public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoindev] CHECKSIGFROMSTACK(VERIFY/ADD)
@ 2024-11-14 22:02 Brandon Black
  2024-11-15 10:14 ` 'moonsettler' via Bitcoin Development Mailing List
  2024-11-15 14:57 ` Murch
  0 siblings, 2 replies; 5+ messages in thread
From: Brandon Black @ 2024-11-14 22:02 UTC (permalink / raw)
  To: bitcoindev

Hi list,

As we're working toward numbering and merge for the CHECKSIGFROMSTACK
(CSFS) BIP, there are 2 open questions[1] that may be worth resolving
before it is merged as a draft:

* Should CHECKSIGFROMSTACKVERIFY (CSFSV) be added to pre-tapscript?

The proposed opcode always evaluates BIP340 Schnorr signatures
regardless of script version, so making it available in earlier script
versions makes Schnorr signatures available on those script versions for
certain use cases. 

My personal thinking in initially including CSFSV in earlier script
versions was basically that it's compatible with NOP forking, so why
not. Because LNHANCE includes CTV which is designed as a NOP compatible
upgrade, also including CSFSV fits well with CTV.

The other side of the argument is that we shouldn't include
compatibility with earlier script versions unless there's a concrete
benefit to doing so. For CTV, the possibility of bare CTV is a
compelling reason to add it to earlier script versions, but there's not
a similarly compelling reason to include CSFSV.

Using a scarce NOP to provide Schnorr signed commitments to earlier
scripts may not be worthwhile.


* Should we include CHECKSIGFROMSTACKADD?

Obviously, if script multisig is going to be a common use case for
checking signatures on stack data CHECKSIGFROMSTACKADD simplifies the
corresponding scripts by a few WU per key. As MuSig2 and FROST are
progressing in standardization and implementation, I do not expect
script multisig to be a dominant use for these opcodes, so I did not
include CSFSA initially.

Here the argument is somewhat the inverse of CSFSV on legacy: We have
many OP_SUCCESSes available, so the cost of allocating one for CSFSA is
low, and the benefit is that making script multisigs with CSFSA (such as
those produced by miniscript) is simpler and less error prone.

--

I would love to hear thoughts about both of these questions from the
list, and will update the BIP and implementations of CSFS(V/A) based on
your feedback.

Thanks much!

--Brandon

[1]: https://github.com/bitcoin/bips/pull/1535#issuecomment-2111195930

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ZzZziZOy4IrTNbNG%40console.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-11-23 19:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-14 22:02 [bitcoindev] CHECKSIGFROMSTACK(VERIFY/ADD) Brandon Black
2024-11-15 10:14 ` 'moonsettler' via Bitcoin Development Mailing List
2024-11-15 14:57 ` Murch
2024-11-15 15:33   ` 'Antoine Poinsot' via Bitcoin Development Mailing List
2024-11-23 19:45     ` 'moonsettler' via Bitcoin Development Mailing List

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox