From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A5646DDF for ; Thu, 10 Dec 2015 06:47:36 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from s47.web-hosting.com (s47.web-hosting.com [199.188.200.16]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 21A42DF for ; Thu, 10 Dec 2015 06:47:36 +0000 (UTC) Received: from localhost ([::1]:33178 helo=server47.web-hosting.com) by server47.web-hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1a6v0p-000oCa-DH for bitcoin-dev@lists.linuxfoundation.org; Thu, 10 Dec 2015 01:47:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 10 Dec 2015 01:47:35 -0500 From: jl2012@xbt.hk To: bitcoin-dev@lists.linuxfoundation.org Message-ID: X-Sender: jl2012@xbt.hk User-Agent: Roundcube Webmail/1.0.5 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server47.web-hosting.com X-AntiAbuse: Original Domain - lists.linuxfoundation.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - xbt.hk X-Get-Message-Sender-Via: server47.web-hosting.com: authenticated_id: jl2012@xbt.hk X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 10 Dec 2015 06:57:29 +0000 Subject: [bitcoin-dev] Segregated Witness features wish list X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2015 06:47:36 -0000 It seems the current consensus is to implement Segregated Witness. SW opens many new possibilities but we need a balance between new features and deployment time frame. I'm listing by my priority: 1-2 are about scalability and have highest priority 1. Witness size limit: with SW we should allow a bigger overall block size. It seems 2MB is considered to be safe for many people. However, the exact size and growth of block size should be determined based on testing and reasonable projection. 2. Deployment time frame: I prefer as soon as possible, even if none of the following new features are implemented. This is not only a technical issue but also a response to the community which has been waiting for a scaling solution for years 3-6 promote safety and reduce level of trust (higher priority) 3. SIGHASH_WITHINPUTVALUE [1]: there are many SIGHASH proposals but this one has the highest priority as it makes offline signing much easier. 4. Sum of fee, sigopcount, size etc as part of the witness hash tree: for compact proof of violations in these parameters. I prefer to have this feature in SWv1. Otherwise, that would become an ugly softfork in SWv2 as we need to maintain one more hash tree 5. Height and position of an input as part of witness will allow compact proof of non-existing UTXO. We need this eventually. If it is not done in SWv1, we could softfork it nicely in SWv2. I prefer this earlier as this is the last puzzle for compact fraud proof. 6. BIP62 and OP_IF malleability fix [2] as standardness rules: involuntary malleability may still be a problem in the relay network and may make the relay less efficient (need more research) 7-15 are new features and long-term goals (lower priority) 7. Enable OP_CAT etc: OP_CAT will allow tree signatures described by [3]. Even without Schnorr signature, m-of-n multisig will become more efficient if m < n. OP_SUBSTR/OP_LEFT/OP_RIGHT will allow people to shorten a payment address, while sacrificing security. I'm not sure how those disabled bitwise logic codes could be useful Multiplication and division may still considered to be risky and not very useful? 8. Schnorr signature: for very efficient multisig [3] but could be introduced later. 9. Per-input lock-time and relative lock-time: define lock-time and relative lock-time in witness, and signed by user. BIP68 is not a very ideal solution due to limited lock time length and resolution 10. OP_PUSHLOCKTIME and OP_PUSHRELATIVELOCKTIME: push the lock-time and relative lock-time to stack. Will allow more flexibility than OP_CLTV and OP_CSV 11. OP_RETURNTURE which allows softfork of any new OP codes [4]. It is not really necessary with the version byte design but with OP_RETURNTURE we don't need to pump the version byte too frequently. 12. OP_EVAL (BIP12), which enables Merkleized Abstract Syntax Trees (MAST) with OP_CAT [5]. This will also obsolete BIP16. Further restrictions should be made to make it safe [6]: a) We may allow at most one OP_EVAL in the scriptPubKey b) Not allow any OP_EVAL in the serialized script, nor anywhere else in the witness (therefore not Turing-complete) c) In order to maintain the ability to statically analyze scripts, the serialized script must be the last push of the witness (or script fails), and OP_EVAL must be the last OP code in the scriptPubKey 13. Combo OP codes for more compact scripts, for example: OP_MERKLEHASH160, if executed, is equivalent to OP_SWAP OP_IF OP_SWAP OP_ENDIF OP_CAT OP_HASH160 [3]. Allowing more compact tree-signature and MAST scripts. OP_DUPTOALTSTACK, OP_DUPFROMALTSTACK: copy to / from alt stack without removing the item 14. UTXO commitment: good but not in near future 15. Starting as a softfork, moving to a hardfork? SW Softfork is a quick but dirty solution. I believe a hardfork is unavoidable in the future, as the 1MB limit has to be increased someday. If we could plan it ahead, we could have a much cleaner SW hardfork in the future, with codes pre-announced for 2 years. [1] https://bitcointalk.org/index.php?topic=181734.0 [2] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-November/011679.html [3] https://blockstream.com/2015/08/24/treesignatures/ [4] https://bitcointalk.org/index.php?topic=1106586.0 [5] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-September/010977.html [6] https://bitcointalk.org/index.php?topic=58579.msg690093#msg690093