1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 6AB2711B6
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 24 Feb 2018 18:59:02 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f45.google.com (mail-vk0-f45.google.com
[209.85.213.45])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2EF3B466
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 24 Feb 2018 18:59:01 +0000 (UTC)
Received: by mail-vk0-f45.google.com with SMTP id x135so7515448vkd.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 24 Feb 2018 10:59:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to; bh=i1YjNWIAsU6l0EZes5Yu3I7uFVEEEmGMJh0gE3tnF40=;
b=acMdHMJSPUtdW/dRmBDc4mM29jNARnEo0j8tufNsXk4b6Szd4LdBFyOxwbWgJ8Z8Hr
6SMcuodDkJcnA/uYcOK0snYlt4nTK8uduiSUP3PUPbtCLwPbC4P1R+CTxswoglV/Mzj5
1k5PElASw0JRyqbPPbKRTi1RyTtQhHzfClCE6BmcEN/moZYjN7SZP8hzJxe0vacodro1
BFre382vuV/4qshyygNQMjCP2xU3RvdvkBhrKRRDrWeG/mSSZv2irQ9XF7/Coojwx1Fp
OGuD/MnWF5DtP95XKNFOP2DUIx/V1uWqp3E+V+uI7+/zE9EHKso0tUZe+XpiFBzuSrAJ
PObA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to;
bh=i1YjNWIAsU6l0EZes5Yu3I7uFVEEEmGMJh0gE3tnF40=;
b=hjNHoN1DV+CjZsBeuO+1h96DBJA9BhrNCnP16ugvV7CEg/qxEkFEjbgPRxdTsbMMuV
0snK1L3AysGQk6w9yYqhNRK5kPGytNnHwTRLlrBtKQqN+2lXds892XiFUmM1B8ZAIvhf
xo0U5MGqXTbtibWRHcqrkoA6P08kRSGScEMMxHK1mTCRgtVQI82oRHQ2OXU+BJQOTO1v
YXiz0tMX4myevM+x/QTIytilLUQGFF4EbC6Uwm5gvLKz+G48WTaAZhONeDbWLJdwIjqW
NGXDC41qafCpDiQG0h6prHx17FLY/T1FekpSjX6huvCKJXdfSvPn6rLJC0ApN109anwa
jneQ==
X-Gm-Message-State: APf1xPDv1lKKfd9PXW/btRM+c2Iax407r6a3m+Y4nSV5cOPub3kka+R8
2FTtLNCdlaRNO9LoVW2o5KFgNxgUZwofxnuzd8EWoQ==
X-Google-Smtp-Source: AG47ELsuCj44RI/V+lR5uGRUtiX2r5/w/+YFZA9Kq/cefFcDqKFEf9HXI8oXwk7Ud2Mm6L0isUUxcvioDgH0YJZqpBA=
X-Received: by 10.31.100.10 with SMTP id y10mr2323123vkb.55.1519498740316;
Sat, 24 Feb 2018 10:59:00 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.97.70 with HTTP; Sat, 24 Feb 2018 10:58:59 -0800 (PST)
In-Reply-To: <1519328661.898070.1280084352.71F1C1C3@webmail.messagingengine.com>
References: <CAAS2fgSnfd++94+40vnSRxQfi9fk8N6+2-DbjVpssHxFvYveFQ@mail.gmail.com>
<CAMnpzfphzviN9CqZaFa3P-U2OnHn56LYEtWtMktT1D37bPqvcQ@mail.gmail.com>
<CAAS2fgSVHfh2++JLCTOWVmMiwfqSkGgj4O+HR4wTYTXaZr6n9Q@mail.gmail.com>
<CAD5xwhiqcHjy2bFcCzNue+M92z3_QHZra801c6Kx7OBf=68sRw@mail.gmail.com>
<CAMnpzfo3pL0EB1HyzHO1sEiauGarRUHaWOG-pzMe40wBsGiN3g@mail.gmail.com>
<1519328661.898070.1280084352.71F1C1C3@webmail.messagingengine.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Sat, 24 Feb 2018 18:58:59 +0000
X-Google-Sender-Auth: zVxtgkkGhEGhrwlrc7x6R6c1swc
Message-ID: <CAAS2fgQYUb7gMbNbJOQ3pZ8WSRY-UhWjN9Y4GK96Lke-w3aFvw@mail.gmail.com>
To: Daniel Edgecumbe <esotericnonsense@esotericnonsense.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Graftroot: Private and efficient surrogate
scripts under the taproot assumption
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Feb 2018 18:59:02 -0000
On Thu, Feb 22, 2018 at 7:44 PM, Daniel Edgecumbe via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> I don't think that binding grafts to a particular transaction requires this aggregation.
> It seems to me that you could just sign H(txid, script) rather than H(script).
> I'm not aware of whether this would break aggregation.
That would require that you know the txid in advance. Sometimes you
do-- and a graftroot sighash flag could handle that... but usually you
wouldn't. The case where you already do know it can sort of be
covered today without using the graftroot: Sign a transaction
spending the multisig coin to the graft. This isn't a strict
alternative however, because it's not atomic: you could imagine that
txn being announced and then the graft not being spent, while someone
would like to spend a different graft. That non-atomiticity could be
addressed by making the graft spends an OR of all the other graft
spends but that isn't scalable or private. Regardless, still doesn't
work if the graft isn't created after the fact.
The aggregation bit has the property of working just in time, even on
grafts created in advance.
|
