From: ZmnSCPxj <ZmnSCPxj@protonmail•com>
To: Gregory Maxwell <greg@xiph•org>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Should Graftroot be optional?
Date: Thu, 21 Jun 2018 03:09:14 -0400 [thread overview]
Message-ID: <rDrVW1mai6zBTyuv-8ElgFBYr213ewiG-5DdBnZIi_QC1hosefWYWq6-oqmK72bP7NxOAXiQvwDiQS_JEgaPPcmXywBU4nhqVhrt7HtlsMo=@protonmail.com> (raw)
In-Reply-To: <CAAS2fgQihGNvOsRVyr6xN_K0PPse1URKKWH06N7HpcR=OowYYw@mail.gmail.com>
Good morning Greg,
> On Wed, Jun 20, 2018 at 12:12 PM, ZmnSCPxj via bitcoin-dev
>
> bitcoin-dev@lists•linuxfoundation.org wrote:
>
> > This has the advantage that the Graftroot signature commits to a single outpoint and cannot be used to spend all outpoints that happen to pay to the same `P` public key.
>
> If it isn't possible to make a graftroot signature independent of the
>
> outpoint then the functionality is greatly reduced to the point of
>
> largely mooting it-- because you could no longer prepare the grafts
>
> before the coins to be spent existed, and meaning you must stay online
>
> and sign new grafts as coins show up. In my view graft's two main
>
> gains are being able to delegate before coins exist and making the
>
> conditional transfer atomic (e.g. compared to just pre-signing a
>
> transaction). Making outpoint binding optional, so that you could
>
> choose to either sign for particular outputs or in a blanket way would
>
> be a lot more useful.
>
Perhaps `SIGHASH_NOINPUT` can do this? One can argue that the option to not commit a signature to refer to a specific outpoint is orthogonal to the option to Graftroot, so having a separate flag for that makes sense.
The proposal could then be:
1. Define a transaction `nVersion` reserved for Graftroot. Transactions with that `nVersion` are disallowed in blocks.
2. If a next-SegWit-version P2WPKH (or P2WPK) is spent, and the top witness stack item is a signature with `SIGHASH_GRAFTROOT` flag, then this is a Graftroot spend.
3. The signature signs an imaginary 1-input 1-output tx, with the input copied from the spending tx, the output value being the entire output being spent, and the output `scriptPubKey` being the Graftroot script (second to top witness stack). The imaginary tx has the Graftroot-reserved `nVersion`.
4. The Graftroot signature has its other flags `SIGHASH_NOINPUT` evaluated also when verifying it signs the imaginary tx.
5. The Graftroot signature and the Graftroot script are popped and the script executed in the context of the original Graftroot-spending tx.
This lets users select whether committing to a specific outpoint is needed or not, independently of Graftroot.
Regards,
ZmnSCPxj
next prev parent reply other threads:[~2018-06-21 7:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-22 18:17 Pieter Wuille
2018-05-23 6:15 ` ZmnSCPxj
2018-05-23 13:50 ` Andrew Poelstra
2018-05-23 17:52 ` Andrew Poelstra
2018-05-25 9:46 ` Johnson Lau
2018-05-23 22:06 ` Natanael
2018-05-23 23:45 ` Gregory Maxwell
2018-05-24 9:32 ` Natanael
2018-05-24 1:58 ` Pieter Wuille
2018-05-24 2:08 ` Gregory Maxwell
2018-05-24 9:44 ` Natanael
2018-05-24 12:39 ` Andrew Poelstra
2018-05-25 10:14 ` Johnson Lau
2018-06-01 0:25 ` Pieter Wuille
2018-06-06 12:48 ` Tim Ruffing
2018-06-06 17:04 ` Pieter Wuille
2018-06-06 21:25 ` Tim Ruffing
2018-06-20 12:12 ` ZmnSCPxj
2018-06-20 14:30 ` Gregory Maxwell
2018-06-21 7:09 ` ZmnSCPxj [this message]
2018-06-27 7:29 ` Anthony Towns
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='rDrVW1mai6zBTyuv-8ElgFBYr213ewiG-5DdBnZIi_QC1hosefWYWq6-oqmK72bP7NxOAXiQvwDiQS_JEgaPPcmXywBU4nhqVhrt7HtlsMo=@protonmail.com' \
--to=zmnscpxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=greg@xiph$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox