1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
Delivery-date: Fri, 15 Nov 2024 02:36:09 -0800
Received: from mail-ua1-f64.google.com ([209.85.222.64])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBD6I3S4QMGQEJR6AHQQ@googlegroups.com>)
id 1tBtgO-0005qj-FJ
for bitcoindev@gnusha.org; Fri, 15 Nov 2024 02:36:08 -0800
Received: by mail-ua1-f64.google.com with SMTP id a1e0cc1a2514c-855c41b9f27sf642174241.1
for <bitcoindev@gnusha.org>; Fri, 15 Nov 2024 02:36:07 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1731666962; cv=pass;
d=google.com; s=arc-20240605;
b=NNYXAScN6Xf5nKIdYpSlXrddhOCht2DwF1V5RHPjPcwRVNOsFrZKVFdl9c7yXLRwez
YefltBooZ/87DyHgyNu8LLfmghbH/gmwNhAA+N5kRobnfo9MY0kqA8GVEvTLwHc19AJD
dT+POAElHTAPqaDsnxQFjEiyNOerIN8VVY0xUwn3BirmprMJmbKzZr6D2QMn/i9ogZrM
B/87pK1n90/IbFiX0Idg8djWonVXIgOM8vvEnYrIMl4nfctRdUdne/T1edxVQAsjpXMf
mfXjIMwNrsaqylzfDuA98QUtTFdywfZdCso8gvswnHkY4grAp7CqbQ8q9wwu2ENasM3l
KwnQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
:references:in-reply-to:message-id:subject:cc:from:to:date
:dkim-signature;
bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=;
fh=847mV6iNg9X1/ZWsb2i5HtuZJNhTK/vHhkX4xAEga20=;
b=Zup0VSSnM2V07Tk7uHsebH4TJaW6ih7z6r8xsG8GBi5VKZPdfuMN5raUiJJ3Ccf8z8
oxnvpmk9aha/f9yeuyycQevUw5TWqRviCI0Bid6nbfnKjqsvMoYN0d4hhDP1x4oKYimx
zCL9LbvcHeK7I6QaqcrrePmIctGrJV8cd6XkfngV8HPqW344PXdk0i7DmPiTdz0wX3u5
EweTC2WDuWR60XhLmFgj2yl2xS0mQRutTjT7N4e3gdMkyuQuoc2KnopINxPRD8tfGK+S
+pkpmZqWoLFRCTy9trt47viICeg6HOTY9U7UBBzO7WMEnY3kQWDz58CkoocbpIXYvZN6
TYkg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV;
spf=pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1731666962; x=1732271762; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:from:to:cc:subject:date:message-id:reply-to;
bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=;
b=vWBZfmkZpvfsdBPiTpURdAgtuP0/kfYJtxInnKkuS8tD6A8aURtFGaLEG9pqM6qy8P
4V0QB/8+2m1EFMijgAuk150BDgHdXjSX9sUY1SLKxoAmsLmhJnrGcs7fSkjuXAZnt05f
wAGiXEw1VQ70jFiIdzdi7OrRzL2O9KJUE/EIcaXoM9P18xOf1lPC6n1giBd6PIMWFfHG
8HjATZjr+xxeF3KMMdHKxVRMnVvjF/qGT6e7YCfmhocicy6YHKZ4QpsfY0KBcucuoIWB
BiKPic2zn0r5qRhzt8OsS3bpO1NN1Hus7vdyiTTC9jw1r5Uan5GXMZnO3c1+YgFfXaXa
RCtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1731666962; x=1732271762;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:x-beenthere:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=l7fMhKvocDRNG9iOzV4S6paBTFUNIQHE+w8b1Dli7oY=;
b=aEnHZS8BSAPFkw5fOgmbiQhZRa6Yknr037M4gqh9opfnOV+EujxTQ0vbIW5pZa8RTT
ylaNoFm8M8R0lyVs8iRHkMx3ETu9RSmnOmafMb769yBW3ImpCvjMDlHx6JBFkZFgnsy8
iBAyVQ6FOpRDlu57/PWl6jMnEW9RB+QQ+GI+82CNLKRlAveiU9JH32+QVyLMKt20RPnY
ocYRLj3u9dLnyI2PFbud3a9yljQgwN/IC1K3tXD/MqbcHHPdOAGm8BV2yzXEY7SiljZ9
EOURjdNkJZRWKcjbP2/bySjCO0+VbCwBeyngt07xDJFkvGULBFwpF8hlvKvlpw3RRon7
kbSQ==
X-Forwarded-Encrypted: i=2; AJvYcCV+Av27L6rC6qNdmJN3TiwZJuypsnvLJyMANTljRJ59/7NO4nN17d4+k9awpwH7qHeKxhVoIFbUX/V2@gnusha.org
X-Gm-Message-State: AOJu0YxgOAyormW/2QJX8XpYX03OmNRQr+Y9mAGeL64Ynb5yJfQPVtn9
Tc2xQugc8kwrgX249QiqpQj89nSVDYQm2Sp1x+B/KQ1ZNIuElXT+
X-Google-Smtp-Source: AGHT+IEJUYkz6ov4vyX/kLPdc3hYQPO8SIpnIDuctJtK8jJPGEO/irjLpe9RmthPoRocDlVM447gqA==
X-Received: by 2002:a05:6102:f07:b0:4ad:48f4:8be1 with SMTP id ada2fe7eead31-4ad62d519ebmr2435192137.25.1731666961715;
Fri, 15 Nov 2024 02:36:01 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:622a:1a87:b0:458:2e21:e400 with SMTP id
d75a77b69052e-46356ebe352ls26296951cf.0.-pod-prod-04-us; Fri, 15 Nov 2024
02:35:59 -0800 (PST)
X-Received: by 2002:a05:620a:1a18:b0:7b1:880c:5834 with SMTP id af79cd13be357-7b362362696mr306477685a.48.1731666959037;
Fri, 15 Nov 2024 02:35:59 -0800 (PST)
Received: by 2002:a05:620a:111c:b0:7a1:d643:94b4 with SMTP id af79cd13be357-7b361857baems85a;
Fri, 15 Nov 2024 02:14:58 -0800 (PST)
X-Received: by 2002:a05:600c:384f:b0:42c:a8cb:6a75 with SMTP id 5b1f17b1804b1-432df7452a2mr18540845e9.17.1731665696770;
Fri, 15 Nov 2024 02:14:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1731665696; cv=none;
d=google.com; s=arc-20240605;
b=QlAh7yB1A46tLQAxHl0vS6RnVKF7P4CzHLZvHGhGlJkrKqVMV+QnHi0lYeAsFKpsay
evUw6ZzTfUANxfMShBE/K9GF2jhq+ZByOJ7HM8OfEkKtA8ff6GbhurULFCJi/LrJNg7O
m2oA4nK81ctPjOdFyUd4Rl0fVFJ2awpZJlIFFiEdyOW2h2auPJGnIn6hE6Nuqmy6OXZu
g3vDvNmmdQXTApL8rOZAKQ4MDefIE+zaODr39VSkHJFswICEhAcQX7bpRySjKc5W536G
mz3dqQ1oJutBQkpjyp34n7rkNHjQvb1VsY9Uxjf7os7+TadVgIRn24IAGHhDVGCUWVLi
QHqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:dkim-signature;
bh=IiKEYE4Ys8AUdsIrFsRCEibsMUNYM6FGTXFd88IPHjw=;
fh=0Bf8Ni34T2XO/uRpNwBN18lccMSbp9N/tGUNP10ZWls=;
b=DhlGWz2pTPfknXyCctuIZ32iRBa0MODayG2kcb2VLoflIm6Lo9W5Tiw1k4BovROykJ
+c+jp+P5tOTK0AXQ+P7u5iTGfbQi0e/AtecP1iLvhGO9XnIOeaN80fl1X3EWAnWGyyFs
4o5tnc19yKoW6wspEUp4Bvx0yVp/MkkSoNH2Dq16C5fBdyGLzF3lZ/iXDfktifk8/lRq
NnXNTgmO+Hs46CMUPuab9GsDsflXuMuyczBR6q7dHttW+tIwbbQpLXRpm42D5y1e6GQl
hADTTlJHx2pw+P77bzSDTfUXHbbH7NXJxhcCyYl7HewPgYmJHWVGfSI7uWKuMnoABK40
mJww==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV;
spf=pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-40135.protonmail.ch (mail-40135.protonmail.ch. [185.70.40.135])
by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-432d48b8f7dsi2966535e9.1.2024.11.15.02.14.56
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 15 Nov 2024 02:14:56 -0800 (PST)
Received-SPF: pass (google.com: domain of moonsettler@protonmail.com designates 185.70.40.135 as permitted sender) client-ip=185.70.40.135;
Date: Fri, 15 Nov 2024 10:14:52 +0000
To: Brandon Black <freedom@reardencode.com>
From: "'moonsettler' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] CHECKSIGFROMSTACK(VERIFY/ADD)
Message-ID: <83CBONdqGnLg2CP1tqiIPtOaG4Lx35UTqrmRBv2hagwsMlmZAMG0e165Wq_k43h-7pgS9yDdWx8qsAAB9AxQWr_RH_CaJdDZztNvXCGM6Rc=@protonmail.com>
In-Reply-To: <ZzZziZOy4IrTNbNG@console>
References: <ZzZziZOy4IrTNbNG@console>
Feedback-ID: 38540639:user:proton
X-Pm-Message-ID: b69ee0da77fbbe986b7a898bc20bc7b11df27281
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Original-Sender: moonsettler@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b=zEbFwHVV;
spf=pass (google.com: domain of moonsettler@protonmail.com designates
185.70.40.135 as permitted sender) smtp.mailfrom=moonsettler@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: moonsettler <moonsettler@protonmail.com>
Reply-To: moonsettler <moonsettler@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
Hi Brandon,
For what it's worth, I also think signature aggregation will be the dominant
form of CSFS use. LNhance at it's core is CTV + CSFS, and so it makes sense
to have both of those available in pre-tapscript.
No strong opinion on CHECKSIGFROMSTACKADD, agree with the general reasoning.
It's a bit weird to backport Schnorr this way, and the NOP upgrade path
leaving 3 elements on the stack is also unfortunate. On the other hand,
reverting CSFSV to use ECDSA in pre-tapscript would force us to consider
implementing script multisig, to do anything really worthwhile there.
BR,
moonsettler
Sent with Proton Mail secure email.
On Thursday, November 14th, 2024 at 11:02 PM, Brandon Black <freedom@reardencode.com> wrote:
> Hi list,
>
> As we're working toward numbering and merge for the CHECKSIGFROMSTACK
> (CSFS) BIP, there are 2 open questions[1] that may be worth resolving
> before it is merged as a draft:
>
> * Should CHECKSIGFROMSTACKVERIFY (CSFSV) be added to pre-tapscript?
>
> The proposed opcode always evaluates BIP340 Schnorr signatures
> regardless of script version, so making it available in earlier script
> versions makes Schnorr signatures available on those script versions for
> certain use cases.
>
> My personal thinking in initially including CSFSV in earlier script
> versions was basically that it's compatible with NOP forking, so why
> not. Because LNHANCE includes CTV which is designed as a NOP compatible
> upgrade, also including CSFSV fits well with CTV.
>
> The other side of the argument is that we shouldn't include
> compatibility with earlier script versions unless there's a concrete
> benefit to doing so. For CTV, the possibility of bare CTV is a
> compelling reason to add it to earlier script versions, but there's not
> a similarly compelling reason to include CSFSV.
>
> Using a scarce NOP to provide Schnorr signed commitments to earlier
> scripts may not be worthwhile.
>
>
> * Should we include CHECKSIGFROMSTACKADD?
>
> Obviously, if script multisig is going to be a common use case for
> checking signatures on stack data CHECKSIGFROMSTACKADD simplifies the
> corresponding scripts by a few WU per key. As MuSig2 and FROST are
> progressing in standardization and implementation, I do not expect
> script multisig to be a dominant use for these opcodes, so I did not
> include CSFSA initially.
>
> Here the argument is somewhat the inverse of CSFSV on legacy: We have
> many OP_SUCCESSes available, so the cost of allocating one for CSFSA is
> low, and the benefit is that making script multisigs with CSFSA (such as
> those produced by miniscript) is simpler and less error prone.
>
> --
>
> I would love to hear thoughts about both of these questions from the
> list, and will update the BIP and implementations of CSFS(V/A) based on
> your feedback.
>
> Thanks much!
>
> --Brandon
>
> [1]: https://github.com/bitcoin/bips/pull/1535#issuecomment-2111195930
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ZzZziZOy4IrTNbNG%40console.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/83CBONdqGnLg2CP1tqiIPtOaG4Lx35UTqrmRBv2hagwsMlmZAMG0e165Wq_k43h-7pgS9yDdWx8qsAAB9AxQWr_RH_CaJdDZztNvXCGM6Rc%3D%40protonmail.com.
|