Return-Path: Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id F2434C013B for ; Thu, 10 Dec 2020 11:28:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D4FDA203CA for ; Thu, 10 Dec 2020 11:28:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RziM7DVHOBrm for ; Thu, 10 Dec 2020 11:28:36 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) by silver.osuosl.org (Postfix) with ESMTPS id C02812012D for ; Thu, 10 Dec 2020 11:28:35 +0000 (UTC) Received: by mail-ej1-f46.google.com with SMTP id qw4so6776119ejb.12 for ; Thu, 10 Dec 2020 03:28:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=RvlIvZDR8russOmzjI/nLbl1nsoQCv7gsqVSUyaxYrY=; b=fDJwsUOUHEr1JHk0OVDRltbAp9XC7UhZZOTtKq5bdoAt7mSpGEAmTLCete++aP/9mD zaQQUOzdHUVGuxwaivigRZSEWks64z+QvsGxbznPvfXkfD8QN2d4LSDhas0XpbzqfdfR 5+7kKWmuk8GmwrFVAFY7PhJkJYsVNi4EIop6pmV99GfaUcZBLpypSlEg000FnXmzjU8G 62Krd7QeUy/Tzxzmv7V6YkW4nju+Jpb3Cy1PEu+iHGyaSwil0s5uAa9E7Fchiu6GH3ML v3Q6UCRcoHKIxSraZSkvxdZbfmE3O8n+H0iWE6OpUibkq8PSF+pXL+m/faORyxtZyEo0 W7NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=RvlIvZDR8russOmzjI/nLbl1nsoQCv7gsqVSUyaxYrY=; b=LghTfCOVS5wt9kclKjy6NgMt1TCICoIvrFvHuSYmDdvtH3qHNdgW5GnHOl60LU4J+L 1UJw2TkiVMTWGkdZ9JxFbXvOxe9GA6JD6JPU9vdMLWlk2VwKjPPmOOuFa9ScJs34iSlQ jBVgCUL69fOvq//d73IjvvemYPf+6C3Hjn7EusUnvi6ogHLHhrB29BjjkN16AiiyUKPd nPYPdD76Gy6vjklXJXRbPEk87gDrP/bJqrc9Sy32Ygtjo6PkbgxP5+TVCz1KBqFv3mzZ xnuoat+eFVzmWYUAGgFcU25axioNWBB2dzkMUr7Pg11aviAM3Gl9cUeg/0uZ5w2KSTSJ s/ig== X-Gm-Message-State: AOAM530HXFvYVMcWWGeaW60j3T9q2YbgeCdDQhQCV8atmN87me8XWnm4 RW8Z6swF5oSElzpjVnEsVRbMtkdcWRiPYPjgUTw= X-Google-Smtp-Source: ABdhPJyG9yBdZ2MEg8jZ+oiBfK3oxNWiXXyAS8dA7r1MpGJCP5KYf7ImZ+qMia4ZWm3zEY8ri4FvzxTpUzqzbbEjj9Q= X-Received: by 2002:a17:906:3c11:: with SMTP id h17mr5829168ejg.20.1607599714253; Thu, 10 Dec 2020 03:28:34 -0800 (PST) MIME-Version: 1.0 References: <1dd8c285-e3f4-4f03-d608-103a5026146d@achow101.com> In-Reply-To: <1dd8c285-e3f4-4f03-d608-103a5026146d@achow101.com> From: Sanket Kanjalkar Date: Thu, 10 Dec 2020 05:28:23 -0600 Message-ID: To: Andrew Chow , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000e8bff905b61a7933" X-Mailman-Approved-At: Thu, 10 Dec 2020 11:31:58 +0000 Subject: Re: [bitcoin-dev] New PSBT version proposal X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2020 11:28:38 -0000 --000000000000e8bff905b61a7933 Content-Type: text/plain; charset="UTF-8" > > The primary change is to truly have all input and output data for each in > their respective maps 1) +1. It would be really great to have a complete map per input/output that does not require an annoying lookup to a global field. A Bitcoin transaction only has a single locktime yet a PSBT may have > multiple lock times. 2) One other thing, the per input timelock also helps in detecting whether the transaction contains a mix of block-based timelocks and height based timelocks. Recall that such inputs can't be spent together under the same nLocktime. 3) Finally, one last thing which I noted while implementing a generic finalizer for Miniscript is the restriction on sighashType. From the BIP > Signatures for this input must use the sighash type, finalizers must fail > to finalize inputs which have signatures that do not match the specified > sighash type. Signers who cannot produce signatures with the sighash type > must not provide a signature. Is such a restriction necessary? If the purpose is to only suggest signer which sighashType to use, then I think the finalizer should not reject those. Along those lines, we can also mark with suggestions for the type of nlockTime(block vs height) that should be used. With such suggestions, input parties can decide which branches in the satisfaction they should prefer and sign with the corresponding signatures. Note that this purpose is different from the stated purpose of PSBT_GLOBAL_PREFERRED_LOCKTIME. Cheers, Sanket On Wed, Dec 9, 2020 at 4:33 PM Andrew Chow via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi All, > > I would like to propose a new PSBT version that addresses a few > deficiencies in the current PSBT v0. As this will be backwards > incompatible, a new PSBT version will be used, v1. > > The primary change is to truly have all input and output data for each > in their respective maps. Instead of having to parse an unsigned > transaction and lookup some data from there, and other data from the > correct map, all of the data for an input will be contained in its map. > Doing so also disallows PSBT_GLOBAL_UNSIGNED_TX in this new version. > Thus I propose that the following fields be added: > > Global: > * PSBT_GLOBAL_TX_VERSION = 0x02 > * Key: empty > * Value: 32-bit little endian unsigned integer for the transaction > version number. Must be provided in PSBT v1 and omitted in v0. > * PSBT_GLOBAL_PREFERRED_LOCKTIME = 0x03 > * Key: empty > * Value: 32 bit little endian unsigned integer for the preferred > transaction lock time. Must be omitted in PSBT v0. May be provided in > PSBT v1, assumed to be 0 if not provided. > * PSBT_GLOBAL_INPUT_COUNT = 0x04 > * Key: empty > * Value: Compact size unsigned integer. Number of inputs in this > PSBT. Must be provided in PSBT v1 and omitted in v0. > * PSBT_GLOBAL_OUTPUT_COUNT = 0x05 > * Key: empty > * Value: Compact size unsigned integer. Number of outputs in this > PSBT. Must be provided in PSBT v1 and omitted in v0. > > Input: > * PSBT_IN_PREVIOUS_TXID = 0x0e > * Key: empty > * Value: 32 byte txid of the previous transaction whose output at > PSBT_IN_OUTPUT_INDEX is being spent. Must be provided in PSBT v1 and > omitted in v0. > * PSBT_IN_OUTPUT_INDEX = 0x0f > * Key: empty > * Value: 32 bit little endian integer for the index of the output > being spent. Must be provided in PSBT v1 and omitted in v0. > * PSBT_IN_SEQUENCE = 0x0f > * Key: empty > * Value: 32 bit unsigned little endian integer for the sequence > number. Must be omitted in PSBT v0. May be provided in PSBT v1 assumed > to be max sequence (0xffffffff) if not provided. > * PSBT_IN_REQUIRED_LOCKTIME = 0x10 > * Key: empty > * Value: 32 bit unsigned little endian integer for the lock time that > this input requires. Must be omitted in PSBT v0. May be provided in PSBT > v1, assumed to be 0 if not provided. > > Output: > * PSBT_OUT_VALUE = 0x03 > * Key: empty > * Value: 64-bit unsigned little endian integer for the output's > amount in satoshis. Must be provided in PSBT v1 and omitted in v0. > * PSBT_OUT_OUTPUT_SCRIPT = 0x04 > * Key: empty > * Value: The script for this output. Otherwise known as the > scriptPubKey. Must be provided in PSBT v1 and omitted in v0. > > This change allows for PSBT to be used in the construction of > transactions. With these new fields, inputs and outputs can be added as > needed. One caveat is that there is no longer a unique transaction > identifier so more care must be taken when combining PSBTs. > Additionally, adding new inputs and outputs must be done such that > signatures are not invalidated. This may be harder to specify. > > An important thing to note in this proposal are the fields > PSBT_GLOBAL_PREFERRED_LOCKTIME and PSBT_IN_REQUIRED_LOCKTIME. A Bitcoin > transaction only has a single locktime yet a PSBT may have multiple > locktimes. To choose the locktime for the transaction, finalizers must > choose the maximum of all of the *_LOCKTIME fields. > PSBT_IN_REQUIRED_LOCKTIME is added because some inputs, such as those > involving OP_CHECKLOCKTIMEVERIFY, require a specific minimum locktime to > be set. This field allows finalizers to choose a locktime that is high > enough for all inputs without needing to understand the scripts > involved. The PSBT_GLOBAL_PREFERRED_LOCKTIME is the locktime to use if > no inputs require a particular locktime. > > As these changes disallow the PSBT_GLOBAL_UNSIGNED_TX field, PSBT v1 > needs the version number bump to enforce backwards incompatibility. > However once the inputs and outputs of a PSBT are decided, a PSBT could > be "downgraded" back to v0 by creating the unsigned transaction from the > above fields, and then dropping these new fields. > > If the list finds that these changes are reasonable, I will write a PR > to modify BIP 174 to incorporate them. > > Thanks, > Andrew Chow > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --000000000000e8bff905b61a7933 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The= primary change is to truly have all input and output data for each=C2=A0 i= n their respective maps
1) +1. It would be really great to have= a complete map per input/output that does not require an annoying lookup t= o a global field.=C2=A0

A Bitcoin transaction only has a single locktime yet a PSBT may hav= e multiple lock times.
2) One other thing, the per input timelo= ck also helps in detecting whether the transaction contains a mix of block-= based=C2=A0
timelocks and height based timelocks. Recall that such inpu= ts can't be spent together under the same nLocktime.=C2=A0

3) Fi= nally, one last thing which I noted while implementing a generic finalizer = for Miniscript is the restriction on sighashType.=C2=A0
From the BIP
Signatures for this inp= ut must use the sighash type, finalizers must fail to finalize inputs which= have signatures that do not match the specified sighash type. Signers who = cannot produce signatures with the sighash type must not provide a signatur= e.
Is such a restriction=C2=A0necessary? If the purpose is= to only suggest signer which sighashType to use, then I think the finalize= r=C2=A0
should not reject those. Along those lines, we can also m= ark with suggestions for the type of nlockTime(block vs height) that=C2=A0<= /div>
should be used. With such suggestions, input parties can decide w= hich branches in the satisfaction they should prefer and
sign wit= h the corresponding signatures. Note that this purpose is different from th= e stated purpose of=C2=A0
PSBT_GLOBAL_PREFERRED_LOCKTIME.

Cheers,=C2=A0
Sanket

On Wed, Dec 9, 2020 at 4:33 PM Andrew Chow via bitcoin-d= ev <bitcoin-dev= @lists.linuxfoundation.org> wrote:
Hi All,

I would like to propose a new PSBT version that addresses a few
deficiencies in the current PSBT v0. As this will be backwards
incompatible, a new PSBT version will be used, v1.

The primary change is to truly have all input and output data for each
in their respective maps. Instead of having to parse an unsigned
transaction and lookup some data from there, and other data from the
correct map, all of the data for an input will be contained in its map. Doing so also disallows PSBT_GLOBAL_UNSIGNED_TX in this new version.
Thus I propose that the following fields be added:

Global:
* PSBT_GLOBAL_TX_VERSION =3D 0x02
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32-bit little endian unsigned integer for the transac= tion
version number. Must be provided in PSBT v1 and omitted in v0.
* PSBT_GLOBAL_PREFERRED_LOCKTIME =3D 0x03
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32 bit little endian unsigned integer for the preferr= ed
transaction lock time. Must be omitted in PSBT v0. May be provided in
PSBT v1, assumed to be 0 if not provided.
* PSBT_GLOBAL_INPUT_COUNT =3D 0x04
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: Compact size unsigned integer. Number of inputs in th= is
PSBT. Must be provided in PSBT v1 and omitted in v0.
* PSBT_GLOBAL_OUTPUT_COUNT =3D 0x05
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: Compact size unsigned integer. Number of outputs in t= his
PSBT. Must be provided in PSBT v1 and omitted in v0.

Input:
* PSBT_IN_PREVIOUS_TXID =3D 0x0e
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32 byte txid of the previous transaction whose output= at
PSBT_IN_OUTPUT_INDEX is being spent. Must be provided in PSBT v1 and
omitted in v0.
* PSBT_IN_OUTPUT_INDEX =3D 0x0f
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32 bit little endian integer for the index of the out= put
being spent. Must be provided in PSBT v1 and omitted in v0.
* PSBT_IN_SEQUENCE =3D 0x0f
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32 bit unsigned little endian integer for the sequenc= e
number. Must be omitted in PSBT v0. May be provided in PSBT v1 assumed
to be max sequence (0xffffffff) if not provided.
* PSBT_IN_REQUIRED_LOCKTIME =3D 0x10
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 32 bit unsigned little endian integer for the lock ti= me that
this input requires. Must be omitted in PSBT v0. May be provided in PSBT v1, assumed to be 0 if not provided.

Output:
* PSBT_OUT_VALUE =3D 0x03
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: 64-bit unsigned little endian integer for the output&= #39;s
amount in satoshis. Must be provided in PSBT v1 and omitted in v0.
* PSBT_OUT_OUTPUT_SCRIPT =3D 0x04
=C2=A0=C2=A0 * Key: empty
=C2=A0=C2=A0 * Value: The script for this output. Otherwise known as the scriptPubKey. Must be provided in PSBT v1 and omitted in v0.

This change allows for PSBT to be used in the construction of
transactions. With these new fields, inputs and outputs can be added as needed. One caveat is that there is no longer a unique transaction
identifier so more care must be taken when combining PSBTs.
Additionally, adding new inputs and outputs must be done such that
signatures are not invalidated. This may be harder to specify.

An important thing to note in this proposal are the fields
PSBT_GLOBAL_PREFERRED_LOCKTIME and PSBT_IN_REQUIRED_LOCKTIME. A Bitcoin transaction only has a single locktime yet a PSBT may have multiple
locktimes. To choose the locktime for the transaction, finalizers must
choose the maximum of all of the *_LOCKTIME fields.
PSBT_IN_REQUIRED_LOCKTIME is added because some inputs, such as those
involving OP_CHECKLOCKTIMEVERIFY, require a specific minimum locktime to be set. This field allows finalizers to choose a locktime that is high
enough for all inputs without needing to understand the scripts
involved. The PSBT_GLOBAL_PREFERRED_LOCKTIME is the locktime to use if
no inputs require a particular locktime.

As these changes disallow the PSBT_GLOBAL_UNSIGNED_TX field, PSBT v1
needs the version number bump to enforce backwards incompatibility.
However once the inputs and outputs of a PSBT are decided, a PSBT could be "downgraded" back to v0 by creating the unsigned transaction f= rom the
above fields, and then dropping these new fields.

If the list finds that these changes are reasonable, I will write a PR
to modify BIP 174 to incorporate them.

Thanks,
Andrew Chow

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev

--000000000000e8bff905b61a7933--