1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
Return-Path: <jl2012@xbt.hk>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id B87258E3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2017 09:49:53 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 19DEA8A
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Sep 2017 09:49:52 +0000 (UTC)
Received: from [10.7.52.189] (ip-123-255-103-154.wlan.cuhk.edu.hk
[123.255.103.154]) by mx.zohomail.com
with SMTPS id 1504864190564368.34441902007325;
Fri, 8 Sep 2017 02:49:50 -0700 (PDT)
From: Johnson Lau <jl2012@xbt.hk>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <7009A9E5-BC68-4830-991B-36C3837618D6@xbt.hk>
Date: Fri, 8 Sep 2017 17:49:46 +0800
To: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
X-Mailer: Apple Mail (2.3273)
X-ZohoMailClient: External
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE
autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] BIP114 Merklized Script update and 5 BIPs for new
script functions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 09:49:53 -0000
I have rewritten and simplified BIP114, and renamed it to =E2=80=9CMerkliz=
ed Script=E2=80=9D, as a more accurate description after consulting the =
original proposers of MAST. It could be considered as a special case of =
MAST, but has basically the same functions and scaling properties of =
MAST.
Compared with Friedenbach=E2=80=99s latest tail-call execution semantics =
proposal, I think the most notable difference is BIP114 focuses on =
maintaining the static analysability, which was a reason of OP_EVAL =
(BIP12) being rejected. Currently we could count the number of sigOp =
without executing the script, and this remains true with BIP114. Since =
sigOp is a block-level limit, any OP_EVAL-like operation means block =
validity will depend on the precise outcome of script execution (instead =
of just pass or fail), which is a layer violation.
Link to the revised BIP114: =
https://github.com/jl2012/bips/blob/vault/bip-0114.mediawiki
On top of BIP114, new script functions are defined with 5 BIPs:
VVV: Pay-to-witness-public-key: =
https://github.com/jl2012/bips/blob/vault/bip-0VVV.mediawiki
WWW: String and Bitwise Operations in Merklized Script Version 0: =
https://github.com/jl2012/bips/blob/vault/bip-0WWW.mediawiki
XXX: Numeric Operations in Merklized Script Version 0: =
https://github.com/jl2012/bips/blob/vault/bip-0XXX.mediawiki
YYY: ECDSA signature operations in Merklized Script Version 0: =
https://github.com/jl2012/bips/blob/vault/bip-0YYY.mediawiki
ZZZ: OP_PUSHTXDATA: =
https://github.com/jl2012/bips/blob/vault/bip-0ZZZ.mediawiki
As a summary, these BIPs have the following major features:
1. Merklized Script: a special case of MAST, allows users to hide =
unexecuted branches in their scripts (BIP114)
2. Delegation: key holder(s) may delegate the right of spending to other =
keys (scripts), with or without additional conditions such as locktime. =
(BIP114, VVV)
3. Enabling all OP codes disabled by Satoshi (based on Elements project =
with modification. BIPWWW and XXX)
4. New SIGHASH definition with very high flexibility (BIPYYY)
5. Covenant (BIPZZZ)
6. OP_CHECKSIGFROMSTACK, modified from Elements project (BIPYYY)
7. Replace ~72 byte DER sig with fixed size 64 byte compact sig. =
(BIPYYY)
All of these features are modular and no need to be deployed at once. =
The very basic BIP114 (merklized script only, no delegation) could be =
done quite easily. BIP114 has its own versioning system which makes =
introducing new functions very easy.
Things I=E2=80=99d like to have:
1. BIP114 now uses SHA256, but I=E2=80=99m open to other hash design
2. Using Schnorr or similar signature scheme, instead of ECDSA, in =
BIPYYY.
Reference implementation: =
https://github.com/jl2012/bitcoin/commits/vault=
|