--- Log opened Thu Jun 23 00:00:00 2022
02:40 < darosior> I'd like to revive the discussion about resource limits computation in the C++ implementation. For a Miniscript to be called sane there should be no single spending path that exceeds the resource limits (standardness completeness from the website). But the way resources are accounted for in the C++ implementation (worst case across non-malleable
02:40 < darosior> satisfactions) could let some not-standardness-complete (or even not-consensus-complete, i believe) scripts go through.
02:40 < darosior> For instance, take a Miniscript with two spending paths, one for each of two parties. Say the first one is non-malleably satisfiable but only malleably dissatisfiable (it contains a hashlock, say). The second spending path is necessary malleable to satisfy. The second party may be prevented to spend from the Script yet we would still call the
02:40 < darosior> Miniscript "sane".
02:40 < darosior> Now, sure, it's only pathological cases, and they shouldn't take part in a Script where their spending path is malleable. But how would they know that? We shouldn't tell them it's a sane thing to do.
02:40 < darosior> So i think we should account for resource limits in the same way the Rust implementation does (worst case across *all* branches). We could also change the definition of non-malleability to be "there exists a non-malleable satisfaction for all spend paths", but it's probably too late at this point. Although it'd make sense conceptually since you
02:40 < darosior> would almost always have multiple parties in a Miniscript descriptor anyways, why would you be interested in a single spending path? I'm curious to learn about historical reasons for why it was defined this way.
02:41 < darosior> Previous discussion, for reference: https://github.com/bitcoin/bitcoin/pull/24147#discussion_r877531692
03:38 < darosior> 🤦
03:39 < darosior> Sorry for the noise, i should really learn to think twice before posting. Of course the malleability guarantees are for all possible solutions..
06:06 -!- Lucky33 [~Lucky33@n42-241-250-143.adl2.sa.optusnet.com.au] has joined ##miniscript
06:07 < Lucky33> hello
06:08 <@sipa> Non-malleable means that for every "apparent" spending path (=the policy satisfactions you'd expect from the script by naively translating to policy), a non-malleable satisfaction exists.
06:09 <@sipa> Sane means that all of those are also actually feasible (so no resource violations in any of them, no timelock mixing, ...).
06:10 <@sipa> Sane does not imply that every possible satisfaction is feasible - only that for every "policy satisfaction" a sane "script satisfaction" exists.
13:53 -!- Lucky33 [~Lucky33@n42-241-250-143.adl2.sa.optusnet.com.au] has left ##miniscript []
16:15 -!- appservicebot [~afilini-m@2001:bc8:1828:245::2] has quit [Ping timeout: 258 seconds]
16:27 -!- appservicebot [~afilini-m@2001:bc8:1828:245::2] has joined ##miniscript
--- Log closed Fri Jun 24 00:00:01 2022