Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 550EDAB2 for ; Mon, 24 Dec 2018 21:24:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from sender-of-o51.zoho.com (sender-of-o51.zoho.com [135.84.80.216]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A6FE6710 for ; Mon, 24 Dec 2018 21:24:04 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; t=1545686632; cv=none; d=zoho.com; s=zohoarc; b=IVeRANVvFaXXt7YTX7d75LGgb1sITyiVC9Kl7CddOkjLe4CR0M4tmupGjeYusauq/XRwwHR3xHZplQZUoVgqpyCQFsoQlwH0B+q3rCG21wQp6mL3lkPEdvRHF+2E7+4G68VwwM6/fU5ekckDuOn6YOBZ9FGolK+S2qmw7TMr68Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1545686632; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=IDlBmxphEdiTFXj+OkQI8iPjOV29XMkMwc2qgvvgHVU=; b=j257rFLYPj6Q5xcX2BOt/MvbbTeiCKSSje+pMTzYo56kNDyGfnrgaaO/4sbT8qksHwPKwD8fDVrGlCUoDV3YrchawhrfH6GDCyKUaEhKrzu5haT1vcJcOOTZfxXennOpXu/qeVEmdhKfhfSXVLUVhvDhMR4up+z0YtiFossgVKE= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=xbt.hk; spf=pass smtp.mailfrom=jl2012@xbt.hk; dmarc=pass header.from= header.from= Received: from [10.8.0.105] (n218103234118.netvigator.com [218.103.234.118]) by mx.zohomail.com with SMTPS id 1545686630525322.7577141590385; Mon, 24 Dec 2018 13:23:50 -0800 (PST) From: Johnson Lau Message-Id: <4CE7B999-F1C3-4E7F-BCED-E02C5D0BE4BB@xbt.hk> Content-Type: multipart/alternative; boundary="Apple-Mail=_BDB34EED-0A74-47E7-A74D-0CAE21F1746F" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Tue, 25 Dec 2018 05:23:44 +0800 In-Reply-To: <_gOQU8sPtEG5jisR7GskWPyvzLK1xixz8-v1YbRWlAXFq9YGPyMEj9Q-xZ6CYfwgiGeJR2Qlboq4UFU_y6pur1HBG_yRTIgngWqiENmJ1Bc=@protonmail.com> To: ZmnSCPxj References: <87ftv3xerx.fsf@rustcorp.com.au> <20181214093002.p2nvfrlaycqblww3@erisian.com.au> <87mup4hmq5.fsf@rustcorp.com.au> <2302A26C-FB9C-47D2-AF6C-4D2EF02FFAC0@xbt.hk> <87y38jn5z8.fsf@rustcorp.com.au> <73F32BC6-751E-4F35-BE6D-B31170FC0A54@xbt.hk> <20181223042659.munrqfe4l6nff2ug@erisian.com.au> <_gOQU8sPtEG5jisR7GskWPyvzLK1xixz8-v1YbRWlAXFq9YGPyMEj9Q-xZ6CYfwgiGeJR2Qlboq4UFU_y6pur1HBG_yRTIgngWqiENmJ1Bc=@protonmail.com> X-Mailer: Apple Mail (2.3445.100.39) X-ZohoMailClient: External X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 25 Dec 2018 04:22:45 +0000 Cc: bitcoin-dev Subject: Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2018 21:24:05 -0000 --Apple-Mail=_BDB34EED-0A74-47E7-A74D-0CAE21F1746F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I find another proposed use of CODESEPARATOR here: = https://lists.linuxfoundation.org/pipermail/lightning-dev/2016-March/00045= 5.html = OP_CHECKSIG OP_IF OP_ELSE OP_CSV OP_DROP OP_CODESEPARATOR OP_ENDIF OP_CHECKSIG It is actually 2 scripts: S1: OP_CHECKSIGVERIFY OP_CHECKSIG S2: OP_CSV OP_DROP OP_CHECKSIG Under taproot, we could make Q =3D P + H(P||S2)G, where P =3D = MuSig(KeyA, KeyB) S1 becomes a direct spending with Q, and there is no need to use OP_IF = or CODESEPARATOR in S2 at all. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D If it is only to force R reuse, there is no need to use CODESEPARATOR: Input: Script: 2DUP EQUAL NOT VERIFY 2 PICK SWAP CAT = DUP TOALTSTACK CHECKSIGVERIFY CAT FROMALTSTACK CHECKSIG But using CODESEPARATOR will save 3 bytes Input: Script: OVER SWAP CAT DUP TOALTSTACK = CHECKSIGVERIFY CODESEPARATOR SWAP CAT FROMALTSTACK CHECKSIG However, a much better way would be: Input: Script: SWAP CAT CHECKSIG The discrete log of R could be a shared secret between A and B. If the = purpose is to publish the private key to the whole world, R =3D G could = be used. > On 24 Dec 2018, at 8:01 PM, ZmnSCPxj wrote: >=20 > Good morning, >=20 >> Could anyone propose a better use case of CODESEPARATOR? >=20 > Long ago, aj sent an email on Lightning-dev about use of CODESEPARATOR = to impose Scriptless Script even without Schnorr. It involved 3 = signatures with different CODESEPARATOR places, and forced R reuse so = that the signatures to claim the funds revealed the privkey. >=20 > The script shown had all CODESEPARATOR in a single branch. >=20 > I cannot claim to understand the script, and am having difficulty = digging through the mailinglist >=20 > Regards, > ZmnSCPxj --Apple-Mail=_BDB34EED-0A74-47E7-A74D-0CAE21F1746F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I = find another proposed use of CODESEPARATOR here: https://lists.linuxfoundation.org/pipermail/lightning-dev/2016-= March/000455.html

<KeyA> OP_CHECKSIG
OP_IF
<KeyB>
OP_ELSE
<Delay> OP_CSV OP_DROP
OP_CODESEPARATOR <KeyA>
OP_ENDIF
OP_CHECKSIG
It is actually 2 scripts:

S1: <KeyA> OP_CHECKSIGVERIFY <KeyB> = OP_CHECKSIG
S2: <Delay> OP_CSV OP_DROP <KeyA> OP_CHECKSIG

Under taproot, we could make Q =3D P + = H(P||S2)G, where P =3D MuSig(KeyA, KeyB)

S1 becomes a direct spending with Q, = and there is no need to use OP_IF or CODESEPARATOR in S2 at = all.


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D

If = it is only to force R reuse, there is no need to use = CODESEPARATOR:

Input: <R> <S2>  <S1>  Script: = 2DUP EQUAL NOT VERIFY 2 PICK SWAP CAT <key> DUP TOALTSTACK = CHECKSIGVERIFY CAT FROMALTSTACK CHECKSIG

But using CODESEPARATOR will save 3 = bytes
Input: <S2> <R> <S1>   =  Script:  OVER SWAP CAT <key> DUP TOALTSTACK = CHECKSIGVERIFY CODESEPARATOR SWAP CAT FROMALTSTACK CHECKSIG

However, a much = better way would be:

Input: = <S> Script: <known R> SWAP CAT <key> = CHECKSIG

The discrete log of R could = be a shared secret between A and B. If the purpose is to publish the = private key to the whole world, R =3D G could be used.

On 24 = Dec 2018, at 8:01 PM, ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:

Good = morning,

Could anyone propose a better use case of CODESEPARATOR?

Long ago, aj sent an email on = Lightning-dev about use of CODESEPARATOR to impose Scriptless Script = even without Schnorr. It involved 3 signatures with different = CODESEPARATOR places, and forced R reuse so that the signatures to claim = the funds revealed the privkey.

The script = shown had all CODESEPARATOR in a single branch.

I cannot claim to understand the script, and am having = difficulty digging through the mailinglist

Regards,
ZmnSCPxj

= --Apple-Mail=_BDB34EED-0A74-47E7-A74D-0CAE21F1746F--