwrWJwnMrH3QCAXKHP97nLpjl1Sfw+2hI8qaoOO6ena1l0hU00U7gOZD9ydXH+u qEdYgXpv61RohRweRWmeX69rW2PFGYW6vTSHnjEcK+gdWz/ZHyMOK5QgzgSu1PJF6HBg igvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714045513; x=1714650313; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=; b=SCmDqa4zhy90UbCYfwEEtPxX2wFMqBHWprQSbmb2kGEcC7DSRmWL6wjSL0OX5do1lS WsnCSDCoXzmZo88SX4HHiwXK38Fhqn5x5iU1GiHzy3sXjF10D6axpfqR9MborWs8YXFj b5jdZw0XX4QCTIKdCCTXwkXeXQghiHyJ1NFjdk9dWfx22QMvrX83DK6Z8+NRWSEjSWDQ 4XLGZPtrTwTlMSXeRLPoZEK982DTIEZWZ1ZRKvbmTrgFA71wNS7idqBxR1Yv24M+yNHH cKCvscDVo4a2eg4obR/FNX5oJ9mUw8mNM6fzq+tLUywYA8oyCjHyb8T5/5m4arjsddxv o90A== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVpmPhqXKXn2HhXZkocyOoGx7znqMiCjUIuYvjybkLNhG8UjvwKKRCcoBYb99eZGv+Fx3/3jgKJYYtvQX1RowbxtqQ2dFo= X-Gm-Message-State: AOJu0Yy2oGotUVOJS6uMS20vGVz9JGGKRGq0Cz3UPRiunJXg+CyZWWLY qYbQaYm4dZhvtTQK6f9WoBhWG46lKAXAd0zuhowTssHkOLU/niWV X-Google-Smtp-Source: AGHT+IFOE4FdeAPsnW9sUHwX7eDW90QZySSmvLrkxjOnEJBpf+Am5WoFDQCwyvpsrBemVFoNQ2CfYQ== X-Received: by 2002:a05:690c:6182:b0:61a:d4b6:6108 with SMTP id hj2-20020a05690c618200b0061ad4b66108mr5332189ywb.30.1714045513053; Thu, 25 Apr 2024 04:45:13 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:622a:1a86:b0:439:618a:91b with SMTP id d75a77b69052e-43a3aa4f7b7ls12960661cf.0.-pod-prod-02-us; Thu, 25 Apr 2024 04:45:11 -0700 (PDT) X-Received: by 2002:ac8:51cd:0:b0:439:9a0c:4d77 with SMTP id d13-20020ac851cd000000b004399a0c4d77mr17140qtn.0.1714045511795; Thu, 25 Apr 2024 04:45:11 -0700 (PDT) Received: by 2002:a05:620a:4625:b0:790:6237:7247 with SMTP id af79cd13be357-79098e2c826ms85a; Thu, 25 Apr 2024 04:44:46 -0700 (PDT) X-Received: by 2002:a05:622a:1914:b0:439:8c44:86ad with SMTP id w20-20020a05622a191400b004398c4486admr8887364qtc.26.1714045485836; Thu, 25 Apr 2024 04:44:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714045485; cv=none; d=google.com; s=arc-20160816; b=ayxs8ORPjL7sNDDO2X/hThlp+BdYs+sHZHBTUMDEFjM7CtxaUJ7+x9PXss8CVZreEi 1Hxb8gKnXOcTR8oltoeOjL8jSWzW6OJga0+002jdsw7whYnh4vwgvEo1DkzncmsH7ko/ 9aDEdcJdPnFdOhH5J69iCbqEdPR4edOUJHzlSw+FSQ82G+Dgk6KFjTWeQoIPwWqE9PAx LQQ+VqK1oo7kNZ/MZcuoEDJa3xJ4nZ8g4SLkJXvF62fHYsZpPprqtXb1/Crd+LgyS3I/ WArTr9N1FaCN/jVR51Q5YBuqnzRh79sAsDoSM1WxrpQxMVVnJXtydW7cr38ZjpOGZCid 4oaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:dkim-signature; bh=xMopDkxzD2LxnjfffgPSbWC5mrajKO1D0XyxXU7kF3M=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=Ynde0u+IO92Xzb+qrXQvd6H9Imaqum9CsLPesNmgPCAbTJM9R8tBJdW1i4sIlxLN9g NDoK4luyonb4TzJRspf31IRVCAxfr3VNRCeF3MhmL1myRFY6D9ohrn1Ul3aYYuRog3M0 hO/CFFRwNUpkaTQMK6Oy+pTDJuerYS8y5rsBw/WUoPf1cY7MNl5Ulhd51G+dNbBWq//G fd1n16Pp+wYj8iN3ji3902CL8fj/1OCPvKuYDXVfu86EQ6es4Pz3LHzTIQBbaz3ZJqaH psFO5jfDN9TVxRbDdQ2f56nIY46BMtSf70akhw3neci0B9vxYn3PHOLWzZ17aD96qyQA Ja3g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj; spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net Received: from mail.wpsoftware.net ([66.183.0.205]) by gmr-mx.google.com with ESMTP id dj20-20020a05622a4e9400b00439085c647csi1644101qtb.0.2024.04.25.04.44.45 for ; Thu, 25 Apr 2024 04:44:45 -0700 (PDT) Received-SPF: pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) client-ip=66.183.0.205; Received: from camus (camus-andrew.lan [192.168.0.190]) by mail.wpsoftware.net (Postfix) with ESMTPSA id 093044009B for ; Thu, 25 Apr 2024 11:44:45 +0000 (UTC) Date: Thu, 25 Apr 2024 11:44:40 +0000 From: Andrew Poelstra To: bitcoindev@googlegroups.com Subject: Re: [bitcoindev] BIP for OP_CHECKSIGFROMSTACK Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OoC1cQBOMjISW3fx" Content-Disposition: inline In-Reply-To: X-Original-Sender: apoelstra@wpsoftware.net X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj; spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) --OoC1cQBOMjISW3fx Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline On Wed, Apr 24, 2024 at 10:12:52PM -0700, Brandon Black wrote: > Hello list, > > Back in 2021, Jeremy wrote[0] about bringing OP_CHECKSIGFROMSTACK (or > OP_CHECKDATASIG) to bitcoin. That email proposed adopting the > specification from Bitcoin Cash for Bitcoin, but it is not directly > suitable, as it verifies DER encoded ECDSA signatures and not R||S > encoded BIP340 Schnorr signatures. The BIP here included, and proposed > for the BIPs repository[2] is a bitcoin-specific design for > OP_CHECKSIGFROMSTACK and OP_CHECKSIGFROMSTACKVERIFY. It further differs > from Jeremy's email by specifying the repurposing of a NOP (NOP5) for > OP_CHECKSIGFROMSTACKVERIFY to bring data signature verification to all > script types, not only tapscript (although this is subject to > change)[1]. > Thanks for this detailed writeup. This all looks good to me. In particular it's nice to have the BIP-342 upgrade feature (unknown pubkeys are OP_SUCCESS) and support for batch verification (invalid signatures are required to be the empty vector). One minor open question is whether CSFS should exactly share the set of public keys that CHECKSIG does. That is, should it be possible in a future softfork to give CSFS a new type of pubkey that CHECKSIG does not support, or vice-versa. This doesn't actually need to be answered as part of a CSFS proposal; it can be decided later when we have a usecase for this upgrade path. But it may affect the choice of language when talking about the opcode so it's worth thinking about whether we should assume it's possible for the pubkey types to diverge. (For my part I say they should stay the same; it's hard to imagine otherwise, and given that the proposal initially uses exactly the set of pubkeys that CHECKSIG does, feels very pedantic to suggest that they're different.) -- Andrew Poelstra Director, Blockstream Research Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew The sun is always shining in space -Justin Lewis-Webster -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZipCKAcV49-xPhSs%40camus. --OoC1cQBOMjISW3fx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEkPnKPD7Je+ki35VexYjWPOQbl8EFAmYqQicACgkQxYjWPOQb l8Exywf/SysZh8Aj+T0CgXdUNKRNzVU6IvqkhsBatNOL9HrzovmWgXqDXoVtNKCp Tk+A4G77BFCrnXRXPDwaya2EfWL0MU2rYSYn238zqacz+trT2uT71WFp+0/MX4K9 I2OcvKlC2IC6DxssB0+Tb/3vIIrMCisSQfdzXsFsX+lOoGsCXuimAp5ev6y0WrS+ VmjYOeccrbOGAOyVFNsDv1If1ScslWTn6wi2gQJeJPo4ZafyJoh5Bb5MRxCVvEoh fM2LB7FvwW/mE4Ai0/8cuHzrC/LafyJS+56QzCifJayGQzudWBVyOVCXcS6z2x3R IS4hXsNHdhncw5Ebz/wxnl0gTwHD1w== =0e96 -----END PGP SIGNATURE----- --OoC1cQBOMjISW3fx--