Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 813E2C0032 for ; Tue, 7 Mar 2023 12:45:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 50034416FF for ; Tue, 7 Mar 2023 12:45:46 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 50034416FF X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aP7rePEEUTeB for ; Tue, 7 Mar 2023 12:45:44 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A4F384086A Received: from cerulean.erisian.com.au (azure.erisian.com.au [172.104.61.193]) by smtp4.osuosl.org (Postfix) with ESMTPS id A4F384086A for ; Tue, 7 Mar 2023 12:45:44 +0000 (UTC) Received: from [124.181.34.14] (helo=sapphire.erisian.com.au) by cerulean.erisian.com.au with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pZWhG-0005TK-Ri; Tue, 07 Mar 2023 22:45:41 +1000 Received: by sapphire.erisian.com.au (sSMTP sendmail emulation); Tue, 07 Mar 2023 22:45:35 +1000 Date: Tue, 7 Mar 2023 22:45:34 +1000 From: Anthony Towns To: James O'Beirne , Bitcoin Protocol Discussion Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam_score: -1.0 X-Spam_bar: - Cc: Greg Sanders Subject: Re: [bitcoin-dev] BIP for OP_VAULT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2023 12:45:46 -0000 On Mon, Mar 06, 2023 at 10:25:38AM -0500, James O'Beirne via bitcoin-dev wrote: > What Greg is proposing above is to in essence TLUV-ify this proposal. FWIW, the way I'm thinking about this is that the "OP_VAULT" concept is introducing two things: a) the concept of "forwarding" the input amount to specified outputs in a way that elegantly allows merging/splitting b) various restrictions on the form of the output scripts These concepts go together well, because restricting an output script is only an interesting thing to do if you're moving value from this input into it. And then it's just a matter of figuring out a nice way to pick opcodes that combine those two concepts in interesting ways. This is different from TLUV, in that TLUV only did part (b), and assumed you'd do part (a) manually somehow, eg via "OP_IN_OUT_AMOUNT" and arithmetic opcodes. The advantage of this new approach over that one is that it makes it really easy to get the logic right (I often forgot to include the IN_OUT_AMOUNT checks at all, for instance), and also makes spending multiple inputs to a single output really simple, something that would otherwise require kind-of gnarly logic. I think there are perhaps four opcodes that are interesting in this class: idx sPK OP_FORWARD_TARGET -- sends the value to a particular output (given by idx), and requires that output have a particular scriptPubKey (given by sPK). idx [...] n script OP_FORWARD_LEAF_UPDATE -- sends the value to a particular output (given by idx), and requires that output to have almost the same scriptPubKey as this input, _except_ that the current leaf is replaced by "script", with that script prefixed by "n" pushes (of values given by [...]) idx OP_FORWARD_SELF -- sends the value to a particular output (given by idx), and requires that output to have the same scriptPubKey as this input amt OP_FORWARD_PARTIAL -- modifies the next OP_FORWARD_* opcode to only affect "amt", rather than the entire balance. opcodes after that affect the remaining balance, after "amt" has been subtracted. if "amt" is 0, the next OP_FORWARD_* becomes a no-op. Then each time you see OP_FORWARD_TARGET or OP_FORWARD_LEAF_UPDATE, you accumulate the value that's expected to be forwarded to the output by each input, and verify that the amount for that output is greater-or-equal to the accumulated value. > ## Required opcodes > - OP_VAULT: spent to trigger withdrawal > - OP_VAULT_RECOVER: spent to recover Naming here is OP_VAULT ~= OP_FORWARD_LEAF_UPDATE; OP_VAULT_RECOVER ~= OP_FORWARD_TARGET. > For each vault, vaulted coins are spent to an output with the taproot > structure > > taproot(internal_key, {$recovery_leaf, $trigger_leaf, ...}) > > where > > $trigger_leaf = >