1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
Return-Path: <pieter.wuille@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 35BF4DA7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 9 Oct 2019 21:34:45 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com
[209.85.167.174])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B340714D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 9 Oct 2019 21:34:44 +0000 (UTC)
Received: by mail-oi1-f174.google.com with SMTP id t84so3068485oih.10
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 09 Oct 2019 14:34:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=owpB/5yp6LDi4TejLkHeKHPT095xfgvDiQOhf0eOcGo=;
b=KzZkp5baIt8ms1UcdIhXLcmx6FHrOI5rom2bdgIr/Am47psNVavo6xBXzJIspGwkhP
bPHhym2kyMX5rNUwDJtU//rxZdXRap5Qev+vc915j+z+XYZjSlYNeTpX1dzszJ+Jr9ST
t8HBzgxyw/nMpwOvc1uHfcr3mOa6J/BT7K1+ToIxygHsB4Z0tgBnJvs2Iwcqv9ZEOw5J
8UhZgW2HCpl6wFF2J5fLKLZGgAyyOwnu2mCGsjFWUOB0y3uTNvgTfrtNpDrg8CZZgVtR
2UWsdkvmeWcvnU2Y3Gn2CjzLwGakLESjLJ6wu4ibItwI7tRA078lR7FPJatNwkCqVppb
2zOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=owpB/5yp6LDi4TejLkHeKHPT095xfgvDiQOhf0eOcGo=;
b=bwqwEOt9eut2cyjj9fQOpAA5qvUe6jRSCZncreyUvI/QpJ7J4qiofvzDbNRZl0/cdU
H1wOLJ8WpajMZevEIvqjriswO8hpcD80PCWTCALP3Ptqi2ZLkGwuaWsqv3rlT5Uqzm94
eYuH1GFQ8Z1D2uxnAKPJCQGBnyREHU4ZcJs2PnRVYGgssnOMrBtZuQ8eNNrSnPDO5hiZ
Cpy727FkFk6VY7pKdfpUoJPOW68K8gbHHYqC/qeQDZo7ftOTSRcTQhg+5IV0b69sPytm
Yza0RJp8G6iWVJXYtyJF3eiAnsYWPv5PNfKfP4a5jdZv9YEE7YGTfLEy9iskOnXvJ5zX
lQMg==
X-Gm-Message-State: APjAAAWjo9HWrRAuw6FESFnjQsHeVmeSE4+F1ooqugqI4XSBSKl7nGgv
VGjz+dPS5dTtrieDcCgVuSfBoTlWN4ZjojwlPPp5PbSm
X-Google-Smtp-Source: APXvYqyIoS8XGC0Jv22nNSCswMqoh01M+ob84pwIXUgUtXVBPq7be+cC9AzqsO4kddUyWhVxxwMv65AVz40H7d9gqP0=
X-Received: by 2002:aca:1c02:: with SMTP id c2mr4350366oic.73.1570656883580;
Wed, 09 Oct 2019 14:34:43 -0700 (PDT)
MIME-Version: 1.0
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Wed, 9 Oct 2019 14:34:32 -0700
Message-ID: <CAPg+sBi9CYyz7O3ToEvoDwEbykUZAW2A-jwuR0aAA769Pb0=tA@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DOS_RCVD_IP_TWICE_B, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] Taproot updates
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 21:34:45 -0000
Hi all,
I wanted to give an update on some of the changes we've made to the
bip-schnorr/taproot/tapscript drafts following discussions on this
list:
* The original post:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-May/016914.html
and follow-ups
* Using 2 or 4 byte indexes:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-June/017046.html
* 32-byte public keys:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017247.html
* Resource limits:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-September/017306.html
* P2SH support or not:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-September/017297.html).
We've made the following semantical changes to the proposal:
* 32-byte public keys everywhere instead of 33-byte ones: dropping one
byte that provably does not contribute to security, while remaining
compatible with existing BIP32 and other key generation algorithms.
* No more P2SH support: more efficient chain usage, no gratuitous
fungibility loss from having 2 versions, no mode limited to 80-bit
security for non-interactive multiuser constructs; however senders
will need bech32 support to send to Taproot outputs.
* 32-bit txin position and codesep position indexes instead of 16-bits ones.
* Tagged hashes also in bip-schnorr: the signature and nonce
generation now also use tagged hashes, rather than direct SHA256
(previously tagged hashes were only used in bip-taproot and
bip-tapscript)
* Dropping the 10000 byte script limit and 201 non-push opcode limit:
as no operations remain whose validation performance depends on the
size of scripts or number of executed opcodes, these limits serve no
purpose, but complicate creation of Scripts.
* Increased the limit on the depth of Merkle trees from 32 to 128: a
limit of 32 would necessitate suboptimal trees in some cases, but more
than 128 levels are only necessary when dealing with leaves that have
a chance of ~1/2^128 of being executed, which our security level
treats as impossible anyway.
See the updated documents:
* https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
* https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki
* https://github.com/sipa/bips/blob/bip-schnorr/bip-tapscript.mediawiki
In addition, a lot of clarifications and rationales were added. The
reference implementation on
https://github.com/sipa/bitcoin/commits/taproot was also updated to
reflect these changes, has a cleaner commit history now, and improved
tests (though those can still use a lot of work).
Cheers,
--
Pieter
|
