MIME-Version: 1.0
From: Bram Cohen <bram@chia.net>
Date: Sun, 10 Apr 2022 17:30:29 -0700
Message-ID: <CAHUJnBCwkVA1etjBDLDCcfCJvVfKePzNCO0NYt=qMT8HL4PxJw@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000d421e405dc560dbf"
Subject: Re: [bitcoin-dev] Taro: A Taproot Asset Representation Overlay
Precedence: list

--000000000000d421e405dc560dbf
Content-Type: text/plain; charset="UTF-8"

From: Olaoluwa Osuntokun <laolu32@gmail.com>

>
> > Furthermore, the Taro script is not enforced by Bitcoin, meaning those
> who
> > control the Bitcoin script can always choose to ignore the Taro script
> and
> > destroy the Taro assets as a result.
>
> This is correct, as a result in most contexts, an incentive exists for the
> holder of an asset to observe the Taro validation rules as otherwise, their
> assets are burnt in the process from the PoV of asset verifiers. In the
> single
> party case things are pretty straight forward, but more care needs to be
> taken
> in cases where one attempts to express partial application and permits
> anyone
> to spend a UTXO in question.
>
> By strongly binding all assets to Bitcoin UTXOs, we resolve issues related
> to
> double spending or duplicate assets, but needs to mind the fact that assets
> can
> be burnt if a user doesn't supply a valid witness. There're likely ways to
> get
> around this by lessening the binding to Bitcoin UTXO's, but then the system
> would need to be able to collect, retain and order all the set of possible
> spends, essentially requiring a parallel network. The core of the system as
> it
> stands today is pretty simple (which was an explicit design goal to avoid
> getting forever distracted by the large design space), with a minimal
> implementation being relatively compact given all the Bitcoin
> context/design
> re-use.
>

The TARO set of tradeoffs is fairly coherent but is subject to certain
limitations (modulo my understanding of it being off):

The witnesses for transactions need to be put into Bitcoin transactions
even though the Bitcoin layer doesn't understand them

There needs to be a constraint on Taro transactions which is understood by
the Bitcoin layer (which often/usually happens naturally because there's a
user signature but sometimes doesn't. It's a limitation)

Multiple Taro coins can't consolidate their value into a single output
because they only support a single linear history

Taro issuance is limited to a single event rather than potentially multiple
events over time subject to special per-asset rules.

This seems like a fairly logical approach (although my understanding of the
limitations/tradeoffs could be wrong, especially with regards to
consolidation). There's nothing wrong with a system having well documented
limitations, but I am puzzled by the announcement saying Taro assets are
'analogous with' colored coins. Taro assets are straightforwardly and
unambiguously colored coins and that isn't something to be ashamed of.

--000000000000d421e405dc560dbf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">From: Olaoluwa Osuntokun &lt;<a href=3D"m=
ailto:laolu32@gmail.com" target=3D"_blank">laolu32@gmail.com</a>&gt;<br></d=
iv><div class=3D"gmail_quote"><div><div class=3D"gmail-adm" style=3D"margin=
:5px 0px"><div id=3D"gmail-q_10" class=3D"gmail-ajR gmail-h4" aria-label=3D=
"Hide expanded content" aria-expanded=3D"true" style=3D"background-color:rg=
b(232,234,237);border:none;clear:both;line-height:6px;outline:none;width:24=
px;color:rgb(80,0,80);font-size:11px;border-radius:5.5px"><div class=3D"gma=
il-ajT" style=3D"background:url(&quot;https://www.gstatic.com/images/icons/=
material/system_gm/2x/more_horiz_black_20dp.png&quot;) 50% 50%/20px no-repe=
at;height:11px;opacity:0.71;width:24px"></div></div></div><div class=3D"gma=
il-im" style=3D"color:rgb(80,0,80)"><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><br>&gt; Furthermore, the Taro script is not enforced by Bitcoin=
, meaning those who<br>&gt; control the Bitcoin script can always choose to=
 ignore the Taro script and<br>&gt; destroy the Taro assets as a result.<br=
><br>This is correct, as a result in most contexts, an incentive exists for=
 the<br>holder of an asset to observe the Taro validation rules as otherwis=
e, their<br>assets are burnt in the process from the PoV of asset verifiers=
. In the<br>single<br>party case things are pretty straight forward, but mo=
re care needs to be<br>taken<br>in cases where one attempts to express part=
ial application and permits<br>anyone<br>to spend a UTXO in question.<br><b=
r>By strongly binding all assets to Bitcoin UTXOs, we resolve issues relate=
d<br>to<br>double spending or duplicate assets, but needs to mind the fact =
that assets<br>can<br>be burnt if a user doesn&#39;t supply a valid witness=
. There&#39;re likely ways to<br>get<br>around this by lessening the bindin=
g to Bitcoin UTXO&#39;s, but then the system<br>would need to be able to co=
llect, retain and order all the set of possible<br>spends, essentially requ=
iring a parallel network. The core of the system as<br>it<br>stands today i=
s pretty simple (which was an explicit design goal to avoid<br>getting fore=
ver distracted by the large design space), with a minimal<br>implementation=
 being relatively compact given all the Bitcoin context/design<br>re-use.<b=
r></blockquote><div><br></div></div></div><div>The TARO set of tradeoffs is=
 fairly coherent but is subject to certain limitations (modulo my understan=
ding of it being off):</div><div><br></div><div>The witnesses for transacti=
ons need to be put into Bitcoin transactions even though the Bitcoin layer =
doesn&#39;t understand them</div><div><br></div><div>There needs to be a co=
nstraint on Taro transactions which is understood by the Bitcoin layer (whi=
ch often/usually happens naturally because there&#39;s a user signature but=
 sometimes doesn&#39;t. It&#39;s a limitation)</div><div><br></div><div>Mul=
tiple Taro coins can&#39;t consolidate their value into a single output bec=
ause they only support a single linear history</div><div><br></div><div>Tar=
o issuance is limited to a single event rather than potentially multiple ev=
ents over time subject to special per-asset rules.</div><div><br></div><div=
>This seems like a fairly logical approach (although my understanding of th=
e limitations/tradeoffs could be wrong, especially with regards to consolid=
ation). There&#39;s nothing wrong with a system having well documented limi=
tations, but I am puzzled by the announcement saying Taro assets are &#39;a=
nalogous with&#39; colored coins. Taro assets are straightforwardly and una=
mbiguously colored coins and that isn&#39;t something to be ashamed of.</di=
v></div></div>

--000000000000d421e405dc560dbf--