Rusty, Note that this sort of design introduces recursive covenants similarly to how I described above. Whether that is an issue or not precluding this sort of design or not, I defer to others. Best, Jeremy On Mon, Feb 7, 2022 at 7:57 PM Rusty Russell via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Russell O'Connor via bitcoin-dev > writes: > > Given the overlap in functionality between CTV and ANYPREVOUT, I think it > > makes sense to decompose their operations into their constituent pieces > and > > reassemble their behaviour programmatically. To this end, I'd like to > > instead propose OP_TXHASH and OP_CHECKSIGFROMSTACKVERIFY. > > > > OP_TXHASH would pop a txhash flag from the stack and compute a (tagged) > > txhash in accordance with that flag, and push the resulting hash onto the > > stack. > > It may be worth noting that OP_TXHASH can be further decomposed into > OP_TX (and OP_TAGGEDHASH, or just reuse OP_SHA256). > > OP_TX would place the concatenated selected fields onto the stack > (rather than hashing them) This is more compact for some tests > (e.g. testing tx version for 2 is "OP_TX(version) 1 OP_EQUALS" vs > "OP_TXHASH(version) 012345678...aabbccddeeff OP_EQUALS"), and also range > testing (e.g amount less than X or greater than X, or less than 3 inputs). > > > I believe the difficulties with upgrading TXHASH can be mitigated by > > designing a robust set of TXHASH flags from the start. For example > having > > bits to control whether (1) the version is covered; (2) the locktime is > > covered; (3) txids are covered; (4) sequence numbers are covered; (5) > input > > amounts are covered; (6) input scriptpubkeys are covered; (7) number of > > inputs is covered; (8) output amounts are covered; (9) output > scriptpubkeys > > are covered; (10) number of outputs is covered; (11) the tapbranch is > > covered; (12) the tapleaf is covered; (13) the opseparator value is > > covered; (14) whether all, one, or no inputs are covered; (15) whether > all, > > one or no outputs are covered; (16) whether the one input position is > > covered; (17) whether the one output position is covered; (18) whether > the > > sighash flags are covered or not (note: whether or not the sighash flags > > are or are not covered must itself be covered). Possibly specifying > which > > input or output position is covered in the single case and whether the > > position is relative to the input's position or is an absolute position. > > These easily map onto OP_TX, "(1) the version is pushed as u32, (2) the > locktime is pushed as u32, ...". > > We might want to push SHA256() of scripts instead of scripts themselves, > to reduce possibility of DoS. > > I suggest, also, that 14 (and similarly 15) be defined two bits: > 00 - no inputs > 01 - all inputs > 10 - current input > 11 - pop number from stack, fail if >= number of inputs or no stack elems. > > Cheers, > Rusty. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >