public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Rusty Russell <rusty@rustcorp•com.au>
To: Russell O'Connor <roconnor@blockstream•com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] TXHASH + CHECKSIGFROMSTACKVERIFY in lieu of CTV and ANYPREVOUT
Date: Tue, 08 Feb 2022 14:10:15 +1030	[thread overview]
Message-ID: <87leymuiu8.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CAMZUoK=pkZuovtifBzdqhoyegzG+9hRTFEc7fG9nZPDK4KbU3w@mail.gmail.com>

Russell O'Connor via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> writes:
> Given the overlap in functionality between CTV and ANYPREVOUT, I think it
> makes sense to decompose their operations into their constituent pieces and
> reassemble their behaviour programmatically.  To this end, I'd like to
> instead propose OP_TXHASH and OP_CHECKSIGFROMSTACKVERIFY.
>
> OP_TXHASH would pop a txhash flag from the stack and compute a (tagged)
> txhash in accordance with that flag, and push the resulting hash onto the
> stack.

It may be worth noting that OP_TXHASH can be further decomposed into
OP_TX (and OP_TAGGEDHASH, or just reuse OP_SHA256).

OP_TX would place the concatenated selected fields onto the stack
(rather than hashing them) This is more compact for some tests
(e.g. testing tx version for 2 is "OP_TX(version) 1 OP_EQUALS" vs
"OP_TXHASH(version) 012345678...aabbccddeeff OP_EQUALS"), and also range
testing (e.g amount less than X or greater than X, or less than 3 inputs).

> I believe the difficulties with upgrading TXHASH can be mitigated by
> designing a robust set of TXHASH flags from the start.  For example having
> bits to control whether (1) the version is covered; (2) the locktime is
> covered; (3) txids are covered; (4) sequence numbers are covered; (5) input
> amounts are covered; (6) input scriptpubkeys are covered; (7) number of
> inputs is covered; (8) output amounts are covered; (9) output scriptpubkeys
> are covered; (10) number of outputs is covered; (11) the tapbranch is
> covered; (12) the tapleaf is covered; (13) the opseparator value is
> covered; (14) whether all, one, or no inputs are covered; (15) whether all,
> one or no outputs are covered; (16) whether the one input position is
> covered; (17) whether the one output position is covered; (18) whether the
> sighash flags are covered or not (note: whether or not the sighash flags
> are or are not covered must itself be covered).  Possibly specifying which
> input or output position is covered in the single case and whether the
> position is relative to the input's position or is an absolute position.

These easily map onto OP_TX, "(1) the version is pushed as u32, (2) the
locktime is pushed as u32, ...".

We might want to push SHA256() of scripts instead of scripts themselves,
to reduce possibility of DoS.

I suggest, also, that 14 (and similarly 15) be defined two bits:
00 - no inputs
01 - all inputs
10 - current input
11 - pop number from stack, fail if >= number of inputs or no stack elems.

Cheers,
Rusty.


  parent reply	other threads:[~2022-02-08  3:57 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-26 17:20 Russell O'Connor
2022-01-26 22:16 ` Jeremy
2022-01-27  4:20   ` James Lu
2022-01-27 19:16   ` Russell O'Connor
2022-01-28  0:18     ` James O'Beirne
2022-01-28 13:14       ` Michael Folkson
2022-01-28 14:17         ` Anthony Towns
2022-01-28 16:38           ` Jeremy
2022-01-28 14:13       ` Russell O'Connor
2022-01-28 15:14         ` James O'Beirne
2022-01-29 15:43           ` Russell O'Connor
2022-01-29 17:02             ` Jeremy Rubin
     [not found]             ` <CAD5xwhjHv2EGYb33p2MRS=VSz=ciGwAsiafX1yRHjxQEXfykSA@mail.gmail.com>
2022-01-29 17:14               ` Russell O'Connor
2022-01-31  2:18       ` Anthony Towns
2022-01-28  1:34 ` Anthony Towns
2022-01-28 13:56   ` Russell O'Connor
2022-02-01  1:16     ` Anthony Towns
2022-02-08  2:16       ` Russell O'Connor
2022-02-17 14:27         ` Anthony Towns
2022-02-17 14:50           ` Russell O'Connor
2022-02-08  3:40 ` Rusty Russell [this message]
2022-02-08  4:34   ` Jeremy Rubin
2022-02-11  0:55     ` [bitcoin-dev] Recursive covenant opposition, or the absence thereof, was " David A. Harding
2022-02-11  3:42       ` Jeremy Rubin
2022-02-11 17:42       ` James O'Beirne
2022-02-11 18:12         ` digital vagabond
2022-02-12 10:54           ` darosior
2022-02-12 15:59             ` Billy Tetrud
2022-02-17 15:15           ` Anthony Towns
2022-02-18  7:34       ` ZmnSCPxj
2022-02-23 11:28       ` ZmnSCPxj
2022-02-23 18:14         ` Paul Sztorc
2022-02-24  2:20           ` ZmnSCPxj
2022-02-24  6:53         ` Anthony Towns
2022-02-24 12:03           ` ZmnSCPxj
2022-02-26  5:38             ` Billy Tetrud
2022-02-26  6:43               ` ZmnSCPxj
2022-02-27  0:58                 ` Paul Sztorc
2022-02-27  2:00                   ` ZmnSCPxj
2022-02-27  7:25                     ` ZmnSCPxj
2022-02-27 16:59                       ` Billy Tetrud
2022-02-27 23:50                         ` Paul Sztorc
2022-02-28  0:20                     ` Paul Sztorc
2022-02-28  6:49                       ` ZmnSCPxj
2022-02-28  7:55                         ` vjudeu
2022-03-04  8:42                           ` ZmnSCPxj
2022-03-04 13:43                             ` vjudeu
2022-02-28 22:54                         ` Paul Sztorc
2022-03-01  5:39                           ` Billy Tetrud
2022-03-02  0:00                             ` Paul Sztorc
2022-03-04 12:35                               ` Billy Tetrud
2022-03-04 20:06                                 ` Paul Sztorc
2022-02-26  6:00             ` Anthony Towns
2022-02-15  8:45     ` [bitcoin-dev] " Rusty Russell
2022-02-15 18:57       ` Jeremy Rubin
2022-02-15 19:12         ` Russell O'Connor
2022-02-16  2:26         ` Rusty Russell
2022-02-16  4:10           ` Russell O'Connor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87leymuiu8.fsf@rustcorp.com.au \
    --to=rusty@rustcorp$(echo .)com.au \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=roconnor@blockstream$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox