Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B87258E3 for ; Fri, 8 Sep 2017 09:49:53 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 19DEA8A for ; Fri, 8 Sep 2017 09:49:52 +0000 (UTC) Received: from [10.7.52.189] (ip-123-255-103-154.wlan.cuhk.edu.hk [123.255.103.154]) by mx.zohomail.com with SMTPS id 1504864190564368.34441902007325; Fri, 8 Sep 2017 02:49:50 -0700 (PDT) From: Johnson Lau Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <7009A9E5-BC68-4830-991B-36C3837618D6@xbt.hk> Date: Fri, 8 Sep 2017 17:49:46 +0800 To: bitcoin-dev X-Mailer: Apple Mail (2.3273) X-ZohoMailClient: External X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] BIP114 Merklized Script update and 5 BIPs for new script functions X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 09:49:53 -0000 I have rewritten and simplified BIP114, and renamed it to =E2=80=9CMerkliz= ed Script=E2=80=9D, as a more accurate description after consulting the = original proposers of MAST. It could be considered as a special case of = MAST, but has basically the same functions and scaling properties of = MAST. Compared with Friedenbach=E2=80=99s latest tail-call execution semantics = proposal, I think the most notable difference is BIP114 focuses on = maintaining the static analysability, which was a reason of OP_EVAL = (BIP12) being rejected. Currently we could count the number of sigOp = without executing the script, and this remains true with BIP114. Since = sigOp is a block-level limit, any OP_EVAL-like operation means block = validity will depend on the precise outcome of script execution (instead = of just pass or fail), which is a layer violation. Link to the revised BIP114: = https://github.com/jl2012/bips/blob/vault/bip-0114.mediawiki On top of BIP114, new script functions are defined with 5 BIPs: VVV: Pay-to-witness-public-key: = https://github.com/jl2012/bips/blob/vault/bip-0VVV.mediawiki WWW: String and Bitwise Operations in Merklized Script Version 0: = https://github.com/jl2012/bips/blob/vault/bip-0WWW.mediawiki XXX: Numeric Operations in Merklized Script Version 0: = https://github.com/jl2012/bips/blob/vault/bip-0XXX.mediawiki YYY: ECDSA signature operations in Merklized Script Version 0: = https://github.com/jl2012/bips/blob/vault/bip-0YYY.mediawiki ZZZ: OP_PUSHTXDATA: = https://github.com/jl2012/bips/blob/vault/bip-0ZZZ.mediawiki As a summary, these BIPs have the following major features: 1. Merklized Script: a special case of MAST, allows users to hide = unexecuted branches in their scripts (BIP114) 2. Delegation: key holder(s) may delegate the right of spending to other = keys (scripts), with or without additional conditions such as locktime. = (BIP114, VVV) 3. Enabling all OP codes disabled by Satoshi (based on Elements project = with modification. BIPWWW and XXX) 4. New SIGHASH definition with very high flexibility (BIPYYY) 5. Covenant (BIPZZZ) 6. OP_CHECKSIGFROMSTACK, modified from Elements project (BIPYYY) 7. Replace ~72 byte DER sig with fixed size 64 byte compact sig. = (BIPYYY) All of these features are modular and no need to be deployed at once. = The very basic BIP114 (merklized script only, no delegation) could be = done quite easily. BIP114 has its own versioning system which makes = introducing new functions very easy. Things I=E2=80=99d like to have: 1. BIP114 now uses SHA256, but I=E2=80=99m open to other hash design 2. Using Schnorr or similar signature scheme, instead of ECDSA, in = BIPYYY. Reference implementation: = https://github.com/jl2012/bitcoin/commits/vault=