Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CD357C03 for ; Mon, 24 Jun 2019 22:48:00 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E2D867FB for ; Mon, 24 Jun 2019 22:47:59 +0000 (UTC) Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (authenticated bits=0) (User authenticated as jlrubin@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x5OMlvED030440 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 24 Jun 2019 18:47:58 -0400 Received: by mail-ed1-f41.google.com with SMTP id p15so24000080eds.8 for ; Mon, 24 Jun 2019 15:47:58 -0700 (PDT) X-Gm-Message-State: APjAAAW6UgKbAUdx6avJoYEMHTt9MxRxtkeejQwaSTCI068c4m2Zs+R3 fyy5CgYPuwBnFYBN34pKOfgTYs9gFiE/yw/odrI= X-Google-Smtp-Source: APXvYqx1A9HECnSkJ4vMPDqpGLKSY5TFqKIgGBjP91YKXhgPT6UD2Etl7mykTwsC2fKjBYhDFLhncrbzF1SVqIG6fSU= X-Received: by 2002:aa7:cfc3:: with SMTP id r3mr35075817edy.202.1561416476859; Mon, 24 Jun 2019 15:47:56 -0700 (PDT) MIME-Version: 1.0 References: <20190605093039.xfo7lcylqkhsfncv@erisian.com.au> In-Reply-To: From: Jeremy Date: Mon, 24 Jun 2019 15:47:44 -0700 X-Gmail-Original-Message-ID: Message-ID: To: "Russell O'Connor" Content-Type: multipart/alternative; boundary="0000000000007324b1058c199a6e" X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 25 Jun 2019 17:26:58 +0000 Cc: Bitcoin development mailing list Subject: Re: [bitcoin-dev] OP_SECURETHEBAG (supersedes OP_CHECKOUTPUTSVERIFY) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jun 2019 22:48:00 -0000 --0000000000007324b1058c199a6e Content-Type: text/plain; charset="UTF-8" I agree in principal, but I think that's just a bit of 'how things are' versus how they should be. I disagree that we get composability semantics because of OP_IF. E.g., the script "OP_IF .... " and "OP_END" are two scripts that separately are invalid as parsed, but together are valid. OP_IF already imposes some lookahead functionality... but as I understand it, it may be feasible to get rid of OP_IF for tapscripts anyways. Also in this bucket are P2SH and segwit, which I think breaks this because the concat of two p2sh scripts or segwit scripts is not the same as them severally. I also think that the OP_SECURETHEBAG use of pushdata is a backwards compatible hack: we can always later redefine the parser to parse OP_SECURETHEBAG as the 34 byte opcode, recapturing the purity of the semantics. We can also fix it to not use an extra byte in a future tapleaf version. ==== In any case, I don't disagree with figuring out what patching the parser to handle multibyte opcodes would look like. If that sort of upgrade-path were readily available when I wrote this, it's how I would have done it. There are two approaches I looked at mostly: 1) Adding flags to GetOp to change how it parses a) Most of the same code paths used for new and old script b) Higher risk of breaking something in old script style/downstream c) Cleans up only one issue (multibyte opcodes) leaves other warts in place d) less bikesheddable design (mostly same as old script) e) code not increased in size 2) Adding a completely new interpreter for Tapscript a) Fork the existing interpreter code b) For all places where scripts are run, switch based on if it is tapscript or not c) Can clean up various semantics, can even do fancier things like huffman encode opcodes to less than a byte d) Can clearly separate parsing the script from executing it e) Can improve versioning techniques f) Low risk of breaking something in old script style/downstream g) Increases amount of code substantially h) Bikesheddable design (everything is on the table). i) probably a better general mechanism for future changes to script parsing, less consensus risk j) More compatible with templated script as well. If not clear, I think that 2 is probably a better approach, but I'm worried that 2.h means this would take a much longer time to implement. 2 can be segmented into two components: 1) the architecture of script parser versioning 2) the actual new script version I think that component 1 can be relatively non controversial, thankfully, using tapleaf versions (the architecture question is more around code structure). A proof of concept of this would be to have a fork that uses two independent, but identical, script parsers. Part two of this plan would be to modify one of the versions substantially. I'm not sure what exists on the laundry list, but I think it would be possible to pick a few worthwhile cleanups. E.g.: 1) Multibyte opcodes 2) Templated scripts 3) Huffman Encoding opcodes 4) OP_IF handling (maybe just get rid of it in favor of conditional Verify semantics) And make it clear that because we can add future script versions fairly easily, this is a sufficient step. Does that seem in line with your understanding of how this might be done? --0000000000007324b1058c199a6e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I agree in principal, = but I think that's just a bit of 'how things are' versus how th= ey should be.

I disagree that we get composability semantic= s because of OP_IF. E.g., the script "OP_IF .... " and "OP_E= ND" are two scripts that separately are invalid as parsed, but togethe= r are valid. OP_IF already imposes some lookahead functionality... but as I= understand it, it may be feasible to get rid of OP_IF for tapscripts anywa= ys. Also in this bucket are P2SH and segwit, which I think breaks this beca= use the concat of two p2sh scripts or segwit scripts is not the same as the= m severally.

I also think that the OP_SECURETHEBAG use of p= ushdata is a backwards compatible hack: we can always later redefine the pa= rser to parse OP_SECURETHEBAG as the 34 byte opcode, recapturing the purity= of the semantics. We can also fix it to not use an extra byte in a future = tapleaf version.

=3D=3D=3D=3D

In any case, I do= n't disagree with figuring out what patching the parser to handle multi= byte opcodes would look like. If that sort of upgrade-path were readily ava= ilable when I wrote this, it's how I would have done it. There are two = approaches I looked at mostly:

1) Adding flags to GetOp to = change how it parses
=C2=A0 a) Mos= t of the same code paths used for new and old script
=C2=A0 b) Higher risk of breaking something in old scrip= t style/downstream
=C2=A0 c) Clean= s up only one issue (multibyte opcodes) leaves other warts in place
=C2=A0 d) less bikesheddable design (most= ly same as old script)
=C2=A0 e) c= ode not increased in size
2) A= dding a completely new interpreter for Tapscript
=C2=A0 a) Fork the existing interpreter code
=C2=A0 b) For all places where scripts are run, s= witch based on if it is tapscript or not
=C2=A0 c) Can clean up various semantics, can even do fancier things= like huffman encode opcodes to less than a byte
=C2=A0 d) Can clearly separate parsing the script from execu= ting it
=C2=A0 e) Can improve vers= ioning techniques
=C2=A0 f) Low ri= sk of breaking something in old script style/downstream
=C2=A0 g) Increases amount of code substantially
=C2=A0 h) Bikesheddable design (everyt= hing is on the table).
=C2=A0 i) p= robably a better general mechanism for future changes to script parsing, le= ss consensus risk
=C2=A0 j) More c= ompatible with templated script as well.

If not clear, I think = that 2 is probably a better approach, but I'm worried that 2.h means th= is would take a much longer time to implement.

2 can be segment= ed into two components:

=
1) the architecture of script parser ve= rsioning
2) the actual new script = version

I think that component 1 can be relatively non controve= rsial, thankfully, using tapleaf versions (the architecture question is mor= e around code structure). A proof of concept of this would be to have a for= k that uses two independent, but identical, script parsers.

Part two of this plan would be to modify one of the versions substantially= . I'm not sure what exists on the laundry list, but I think it would be= possible to pick a few worthwhile cleanups. E.g.:

1) Multi= byte opcodes
2) Templated scripts<= br>
3) Huffman Encoding opcodes
4) OP_IF handling (maybe just ge= t rid of it in favor of conditional Verify semantics)

And= make it clear that because we can add future script versions fairly easily= , this is a sufficient step.

<= /div>

Does that seem in line with your understanding of how this migh= t be done?
--0000000000007324b1058c199a6e--