From: Pieter Wuille <pieter.wuille@gmail•com>
To: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: [bitcoin-dev] Miniscript
Date: Mon, 19 Aug 2019 16:17:21 -0700 [thread overview]
Message-ID: <CAPg+sBiknRwBc8RV62wtuRVYi6wE1HNw6_ePquYVMWvjwp46bg@mail.gmail.com> (raw)
Hi all,
Miniscript is a project we've been working on for the past year or so,
and is now at a stage where I'd like to get it some more attention. It is joint
work with Andrew Poelstra and Sanket Sanjalkar.
It's a language for writing (a subset of) Bitcoin Scripts in a structured way,
enabling analysis, composition, generic signing and more.
For example the script
<A> OP_CHECKSIG OP_IFDUP OP_NOTIF OP_DUP OP_HASH160 <hash160(B)>
OP_EQUALVERIFY OP_CHECKSIGVERIFY <144> OP_CSV OP_ENDIF
in Miniscript notation would be
or_d(c:pk(A),and_v(vc:pk_h(B),older(144)))
making it human (engineer?) readable that this is a script that permits A to
take the coins at any time, and B after 1 day. A full description of the
language can be found on the project website http://bitcoin.sipa.be/miniscript
Using Miniscript it's possible to:
* Write descriptors for addresses for scripts that implement things more
complicated than multisig.
* Make software that can deal with composition of policies (e.g. have funds
in a 2-of-3 setup where one of the 3 "keys" is itself a policy that involves
perhaps multiple devices and timeouts).
* Compile complex spending policies to efficient scripts.
* Figure out under what necessary and/or sufficient conditions a script can be
satisfied.
* Given signatures for a sufficient set of keys (and hash preimages, if needed),
generically construct a witness for arbitrary scripts, without metadata
apart from the script itself and public keys appearing in it. This means
generic PSBT signers are possible for this class of scripts.
* Compute the bounds on the size of a witness for arbitrary scripts.
* Perform static analysis to see if any of Script's resource limitations
(ops limit, stack size, ...) might interfere with the ability to spend.
* Who knows what else...
We have two implementations:
* a C++ one (https://github.com/sipa/miniscript)
* a Rust library (https://github.com/apoelstra/rust-miniscript).
The implementations are a work in progress, but through large scale randomized
tests we have confidence that the language design and associated witnesses are
compatible with the existing consensus and standardness rules.
To be clear: Miniscript is designed for Bitcoin as it exists today (primarily
P2WSH), and does not need any consensus changes. That said, we plan to extend
the design to support future script changes Bitcoin may include.
Cheers,
--
Pieter
next reply other threads:[~2019-08-19 23:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 23:17 Pieter Wuille [this message]
2019-08-20 7:15 ` David Vorick
2019-08-20 8:14 ` ZmnSCPxj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPg+sBiknRwBc8RV62wtuRVYi6wE1HNw6_ePquYVMWvjwp46bg@mail.gmail.com \
--to=pieter.wuille@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox