1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
|
Return-Path: <sridhar87@gmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8327BC07FF
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 76B44869CB
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nNbpoh4BFb69
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:30 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com
[209.85.208.54])
by whitealder.osuosl.org (Postfix) with ESMTPS id 31929869CA
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 22:18:30 +0000 (UTC)
Received: by mail-ed1-f54.google.com with SMTP id t9so16802172edq.8
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 15 Nov 2020 14:18:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=MA60qgdwHV7UBw2Ni84alQCYNCZJu9O11BQ45ukFtyI=;
b=KN+wMJ3EvFkITxShovytmDItaieHBVxoPdlhRrvZAzi8ndBwkOiWRhSJyUAGFpm62b
YnYxk1Lf23o355IMK27F7dHygfyNECXmv2BdZRfAWk5LmA9+Hx7OYIj2EQ6uWKm0bZUU
hIX5Rezq3g42dytcOK2kqj9n7ecSSCNlu9r6NueGZ1RH8KyMKtLjVBvm1GkqIm3l9nvq
5C7iw6wlVKskT+nBkoG+rduRV5dlsoLJz3SvZrpiPdpx+Va/YcN77GjDO10FloZ9VZIh
uwmQ4pNZakbhfUj7EKhaMDs1dWVrZRszc14nrGHC7kn5mTAzo2KzwnSYUqIHDCNqfjIB
Nw2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=MA60qgdwHV7UBw2Ni84alQCYNCZJu9O11BQ45ukFtyI=;
b=qdQCk2/xOInQgzTKZGOXp8yB98tj8lAoWxY0R3PrFc4f4vBLIQpPlxhRGUKmpFqswo
OsL9ukY1Buj1vJkma2u+Bj0SPOLRT3lyzYTvF3hB8JCYMzUqw5rVTNWgMV+cokfaT0qa
gVyogxZn9m5L1vSP4Rh7OGft9LSTpUpVSV2wOs63nyY7sus8VFASS9czLGFv70/YN8Ll
HoCaVI8bIHxjySraUVJ5GWvjjC/8JNWRyFlHL6hc/l49kQ90MmyJTUlvVYpIcHVysG2o
W3k0S1g+A1aiGewx6RV8gH1Lw5lM9l7LkcQWsaGMGoiZ0BigI6f7hnd3RMEX7apb4U2F
r2Qw==
X-Gm-Message-State: AOAM531elWBKFgOGkmtB0JzEb391BqqAWfbIyapmauQU9E5WabZTyjFJ
jm1w0RE5qjL0RqUUrn5VKdiKkTp4rFX6R0ZathO+GrWpbe9kiMNU
X-Google-Smtp-Source: ABdhPJxvhFBEfZOA2kfnZUeAPbrCyotkyHvApGSGstpY8ykoXzmveUovv4ZejLoDpY8Lixz23eYLIyhu479hh0C/lqo=
X-Received: by 2002:a50:9fe6:: with SMTP id c93mr12770246edf.30.1605478708300;
Sun, 15 Nov 2020 14:18:28 -0800 (PST)
MIME-Version: 1.0
From: Sridhar G <sridhar87@gmail.com>
Date: Sun, 15 Nov 2020 23:18:17 +0100
Message-ID: <CAF8yEM_gur=r2WvQ=y3bE53cfds=gQT3se-GAspHvMQzUnW-9Q@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="0000000000001a50bd05b42ca4f5"
X-Mailman-Approved-At: Sun, 15 Nov 2020 23:03:55 +0000
Subject: [bitcoin-dev] CoinPools based on m-of-n Schnorr aggregated
signatures
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 22:18:31 -0000
--0000000000001a50bd05b42ca4f5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi everyone,
N-of-n multisig transaction using Schnorr aggregate signature is trivial
and is similar to the current P2PKH. I would like to propose a model for
m-of-n multisig transactions using Schnorr aggregate signatures and use
this to enable CoinPools for off-chain scalability.
1. Creating the pool
A transaction is made on the bitcoin network with an output having the
following script:
<pub_key_1> <pub_key_2> <pub_key_3> .. <pub_key_N> N M OP_POOL
Bitcoin network will create a =E2=80=98pool=E2=80=99 with all the =E2=80=98=
N=E2=80=99 public keys and note
down the threshold M for this pool. This UTXO would be referred as <POOL_ID=
>
2. Depositing money to pool
Deposits can be made to a pool with <POOL_ID> with the following script
<POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY OP_CHECKSIG
3. Redeeming money from pool
Redeem script would contain the aggregated signature from all signers and
the bitmap of signers.
*<AGG_SIG> <SIGNERS_BITMAP>* <POOL_ID> OP_LOAD_POOL_AGG_PUB_KEY
OP_CHECKSIG
With <AGG_SIG> <SIGNERS_BITMAP> provided by the person that redeems money
from a pool, where
<AGG_SIG> - is the aggregated signature
<SIGNERS_BITMAP> - Is a bitmap representing whether the member of the pool
at position 'i' of bitmap has signed or not(1 =3D signed, 0 - has not signe=
d)
So we will be introducing two new opcodes:
1.
OP_POOL - this will be used to create a new coin pool.
2.
OP_LOAD_POOL_AGG_PUB_KEY - This opcode does three things
1.
loads the pool (POOL_ID)
2.
checks if there are atleast 'm' signers (based on SIGNERS_BITMAP)
3.
aggregates the public key of the signers. (based on SIGNERS_BITMAP)
The opcode uses the top two elements from the stack- the first
element from the stack specifies the POOL_ID to load, which will load the
public keys from the pool. This opcode also checks if there are =E2=80=98M=
=E2=80=99
signers(as specified at the time of creation of the pool) and aggregates
the public keys that have signed based on SIGNERS_BITMAP using Schnorr
aggregate signature scheme and puts back this aggregated public key onto
the stack.
SIGNERS_BITMAP is a 32 byte value, and represents a bitmap of which public
keys from the pool have signed the transaction.
Having this scheme would enable-
1.
Scalability of m-of-n multisig transactions - People can deposit money
to a pool(with 32 byte SIGNERS_BITMAP, we can allow for 256 possible
signers).
2.
Trust minimized off-chain scalability solutions due to the use of a
sufficiently large pool of signers. Most existing pools might allow for
only a few signers as having many signers would mean higher transaction
cost.
Downsides:
1.
We need to have the public keys of the members of the pool exposed.
Despite the downsides of exposing public keys, do you think this would be a
viable scheme for enabling CoinPool for the Bitcoin network? Or, any scheme
that may expose public keys is a no-go in the Bitcoin network?
Thanks! Looking for your feedback and thoughts on this.
-Sridhar
--0000000000001a50bd05b42ca4f5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-920b9d27-7fff-fe08-1e=
5b-08c1713fbbde"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Hi everyo=
ne,</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb=
(0,0,0);background-color:transparent;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">N-of-n m=
ultisig transaction using Schnorr aggregate signature is trivial and is sim=
ilar to the current P2PKH. I would like to propose a model for m-of-n multi=
sig transactions using Schnorr aggregate signatures and use this to enable =
CoinPools for off-chain scalability.</span></p><br><p dir=3D"ltr" style=3D"=
line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size=
:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-=
weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;verti=
cal-align:baseline;white-space:pre-wrap">1. Creating the pool</span></p><p =
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><sp=
an style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-co=
lor:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;=
vertical-align:baseline;white-space:pre-wrap">A transaction is made on the =
bitcoin network with an output having the following script:</span></p><br><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-=
color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma=
l;vertical-align:baseline;white-space:pre-wrap"><pub_key_1> <pub_k=
ey_2> <pub_key_3> .. <pub_key_N> N M OP_POOL</span></p><br><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-=
color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma=
l;vertical-align:baseline;white-space:pre-wrap">Bitcoin network will create=
a =E2=80=98pool=E2=80=99 with all the =E2=80=98N=E2=80=99 public keys and =
note down the threshold M for this pool. This UTXO would be referred as <=
;</span><span style=3D"font-size:10.5pt;font-family:Arial;background-color:=
rgb(248,249,250);font-variant-numeric:normal;font-variant-east-asian:normal=
;vertical-align:baseline;white-space:pre-wrap">POOL_ID></span></p><br><p=
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><s=
pan style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-c=
olor:transparent;font-weight:700;font-variant-numeric:normal;font-variant-e=
ast-asian:normal;vertical-align:baseline;white-space:pre-wrap">2. Depositin=
g money to pool</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-t=
op:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;c=
olor:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;fo=
nt-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">=
Deposits can be made to a pool with <POOL_ID> with the following scri=
pt</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><</spa=
n><span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(24=
8,249,250);font-variant-numeric:normal;font-variant-east-asian:normal;verti=
cal-align:baseline;white-space:pre-wrap">POOL_ID</span><span style=3D"font-=
size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;f=
ont-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:ba=
seline;white-space:pre-wrap">> OP_LOAD_POOL_AGG_PUB_KEY </span><span sty=
le=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);=
font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:b=
aseline;white-space:pre-wrap">OP_CHECKSIG</span></p><br><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font=
-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);font-weigh=
t:700;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-a=
lign:baseline;white-space:pre-wrap">3. Redeeming money from pool</span></p>=
<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,=
249,250);font-variant-numeric:normal;font-variant-east-asian:normal;vertica=
l-align:baseline;white-space:pre-wrap">Redeem script would contain the aggr=
egated signature from all signers and the bitmap of signers.</span></p><br>=
<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
<span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background=
-color:transparent;font-variant-numeric:normal;font-variant-east-asian:norm=
al;vertical-align:baseline;white-space:pre-wrap"><b><AGG_SIG> <SIG=
NERS_BITMAP></b> <POOL_ID>=C2=A0 OP_LOAD_POOL_AGG_PUB_KEY=C2=A0 </=
span><span style=3D"font-size:10.5pt;font-family:Arial;background-color:rgb=
(248,249,250);font-variant-numeric:normal;font-variant-east-asian:normal;ve=
rtical-align:baseline;white-space:pre-wrap">OP_CHECKSIG</span></p><p dir=3D=
"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span sty=
le=3D"font-size:10.5pt;font-family:Arial;background-color:rgb(248,249,250);=
font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:b=
aseline;white-space:pre-wrap"><br></span></p><p style=3D"line-height:1.38;m=
argin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-famil=
y:Arial;background-color:rgb(248,249,250);font-variant-numeric:normal;font-=
variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Wit=
h <AGG_SIG> <SIGNERS_BITMAP> provided by the person that redeem=
s money from a pool, where</span></p><p style=3D"line-height:1.38;margin-to=
p:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-family:Arial;=
background-color:rgb(248,249,250);font-variant-numeric:normal;font-variant-=
east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><AGG_SIG=
> - is the aggregated signature</span></p><p style=3D"line-height:1.38;m=
argin-top:0pt;margin-bottom:0pt"><SIGNERS_BITMAP> - Is a bitmap repre=
senting whether the member of the pool at position 'i' of bitmap ha=
s signed or not(1 =3D signed, 0 - has not signed)</p><p style=3D"line-heigh=
t:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p style=3D"line-height:1.=
38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=3D"line-h=
eight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10.5p=
t;font-family:Arial;color:rgb(34,34,34);background-color:rgb(248,249,250);f=
ont-weight:400;font-style:normal;font-variant:normal;text-decoration:none;v=
ertical-align:baseline;white-space:pre-wrap">So we will be introducing two =
new opcodes:</span></p><ol style=3D"margin-top:0px;margin-bottom:0px"><li d=
ir=3D"ltr" style=3D"list-style-type:decimal;font-size:10.5pt;font-family:Ar=
ial;color:rgb(34,34,34);background-color:transparent;font-weight:400;font-s=
tyle:normal;font-variant:normal;text-decoration:none;vertical-align:baselin=
e;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;=
margin-bottom:0pt"><span style=3D"font-size:10.5pt;font-family:Arial;color:=
rgb(34,34,34);background-color:rgb(248,249,250);font-weight:400;font-style:=
normal;font-variant:normal;text-decoration:none;vertical-align:baseline;whi=
te-space:pre-wrap">OP_POOL - this will be used to create a new coin pool.</=
span></p></li><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:10=
.5pt;font-family:Arial;color:rgb(34,34,34);background-color:transparent;fon=
t-weight:400;font-style:normal;font-variant:normal;text-decoration:none;ver=
tical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-fa=
mily:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;fo=
nt-style:normal;font-variant:normal;text-decoration:none;vertical-align:bas=
eline;white-space:pre-wrap">OP_LOAD_POOL_AGG_PUB_KEY - This opcode does thr=
ee things</span></p></li><ol style=3D"margin-top:0px;margin-bottom:0px"><li=
dir=3D"ltr" style=3D"list-style-type:lower-alpha;font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-=
style:normal;font-variant:normal;text-decoration:none;vertical-align:baseli=
ne;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:r=
gb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;fo=
nt-variant:normal;text-decoration:none;vertical-align:baseline;white-space:=
pre-wrap">loads the pool (POOL_ID)</span></p></li><li dir=3D"ltr" style=3D"=
list-style-type:lower-alpha;font-size:11pt;font-family:Arial;color:rgb(0,0,=
0);background-color:transparent;font-weight:400;font-style:normal;font-vari=
ant:normal;text-decoration:none;vertical-align:baseline;white-space:pre"><p=
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><s=
pan style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-c=
olor:transparent;font-weight:400;font-style:normal;font-variant:normal;text=
-decoration:none;vertical-align:baseline;white-space:pre-wrap">checks if th=
ere are atleast 'm' signers (based on SIGNERS_BITMAP)</span></p></l=
i><li dir=3D"ltr" style=3D"list-style-type:lower-alpha;font-size:11pt;font-=
family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;=
font-style:normal;font-variant:normal;text-decoration:none;vertical-align:b=
aseline;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-to=
p:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;co=
lor:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:norm=
al;font-variant:normal;text-decoration:none;vertical-align:baseline;white-s=
pace:pre-wrap">aggregates the public key of the signers. (based on SIGNERS_=
BITMAP)</span></p></li></ol></ol><p style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:0pt"><span id=3D"gmail-docs-internal-guid-f9c86549-7fff-0d3=
7-f786-683b00720058"><span style=3D"font-size:11pt;font-family:Arial;color:=
rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-va=
riant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0The opcode uses the top two elements from =
the stack- the first element from the stack specifies the POOL_ID to load, =
</span><span style=3D"font-size:10.5pt;font-family:Arial;color:rgb(0,0,0);b=
ackground-color:rgb(248,249,250);font-variant-numeric:normal;font-variant-e=
ast-asian:normal;vertical-align:baseline;white-space:pre-wrap">which will l=
oad the public keys from the pool. </span><span style=3D"font-size:11pt;fon=
t-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-n=
umeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-=
space:pre-wrap">This opcode also checks if there are =E2=80=98M=E2=80=99 si=
gners(as specified at the time of creation of the pool) and aggregates the =
public keys that have signed based on SIGNERS_BITMAP using Schnorr aggregat=
e signature scheme and puts back this aggregated public key onto the stack.=
</span></span><br></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><br></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb=
(0,0,0);background-color:transparent;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">SIGNERS_=
BITMAP is a 32 byte value, and represents a bitmap of which public keys fro=
m the pool have signed the transaction.</span></p><br><p dir=3D"ltr" style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-=
size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;f=
ont-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:ba=
seline;white-space:pre-wrap">Having this scheme would enable-</span></p><ol=
style=3D"margin-top:0px;margin-bottom:0px"><li dir=3D"ltr" style=3D"list-s=
tyle-type:decimal;font-size:11pt;font-family:Arial;color:rgb(0,0,0);backgro=
und-color:transparent;font-variant-numeric:normal;font-variant-east-asian:n=
ormal;vertical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line=
-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11p=
t;background-color:transparent;font-variant-numeric:normal;font-variant-eas=
t-asian:normal;vertical-align:baseline;white-space:pre-wrap">Scalability of=
m-of-n multisig transactions - People can deposit money to a pool(with 32 =
byte SIGNERS_BITMAP, we can allow for 256 possible signers).</span></p></li=
><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:=
normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:p=
re"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0=
pt"><span style=3D"font-size:11pt;background-color:transparent;font-variant=
-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;whit=
e-space:pre-wrap">Trust minimized off-chain scalability solutions due to th=
e use of a sufficiently large pool of signers. Most existing pools might al=
low for only a few signers as having many signers would mean higher transac=
tion cost.</span></p></li></ol><br><p dir=3D"ltr" style=3D"line-height:1.38=
;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-famil=
y:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:=
normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:p=
re-wrap">Downsides:</span></p><ol style=3D"margin-top:0px;margin-bottom:0px=
"><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-fami=
ly:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric=
:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:=
pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span style=3D"font-size:11pt;background-color:transparent;font-varian=
t-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;whi=
te-space:pre-wrap">We need to have the public keys of the members of the po=
ol exposed.</span></p></li></ol><br><p dir=3D"ltr" style=3D"line-height:1.3=
8;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-fami=
ly:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric=
:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:=
pre-wrap">Despite the downsides of exposing public keys, do you think this =
would be a viable scheme for enabling CoinPool for the Bitcoin network? Or,=
any scheme that may expose public keys is a no-go in the Bitcoin network?<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);=
background-color:transparent;font-variant-numeric:normal;font-variant-east-=
asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><=
p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=
=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:tran=
sparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical=
-align:baseline;white-space:pre-wrap">Thanks! Looking for your feedback and=
thoughts on this.</span></p><p style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(=
0,0,0);background-color:transparent;font-variant-numeric:normal;font-varian=
t-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">-Sridhar<=
/span></p></span><br class=3D"gmail-Apple-interchange-newline"></div>
--0000000000001a50bd05b42ca4f5--
|