Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: vjudeu@gazeta.pl
To: "Ali Sherief <ali@notatether.com>,
 Bitcoin Protocol Discussion" <bitcoin-dev@lists.linuxfoundation.org>,
 bitcoin-dev@lists.linuxfoundation.org
In-Reply-To: <20220809130908.yykum37tre7um4j3@artanis>
Date: Wed, 10 Aug 2022 04:59:46 +0200
Message-Id: <165836641-bc7ec98411dacebd3de15c1b1f7c5cf4@pmq5v.m5r2.onet>
Subject: Re: [bitcoin-dev] Regarding BIP322 edge cases
Precedence: list

> I'm not sure what is to be gained from adding an opcode

Backward compatibility. If we don't have OP_CHECKDATASIG, then it has to be=
 somehow introduced to make it compatible with "Bitcoin Message". And we ha=
ve opcodes like OP_RESERVED, that can be wrapped in OP_IF, then it is "cond=
itionally valid transaction". It is also possible to assign some unused opc=
ode, but then it will be more complex, because in Script, those opcodes mak=
e transaction invalid, but inside TapScript, those opcodes are defined as O=
P_SUCCESS, and make things automatically valid.


On 2022-08-09 22:53:34 user Ali Sherief via bitcoin-dev <bitcoin-dev@lists.=
linuxfoundation.org> wrote:
> Although there is a Github issue/PR at https://github.com/bitcoin/bips/pu=
ll/1347 for addressing all the TODO items of BIP322, I decided to throw it =
in the mailing list again to see if anyone else has suggestions for dealing=
 with them.

So in an older copy of the draft at https://github.com/bitcoin/bips/blob/b6=
b0126e2d04793ba52a40f05d24538fa3f2c9ad/bip-0322.mediawiki , I found the som=
e TODO items, and I will copy-paste the ones in the Specification section (=
for full proofs) here:

> TODO: How does this interact with as-of-yet-unspecified "Silent Transacti=
ons"?
> TODO: Some invalid opcode to allow only in various proof types?
> TODO: A way for the initial signer to delegate to another scriptPubKey; n=
eeded for better privacy and CoinJoin/Lightning compatibility

So to start with, I believe it will be very helpful to limit what opcodes s=
criptPubKeys to be elligible to sign from them. The specification already d=
oes so to a point, but in order for these to be recognizable, it's my opini=
on that one of the NOPs should be placed at the beginning of the script to =
activate proof parsing mode.

Of course, an opcode is not necessary at all, if the program is able to inf=
er from context where the proof is coming from. After all, since they canno=
t be broadcasted, they can't be mined in blocks, so will never be encounter=
ed in a full node's usual verifier. I'm not sure what is to be gained from =
adding an opcode - the only source for real transactions is from P2P-obtain=
ed blocks, so when a human inputs a signature to be verified, it can check =
that a real transaction is not being inserted by looking for the invalid in=
put.

For Silent Transactions, I have already given my suggestion in the PR, that=
 some subsection can be made saying that it can operate with them by using =
its scriptPubKey (and other stuff that may be necessary - I am not excatly =
sure what goes inside the Witness stack of message_signature).

In the case of the last TODO, related to delegation to another scriptPubKey=
, I am not quite sure at the moment what to do about it - perhaps you guys =
can place a MAST (two Merkle branches, to be specific) - the first branch h=
as the original signer's scriptPubKey, the second branch contains the deleg=
ated signer's scriptPubKey.

- Ali

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev