Re: [bitcoin-dev] Graftroot: Private and efficient surrogate scripts under the taproot assumption

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Gregory Maxwell <greg@xiph•org>
To: Daniel Edgecumbe <esotericnonsense@esotericnonsense•com>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Graftroot: Private and efficient surrogate scripts under the taproot assumption
Date: Sat, 24 Feb 2018 18:58:59 +0000	[thread overview]
Message-ID: <CAAS2fgQYUb7gMbNbJOQ3pZ8WSRY-UhWjN9Y4GK96Lke-w3aFvw@mail.gmail.com> (raw)
In-Reply-To: <1519328661.898070.1280084352.71F1C1C3@webmail.messagingengine.com>

On Thu, Feb 22, 2018 at 7:44 PM, Daniel Edgecumbe via bitcoin-dev
<bitcoin-dev@lists•linuxfoundation.org> wrote:
> I don't think that binding grafts to a particular transaction requires this aggregation.
> It seems to me that you could just sign H(txid, script) rather than H(script).
> I'm not aware of whether this would break aggregation.

That would require that you know the txid in advance. Sometimes you
do-- and a graftroot sighash flag could handle that... but usually you
wouldn't.  The case where you already do know it can sort of be
covered today without using the graftroot:  Sign a transaction
spending the multisig coin to the graft.  This isn't a strict
alternative however, because it's not atomic: you could imagine that
txn being announced and then the graft not being spent, while someone
would like to spend a different graft.  That non-atomiticity could be
addressed by making the graft spends an OR of all the other graft
spends but that isn't scalable or private.  Regardless, still doesn't
work if the graft isn't created after the fact.

The aggregation bit has the property of working just in time, even on
grafts created in advance.

next prev parent reply	other threads:[~2018-02-24 18:59 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-05  5:58 Gregory Maxwell
2018-02-05 15:56 ` Ryan Grant
2018-02-05 19:58   ` Gregory Maxwell
2018-02-09  7:29     ` Jeremy
2018-02-09  7:42       ` Jeremy
2018-02-22 12:19       ` Ryan Grant
2018-02-22 19:44         ` Daniel Edgecumbe
2018-02-24 18:58           ` Gregory Maxwell [this message]
2018-06-30 11:49         ` Sjors Provoost

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAS2fgQYUb7gMbNbJOQ3pZ8WSRY-UhWjN9Y4GK96Lke-w3aFvw@mail.gmail.com \
    --to=greg@xiph$(echo .)org \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=esotericnonsense@esotericnonsense$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox