Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 02749C0019 for ; Sat, 17 Apr 2021 03:58:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id CDFBE40143 for ; Sat, 17 Apr 2021 03:58:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGPeWtJmxowo for ; Sat, 17 Apr 2021 03:58:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) by smtp2.osuosl.org (Postfix) with ESMTPS id A766D40139 for ; Sat, 17 Apr 2021 03:58:07 +0000 (UTC) Received: by mail-ot1-x333.google.com with SMTP id c8-20020a9d78480000b0290289e9d1b7bcso13496472otm.4 for ; Fri, 16 Apr 2021 20:58:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mjNBJaCjAKzRK9QKeWpfxvx4hx5GXHaIXN+dWJnT3HU=; b=c2lF+AfMCqJim/Wm+GmXDvfGo6DrRrBMGgp83atpw/isazlKylrDVrl0hs2QYpAFk+ JPbP1u7N97II3sTIbBE3ocIeRcaSk23heMp6sgsk8kZEkV2HQkLwcMv8orDfH3nTyymg WDiRtz4bUHgrStMAgAegnoibPG8eFQ9KtuEfxfTghBChp7dliEkug9F2rJJNJsF4Wp+l lY3tu4NH93g7h5t94axh1yvX+4LP08yHq3VIhhoeQkyNpyO3T2nxidrCSN9qw9ikOGcQ paSNzW/6ecCvP/baeOXPw2bwlAnvXjp1s21r/L742bkRMGrs1zdHi3kPWJ8eIhFy3Oef eRog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mjNBJaCjAKzRK9QKeWpfxvx4hx5GXHaIXN+dWJnT3HU=; b=HP5c95E3oPCy/RXmZvATkmvGHhouDqCkHH51SYQ04QHrUUNhGO8lVW608bzGHc77H0 DoBPQHdT3iae6JWuSOVUnVDvQLi1nJxv+v61wJMYZsk55nsQLS8AdXrIDGRZEmOla4Js EJ7ELfy5oaCCV094sfAaAQvxt0RVQS6gstIxEnlc/H+P0gJEW0dJu2Y10oy/NwE0SJVn +9YvmZc71X7eNxJqNZ7fib7hxLOl4yFhopsgW38vhYF7nD/m1HcCeGwCVlLsX4e6I5XC MbjEQgYHDbI4kAh5ZdzPjs7rWGAbz7qYmJpmZjrgOY9MdOpo+GEPEVhl9SdAT+FHekD5 3t5w== X-Gm-Message-State: AOAM533PnDT81X5xCio3ZgtFw+woqOS2dy0RkUL/UdQJBsgo4tQ4OPxL gq43FWczGcN8pUv7a+nYzQLydSgnkjVdYLJJeWc= X-Google-Smtp-Source: ABdhPJw08Vtni0u5kpaLfhaKLWapXdXBaFA0YltqgC3u0izG2ms3fz9Ia5AONCCmgtQapYmb1dYWz+De7ud7xDF2MP0= X-Received: by 2002:a05:6830:2083:: with SMTP id y3mr6106240otq.73.1618631886686; Fri, 16 Apr 2021 20:58:06 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Christopher Gilliard Date: Sat, 17 Apr 2021 03:57:55 +0000 Message-ID: To: ZmnSCPxj Content-Type: multipart/alternative; boundary="000000000000a0cd3605c0231a2c" X-Mailman-Approved-At: Sat, 17 Apr 2021 08:29:00 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BIP - limiting OP_RETURN / HF X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2021 03:58:12 -0000 --000000000000a0cd3605c0231a2c Content-Type: text/plain; charset="UTF-8" Thanks ZmnSCPxj. Yes, I agree there are many ways to embed arbitrary data in the blockchain and it's not feasible to block all of them. That is why it's important to, at the same time as limiting the OP_RETURN to one per block, also propose and implement a layer 2 solution for timestamping so people have a clear and simple upgrade path. That is what I will be discussing in one of the BIPs I intend to release early next week. On Fri, Apr 16, 2021 at 11:52 PM ZmnSCPxj wrote: > Good morning Christopher, > > > >> But more importantly, adding limitations on OP_RETURN transactions is > not helpful. Users who want to embed arbitrary data in their transactions > can always do so by encoding their data inside the values of legacy > multi-signature scriptpubkeys (pubkeys can be generated without knowing the > private key in order to encode non-key related data). Not only can users > do this, users have done this in the past. However, this behaviour is > problematic because such multi-signature "data" scriptpubkeys are > indistinguishable from "real" multisignature scriptpubkeys, and thus must > be kept in the UTXO set. This differs from outputs using OP_RETURN which > are provably unspendable, and therefore can be safely omitted from the UTXO > set. > > > > This sounds like a good justification to remove the legacy > multi-signature capabilities as well. > > The same technique can be used on P2PKH as well --- the "pubkey hash" need > not be a hash of a public key, it can be a 20-byte commitment, or even an > ASCII message like "ZmnSCPxj is the best" (20 characters, I counted). > There is nothing that *can* check if the hash of a public key is indeed > the hash of a public key unless you actually reveal the public key. > > If you need a 32-byte commitment, a P2WSH would work --- again the "script > hash" need not be a hash of a script, it can be any 32-byte commitment. > > In all these cases you have to waste 547 satoshi, but that tends to be > small compared to tx fees currently. > > Regards, > ZmnSCPxj > --000000000000a0cd3605c0231a2c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks ZmnSCPxj. Yes, I agree there are many ways to embed= arbitrary data in the blockchain and it's not feasible to block all of= them. That is why it's important to, at the same time as limiting the = OP_RETURN to one per block, also propose and implement a layer 2 solution f= or timestamping so=C2=A0people have a clear=C2=A0and simple upgrade path. T= hat is what I will be discussing in one of the BIPs I=C2=A0intend to releas= e early next week.

On Fri, Apr 16, 2021 at 11:52 PM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:
<= /div>
Good morning Christo= pher,

> >> But more importantly, adding limitations on OP_RETURN transac= tions is not helpful.=C2=A0 Users who want to embed arbitrary data in their= transactions can always do so by encoding their data inside the values of = legacy multi-signature scriptpubkeys (pubkeys can be generated without know= ing the private key in order to encode non-key related data).=C2=A0 Not onl= y can users do this, users have done this in the past.=C2=A0 However, this = behaviour is problematic because such multi-signature "data" scri= ptpubkeys are indistinguishable from "real" multisignature script= pubkeys, and thus must be kept in the UTXO set.=C2=A0 This differs from out= puts using OP_RETURN which are provably unspendable, and therefore can be s= afely omitted from the UTXO set.
>
> This sounds like a good justification to remove the legacy multi-signa= ture capabilities as well.

The same technique can be used on P2PKH as well --- the "pubkey hash&q= uot; need not be a hash of a public key, it can be a 20-byte commitment, or= even an ASCII message like "ZmnSCPxj is the best" (20 characters= , I counted).
There is nothing that *can* check if the hash of a public key is indeed the= hash of a public key unless you actually reveal the public key.

If you need a 32-byte commitment, a P2WSH would work --- again the "sc= ript hash" need not be a hash of a script, it can be any 32-byte commi= tment.

In all these cases you have to waste 547 satoshi, but that tends to be smal= l compared to tx fees currently.

Regards,
ZmnSCPxj
--000000000000a0cd3605c0231a2c--