1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
Return-Path: <jlrubin@mit.edu>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D30AD6246
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jun 2019 05:36:00 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 53A82E7
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jun 2019 05:36:00 +0000 (UTC)
Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com
[209.85.208.42]) (authenticated bits=0)
(User authenticated as jlrubin@ATHENA.MIT.EDU)
by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x515ZvUf025910
(version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jun 2019 01:35:58 -0400
Received: by mail-ed1-f42.google.com with SMTP id h10so2465235edi.13
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 31 May 2019 22:35:58 -0700 (PDT)
X-Gm-Message-State: APjAAAW5LWF6ralIId2zkAYE30ZB/POs27sRSfEEgIJ5PMG3caxRq0Iq
X3RVW+P1ZaNMzho07Jh2upharPYg27D6GHoAnHY=
X-Google-Smtp-Source: APXvYqzI89N/0bUIIwa0Zaw7lgPma10WyFgcyWH27GPqcqtcWaZQiKMOyFCR5uGvrHmHAWOT7ccKAsm/eI5T+5Da49k=
X-Received: by 2002:a17:906:b741:: with SMTP id
fx1mr12743530ejb.45.1559367357106;
Fri, 31 May 2019 22:35:57 -0700 (PDT)
MIME-Version: 1.0
From: Jeremy <jlrubin@mit.edu>
Date: Fri, 31 May 2019 22:35:45 -0700
X-Gmail-Original-Message-ID: <CAD5xwhjSj82YYuQHHbwgSLvUNV2RDY0b=yMYeLj-p6j7PpS9-Q@mail.gmail.com>
Message-ID: <CAD5xwhjSj82YYuQHHbwgSLvUNV2RDY0b=yMYeLj-p6j7PpS9-Q@mail.gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000651034058a3c810c"
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,HTML_MESSAGE,
RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 01 Jun 2019 16:46:30 +0000
Subject: [bitcoin-dev] OP_SECURETHEBAG (supersedes OP_CHECKOUTPUTSVERIFY)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jun 2019 05:36:01 -0000
--000000000000651034058a3c810c
Content-Type: text/plain; charset="UTF-8"
Hi All,
OP_CHECKOUTPUTSHASHVERIFY is retracted in favor of OP_SECURETHEBAG*.
OP_SECURETHEBAG does more or less the same thing, but fixes malleability
issues and lifts the single output restriction to a known number of inputs
restriction.
OP_CHECKOUTPUTSVERIFY had some issues with malleability of version and
locktime. OP_SECURETHEBAG commits to both of these values.
OP_SECURETHEBAG also lifts the restriction that OP_CHECKOUTPUTSVERIFY had
to be spent as only a single input, and instead just commits to the number
of inputs. This allows for more flexibility, but keeps it easy to get the
same single output restriction.
BIP:
https://github.com/JeremyRubin/bips/blob/op-secure-the-bag/bip-secure-the-bag.mediawiki
Implementation: https://github.com/JeremyRubin/bitcoin/tree/secure_the_bag
A particularly useful topic of discussion is how best to eliminate the
PUSHDATA and treat OP_SECURETHEBAG like a pushdata directly. I thought
about how the interpreter works and is implemented and couldn't come up
with something noninvasive.
Thank you for your review and discussion,
Jeremy
* Plus the name is better
--000000000000651034058a3c810c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#000000">Hi All,</div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-siz=
e:small;color:#000000"><br></div><div class=3D"gmail_default" style=3D"font=
-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><div clas=
s=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-si=
ze:small;color:rgb(0,0,0)">OP_CHECKOUTPUTSHASHVERIFY is retracted in favor =
of OP_SECURETHEBAG*. OP_SECURETHEBAG does more or less the same thing, but =
fixes malleability issues and lifts the single output restriction to a know=
n number of inputs restriction.<br></div></div><div class=3D"gmail_default"=
style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#000=
000"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helv=
etica,sans-serif;font-size:small;color:#000000">OP_CHECKOUTPUTSVERIFY had s=
ome issues with malleability of version and locktime. OP_SECURETHEBAG commi=
ts to both of these values. <br></div><div class=3D"gmail_default" style=3D=
"font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br>=
</div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,san=
s-serif;font-size:small;color:#000000">OP_SECURETHEBAG also lifts the restr=
iction that OP_CHECKOUTPUTSVERIFY had to be spent as only a single input, a=
nd instead just commits to the number of inputs. This allows for more flexi=
bility, but keeps it easy to get the same single output restriction.<br></d=
iv><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-s=
erif;font-size:small;color:#000000"><br></div><div class=3D"gmail_default" =
style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#0000=
00">BIP: <a href=3D"https://github.com/JeremyRubin/bips/blob/op-secure-the-=
bag/bip-secure-the-bag.mediawiki">https://github.com/JeremyRubin/bips/blob/=
op-secure-the-bag/bip-secure-the-bag.mediawiki</a></div><div class=3D"gmail=
_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;c=
olor:#000000">Implementation: <a href=3D"https://github.com/JeremyRubin/bit=
coin/tree/secure_the_bag">https://github.com/JeremyRubin/bitcoin/tree/secur=
e_the_bag</a></div><div><div dir=3D"ltr" class=3D"gmail_signature" data-sma=
rtmail=3D"gmail_signature"><div dir=3D"ltr"><br></div><div dir=3D"ltr"><div=
style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(=
0,0,0)" class=3D"gmail_default">A particularly useful topic of discussion i=
s how best to eliminate the PUSHDATA and treat OP_SECURETHEBAG like a pushd=
ata directly. I thought about how the interpreter works and is implemented =
and couldn't come up with something noninvasive.</div><div style=3D"fon=
t-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)" class=
=3D"gmail_default"><br></div></div><div style=3D"font-family:arial,helvetic=
a,sans-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_default">Than=
k you for your review and discussion,<br></div><div dir=3D"ltr"><div style=
=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)=
" class=3D"gmail_default"><br></div><div style=3D"font-family:arial,helveti=
ca,sans-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_default">Jer=
emy</div></div><div dir=3D"ltr"><br></div><div dir=3D"ltr"><div style=3D"fo=
nt-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)" clas=
s=3D"gmail_default">* Plus the name is better</div><br></div></div></div></=
div>
--000000000000651034058a3c810c--
|