--- Log opened Tue Feb 22 00:00:06 2022 02:38 -!- nickler [~nickler@static.219.205.69.159.clients.your-server.de] has joined ##miniscript 04:09 -!- meshcollider [meshcollid@user/meshcollider] has quit [Ping timeout: 256 seconds] 04:35 < sanket1729> sipa, andytoshi: My understanding of musig2 signing in psbt would go: https://gist.github.com/sanket1729/4b525c6049f4d9e034d27368c49f28a6 04:37 < sanket1729> This is not any spec, but to make sure that I am understanding the everything correctly. 04:39 < sanket1729> Musig2 has the benefit that allows sharing public nonces even before we know the keys or the message. 04:40 < sanket1729> I wonder if this can be useful in any way. Because in psbt workflow we already know the message/keys when we decide to sign. There is no obvious place to share these before creating a psbt 04:50 -!- roconnor_ [~roconnor@coq/roconnor] has quit [Quit: Konversation terminated!] 04:54 -!- roconnor [~roconnor@coq/roconnor] has joined ##miniscript 05:59 -!- roconnor_ [~roconnor@coq/roconnor] has joined ##miniscript 06:00 -!- roconnor [~roconnor@coq/roconnor] has quit [Ping timeout: 250 seconds] 06:11 <@sipa> @sanket1729 My thinking is that we'd only standardize the version without preshared nonces; the other one is useful, but even more footgunny, and probably only useful in more specialized settings anyway. 07:39 -!- meshcollider [meshcollid@meshcollider.jujube.ircnow.org] has joined ##miniscript 07:45 -!- roconnor_ is now known as roconnor 08:02 <@sipa> darosior: Thanks for pointing out the overlap with the unit tests, I had completely forgotten about those. 08:03 <@sipa> Turns out there were things being tested on either side that weren't tested in the other one. 08:03 <@sipa> So both the unit and fuzz tests are quite a bit stronger now. 08:12 < darosior> Cool. Looking into it now 08:14 <@sipa> I have a very out of the date integration branch with unit/fuzz tests in which I've tested these. 08:15 < darosior> I've been running the fuzz target since this morning without any failure 13:14 < sanket1729> Makes sense. What do you think about the suggested fields in the above gist? 13:15 < sanket1729> PSBT_IN_MUSIG_PARTICIPANT_PUBLIC_KEYS: -> <[x_only_pk]*>. 13:15 < sanket1729> PSBT_IN_TAP_MUSIG2_PUB_NONCE: -> 13:16 < sanket1729> PSBT_IN_TAP_PARTIAL_SIGNATURE: -> 13:16 <@sipa> I first need to catch up on the MuSig2 spec I think. 14:45 < jeremyrubin> sanket1729 one thing i'm trying to figure out is if i can generate a better fragment for CTV outs 14:45 < jeremyrubin> OP_PUSHBYTES_32 7675b880e7f8ec21c1e14616b147d15855ae01cdffbbfe74de615f3d0428f01a OP_NOP4 OP_DROP OP_PUSHNUM_1 14:45 < jeremyrubin> that's the current comp for TxTemplate(76...1a) 14:46 < jeremyrubin> the OP_DROP iirc is needed because the values output are expected to all be numerics 14:46 <@sipa> why do you need the OP_PUSHNUM1? 14:46 <@sipa> leave the OP_DROP, but give it type V 14:47 <@sipa> you can use the t: wrapper to add the OP_1 at the end in contexts where it's needed 14:48 < jeremyrubin> policy is adding it 14:48 < jeremyrubin> It is of type V iirc 14:49 <@sipa> that makes no sense; type V leaves nothing on the stack 14:49 < jeremyrubin> ah the policy compilation for that, my bad 14:49 < jeremyrubin> the fragment itself is just w/ the DROP 14:51 < jeremyrubin> i would *like* to be able to make CTV a B type, but B types must output no more than 4 bytes 14:51 <@sipa> right 14:51 <@sipa> we may want to loosen that restriction at some point to support CLTVs with a timestamp > 2^3q 14:51 <@sipa> 2^31 14:53 < jeremyrubin> yeah, i think if there were an addtl Numeric (#) and not zero type (ø) you could have B# and Bø 14:55 < jeremyrubin> where # is required for numeric operations, but ø could be used for OP_IF/end of processing true 14:56 <@sipa> probably easier to loosen B itself, and add a new type property for "max 4 bytes" 14:57 < jeremyrubin> i'm not sure about that 14:57 < jeremyrubin> because the B type being able to be used for numeric operations, guaranteed, seems like a useful thing 15:00 < jeremyrubin> but i don't have a strong feeling 15:00 < jeremyrubin> I'm not sure if even anything would break if we just loosened B now 15:02 < jeremyrubin> i think thresh breaks 15:03 < jeremyrubin> also i think thresh may already be broken... 15:04 < jeremyrubin> w.r.t. CTV, OP_0NOTEQUAL would give a B version instead of V, so I should investigate that 15:05 < jeremyrubin> example of broken thresh: 15:07 < jeremyrubin> thresh(2, older(4 byte maximum), 1) 15:07 < jeremyrubin> err 15:07 < jeremyrubin> thresh(3, older(4 byte maximum), 1, 1) 15:08 < jeremyrubin> <4 byte max> 1 ADD 1 ADD 3 EQUAL 15:08 <@sipa> say way add a # type for numeric 15:08 <@sipa> most B requirements now would turn into B# requirements 15:08 <@sipa> but some would just stay B 15:09 < jeremyrubin> this breaks because the addition ends up adding 1 to a 5 byte value, which is forbidden 15:11 < jeremyrubin> (incidentally, this also reveals a way to do a weighted threshold by abusing CLTV being able to push arbitrary integers < current block height in miniscript if you're willing to give up on CLTV anyways) 15:11 < jeremyrubin> ah nvm 15:11 < jeremyrubin> i missed the 'u' types 15:12 < jeremyrubin> in order to exploit this you would need a way to big script; so it's not an issue 15:13 < jeremyrubin> i think given the existence of the u type, it *should* be safe to make B expanded to any value 15:14 < jeremyrubin> do the andor's really require that X has a u type? 15:15 < jeremyrubin> maybe NOTIF/IF requires true = 1 / false = 0? 15:18 < jeremyrubin> > say way add a # type for numeric 15:18 < jeremyrubin> i think a safer way to do it is the inverse; explicitly make a new $ type "$ for string" and have $ mean that we don't care if it is numeric or not for this op 15:19 < jeremyrubin> that way we have to explicitly add $ to types, otherwise the numeric restriction remains in place 18:36 -!- roconnor [~roconnor@coq/roconnor] has quit [Ping timeout: 240 seconds] --- Log closed Wed Feb 23 00:00:07 2022