Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8ADCBC016F for ; Fri, 10 Jul 2020 03:30:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A097C890E5 for ; Fri, 10 Jul 2020 03:29:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaJwETVGveU8 for ; Fri, 10 Jul 2020 03:29:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40132.protonmail.ch (mail-40132.protonmail.ch [185.70.40.132]) by whitealder.osuosl.org (Postfix) with ESMTPS id AB0818695F for ; Fri, 10 Jul 2020 03:29:50 +0000 (UTC) Date: Fri, 10 Jul 2020 03:29:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1594351788; bh=fF5sz9q4YBINJ8ND6qdLl45m1zb58Y7QsX9EKXS1cCg=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; b=tyrK4B498c48kAuzhUia+7TLxolhv5ez2EM+cf6iHw02uZGAoOh0BmSK034rY9yKE eqeTEBYU0KDLSiNgF3S+g000zX49N6F+ZsLgJAcmiBqZm6ASzWrHd4NZ30qYuhFA5U Z4MZtepwo/Ir1mlWj2RDprbIGS5K/wBaA4t6YU1k= To: Anthony Towns , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: <20200709214048.27mycsi5h2bnv3cc@erisian.com.au> References: <20200709214048.27mycsi5h2bnv3cc@erisian.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] BIP 118 and SIGHASH_ANYPREVOUT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2020 03:30:06 -0000 Good morning aj, It seems okay to me. -- Slightly off-topic, but I suppose a Decker-Russell-Osuntokun construction c= ould, in theory, have only a single internal taproot pubkey, `P =3D MuSig(A= , B)` for a channel between A and B. So the funding outpoint would be spent with a taprooted P + a single tapscr= ipt `<1> OP_CHECKSIG`. Update transactions would be signed with the internal taproot pubkey using = `SIGHASH_ANYPREVOUTANYSCRIPT`. The update transaction output would be spendable with a taprooted P + a sin= gle tapscript ` OP_CHECKLOCKTIMEVERIFY OP_DROP <1> OP_CHECKSIG`. Each update transaction would have a monotonically-increasing `nLockTime`, = i.e. the above `index`. Then a state transaction would be signed with the internal taproot pubkey u= sing `SIGHASH_ANYPREVOUT`, which commits to the exact script including ``, which is unique for each update transaction. Thus a state transaction can only spend the specific update transaction, bu= t the update transaction can spend the funding outpoint or any update trans= action outpoint. State transaction input would have an `nSequence` requiring a relative lock= time of the agreed-upon unilateral close delay. The above assumes MuSig signing, which requires 1.5 round trips for a chann= el, or three broadcast rounds for a multiparticipant (n >=3D 3) constructio= n. Regards, ZmnSCPxj > Hello world, > > After talking with Christina ages ago, we came to the conclusion that > it made more sense to update BIP 118 to the latest thinking than have > a new BIP number, so I've (finally) opened a (draft) PR to update BIP > 118 with the ANYPREVOUT bip I've passed around to a few people, > > https://github.com/bitcoin/bips/pull/943 > > Probably easiest to just read the new BIP text on github: > > https://github.com/ajtowns/bips/blob/bip-anyprevout/bip-0118.mediawiki > > It doesn't come with tested code at this point, but I figure better to > have the text available for discussion than nothing. > > Some significant changes since previous discussion include complete lack > of chaperone signatures or anything like it (if you want them, you can > always add them yourself, of course), and that ANYPREVOUTANYSCRIPT no > longer commits to the value (details/rationale in the text). > > Cheers, > aj > > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev