summaryrefslogtreecommitdiff
path: root/7b/a4bb399c32b7804ffd4393859b32e59c9a569b
blob: e4ae63fb866e45d317ae3c56541ac3cd5f123f4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
Delivery-date: Fri, 15 Nov 2024 14:02:19 -0800
Received: from mail-yb1-f184.google.com ([209.85.219.184])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBCP2XJ55WYARBYMJ364QMGQEZKFLREY@googlegroups.com>)
	id 1tC4OQ-0001YK-HG
	for bitcoindev@gnusha.org; Fri, 15 Nov 2024 14:02:19 -0800
Received: by mail-yb1-f184.google.com with SMTP id 3f1490d57ef6-e381f9e1395sf120882276.3
        for <bitcoindev@gnusha.org>; Fri, 15 Nov 2024 14:02:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1731708132; x=1732312932; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=kc2WJnf+STUZaw3wuHyrBPZd8hneZoG6eODY44cjO+8=;
        b=OnRsNPBTcUc9ZQvRwx6cjpkLTQ5mSOO6ZMe8Jnok/RGgyz0bATYUpaJzYwqnq4rC12
         ENDkmKpnA+eh2QLg1RhzAW/9eek6AAzKmciofYqcGTxT9olzrpPaejVEt4cVUzkgKULn
         BjTAYKsxBM3q2uHKx9yblpKujErdEBupc1S1XM4amjoF15OaR+N3YNa9jdNoTetDoPO7
         /tRS26EA3n3EFfM1dhvtQbzLzAhYuLJgOk8r7CwaKgkgRVYKFHLZlckntQbQdg2BVH9X
         b+aN+Osmk5OyOaE5aMSK1fFh7s+ZmMwPbC7QVk2nyIGUpGfAufa7CpywTA/vm9wkmyU8
         iRIg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups-com.20230601.gappssmtp.com; s=20230601; t=1731708132; x=1732312932; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=kc2WJnf+STUZaw3wuHyrBPZd8hneZoG6eODY44cjO+8=;
        b=VBTWGg0MgKBXbchhwCvN+oMVrrIb/NnPIyzAWRLCcaoIwIujvEn50GMMENtfAfSkYO
         hx5HEyO0ZKb7aZq30iVlkYP0+4Wn0hmqt1+LMkiWYw5by4fIQnjwkBrGCgSVr9BW95g7
         LOQ2mtut80z0AfxIOlOffgxxYEQ1dhW7TS/D9hQchSiYe7clm9ah3p7rwr28aJatFi+D
         KewQL5PhDNkaR0QFBaqhrJgUlmna08vQznA9goMmDMb9j6+RAII+FGrCQRogqiftAq5z
         YRtzHeRcVsibtHJsVu1BfSBSilLuM10fue4BH7STrtTQkstjjE8awQYHJAjUsBmNWReX
         kKlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1731708132; x=1732312932;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kc2WJnf+STUZaw3wuHyrBPZd8hneZoG6eODY44cjO+8=;
        b=NLhg7xLxJwXMpNVyYngr5xVugdrIzCaOolZSfphUs43Rpmv9alIpR3j8EvusAD4GBF
         pui0nRgWBT6k6QJxNyEPDV4n81F3OcP8UEwkGdamKLOP/H3XBk8lnkG/ahMIgC8nCCHB
         wi4KqVT0J61fdJdsdKjO0YkxYxbEb/M+btWHjlner7krsYwVdZbDWEaHLNiEvw4AATWi
         GtiLZrWjc9FR/wXuoPF6DxHzVyyBEEYyMxmnGVYuaMd458dT1zo5gQHSO13Q9vEZ5JY6
         /8XTFnKvjBwwuH93cmz3EGvQ0OurK3Cae68Z9gt3HVe7SAL17oMP9cQs8BgtbGE1S4PO
         witA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCUDL0UicDFr0Xh5gs9eOQnkDfV3kk/raD4LlPqey0mqAlslAb6Jvm6KTaV7/zgJpPyrR1tHKtjlLhpA@gnusha.org
X-Gm-Message-State: AOJu0Yy3rUzBAE4hqocNnIIoklwCvENZMlH1AsuJJM63xYnDU7FbK4iZ
	2kkvGQhcJobUVn2MlxK0dmMvCEmIbAMECyXcTr7FqIWeN64Xy9wB
X-Google-Smtp-Source: AGHT+IEvYyganSCOMSQIxig+I9roAHewgAFpj69pYuG9wbKZK/519zu1JzZtRDGJGFIqly25DT0laA==
X-Received: by 2002:a05:6902:20c8:b0:e28:f0e5:380b with SMTP id 3f1490d57ef6-e3825d36b1dmr4015325276.4.1731708132077;
        Fri, 15 Nov 2024 14:02:12 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6902:1823:b0:e30:e1d9:fe2c with SMTP id
 3f1490d57ef6-e3825d24900ls1426803276.1.-pod-prod-03-us; Fri, 15 Nov 2024
 14:02:09 -0800 (PST)
X-Received: by 2002:a05:690c:6f06:b0:6ea:3075:1fb5 with SMTP id 00721157ae682-6ee55c567b5mr51712597b3.33.1731708129230;
        Fri, 15 Nov 2024 14:02:09 -0800 (PST)
Received: by 2002:a05:690c:5083:b0:6e2:1e5e:a1e1 with SMTP id 00721157ae682-6ee534df37ams7b3;
        Fri, 15 Nov 2024 13:54:10 -0800 (PST)
X-Received: by 2002:a05:690c:d19:b0:6dd:bba1:b86d with SMTP id 00721157ae682-6ee55bee4abmr56927527b3.10.1731707649145;
        Fri, 15 Nov 2024 13:54:09 -0800 (PST)
Date: Fri, 15 Nov 2024 13:54:08 -0800 (PST)
From: Xiaohui Liu <x.liu@scrypt.io>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <129a9605-7a91-42a7-a9ef-07de6662ca7en@googlegroups.com>
In-Reply-To: <ZjD-dMMGxoGNgzIg@camus>
References: <CAEM=y+XyW8wNOekw13C5jDMzQ-dOJpQrBC+qR8-uDot25tM=XA@mail.gmail.com>
 <CA+x5asTOTai_4yNGEgtKEqAchuWJ0jGDEgMqHFYDwactPnrgyw@mail.gmail.com>
 <ZjD-dMMGxoGNgzIg@camus>
Subject: Re: [bitcoindev] Signing a Bitcoin Transaction with Lamport
 Signatures (no changes needed)
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_116478_1244980752.1731707648849"
X-Original-Sender: x.liu@scrypt.io
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.7 (/)

------=_Part_116478_1244980752.1731707648849
Content-Type: multipart/alternative; 
	boundary="----=_Part_116479_1946381969.1731707648849"

------=_Part_116479_1946381969.1731707648849
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

How does covenant work without OP_CAT here, assuming no size limit? Don't=
=20
you still need OP_CAT to parse/introspect fields (e.g., input/output) of=20
the spending transaction?

Regards,
sCrypt

On Tuesday, April 30, 2024 at 7:22:54=E2=80=AFAM UTC-7 Andrew Poelstra wrot=
e:

> On Tue, Apr 30, 2024 at 08:32:42AM -0400, Matthew Zipkin wrote:
> > > if an attacker managed to grind a 23-byte r-value at a cost of 2^72
> > computations, it would provide the attacker some advantage.
> >=20
> > If we are assuming discrete log is still hard, why do we need Lamport
> > signatures at all? In a post-quantum world, finding k such that r is 21
> > bytes or less is efficient for the attacker.
> >
>
> Aside from Ethan's point that a variant of this technique is still
> secure in the case that discrete log is totally broken (or even
> partially broken...all we need is that _somebody_ is able to find the
> discrete log of the x=3D1 point and for them to publish this).
>
> Another reason this is useful is that if you have a Lamport signature on
> the stack which is composed of SIZE values, all of which are small
> enough to be manipulated with the numeric script opcodes, then you can
> do covenants in Script.
>
> (Sadly(?), I think none of this works in the context of the 201-opcode
> limit...and absent BitVM challenge-response tricks it's unlikely you can
> do much in the context of the 4MWu block size limit..), but IMO it's a
> pretty big deal that size limits are now the only reason that Bitcoin
> doesn't have covenants.)
>
> --=20
> Andrew Poelstra
> Director, Blockstream Research
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> The sun is always shining in space
> -Justin Lewis-Webster
>
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
129a9605-7a91-42a7-a9ef-07de6662ca7en%40googlegroups.com.

------=_Part_116479_1946381969.1731707648849
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div>Hi,</div><div><br /></div>How does covenant work without OP_CAT here, =
assuming no size limit? Don't you still need OP_CAT to parse/introspect fie=
lds (e.g., input/output) of the spending transaction?<div><br /></div><div>=
Regards,</div><div>sCrypt</div><div><br /></div><div class=3D"gmail_quote">=
<div dir=3D"auto" class=3D"gmail_attr">On Tuesday, April 30, 2024 at 7:22:5=
4=E2=80=AFAM UTC-7 Andrew Poelstra wrote:<br/></div><blockquote class=3D"gm=
ail_quote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 20=
4, 204); padding-left: 1ex;">On Tue, Apr 30, 2024 at 08:32:42AM -0400, Matt=
hew Zipkin wrote:
<br>&gt; &gt; if an attacker managed to grind a 23-byte r-value at a cost o=
f 2^72
<br>&gt; computations, it would provide the attacker some advantage.
<br>&gt;=20
<br>&gt; If we are assuming discrete log is still hard, why do we need Lamp=
ort
<br>&gt; signatures at all? In a post-quantum world, finding k such that r =
is 21
<br>&gt; bytes or less is efficient for the attacker.
<br>&gt;
<br>
<br>Aside from Ethan&#39;s point that a variant of this technique is still
<br>secure in the case that discrete log is totally broken (or even
<br>partially broken...all we need is that _somebody_ is able to find the
<br>discrete log of the x=3D1 point and for them to publish this).
<br>
<br>Another reason this is useful is that if you have a Lamport signature o=
n
<br>the stack which is composed of SIZE values, all of which are small
<br>enough to be manipulated with the numeric script opcodes, then you can
<br>do covenants in Script.
<br>
<br>(Sadly(?), I think none of this works in the context of the 201-opcode
<br>limit...and absent BitVM challenge-response tricks it&#39;s unlikely yo=
u can
<br>do much in the context of the 4MWu block size limit..), but IMO it&#39;=
s a
<br>pretty big deal that size limits are now the only reason that Bitcoin
<br>doesn&#39;t have covenants.)
<br>
<br>--=20
<br>Andrew Poelstra
<br>Director, Blockstream Research
<br>Email: apoelstra at <a href=3D"http://wpsoftware.net" target=3D"_blank"=
 rel=3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3De=
n&amp;q=3Dhttp://wpsoftware.net&amp;source=3Dgmail&amp;ust=3D17317938873310=
00&amp;usg=3DAOvVaw2qNwbsvfc_hMVEvYdRa8Kn">wpsoftware.net</a>
<br>Web:   <a href=3D"https://www.wpsoftware.net/andrew" target=3D"_blank" =
rel=3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den=
&amp;q=3Dhttps://www.wpsoftware.net/andrew&amp;source=3Dgmail&amp;ust=3D173=
1793887331000&amp;usg=3DAOvVaw1xFz8de2XVGwNtkOx4HgEt">https://www.wpsoftwar=
e.net/andrew</a>
<br>
<br>The sun is always shining in space
<br>    -Justin Lewis-Webster
<br>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/129a9605-7a91-42a7-a9ef-07de6662ca7en%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/129a9605-7a91-42a7-a9ef-07de6662ca7en%40googlegroups.com</a>.<br />

------=_Part_116479_1946381969.1731707648849--

------=_Part_116478_1244980752.1731707648849--