Re: [bitcoin-dev] Simplicity proposal - Jets?

From: "Adán Sánchez de Pedro Crespo" <adan@stampery•co>
To: bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] Simplicity proposal - Jets?
Date: Fri, 3 Nov 2017 17:42:38 +0100	[thread overview]
Message-ID: <8540b26e-d6a9-3e3c-2ff6-6edb7e1e03df@stampery.com> (raw)
In-Reply-To: <CAFMkqK_rXb9fAiGC_qNf5nj_cShJgAB4qTUsCM+R07DSAau2TA@mail.gmail.com>

If I did understand it right, you don't need to publish the Simplicity
code for the "jetable" expression.

That's the whole point of MAST. Each Simplicity expression can be
identified by its MAST root (the Merkle root of all branches in its
Abstract Syntax Tree).

Imagine you want to write a Simplicity script that is roughly equivalent
to P2PKH. Regardless of directly writing such script or using a higher
level smart contract language, you won't likely write for yourself the
part in which you compute the hash of the public key. Instead, you are
expected to include some external library providing hash functions or at
least copy and paste such function into your code.

As everyone is expected to use the same, let's say, RIPEMD160
implementation, it doesn't matter how you included such function in your
program. The point is that once you build the MAST for your program,
such function will be completely replaced by its MAST root---which is
nothing but a hash.

This way, when the Simplicity interpreter (the BitMachine) bumps into
the hash, it can look for it in a predefined jets dictionary and find
the binary for a precompiled, formally proven implementation of a
function that is perfectly equivalent to the original Simplicity code.

On 03.11.2017 13:59, Hampus Sjöberg via bitcoin-dev wrote:
> Thank you for your answer, Russel.
> 
> When a code path takes advantage of a jet, does the Simplicity code
> still need to be publicly available/visible in the blockchain? I imagine
> that for big algorithms (say for example EDCA verification/SHA256
> hashing etc), it would take up a lot of space in the blockchain.
> Is there any way to mitigate this?
> 
> I guess in a softfork for a jet, the Simplicity code for a jet could be
> defined as "consensus", instead of needed to be provided within every
> script output.
> When the Simplicity interpretor encounters an expression that has a jet,
> it would run the C/Assembly code instead of interpreting the Simplicity
> code. By formal verification we would be sure they match.
> 
> Greetings
> Hampus
> 
> 2017-11-03 2:10 GMT+01:00 Russell O'Connor via bitcoin-dev
> <bitcoin-dev@lists•linuxfoundation.org
> <mailto:bitcoin-dev@lists•linuxfoundation.org>>:
> 
>     Hi Jose,
> 
>     Jets are briefly discussed in section 3.4 of
>     https://blockstream.com/simplicity.pdf
>     <https://blockstream.com/simplicity.pdf>
> 
>     The idea is that we can recognize some set of popular Simplicity
>     expressions, and when the Simplicity interpreter encounters one of
>     these expressions it can skip over the Simplicity interpreter and
>     instead directly evaluate the function using specialized C or
>     assembly code.
> 
>     For example, when the Simplicity interpreter encounters the
>     Simplicity expression for ECDSA verification, it might directly call
>     into libsecp rather than continuing the ECDSA verification using
>     interpreted Simplicity.
> 
>     HTH.
> 
> 
>     On Nov 2, 2017 18:35, "JOSE FEMENIAS CAÑUELO via bitcoin-dev"
>     <bitcoin-dev@lists•linuxfoundation.org
>     <mailto:bitcoin-dev@lists•linuxfoundation.org>> wrote:
> 
>         Hi,
> 
>         I am trying to follow this Simplicity proposal and I am seeing
>         all over references to ‘jets’, but I haven’t been able to find
>         any good reference to it.
>         Can anyone give me a brief explanation and or a link pointing to
>         this feature?
>         Thanks
> 
>>         On 31 Oct 2017, at 22:01,
>>         bitcoin-dev-request@lists•linuxfoundation.org
>>         <mailto:bitcoin-dev-request@lists•linuxfoundation.org> wrote:
>>
>>         The plan is that discounted jets will be explicitly labeled as
>>         jets in the
>>         commitment.  If you can provide a Merkle path from the root to
>>         a node that
>>         is an explicit jet, but that jet isn't among the finite number
>>         of known
>>         discounted jets,
> 
> 
>         _______________________________________________
>         bitcoin-dev mailing list
>         bitcoin-dev@lists•linuxfoundation.org
>         <mailto:bitcoin-dev@lists•linuxfoundation.org>
>         https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>         <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>
> 
> 
> 
>     _______________________________________________
>     bitcoin-dev mailing list
>     bitcoin-dev@lists•linuxfoundation.org
>     <mailto:bitcoin-dev@lists•linuxfoundation.org>
>     https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>     <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>
> 
> 
> 
> 
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 

-- 
Adán Sánchez de Pedro Crespo
CTO, Stampery Inc.
San Francisco - Madrid