MIME-Version: 1.0
In-Reply-To: <CAA2B000-6C54-4AD7-B931-43C99D615A61@friedenbach.org>
References: <5B6756D0-6BEF-4A01-BDB8-52C646916E29@friedenbach.org>
	<C623794E-F061-4C7A-B05D-378798ED2BF7@friedenbach.org>
	<201709190309.08669.luke@dashjr.org>
	<CAA2B000-6C54-4AD7-B931-43C99D615A61@friedenbach.org>
From: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
Date: Fri, 22 Sep 2017 17:32:56 -0300
Message-ID: <CAKzdR-phAarTY16BOnC95BPN0qMNEE_XZ9H-XmFeeaBc2V1U5w@mail.gmail.com>
To: Mark Friedenbach <mark@friedenbach.org>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="001a113b5e32a1198f0559cd1f8e"
Subject: Re: [bitcoin-dev] cleanstack alt stack & softfork improvements
 (Was: Merkle branch verification & tail-call semantics for generalized
 MAST)
Precedence: list

--001a113b5e32a1198f0559cd1f8e
Content-Type: text/plain; charset="UTF-8"

>
> There are other solutions to this problem that could have been taken
> instead, such as committing to the number of items or maximum size of
> the stack as part of the sighash data, but cleanstack was the approach
> taken.


The lack of signed maximum segwit stack size was one of the objections to
segwit I presented last year. This together with the unlimited segwit stack
size.

However, committing to the maximum stack size (in bytes) for an input is
tricky. The only place where this could be packed is in sequence_no, with a
soft-fork. E.g. when transaction version is 2 and and only when lock_time
is zero.

For transactions with locktime >0, we could soft-fork so transactions add a
last zero-satoshi output whose scriptPub contains OP_RETURN and followed by
N VarInts, containing the maximum stack size of each input.
Normally, for a 400 byte, 2-input transaction, this will add 11 bytes, or a
2.5% overhead.


> Arguably for a future script version upgrade one of these other
> approaches should be taken to allow for shorter tail-call scripts.
>
> Mark
>
> * Well, almost any. You could end the script with DEPTH EQUAL and that
>   is a compact way of ensuring the stack is clean (assuming the script
>   finished with just "true" on the stack). Nobody does this however
>   and burning two witness bytes of every redeem script going forward
>   as a protective measure seems like an unnecessary ask.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--001a113b5e32a1198f0559cd1f8e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><div class=3D"gmail_quote">=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><br>
There are other solutions to this problem that could have been taken<br>
instead, such as committing to the number of items or maximum size of<br>
the stack as part of the sighash data, but cleanstack was the approach<br>
taken. </blockquote><div><br></div><div>The lack of signed=C2=A0maximum seg=
wit stack size was one of the objections to segwit I presented last year. T=
his together with the unlimited segwit stack size.</div><div><br></div><div=
>However, committing to the maximum stack size (in bytes) for an input is t=
ricky. The only place where this could be packed is in=C2=A0sequence_no, wi=
th a soft-fork. E.g. when transaction version is 2 and and only when lock_t=
ime is zero.</div><div><span style=3D"background-color:rgb(249,249,249);col=
or:rgb(0,0,0);font-family:sans-serif;font-size:14px"><br></span></div>For t=
ransactions with locktime &gt;0, we could soft-fork so transactions add a l=
ast zero-satoshi output whose scriptPub contains OP_RETURN and followed by =
N VarInts, containing the maximum stack size of each input. <br>Normally, f=
or a 400 byte, 2-input transaction, this will add 11 bytes, or a 2.5% overh=
ead.<div><br></div><div><br></div><div><span style=3D"background-color:rgb(=
249,249,249);color:rgb(0,0,0);font-family:sans-serif;font-size:14px"><br></=
span></div><div><br></div><div><br></div><div><br></div><div>=C2=A0</div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-le=
ft:1px solid rgb(204,204,204);padding-left:1ex">Arguably for a future scrip=
t version upgrade one of these other<br>
approaches should be taken to allow for shorter tail-call scripts.<br>
<br>
Mark<br>
<br>
* Well, almost any. You could end the script with DEPTH EQUAL and that<br>
=C2=A0 is a compact way of ensuring the stack is clean (assuming the script=
<br>
=C2=A0 finished with just &quot;true&quot; on the stack). Nobody does this =
however<br>
=C2=A0 and burning two witness bytes of every redeem script going forward<b=
r>
=C2=A0 as a protective measure seems like an unnecessary ask.<br>
<div class=3D"gmail-HOEnZb"><div class=3D"gmail-h5">_______________________=
_______<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</div></div></blockquote></div><br></div></div>

--001a113b5e32a1198f0559cd1f8e--