Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 20103C0032 for ; Thu, 9 Mar 2023 18:45:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EE70A41A51 for ; Thu, 9 Mar 2023 18:45:30 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org EE70A41A51 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=Cgf/Y9aX X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.848 X-Spam-Level: X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kp8uM3LrRnfZ for ; Thu, 9 Mar 2023 18:45:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org D68BE41A50 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by smtp4.osuosl.org (Postfix) with ESMTPS id D68BE41A50 for ; Thu, 9 Mar 2023 18:45:28 +0000 (UTC) Received: by mail-ed1-x534.google.com with SMTP id ec29so10912848edb.6 for ; Thu, 09 Mar 2023 10:45:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678387527; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=yUVCdWY0bMxwtVKnOvlkvaDDdCLGSjbLn2s1c0VbEuY=; b=Cgf/Y9aXZl1XjzA2N5CXf3GSIV4sNACTZ2KJ2bWZRKv8ymABh16j54l908jBAuKHDg vH17gC2LvTSsNxKqxBZ2C7Xb/gGrC+Ogc353aJABvOEgf5Z2OrSgmW2xf7dJvQXtlY7w Z1JAwZmAd0BPZXxSTVr4+MT0Snw72ZFcFLTUHSeKtsLVAgL6idG5OjTbQtLqIenqmG1B 1JzncetxPb13BCbB8q1tu5UmL1wghigYbq84rvrxJP659q7LMl1Jor6sUnf8n8xH2G8+ 1th26urdG1Tvn9gxbEumPFEInY34gs6N7VRUnRRt7D9ZSLkUAoMSnxt57mjm4H30Pv4C FDpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678387527; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yUVCdWY0bMxwtVKnOvlkvaDDdCLGSjbLn2s1c0VbEuY=; b=w/Kb02syiWZkb50ghma9IZwDdDkXx1tNH1X4FPG/rYX1FPQZd4VF2qmm84zg+FJZYV Pwsv5pefxEjEdN1a1pca7cYHoJwkXRb9QW8JuN1CE4529iFELdbOa14xyMzpIjE3Glpt mf8B+sGISDRhjeIZtQKf3evSfWEkEx/9ceDyevJEHYCrwDx6wyfyQzoex30j31cWPk5B b7CEXXPPb9CszsCt8j6F3cxz6+ws9HoSJCX4EEC+6P/lL4QEUFqGOqIlZw7MtaCc/5LC TelH8hhLlomCTaNKVZ1VoPqhoeQvjlpZZG0U2FEsLQ3UHRdGmn2X3s+3SsmiVvFk1jjg zDQQ== X-Gm-Message-State: AO0yUKUo/LoutLaW7zeupUaOsP0NNQrpERxfeXcSNtU2AkOWzkH2vZ4M 3uVXgZSwc8oyObvtzPe3qGZpoy9L3EnoXLfex98= X-Google-Smtp-Source: AK7set/c8IOfPJJnenbdJawEi+ib3tcWBWCoiyXZzZ5aVA3tLGvHUNAk1zh2zKLG08Z7jgu1YBziEytO3SE2kjmDrb0= X-Received: by 2002:a17:906:cc8c:b0:88d:ba79:4317 with SMTP id oq12-20020a170906cc8c00b0088dba794317mr15449986ejb.7.1678387526776; Thu, 09 Mar 2023 10:45:26 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Greg Sanders Date: Thu, 9 Mar 2023 13:45:15 -0500 Message-ID: To: Anthony Towns Content-Type: multipart/alternative; boundary="000000000000543c3e05f67c0cdf" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BIP for OP_VAULT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2023 18:45:31 -0000 --000000000000543c3e05f67c0cdf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable AJ, Interesting stuff! Just a couple thoughts on these proposed opcodes, at least one we discussed elsewhere: 1) OP_FORWARD_SELF is a JET of OP_FLU in the revaulting common case. Maybe obvious but I missed this initially and thought it was useful to be pointed out. 2) Using these extended primitives, you can do rate-limiting of the two step unvaulting, or just a single step vault by committing to the partial values. For the single stage case it's something like: $recovery =3D Same As Before $withdrawal =3D OP_CSV OP_DROP OP_CHECKSIG OP_DUP OP_LESSTHANOREQUAL OP_VERIFY OP_FORWARD_PARTIAL OP_FORWARD_TARGET OP_FORWARD_SELF $withdrawal is spent by: <0<=3Dv<=3DV> where "V" is the max allowed withdrawal value, and "deposit-delay" the required gap in withdrawals Due to the OP_LEQ, you are bound to ~21 BTC in value for this operation, but for larger vaults it's pretty trivial to add larder fixed denominations to "peel out" value until you get to your final ~21 BTC. This rate-limiting(in either the two-stage or one-stage scheme) can limit the risk of theft during a watchtower outage to a constant value per utxo per time period of watchtower failure. As we've seen in the past with LN infrastructure, software risks are often correlated, so it's a good idea to build in belt and suspenders where we can or at least have them available when possible. Cheers, Greg On Tue, Mar 7, 2023 at 7:45=E2=80=AFAM Anthony Towns wr= ote: > On Mon, Mar 06, 2023 at 10:25:38AM -0500, James O'Beirne via bitcoin-dev > wrote: > > What Greg is proposing above is to in essence TLUV-ify this proposal. > > FWIW, the way I'm thinking about this is that the "OP_VAULT" concept is > introducing two things: > > a) the concept of "forwarding" the input amount to specified > outputs in a way that elegantly allows merging/splitting > > b) various restrictions on the form of the output scripts > > These concepts go together well, because restricting an output script is > only an interesting thing to do if you're moving value from this input > into it. And then it's just a matter of figuring out a nice way to pick > opcodes that combine those two concepts in interesting ways. > > This is different from TLUV, in that TLUV only did part (b), and > assumed you'd do part (a) manually somehow, eg via "OP_IN_OUT_AMOUNT" > and arithmetic opcodes. The advantage of this new approach over that > one is that it makes it really easy to get the logic right (I often > forgot to include the IN_OUT_AMOUNT checks at all, for instance), and > also makes spending multiple inputs to a single output really simple, > something that would otherwise require kind-of gnarly logic. > > I think there are perhaps four opcodes that are interesting in this class= : > > idx sPK OP_FORWARD_TARGET > -- sends the value to a particular output (given by idx), and > requires that output have a particular scriptPubKey (given > by sPK). > > idx [...] n script OP_FORWARD_LEAF_UPDATE > -- sends the value to a particular output (given by idx), and > requires that output to have almost the same scriptPubKey as this > input, _except_ that the current leaf is replaced by "script", > with that script prefixed by "n" pushes (of values given by [...]= ) > > idx OP_FORWARD_SELF > -- sends the value to a particular output (given by idx), and > requires that output to have the same scriptPubKey as this input > > amt OP_FORWARD_PARTIAL > -- modifies the next OP_FORWARD_* opcode to only affect "amt", > rather than the entire balance. opcodes after that affect the > remaining balance, after "amt" has been subtracted. if "amt" is > 0, the next OP_FORWARD_* becomes a no-op. > > Then each time you see OP_FORWARD_TARGET or OP_FORWARD_LEAF_UPDATE, you > accumulate the value that's expected to be forwarded to the output by > each input, and verify that the amount for that output is greater-or-equa= l > to the accumulated value. > > > ## Required opcodes > > - OP_VAULT: spent to trigger withdrawal > > - OP_VAULT_RECOVER: spent to recover > > Naming here is OP_VAULT ~=3D OP_FORWARD_LEAF_UPDATE; OP_VAULT_RECOVER ~= =3D > OP_FORWARD_TARGET. > > > For each vault, vaulted coins are spent to an output with the taproot > > structure > > > > taproot(internal_key, {$recovery_leaf, $trigger_leaf, ...}) > > > > where > > > > $trigger_leaf =3D > >