Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 198A4CD3 for ; Tue, 25 Jun 2019 17:05:53 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io1-f41.google.com (mail-io1-f41.google.com [209.85.166.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1C883710 for ; Tue, 25 Jun 2019 17:05:52 +0000 (UTC) Received: by mail-io1-f41.google.com with SMTP id s7so4812580iob.11 for ; Tue, 25 Jun 2019 10:05:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blockstream.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1y+AxgmBulCI1hkaWGtjO5SVe1PHAEVoC12E5acwWAc=; b=xa3/4qunF/tmDcqHsD6CSb5CwsArOKxzRlEGYKz/BPqMBly65ZCx+8FHZF5IpEz1ld uE4nfz2BKsk9PWr36NhwRimt+5EJT5+2dYjavEb1SHOg6hzthhPR/REnTjR2ixFw8IFG JrypOh1Ohg4XhajLlGaBkrRQRV440aAyf8pn8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1y+AxgmBulCI1hkaWGtjO5SVe1PHAEVoC12E5acwWAc=; b=m7o3eEVVZNMWVLUfaI7f6KAXrgiv39B0Mleyju94552POmqHseU0EHa/3hF8Syt+FL 8/w/hEBvyBSOOlojkfi3iHlTMkXCZT1541JuvgUABZ/2FHNjRtizxhLWqGUvNyRhhFht R+9R5W8PLyvBkVXaQ6cgc2JziumV86URTqvas7sq9PA8iswn8o9hYDxBCx7RxdHreO3l NIBK3oh8R34CuBKsVoIT+9zXevERvzZzhvhh++1pOvYtisqtgyhDM/dRxzvPbHQgr0ub GM/eoBwq05qsLrzB+qe3hN1LrdOvuON/6qxjWBT2FKioVsg2qXnVnug0OoisqTa1lisL YQ9Q== X-Gm-Message-State: APjAAAUOF7vFpkVtDnJK0OBDiQCqm4xkfktF7rWv6CKperQx+wcPr4PQ XMptG109UdoCY0CFZRImYq3V7zOPur95aBUF3s8qA15j5vw= X-Google-Smtp-Source: APXvYqwvdedrBLp5FK7cCjLxrg7pGmXraiwmJqeLrOTgqpbBcfeoA+stvYp2lB8nir77D9DwaznFVYYnoNi2A3DVNH0= X-Received: by 2002:a02:b90e:: with SMTP id v14mr104962353jan.122.1561482351248; Tue, 25 Jun 2019 10:05:51 -0700 (PDT) MIME-Version: 1.0 References: <20190605093039.xfo7lcylqkhsfncv@erisian.com.au> In-Reply-To: From: "Russell O'Connor" Date: Tue, 25 Jun 2019 13:05:39 -0400 Message-ID: To: Jeremy Content-Type: multipart/alternative; boundary="000000000000deb3fc058c28f09d" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 25 Jun 2019 17:26:58 +0000 Cc: Bitcoin development mailing list Subject: Re: [bitcoin-dev] OP_SECURETHEBAG (supersedes OP_CHECKOUTPUTSVERIFY) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jun 2019 17:05:53 -0000 --000000000000deb3fc058c28f09d Content-Type: text/plain; charset="UTF-8" Bitcoin Core is somewhat outside my core competence, but the various OP_PUSHDATA are already multi-byte opcodes and GetOp already has a data return parameter that is suitable for returning the payload of an immediate 32-byte data variant of OP_SECURETHEBAG. All that I expect is needed is to ensure that nowhere else is using a non-empty data-field as a proxy for a non-empty push operation and fixing any such occurrences if they exist. (AFAIKT there are only a handful of calls to GetOp). It is probably worth updating the tapscript implementation to better prepare it for new uses of OP_SUCCESSx. Parsing should halt when an OP_SUCCESSx is encountered, by having GetScriptOp advance the pc to end after encountering such a code (decoding Script is no longer meaningful after an OP_SUCCESS is encountered). However, that means that GetScriptOp needs to know what version of script it is expected to be parsing. This could be done by sending down some versioning flags, possibly by adding a versioning field to CScript that can be initialized @ https://github.com/sipa/bitcoin/blob/7ddc7027b2cbdd11416809400c588e585a8b44ed/src/script/interpreter.cpp#L1679 or some other mechanism (and at the same time perhaps having GetSigOpCount return 0 for tapscript, since counting sigops is not really meaningful in tapscript). There are probably other reasonable approaches too (e.g your option 2 below). I could write some code to illustrate what I'm thinking if you feel that would be helpful and I do think such changes around OP_SUCCESS should be implemented regardless of whether we move forward with OP_SECURETHEBAG or not. It is probably worth doing this properly the first time around if we are going to do it at all. P.S. OP_RESERVED1 has been renamed to OP_SUCCESS137 in bip-tapscript. > > On Mon, Jun 24, 2019 at 6:47 PM Jeremy wrote: > I agree in principal, but I think that's just a bit of 'how things are' > versus how they should be. > > I disagree that we get composability semantics because of OP_IF. E.g., the > script "OP_IF .... " and "OP_END" are two scripts that separately are > invalid as parsed, but together are valid. OP_IF already imposes some > lookahead functionality... but as I understand it, it may be feasible to > get rid of OP_IF for tapscripts anyways. Also in this bucket are P2SH and > segwit, which I think breaks this because the concat of two p2sh scripts or > segwit scripts is not the same as them severally. > > I also think that the OP_SECURETHEBAG use of pushdata is a backwards > compatible hack: we can always later redefine the parser to parse > OP_SECURETHEBAG as the 34 byte opcode, recapturing the purity of the > semantics. We can also fix it to not use an extra byte in a future tapleaf > version. > > In any case, I don't disagree with figuring out what patching the parser > to handle multibyte opcodes would look like. If that sort of upgrade-path > were readily available when I wrote this, it's how I would have done it. > There are two approaches I looked at mostly: > > 1) Adding flags to GetOp to change how it parses > a) Most of the same code paths used for new and old script > b) Higher risk of breaking something in old script style/downstream > c) Cleans up only one issue (multibyte opcodes) leaves other warts in > place > d) less bikesheddable design (mostly same as old script) > e) code not increased in size > 2) Adding a completely new interpreter for Tapscript > a) Fork the existing interpreter code > b) For all places where scripts are run, switch based on if it is > tapscript or not > c) Can clean up various semantics, can even do fancier things like > huffman encode opcodes to less than a byte > d) Can clearly separate parsing the script from executing it > e) Can improve versioning techniques > f) Low risk of breaking something in old script style/downstream > g) Increases amount of code substantially > h) Bikesheddable design (everything is on the table). > i) probably a better general mechanism for future changes to script > parsing, less consensus risk > j) More compatible with templated script as well. > > If not clear, I think that 2 is probably a better approach, but I'm > worried that 2.h means this would take a much longer time to implement. > > 2 can be segmented into two components: > > 1) the architecture of script parser versioning > 2) the actual new script version > > I think that component 1 can be relatively non controversial, thankfully, > using tapleaf versions (the architecture question is more around code > structure). A proof of concept of this would be to have a fork that uses > two independent, but identical, script parsers. > > Part two of this plan would be to modify one of the versions > substantially. I'm not sure what exists on the laundry list, but I think it > would be possible to pick a few worthwhile cleanups. E.g.: > > 1) Multibyte opcodes > 2) Templated scripts > 3) Huffman Encoding opcodes > 4) OP_IF handling (maybe just get rid of it in favor of conditional Verify > semantics) > > And make it clear that because we can add future script versions fairly > easily, this is a sufficient step. > > > Does that seem in line with your understanding of how this might be done? > --000000000000deb3fc058c28f09d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Bitcoin Core is somewhat outside my core competence, = but the various OP_PUSHDATA are already multi-byte opcodes and GetOp alread= y has a data return parameter that is suitable for returning the payload of= an immediate 32-byte data variant of OP_SECURETHEBAG.=C2=A0 All that I exp= ect is needed is to ensure that nowhere else is using a non-empty data-fiel= d as a proxy for a non-empty push operation and fixing any such occurrences= if they exist.=C2=A0 (AFAIKT there are only a handful of calls to GetOp).<= /div>

It is probably worth updating the tapscript implem= entation to better prepare it for new uses of OP_SUCCESSx.=C2=A0 Parsing sh= ould halt when an OP_SUCCESSx is encountered, by having GetScriptOp advance the pc to e= nd after encountering such a code (decoding Script is no longer meaningful = after an OP_SUCCESS is encountered).=C2=A0 However, that means that GetScriptOp needs t= o know what version of script it is expected to be parsing.=C2=A0 This coul= d be done by sending down some versioning flags, possibly by adding a versi= oning field to CScript that can be initialized=C2=A0@ https://github.com/sipa/bitcoin/blob/7ddc7027b2c= bdd11416809400c588e585a8b44ed/src/script/interpreter.cpp#L1679 or some = other mechanism (and at the same time perhaps having GetSigOpCount return 0= for tapscript, since counting sigops is not really meaningful in tapscript= ). There are probably other reasonable approaches too (e.g your option 2 be= low).=C2=A0 I could write some code to illustrate what I'm thinking if = you feel that would be helpful and I do think such changes around OP_SUCCES= S should be implemented regardless of whether we move forward with OP_SECUR= ETHEBAG or not.

It is probably worth doing thi= s properly the first time around if we are going to do it at all.
=

P.S. OP_RES= ERVED1 has been renamed to OP_SUCCESS137 in bip-tapscript.
=C2=A0

On Mon, Jun 24, 2019 at 6:47 PM Jeremy <jlrubin@mit.edu> wrote:
I agre= e in principal, but I think that's just a bit of 'how things are= 9; versus how they should be.

I = disagree that we get composability semantics because of OP_IF. E.g., the sc= ript "OP_IF .... " and "OP_END" are two scripts that se= parately are invalid as parsed, but together are valid. OP_IF already impos= es some lookahead functionality... but as I understand it, it may be feasib= le to get rid of OP_IF for tapscripts anyways. Also in this bucket are P2SH= and segwit, which I think breaks this because the concat of two p2sh scrip= ts or segwit scripts is not the same as them severally.

I also think that the OP_SECURETHEBAG use of pushda= ta is a backwards compatible hack: we can always later redefine the parser = to parse OP_SECURETHEBAG as the 34 byte opcode, recapturing the purity of t= he semantics. We can also fix it to not use an extra byte in a future taple= af version.

In any case, I don't disagree with figuring out= what patching the parser to handle multibyte opcodes would look like. If t= hat sort of upgrade-path were readily available when I wrote this, it's= how I would have done it. There are two approaches I looked at mostly:
=

1) Adding flags to GetOp to change = how it parses
=C2=A0 a) Most of the same code paths used f= or new and old script
=C2=A0 b) Higher risk of breaking so= mething in old script style/downstream
=C2=A0 c) Cleans up= only one issue (multibyte opcodes) leaves other warts in place
=C2=A0 d) less bikesheddable design (mostly same as old script)
=
=C2=A0 e) code not increased in size
2) Ad= ding a completely new interpreter for Tapscript
=C2=A0 a) = Fork the existing interpreter code
=C2=A0 b) For all place= s where scripts are run, switch based on if it is tapscript or not
=C2=A0 c) Can clean up various semantics, can even do fancier thin= gs like huffman encode opcodes to less than a byte
=C2=A0 = d) Can clearly separate parsing the script from executing it
=C2=A0 e) Can improve versioning techniques
=C2=A0 f) L= ow risk of breaking something in old script style/downstream
=C2=A0 g) Increases amount of code substantially
=C2=A0= h) Bikesheddable design (everything is on the table).
=C2= =A0 i) probably a better general mechanism for future changes to script par= sing, less consensus risk
=C2=A0 j) More compatible with t= emplated script as well.

If not clea= r, I think that 2 is probably a better approach, but I'm worried that 2= .h means this would take a much longer time to implement.

2 can be segmented into two components:

1) the architecture of script parser versioning=
2) the actual new script version

I think that component 1 can be relatively non controversial= , thankfully, using tapleaf versions (the architecture question is more aro= und code structure). A proof of concept of this would be to have a fork tha= t uses two independent, but identical, script parsers.

Part two of this plan would be to modify one of the= versions substantially. I'm not sure what exists on the laundry list, = but I think it would be possible to pick a few worthwhile cleanups. E.g.:

1) Multibyte opcodes
2) Templated scripts
3) Huffman Encoding opcodes<= br>
4) OP_IF handling (maybe just get rid of it in favor o= f conditional Verify semantics)

And make it clear that because we can add future script versions fairly e= asily, this is a sufficient step.

Does that seem in line with your understanding of how t= his might be done?
--000000000000deb3fc058c28f09d--