From: "David A. Harding" <dave@dtrt•org>
To: Andrew Poelstra <apoelstra@wpsoftware•net>
Cc: Matthew Zipkin <pinheadmz@gmail•com>,
Ethan Heilman <eth3rs@gmail•com>,
Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Signing a Bitcoin Transaction with Lamport Signatures (no changes needed)
Date: Sun, 05 May 2024 21:39:51 -1000 [thread overview]
Message-ID: <47711dc4ffe9d661e8321b05b6adab4e@dtrt.org> (raw)
In-Reply-To: <ZjD-dMMGxoGNgzIg@camus>
On 2024-04-30 04:21, Andrew Poelstra wrote:
> Another reason this is useful is that if you have a Lamport signature
> on
> the stack which is composed of SIZE values, all of which are small
> enough to be manipulated with the numeric script opcodes, then you can
> do covenants in Script.
Hi Andrew,
I don't understand the above. I think of a covenant as a script that is
able to restrict the scriptPubKey of the transaction that spends it. As
I understand Heilman's description, a lamport signature commits to the
size of an ECDSA signature (which can naturally vary) and the ECDSA
signature commits to the spending transaction. Performing the lamport
verification on the stack is practically equivalent to
OP_CHECKSIGFROMSTACK, which is half of what you need for a covenant. As
you've previously described[1], the other half is some method for
introspection. How do lamport signatures offer introspection when
they're restricted to committing to ECDSA signatures that can't be known
at the time a script is created due to circular dependency in hashing
(i.e., the ECDSA signature commits to the spending transaction, which
commits to the previous transaction's txid, which commits to the
script)?
Thanks!,
-Dave
[1] https://medium.com/blockstream/cat-and-schnorr-tricks-i-faf1b59bd298
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/47711dc4ffe9d661e8321b05b6adab4e%40dtrt.org.
next prev parent reply other threads:[~2024-05-06 9:48 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-29 0:30 Ethan Heilman
2024-04-30 12:32 ` Matthew Zipkin
2024-04-30 13:25 ` Ethan Heilman
2024-04-30 14:21 ` Andrew Poelstra
2024-04-30 20:43 ` Ethan Heilman
2024-05-01 3:46 ` Antoine Riard
2024-05-01 20:02 ` Ethan Heilman
2024-05-06 7:39 ` David A. Harding [this message]
2024-05-06 16:48 ` Andrew Poelstra
2024-05-06 18:56 ` David A. Harding
2024-05-06 19:06 ` Andrew Poelstra
2024-05-07 0:55 ` Antoine Riard
2024-05-07 16:05 ` Ethan Heilman
2024-05-07 4:11 ` David A. Harding
2024-05-07 14:34 ` Andrew Poelstra
2024-05-09 0:31 ` Ben Carman
2024-05-09 12:46 ` Andrew Poelstra
2024-05-11 2:53 ` Antoine Riard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47711dc4ffe9d661e8321b05b6adab4e@dtrt.org \
--to=dave@dtrt$(echo .)org \
--cc=apoelstra@wpsoftware$(echo .)net \
--cc=bitcoindev@googlegroups.com \
--cc=eth3rs@gmail$(echo .)com \
--cc=pinheadmz@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox