Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9F93DC0032 for ; Mon, 13 Mar 2023 20:55:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 661E34045C for ; Mon, 13 Mar 2023 20:55:06 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 661E34045C Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key) header.d=dashjr.org header.i=@dashjr.org header.a=rsa-sha256 header.s=zinan header.b=QwH1Afb3 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjzQj-3108Yb for ; Mon, 13 Mar 2023 20:55:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D74C44039D Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp2.osuosl.org (Postfix) with ESMTP id D74C44039D for ; Mon, 13 Mar 2023 20:55:04 +0000 (UTC) Received: from [192.168.77.250] (unknown [12.151.133.18]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 2C7E438AF4E0; Mon, 13 Mar 2023 20:55:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dashjr.org; s=zinan; t=1678740902; bh=SfyVxN7MbWgVR+n0DmY/4Nfl/9dekqtJ50QpRBRREd0=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=QwH1Afb3HmLQE23thforrX8wkBc0OJ+o1uizEDm++fSDDCpm8S6QUSWqPZG0NX81k l2Ip7RJNjEZEAetDWBPSLiDBVw4hI9SzQcP2BUm+zlysvCjT74ggKkGz2ErltJTFaY qtmk/WZ+kFaggzw+En8E972Xt8fF7MucqFKwrVns= Content-Type: multipart/alternative; boundary="------------gZxeyNDegAhbhfEoZY14Udsb" Message-ID: Date: Mon, 13 Mar 2023 16:55:00 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US To: Greg Sanders , Bitcoin Protocol Discussion References: <4652dbe8-6647-20f2-358e-be0ef2e52c47@dashjr.org> From: Luke Dashjr In-Reply-To: Subject: Re: [bitcoin-dev] BIP for OP_VAULT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2023 20:55:06 -0000 This is a multi-part message in MIME format. --------------gZxeyNDegAhbhfEoZY14Udsb Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit In ordinary use cases, you wouldn't clawback; that would only be in the extreme case of the wallet being compromised. So typical usage would just be receive -> send, like wallets currently do. Luke On 3/13/23 10:56, Greg Sanders wrote: > Didn't finish sentence: but in practice would end up with pretty > similar usage flows imho, and as noted in PR, would take a different > wallet paradigm, > among other technical challenges. > > On Mon, Mar 13, 2023 at 10:55 AM Greg Sanders > wrote: > > Hi Luke, > > Can you elaborate why the current idealized functionality of > deposit -> trigger -> withdrawal is too complicated for > everyday use but the above deposit -> withdrawal -> > resolve(claim/clawback)  wouldn't be? I admit at a high level > it's a fine paradigm, but in practice would end > > Let's ignore implementation for the discussion, since that's in flux. > > Cheers, > Greg > > On Sat, Mar 11, 2023 at 3:53 PM Luke Dashjr via bitcoin-dev > wrote: > > I started reviewing the BIP, but stopped part way through, as > it seems > to have a number of conceptual issues. > > I left several comments on the PR > (https://github.com/bitcoin/bips/pull/1421#pullrequestreview-1335925575), > > but ultimately I think it isn't simplified enough for > day-to-day use, > and would harm privacy quite a bit. > > Instead, I would suggest a new approach where: > > 1) Joe receives funds with a taproot output like normal. > 2) Joe sends funds to Fred, but Fred cannot spend them until N > blocks > later (covenant-enforced relative locktime). Ideally, this should > use/support a taproot keypath spend somehow. It would be nice > to blind > the particular relative locktime somehow too, but that may be > too expensive. > 2b) If Joe's funds were stolen, Joe can spend Fred's UTXO > within the N > block window to a recovery output. > > Unfortunately, the implementation details for this kind of > setup are > non-obvious and will likely require yet another address format > (or at > least recipient-wallet changes), but certainly seems within > the scope of > possibility. > > Thoughts? > > Luke > > > On 2/13/23 16:09, James O'Beirne via bitcoin-dev wrote: > > Since the last related correspondence on this list [0], a > number of > > improvements have been made to the OP_VAULT draft [1]: > > > > * There is no longer a hard dependence on package > relay/ephemeral > >   anchors for fee management. When using "authorized > recovery," all > >   vault-related transactions can be bundled with unrelated > inputs and > >   outputs, facilitating fee management that is self > contained to the > >   transaction. Consequently, the contents of this proposal > are in theory > >   usable today. > > > > * Specific output locations are no longer hardcoded in any > of the > >   transaction validation algorithms. This means that the > proposal is now > >   compatible with future changes like SIGHASH_GROUP, and > >   transaction shapes for vault operations are more flexible. > > > > --- > > > > I've written a BIP that fully describes the proposal here: > > > > > https://github.com/jamesob/bips/blob/jamesob-23-02-opvault/bip-vaults.mediawiki > > > > The corresponding PR is here: > > > > https://github.com/bitcoin/bips/pull/1421 > > > > My next steps will be to try for a merge to the inquisition > repo. > > > > Thanks to everyone who has participated so far, but > especially to AJ and > > Greg for all the advice. > > > > James > > > > [0]: > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021318.html > > [1]: https://github.com/bitcoin/bitcoin/pull/26857 > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --------------gZxeyNDegAhbhfEoZY14Udsb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

In ordinary use cases, you wouldn't clawback; that would only be in the extreme case of the wallet being compromised. So typical usage would just be receive -> send, like wallets currently do.

Luke


On 3/13/23 10:56, Greg Sanders wrote:
Didn't finish sentence: but in practice would end up with pretty similar usage flows imho, and as noted in PR, would take a different wallet paradigm,
among other technical challenges.

On Mon, Mar 13, 2023 at 10:55 AM Greg Sanders <gsanders87@gmail.com> wrote:
Hi Luke,

Can you elaborate why the current idealized functionality of deposit -> trigger -> withdrawal is too complicated for
everyday use but the above deposit -> withdrawal -> resolve(claim/clawback)  wouldn't be? I admit at a high level
it's a fine paradigm, but in practice would end 

Let's ignore implementation for the discussion, since that's in flux.

Cheers,
Greg

On Sat, Mar 11, 2023 at 3:53 PM Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
I started reviewing the BIP, but stopped part way through, as it seems
to have a number of conceptual issues.

I left several comments on the PR
(https://github.com/bitcoin/bips/pull/1421#pullrequestreview-1335925575),
but ultimately I think it isn't simplified enough for day-to-day use,
and would harm privacy quite a bit.

Instead, I would suggest a new approach where:

1) Joe receives funds with a taproot output like normal.
2) Joe sends funds to Fred, but Fred cannot spend them until N blocks
later (covenant-enforced relative locktime). Ideally, this should
use/support a taproot keypath spend somehow. It would be nice to blind
the particular relative locktime somehow too, but that may be too expensive.
2b) If Joe's funds were stolen, Joe can spend Fred's UTXO within the N
block window to a recovery output.

Unfortunately, the implementation details for this kind of setup are
non-obvious and will likely require yet another address format (or at
least recipient-wallet changes), but certainly seems within the scope of
possibility.

Thoughts?

Luke


On 2/13/23 16:09, James O'Beirne via bitcoin-dev wrote:
> Since the last related correspondence on this list [0], a number of
> improvements have been made to the OP_VAULT draft [1]:
>
> * There is no longer a hard dependence on package relay/ephemeral
>   anchors for fee management. When using "authorized recovery," all
>   vault-related transactions can be bundled with unrelated inputs and
>   outputs, facilitating fee management that is self contained to the
>   transaction. Consequently, the contents of this proposal are in theory
>   usable today.
>
> * Specific output locations are no longer hardcoded in any of the
>   transaction validation algorithms. This means that the proposal is now
>   compatible with future changes like SIGHASH_GROUP, and
>   transaction shapes for vault operations are more flexible.
>
> ---
>
> I've written a BIP that fully describes the proposal here:
>
> https://github.com/jamesob/bips/blob/jamesob-23-02-opvault/bip-vaults.mediawiki
>
> The corresponding PR is here:
>
> https://github.com/bitcoin/bips/pull/1421
>
> My next steps will be to try for a merge to the inquisition repo.
>
> Thanks to everyone who has participated so far, but especially to AJ and
> Greg for all the advice.
>
> James
>
> [0]:
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021318.html
> [1]: https://github.com/bitcoin/bitcoin/pull/26857
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--------------gZxeyNDegAhbhfEoZY14Udsb--