1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
Delivery-date: Tue, 07 May 2024 01:43:18 -0700
Received: from mail-oa1-f62.google.com ([209.85.160.62])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDZ3NVEJ5UFBBHOT46YQMGQE3IBF2BY@googlegroups.com>)
id 1s4GPt-0002sH-PO
for bitcoindev@gnusha.org; Tue, 07 May 2024 01:43:18 -0700
Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-23c35531224sf2497794fac.3
for <bitcoindev@gnusha.org>; Tue, 07 May 2024 01:43:17 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715071391; cv=pass;
d=google.com; s=arc-20160816;
b=Abxn2rOzuPqIgPZFj0h14XG4Ls9V7DEvYYWd6DM5iEgsx5/EDqybl6PyhPss42q1Pb
jsF8VpOOgfki7GoMVQw8QXHj2BSD6TvFayDA3/PCaBrk3eJiKa0ltcElsPazk1t1vInl
DXHWLQ45ZWuKR684EsozJPwoefDDIlFH7nhZM72rmHVwIaOj77xeIzyyojPA49LD08vo
tZtDsOsOr6F2INZGB7w1+kGkufxAFNI6rr0FbsOS1FjuqMlQw4kNNcRqjf8MToCKTc7j
WtRZfPRNJrD6Z3voj5CODypQniFqQq/I25Q9BLjX3UvjDlnmIpyRHPxjjG0BzZfoxyQy
/A0g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:message-id:user-agent:references
:in-reply-to:subject:cc:to:from:date:mime-version:sender
:dkim-signature;
bh=OAOC1VDcS81EnPqCa+Bm1bbhSpUr5NrSL4jJKByzIPU=;
fh=znHqphfH29XGWeezSvHN380q4t23iKE3Nj32ATgrVgE=;
b=SHp5PcqQ7FSpUTfvZDJW+UkVmX050SXJaBjAQxGLNQrDGY3jcqm2yGN31e3hbt4W0T
NmL2drlK2RokMuBJFb62zZR4vA6rxJUs3su8FrIfG/n5BTVmRIJWm4N53wi0Ol8T/+aM
q6ciEUSe9ULV5MyTa1TL3fDzsc2lJIoWuYp5XYbal3/vs+N6pgJtgjr3DStq9EGxkonC
PEbgqbSMEY2TYVH6Ap3xRZBZKq78b2IxYDBtysccJedg0QIDcZLmESiJ37pG2oH4ubIk
1M9pe9iayZvgiYbRag6DEkpVEaUOA95ez74uX5nh2RinglxEoD6DgJq6cGGhXYTlxYjz
Ri7A==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
spf=pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) smtp.mailfrom=dave@dtrt.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1715071391; x=1715676191; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:message-id:user-agent:references:in-reply-to
:subject:cc:to:from:date:mime-version:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=OAOC1VDcS81EnPqCa+Bm1bbhSpUr5NrSL4jJKByzIPU=;
b=RCMYprivyBWI0oREO/6ClCtFoqpzxn7PdMeqGrTVjPMokxMzOIujCEmypoFNEq416B
obEHLutYPevQAJa6iCA7ZPve0WDK0afFzOgsRPDvmNolxQ3+SUh1t/sRO8VLM4Rw8gQ2
Cnb/zPNf3pEezckEpilBgrtvr2ym7N+9l/gFdG/yMqSXx9t9bC7BUWAZvOwdJ25uJ/mV
Qs9FIMjirHiVUv5mYMevHMUNMZRpULdr83Do7S7d/K+gX4l43JSg62upnwgP5p9pv8E4
l6x7uNRgLRGTxEJWrq80RjHQ1PJ3EdzvqXz+p6TWGyrbWyJ8MLuO16g2YfofrzTZ+xrw
cb4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715071391; x=1715676191;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:message-id:user-agent:references:in-reply-to
:subject:cc:to:from:date:mime-version:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=OAOC1VDcS81EnPqCa+Bm1bbhSpUr5NrSL4jJKByzIPU=;
b=YXrQbsQtg5mTN5CI+eiLOUiorw1xfB2HpNt/EZSbs9+WZyOSDO7e40klBfDpgSWWqm
3EhcziTwMm5nbZ8CHZ8vh41EORsM+eWrIt3qYmNcWDMNn1NJVlLXJn2LyItadCy0k9lj
yjlZqHCui6rel9P4Wv0SfmDYtVL/pIBJ3o4EDSEvOTYgaghnpHqSAqiCdtVZaVxi2aq6
50kGRB+N/XAA1w54Y71ZDB3pLwmbATTskElvNLrxJrQp0i9C6cQqbRe6H1onHMruMg9L
E8UlJ8ccu2vHqGXOZ6bDo5KsjC8boLOeclcsEnLeo3nq4puHkzMF110ksz9f/pxxN04r
Om0A==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUlFVJddmuqElKrF5gCyHG++AJ0troFznyMX5Hk7sJyCHEfpLTqLL1Jcsgp0wSMFtbDpaBK7z3Git72oQdz5KnevaJDtLI=
X-Gm-Message-State: AOJu0YzqVGjJjabv3W/OWxC0jwL6sTSVEEhSXSenFxklN64WMvw3JwjI
2TYlMTD9TCFXJdtr4UzNCSJFAgT5F6vd1pUS/AQiTgMmyHuviM/G
X-Google-Smtp-Source: AGHT+IFbnCuGTvtvHGnpaJexQ7eZz76CwBY2QOJJoopm/rKtGT+nFiAxx54jfTR/K47lTB96JrH6bA==
X-Received: by 2002:a05:6870:414a:b0:23f:a97d:20ae with SMTP id r10-20020a056870414a00b0023fa97d20aemr4763521oad.23.1715071391098;
Tue, 07 May 2024 01:43:11 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6870:1808:b0:23b:4898:e31b with SMTP id
586e51a60fabf-23dcf7e12fbls1024334fac.0.-pod-prod-08-us; Tue, 07 May 2024
01:43:09 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCX4Q+J7jB+QbANC92mRGttrqD8oNDjJvJPa55Qk3xKPg3IH60BxLbUtU6R/X1crLGyB7BhDfgzn9FFMJ9j0jHBBHM8z0I50SapkAVA=
X-Received: by 2002:a05:6808:1996:b0:3c8:4964:cc9f with SMTP id bj22-20020a056808199600b003c84964cc9fmr38898oib.0.1715071389683;
Tue, 07 May 2024 01:43:09 -0700 (PDT)
Received: by 2002:a05:6808:18a4:b0:3c8:63a7:bea with SMTP id 5614622812f47-3c959b72cefmsb6e;
Mon, 6 May 2024 21:11:54 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCWMYcElCzABNFNvfr0qYeQs0LlSRnSu+arUzxKnd7lx+vH8B4R31S8/QgjD8WX87s9Mj1QdFE3p6fy5+ld+xMs8T65kSHYT4H93c/U=
X-Received: by 2002:a05:6a20:96ce:b0:1ad:878:5006 with SMTP id hq14-20020a056a2096ce00b001ad08785006mr9664176pzc.14.1715055113527;
Mon, 06 May 2024 21:11:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1715055113; cv=none;
d=google.com; s=arc-20160816;
b=EwP2M4LPC0oOwn1SwcYCDmkBQAksuT62HwHoWQRbpZzUI8c6iyWbupbStcWqkRp9++
s1tNSMI/K0W3d2r1i2wSqAX98boDYnB1noEoqo56A05iwsuJJuig2kmxNma2MbZtI62O
jUzs4egdjqqwgckgckPwigga6+NGO1AVRLZAZutFY7IXSZWirZcXFN5vMvqh7fw4vx2Q
p3E3x6VnfA5NvzBX4R6b+lOSWUtfXeN8QbkOWp8ZpF0J/bI8CJfG7NYgD8IgTHwTBR84
Qdb4LDX0K7AGV54225ZqcjF4LcflhxbuBK9W5XU8F+XMTnrYpY8O4UGh7wIpKaS4ZWyB
KiDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:message-id:user-agent:references
:in-reply-to:subject:cc:to:from:date:mime-version;
bh=N533n4BxoHvBIvHQBtIMMPFl1LStkuiabO69A1P65Ug=;
fh=7X/T3vDOuSsw+eb9K8ToPWxv0dJ42tB8e+eDY0O9f90=;
b=bBDfTsRRkq57eKYAldMsWteNKVowl+4WO5D40pMs25PhSb5BHvQICEdzlyaEyIw/TB
Bo/y/XbP7BZX9AXnQCAn2RbJzYqos2yx6APsmYx6qXD4Jk/syTraOy9v6ayR0AvJayZP
f9XRWc/YgqMX35PdK+jiR6XVMlM77w0Qk7jQRWVJ29dkZh1UqlwaPnWcf2t/bhjLPls4
Mg6YdSmtg/WGq+y4EK2O4JoD9JKNtzeRHF086tN3O4cykCBk5kvcsLnHuLHsc0eEDZMw
ilpaErszTclWIXI85nCZjcow8gU8N/TQliV532wWXm3kFOTOgLtwkfgFQ+yTuVE4FkEp
9IDA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
spf=pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) smtp.mailfrom=dave@dtrt.org
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us. [2607:fe70:0:3::d])
by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-2b5d4eac65csi70343a91.0.2024.05.06.21.11.53
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 06 May 2024 21:11:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) client-ip=2607:fe70:0:3::d;
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
by smtpauth.rollernet.us (Postfix) with ESMTP id 5A61C280087F;
Mon, 6 May 2024 21:11:49 -0700 (PDT)
Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(Client did not present a certificate)
by smtpauth.rollernet.us (Postfix) with ESMTPSA;
Mon, 6 May 2024 21:11:48 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 06 May 2024 18:11:48 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Andrew Poelstra <apoelstra@wpsoftware.net>
Cc: Matthew Zipkin <pinheadmz@gmail.com>, Ethan Heilman <eth3rs@gmail.com>,
Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Signing a Bitcoin Transaction with Lamport
Signatures (no changes needed)
In-Reply-To: <ZjkqIzPSFLc0GJJ1@camus>
References: <CAEM=y+XyW8wNOekw13C5jDMzQ-dOJpQrBC+qR8-uDot25tM=XA@mail.gmail.com>
<CA+x5asTOTai_4yNGEgtKEqAchuWJ0jGDEgMqHFYDwactPnrgyw@mail.gmail.com>
<ZjD-dMMGxoGNgzIg@camus> <47711dc4ffe9d661e8321b05b6adab4e@dtrt.org>
<ZjkJ0fPyzuAPTLWS@camus> <a5a86fcd50e2cdbdf40a12ac9463a828@dtrt.org>
<ZjkqIzPSFLc0GJJ1@camus>
User-Agent: Roundcube Webmail/1.4.15
Message-ID: <93b8ed39b0aa3955eb9cb99f9fc5aae9@dtrt.org>
X-Sender: dave@dtrt.org
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Rollernet-Abuse: Contact abuse@rollernet.us to report. Abuse policy: http://www.rollernet.us/policy
X-Rollernet-Submit: Submit ID 2c37.6639aa04.e5e0d.0
X-Original-Sender: dave@dtrt.org
X-Original-Authentication-Results: gmr-mx.google.com; spf=pass
(google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted
sender) smtp.mailfrom=dave@dtrt.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
On 2024-05-06 09:06, Andrew Poelstra wrote:
> You can implement ECDSA. It will just take a *lot* of opcodes.
I'll accept that as a given, but how do you know that a given ECDSA
signature actually commits to the transaction that contains it if
OP_CHECKSIG only operates on fixed-size schnorr signatures?
Is this what you're describing: if the controlling signature is a
lamport signature that commits to an ECDSA signature, it's safe to
disclose the private key for the ECDSA signature; when you don't have to
worry about private key disclosure, it's safe to construct a schnorr
signature that uses the same private key, nonce, and message commitment
as the ECDSA signature; if that schnorr signature makes OP_CHECKSIG
return true, then you know the message is the current transaction?
That still leaves me confused. If ECDSA can be implemented within
tapscript, then I would expect that schnorr could also be implemented
within tapscript; that gives you an OP_CSFS equivalent. If being able
to implement ECDSA in tapscript allows introspection, then I would
expect implementing schnorr in tapscript would allow introspection; that
gives you an OP_CAT equivalent. If you have OP_CSFS and OP_CAT, you
have covenants and there's no need for lamport signatures or ECDSA.
Apologies for my remaining confused in the face of something that's
probably obvious,
-Dave
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/93b8ed39b0aa3955eb9cb99f9fc5aae9%40dtrt.org.
|
