path: root/e0/9e1fae245e3dffe67f9718e7af6674c8f58966

Return-Path: <roconnor@blockstream.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 045FBC002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 11 May 2022 19:41:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id D950D60BEB
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 11 May 2022 19:41:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key)
 header.d=blockstream-com.20210112.gappssmtp.com
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dAh8cA-MOaS6
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 11 May 2022 19:41:29 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com
 [IPv6:2607:f8b0:4864:20::f32])
 by smtp3.osuosl.org (Postfix) with ESMTPS id D03E260BD6
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 11 May 2022 19:41:28 +0000 (UTC)
Received: by mail-qv1-xf32.google.com with SMTP id f3so2860390qvi.2
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 11 May 2022 12:41:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=blockstream-com.20210112.gappssmtp.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
 bh=SXgur8t6S9WhBgCHUOW0FFpCb8+jW6JxKgxPmsJw/2E=;
 b=5bbb6ce54T632G4U1LTW4TF4vjxkEnCV5VO8P0zGjsF7actNlknjh3P6qB+nCqZcyX
 MsLqP54DEsMoRLxvWl0U95B3lOT1Q6NHpD6OnYUyTE3BWIQ0SVeWdCoOOijs/SOpntgW
 nq4rmXRK1lnlGorTyeiOqvljOmZtxw015h2wO+5bS72WPU6BvibVPJO0Hqddr2vCNUz/
 6G4n9W/rl+W3lQVq+J4ENRxH8K4cfFyOdBwDMXkdqYAlkwUSlFNuKxdd9cD/9E5Wop5S
 JRRi6EDU0mZaa3PSYrLg+1Qbq0pYvzfsoPKv5QqPeblHNaMSWGSPv6uN9Wr56yVhuSNr
 FEVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=SXgur8t6S9WhBgCHUOW0FFpCb8+jW6JxKgxPmsJw/2E=;
 b=EPFRwsMT+chCGShmvBcZaJWH5fddHiyp8EStfLrCmEnf8ECruTUm+dRLRljzfIGTiI
 Y/dLBL9uiKGXyoM/CBHWuTLEq9zu5/8l/R/vm7qzAyVlp9rHm/+/Ma/vFyZjdM+0XDZM
 0goihkKAA36qY+tG1hCaxmqQRvs949NqpdF5YDALvfNhk4VMCvmxm12CuEZLx9+ACdQ2
 PS93HaxGau7gO3pOgHCGj7ArREVfHGRyuLq6r4BYH2mcH6kYnwvvbvwXqcUC2eddoM1T
 ni13sWfOdy9m/dFJfbp9U2FkKDrAO5I3VGPsH/2Lx4hSdN6g68KJ7zxwPR/0Fb8wFx+6
 UImg==
X-Gm-Message-State: AOAM530pTpZz9Z0OgHvZyw3K69e+qS/ji9XdptmWho6jCVDoguNP+2kp
 vsdwkmx66AAmXKYoEE7Bc7eGDRq1QpietuvSrqc0PMhW6Bbo+A==
X-Google-Smtp-Source: ABdhPJzK7/t8bCZtw6LCdrV2rTaUz1j36ZtyP891IRjUMJ9bsNEyrpI26VgfPNmldv00r5ENhkiByN/jf5DE+U7LX8w=
X-Received: by 2002:ad4:5ca4:0:b0:45a:76f5:dd69 with SMTP id
 q4-20020ad45ca4000000b0045a76f5dd69mr24069360qvh.131.1652298087660; Wed, 11
 May 2022 12:41:27 -0700 (PDT)
MIME-Version: 1.0
References: <161946014-482cdec305e2bd7a2c3fc4774c70239d@pmq1v.m5r2.onet>
 <M80pb4TxcE1yCMCW4IboyTtx8MSvp8m9tphXe2EYvIvcrcf2Wzsn4ManJw8EP_ri-ohqtIOPrEaw7XkUcTO3lfVSLN4WMUwpromwzLm15Kc=@protonmail.com>
In-Reply-To: <M80pb4TxcE1yCMCW4IboyTtx8MSvp8m9tphXe2EYvIvcrcf2Wzsn4ManJw8EP_ri-ohqtIOPrEaw7XkUcTO3lfVSLN4WMUwpromwzLm15Kc=@protonmail.com>
From: "Russell O'Connor" <roconnor@blockstream.com>
Date: Wed, 11 May 2022 15:41:16 -0400
Message-ID: <CAMZUoKnzjcYDM-mOhT00P7YO18YmjxRkYsfO6QFtYFn0mEtLQw@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000094100a05dec1a09d"
Subject: Re: [bitcoin-dev] Speedy covenants (OP_CAT2)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 19:41:30 -0000

--00000000000094100a05dec1a09d
Content-Type: text/plain; charset="UTF-8"

On Wed, May 11, 2022 at 7:42 AM ZmnSCPxj via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> REMEMBER: `OP_CAT` BY ITSELF DOES NOT ENABLE COVENANTS, WHETHER RECURSIVE
> OR NOT.
>

I think the state of the art has advanced to the point where we can say
"OP_CAT in tapscript enables non recursive covenants and it is unknown
whether OP_CAT can enable recursive covenants or not".

A. Poelstra in
https://www.wpsoftware.net/andrew/blog/cat-and-schnorr-tricks-i.html show
how to use CAT to use the schnorr verification opcode to get the sighash
value + 1 onto the stack, and then through some grinding and some more CAT,
get the actual sighash value on the stack.  From there we can use SHA256 to
get the signed transaction data onto the stack and apply introspect (using
CAT) to build functionality similar to OP_CTV.

The missing bits for enabling recursive covenants comes down to needing to
transform a scriptpubkey into an taproot address, which involves some
tweaking.  Poelstra has suggested that it might be possible to hijack the
ECDSA checksig operation from a parallel, legacy input, in order to perform
the calculations for this tweaking.  But as far as I know no one has yet
been able to achieve this feat.

--00000000000094100a05dec1a09d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_quote"><div>On Wed, May 11, 2022 at 7:=
42 AM ZmnSCPxj via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linu=
xfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote: <br><=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex">
REMEMBER: `OP_CAT` BY ITSELF DOES NOT ENABLE COVENANTS, WHETHER RECURSIVE O=
R NOT.<br></blockquote><div><br></div><div>I think the state of the art has=
 advanced to the point where we can say &quot;OP_CAT in tapscript enables n=
on recursive covenants and it is unknown whether OP_CAT can enable recursiv=
e covenants or not&quot;.<br></div><div><br></div><div>A. Poelstra in <a hr=
ef=3D"https://www.wpsoftware.net/andrew/blog/cat-and-schnorr-tricks-i.html"=
>https://www.wpsoftware.net/andrew/blog/cat-and-schnorr-tricks-i.html</a> s=
how how to use CAT to use the schnorr verification opcode to get the sighas=
h value + 1 onto the stack, and then through some grinding and some more CA=
T, get the actual sighash value on the stack.=C2=A0 From there we can use S=
HA256 to get the signed transaction data onto the stack and apply introspec=
t (using CAT) to build functionality similar to OP_CTV.<br></div><div><br><=
/div><div>The missing bits for enabling recursive covenants comes down to n=
eeding to transform a scriptpubkey into an taproot address, which involves =
some tweaking.=C2=A0 Poelstra has suggested that it might be possible to hi=
jack the ECDSA checksig operation from a parallel, legacy input, in order t=
o perform the calculations for this tweaking.=C2=A0 But as far as I know no=
 one has yet been able to achieve this feat.</div><div><br></div><div><br><=
/div></div></div>

--00000000000094100a05dec1a09d--