From: Thibaut Le Guilly <thibaut@cryptogarage•co.jp>
To: Jonas Nick <jonasdnick@gmail•com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Cc: dlc-dev@mailmanlists•org
Subject: Re: [bitcoin-dev] [dlc-dev] CTV dramatically improves DLCs
Date: Thu, 27 Jan 2022 09:45:12 +0900 [thread overview]
Message-ID: <CABPZDUyMmyt0UCmHYfm+s-zs=iLjxXB0VtdJZ64X5HA3XLFESA@mail.gmail.com> (raw)
In-Reply-To: <2b316504-f785-b1b3-9ff9-8d781d6c0d9b@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1775 bytes --]
Hi,
Lloyd, thanks for this excellent writeup. I must say that indeed using CTV
seems like it would very much lower the complexity of the DLC protocol (and
it seems like APO would also work, thanks Jonas for pointing that out).
Though thinking about it, I can't help wondering if the ideal op code for
DLC wouldn't actually be CHECKSIGFROMSTACK? It feels to me that this would
give the most natural way of doing things. If I'm not mistaken, this would
enable simply requiring an oracle signature over the outcome, without any
special trick, and without even needing the oracle to release a nonce in
advance (the oracle could sign `event_outcome + event_id` to avoid
signature reuse). I must say that I haven't studied covenant opcodes in
detail yet so is that line of thinking correct or am I missing something?
Cheers,
Thibaut
On Wed, Jan 26, 2022 at 1:27 AM Jonas Nick via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> Thank you, that's an interesting application of OP_CTV.
>
> Perhaps worth pointing out that this does not require OP_CTV but could
> also be
> enabled by other covenant constructions. For example, it seems like
> ANYPREVOUT-based covenants provide similar benefits. The script of the
> Taproot
> leaves could be set to
>
> <sig> <G> CHECKSIGVERIFY <CET_i> CHECKSIGVERIFY
>
> where <sig> is an ANYPREVOUTANYSCRIPT signature of the CET for public key
> P = G.
> When using nonce R = G, signature creation has negligible computational
> cost (s
> = 1 + H(R, P, m)). A downside compared to CTV is the additional overhead
> of 64
> witness bytes (<sig>).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 2424 bytes --]
next prev parent reply other threads:[~2022-01-27 0:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 8:01 [bitcoin-dev] " Lloyd Fournier
2022-01-25 16:24 ` [bitcoin-dev] [dlc-dev] " Jonas Nick
2022-01-27 0:45 ` Thibaut Le Guilly [this message]
2022-01-28 16:53 ` Jeremy
2022-01-28 17:21 ` [bitcoin-dev] " Jeremy
2022-01-28 19:38 ` Jeremy Rubin
2022-01-28 21:14 ` Alex Schoof
2022-02-06 7:18 ` Lloyd Fournier
2022-02-06 17:56 ` Jeremy Rubin
2022-02-07 2:30 ` Thibaut Le Guilly
2022-03-15 17:28 ` Jeremy Rubin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABPZDUyMmyt0UCmHYfm+s-zs=iLjxXB0VtdJZ64X5HA3XLFESA@mail.gmail.com' \
--to=thibaut@cryptogarage$(echo .)co.jp \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=dlc-dev@mailmanlists$(echo .)org \
--cc=jonasdnick@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox