1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
Delivery-date: Mon, 09 Dec 2024 05:37:41 -0800
Received: from mail-yb1-f186.google.com ([209.85.219.186])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCTP33FZ3YMBBGXF3O5AMGQEFAJLITQ@googlegroups.com>)
id 1tKdxE-0003Sb-BR
for bitcoindev@gnusha.org; Mon, 09 Dec 2024 05:37:41 -0800
Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-e3a4f3fb24csf655306276.2
for <bitcoindev@gnusha.org>; Mon, 09 Dec 2024 05:37:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1733751454; x=1734356254; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=rmZq9LXVSF26IO+Gz5fiYw0/m1qS5tR+5xZEHbsfxxs=;
b=izYTZWI0MhGJr4ORlNdEKNTFFd4SFpUqqPZJRb1SPufbFYzrwutXEysp6DySa17r6f
XjbdjOOPxlZsbXcL7xaMEMNNOBsg9czfLMAU9dyvV8qgI884LDWs6hme6Z/qIsDSJ7AG
MT+oMkrjdcae7Rb8XNo46vtoQBt9WH3dOKMafUriDURbD4DOy9jBmjOH7lSXG6eEoK5x
42/LAb+yjOxz4iVuN1attEpbwVpAonOJl15/fvF19pFdWcAURs8Xk0MDXH34WwVm6yuq
rZ3o+Fy1ZZCnYs3Klu+SQjX0n1u4efVJ9Oz6TLA4rYElxRyS0qAulBcF4THTOh/MAgEO
5lqQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups-com.20230601.gappssmtp.com; s=20230601; t=1733751454; x=1734356254; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:from:to:cc:subject:date:message-id
:reply-to;
bh=rmZq9LXVSF26IO+Gz5fiYw0/m1qS5tR+5xZEHbsfxxs=;
b=hOrAyXjgqyvXe/cYH0MwmHS79dtFD5C9JV0w+2xOjD1TRgr4EIvnCOJlZeugYriG0O
FoN1Ibt+U9jtgH4PKHa/t6eR5QsfUEbgywGnvqSZaocu5H3HEbCaCxH76fOvOqsXcfWB
Bo85o2RpwnRWtTZmpZDt4wW71wdDWy1OALSsOY6xXEzaI9CIriBFiI3EkX0w4lpygrjq
zZ/FQHRkqqbAVlZXRo2tOn7jPP72YLFaQNGayBybz3v0IyP2XlZta2bz6svYKbwuUC5H
iyof5xkTaSm6YT+5Mfm1nsoFv6wnpfSIUm/sLXW5OiH+Pa3voC2kemDcNqlGGmwljHYu
3xCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1733751454; x=1734356254;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=rmZq9LXVSF26IO+Gz5fiYw0/m1qS5tR+5xZEHbsfxxs=;
b=AKm6OWczlqmihIawLvOLf0cTfLvnydWbdLEVaVgrr4H23i4Rw0tY5qig7wAHSbY8aP
Est2zHVXk/Z/08oT5000QtiACahvdrIwqR/eiY/M4Hp1BM6puk92Wq6atrMVklWtpa+7
lbsqOEzrFj97e9eT8lvM+kCy4jOCkW5srVYmGcgL2xr8hS02qXg1YKwY4d0x40mz9u9b
CJAJYV/qmE8G1o1tEGyHUR+1Z9EdcQbb+jV2H1BlYyKmCmyBlSzguuykDodFwBXxW6pZ
JxSIpLeYZ75avfxo5qbD22KmFmeRNJYiO/K2Vl4gH+fEaBW3dmUMfWx0s/LVOouLHtrm
AR2g==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCUYG8j52c/29aFB9s5CJDhu1990Vr+yXMbn77A+oYzhw+FFczfM1oZC1rGh3doEigKgcffiE16csTCD@gnusha.org
X-Gm-Message-State: AOJu0Yw4iZo586v+ffmifsYXKMEL25ldCN3mwpWV6ibG/2z6c/HIjbFa
ooqnfbJ6xwfibIaJbdN+SUxNkztcjbvrUe0DQyIYOJByQ4I0zJOs
X-Google-Smtp-Source: AGHT+IHp3Rz2zXoo6ywmbNPAvBH24+YotHjHRe307AxPctR/BKwWSh0gOz/PteE2OYCEHCva3Uhvhg==
X-Received: by 2002:a05:6902:3005:b0:e39:8d87:f146 with SMTP id 3f1490d57ef6-e3a59afbfa4mr269397276.22.1733751453620;
Mon, 09 Dec 2024 05:37:33 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:adc9:0:b0:e30:84f1:999f with SMTP id 3f1490d57ef6-e39f1abbb3als2247932276.0.-pod-prod-02-us;
Mon, 09 Dec 2024 05:37:30 -0800 (PST)
X-Received: by 2002:a05:690c:2501:b0:6ef:94db:b208 with SMTP id 00721157ae682-6f022ed43eemr5164087b3.24.1733751449886;
Mon, 09 Dec 2024 05:37:29 -0800 (PST)
Received: by 2002:a05:690c:80a:b0:6ef:9b37:85ef with SMTP id 00721157ae682-6efe40440e5ms7b3;
Mon, 9 Dec 2024 05:27:56 -0800 (PST)
X-Received: by 2002:a05:690c:360d:b0:6e3:fd6:6ccb with SMTP id 00721157ae682-6efe3bfae8dmr124700187b3.13.1733750875153;
Mon, 09 Dec 2024 05:27:55 -0800 (PST)
Date: Mon, 9 Dec 2024 05:27:54 -0800 (PST)
From: Weikeng Chen <weikeng.chen@l2iterative.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <ebd77d82-96ab-4530-909a-d085378b9868n@googlegroups.com>
Subject: [bitcoindev] Difficulty in emulating "weaker" OP_SUCCESS and why it
should be a real opcode
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_219826_310777324.1733750874600"
X-Original-Sender: weikeng.chen@l2iterative.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.7 (/)
------=_Part_219826_310777324.1733750874600
Content-Type: multipart/alternative;
boundary="----=_Part_219827_1494883412.1733750874600"
------=_Part_219827_1494883412.1733750874600
Content-Type: text/plain; charset="UTF-8"
When I am implementing fraud proofs in Bitcoin script, I find it useful to
have an opcode "OP_SUCCESS" that will mark the execution to be successful
without running the rest of the script, if this opcode is being executed.
This is useful for writing code for fraud proofs such as BitVM, where the
verifier wins if it finds one mismatch, and the verifier does not need to
show the other mismatches.
This OP_SUCCESS is weaker version of the OP_SUCCESSx in the Taproot
upgrade, which marks the execution as successful for the mere presence of
OP_SUCCESSx anywhere in the script. Rusty Russell in a 2023 article,
"Covenants: Examining ScriptPubkeys in Bitcoin Script", also mentioned
about the usefulness of such an opcode.
Of course, this opcode can be emulated, and one can rewrite the existing
script in a way to realize the same functionality without adding a new
opcode to Bitcoin.
The problem is that such rewriting is indeed fairly complicated. For
example, say that we have the following program.
```
OP_NOP1
OP_IF
OP_NOP2
OP_IF_SUCCESS
OP_NOP3
OP_IF_SUCCESS
OP_NOP4
OP_IF_SUCCESS
OP_NOP5
OP_ENDIF
OP_NOP6
```
with OP_IF_SUCCESS short for "OP_IF OP_SUCCESS OP_ENDIF"
The equivalent version without using new opcode is as follows (generated by
computer, using a rewriting tool:
https://github.com/Bitcoin-Wildlife-Sanctuary/fraud-proof-compiler)
```
OP_NOP1
OP_IF
OP_NOP2
OP_IF
1
0
OP_ELSE
OP_NOP3
OP_IF
1
0
OP_ELSE
OP_NOP4
OP_IF
1
OP_ELSE
OP_NOP5
0
0
0
OP_ENDIF
OP_ENDIF
OP_IF 1 OP_ENDIF
OP_ENDIF
OP_IF 1 OP_ENDIF
OP_ELSE
0
OP_ENDIF
OP_IF
1
OP_ELSE
OP_NOP6
0
OP_ENDIF
OP_IF
OP_DEPTH 512 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (256 OP_2DROP)
OP_ENDIF
OP_DEPTH 256 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (128 OP_2DROP)
OP_ENDIF
OP_DEPTH 128 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (64 OP_2DROP)
OP_ENDIF
OP_DEPTH 64 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (32 OP_2DROP)
OP_ENDIF
OP_DEPTH 32 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (16 OP_2DROP)
OP_ENDIF
OP_DEPTH 16 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (8 OP_2DROP)
OP_ENDIF
OP_DEPTH 8 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (4 OP_2DROP)
OP_ENDIF
OP_DEPTH 4 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP ... OP_2DROP (2 OP_2DROP)
OP_ENDIF
OP_DEPTH 2 OP_GREATERTHANOREQUAL OP_IF
OP_2DROP
OP_ENDIF
OP_DEPTH OP_IF
OP_DROP
OP_ENDIF
OP_TRUE
OP_ENDIF
```
The second part of the code is mainly a general-purpose and
stack-size-independent method to remove all the stack elements in order to
be standard.
For this reason, it seems better to avoid the need for developers to
"emulate" such a weak version of OP_SUCCESS but to actually implement an
opcode for that.
What do you think?
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ebd77d82-96ab-4530-909a-d085378b9868n%40googlegroups.com.
------=_Part_219827_1494883412.1733750874600
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
When I am implementing fraud proofs in Bitcoin script, I find it useful to =
have an opcode "OP_SUCCESS" that will mark the execution to be successful w=
ithout running the rest of the script, if this opcode is being executed. Th=
is is useful for writing code for fraud proofs such as BitVM, where the ver=
ifier wins if it finds one mismatch, and the verifier does not need to show=
the other mismatches.<div><br /></div><div>This OP_SUCCESS is weaker versi=
on of the OP_SUCCESSx in the Taproot upgrade, which marks the execution as =
successful for the mere presence of OP_SUCCESSx anywhere in the script.=C2=
=A0Rusty Russell in a 2023 article, "Covenants: Examining ScriptPubkeys in =
Bitcoin Script", also mentioned about the usefulness of such an opcode.=C2=
=A0</div><div><br /></div><div>Of course, this opcode can be emulated, and =
one can rewrite the existing script in a way to realize the same functional=
ity without adding a new opcode to Bitcoin.</div><div><br /></div><div>The =
problem is that such rewriting is indeed fairly complicated. For example, s=
ay that we have the following program.</div><div><br /></div><div>```<br />=
OP_NOP1<br />OP_IF<br />=C2=A0 =C2=A0 OP_NOP2<br />=C2=A0 =C2=A0=C2=A0OP_IF=
_SUCCESS<br />=C2=A0 =C2=A0=C2=A0OP_NOP3<br />=C2=A0 =C2=A0=C2=A0OP_IF_SUCC=
ESS<br />=C2=A0 =C2=A0=C2=A0OP_NOP4<br />=C2=A0 =C2=A0=C2=A0OP_IF_SUCCESS<b=
r />=C2=A0 =C2=A0=C2=A0OP_NOP5<br />OP_ENDIF<br />OP_NOP6<br />```</div><di=
v>with OP_IF_SUCCESS short for "OP_IF OP_SUCCESS OP_ENDIF"</div><div><br />=
</div><div>The equivalent version without using new opcode is as follows (g=
enerated by computer, using a rewriting tool: https://github.com/Bitcoin-Wi=
ldlife-Sanctuary/fraud-proof-compiler)</div><div><br /></div><div>```</div>=
<div>OP_NOP1<br />OP_IF<br />=C2=A0 =C2=A0 OP_NOP2<br />=C2=A0 =C2=A0 OP_IF=
<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 1</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=
=A0=C2=A00</div><div>=C2=A0 =C2=A0 OP_ELSE<br />=C2=A0 =C2=A0=C2=A0=C2=A0 =
=C2=A0=C2=A0OP_NOP3</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0OP_IF</=
div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1</div><div>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=
=A0=C2=A0OP_ELSE</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=
=C2=A0OP_NOP4</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=
=A0OP_IF</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =
=C2=A0=C2=A01</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=
=A0OP_ELSE</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0OP_NOP5</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0=C2=A0=C2=A0 =C2=A0=C2=A00</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A00</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A00</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0=C2=A0 =C2=A0=C2=A0OP_ENDIF</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=
=A0=C2=A0OP_ENDIF</div><div>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0OP_IF 1 O=
P_ENDIF</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0=C2=A0OP_IF 1 OP=
_ENDIF<br />OP_ELSE<br />=C2=A0 =C2=A0=C2=A00<br />OP_ENDIF<br />OP_IF<br /=
>=C2=A0 =C2=A0=C2=A01<br />OP_ELSE<br />=C2=A0 =C2=A0=C2=A0OP_NOP6<br />=C2=
=A0 =C2=A0=C2=A00<br />OP_ENDIF<br />OP_IF</div><div>=C2=A0 =C2=A0 OP_DEPTH=
512 OP_GREATERTHANOREQUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_2DROP =
... OP_2DROP (256 OP_2DROP)</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =
=C2=A0 OP_DEPTH 256 OP_GREATERTHANOREQUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 OP_2DROP ... OP_2DROP (128 OP_2DROP)</div><div>=C2=A0 =C2=A0 OP_ENDI=
F<br />=C2=A0 =C2=A0 OP_DEPTH 128 OP_GREATERTHANOREQUAL OP_IF<br />=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 OP_2DROP ... OP_2DROP (64 OP_2DROP)</div><div>=C2=A0 =
=C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0 OP_DEPTH 64 OP_GREATERTHANOREQUAL OP_IF<=
br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_2DROP ... OP_2DROP (32 OP_2DROP)</div><=
div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0 OP_DEPTH 32 OP_GREATERTHANORE=
QUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_2DROP ... OP_2DROP (16 OP_2D=
ROP)</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0 OP_DEPTH 16 OP_GRE=
ATERTHANOREQUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_2DROP ... OP_2DRO=
P (8 OP_2DROP)</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0 OP_DEPTH=
8 OP_GREATERTHANOREQUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_2DROP ..=
. OP_2DROP (4 OP_2DROP)</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0=
OP_DEPTH 4 OP_GREATERTHANOREQUAL OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP=
_2DROP ... OP_2DROP (2 OP_2DROP)</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=
=A0 =C2=A0 OP_DEPTH 2 OP_GREATERTHANOREQUAL OP_IF</div><div>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 OP_2DROP</div><div>=C2=A0 =C2=A0 OP_ENDIF<br />=C2=A0 =C2=A0 =
OP_DEPTH OP_IF<br />=C2=A0 =C2=A0 =C2=A0 =C2=A0 OP_DROP</div><div>=C2=A0 =
=C2=A0 OP_ENDIF</div><div>=C2=A0 =C2=A0 OP_TRUE</div><div>OP_ENDIF</div><di=
v>```</div><div><br /></div><div>The second part of the code is mainly a ge=
neral-purpose and stack-size-independent method to remove all the stack ele=
ments in order to be standard.=C2=A0</div><div><br /></div><div>For this re=
ason, it seems better to avoid the need for developers to "emulate" such a =
weak version of OP_SUCCESS but to actually implement an opcode for that.</d=
iv><div><br /></div><div>What do you think?</div><div><br /></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/ebd77d82-96ab-4530-909a-d085378b9868n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/ebd77d82-96ab-4530-909a-d085378b9868n%40googlegroups.com</a>.<br />
------=_Part_219827_1494883412.1733750874600--
------=_Part_219826_310777324.1733750874600--
|