1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
Return-Path: <mark@friedenbach.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id A6D44C87
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Sep 2017 19:29:22 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pg0-f42.google.com (mail-pg0-f42.google.com [74.125.83.42])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DF8164C3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Sep 2017 19:29:20 +0000 (UTC)
Received: by mail-pg0-f42.google.com with SMTP id k193so2222049pgc.8
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Sep 2017 12:29:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=friedenbach-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=ZFnKcKeD6kpy1vkKlJ5NdBlDHdgv85Jtl/6guABWqdg=;
b=Mi+5CmmkGimM62m2Xpd/6O+3IYoFeiG8eEnrzHPbsAef+NbD/aJr4FW1TChBAXcGLP
NWofC9itPcUCGdIwlOn101egD5Y5W3G3gdVeip4eXsJn/xBS5/g5OxYvyBW2hkpKfSnI
i5uxsp7MS9xSJxzNLfmcVo+ge9zWQJS1LXNkv4PwRGC8Rk415alrI8JIL5vMIG0NUzf6
F1YhJs9/Vy9Q/G+z8SZP2lLEyXb90lwImUOCNlkAkdtGJFOcIXThAKumOT80ZCshoq4u
0gZbMyOZso5y4t8ykqWAC4isUqw5mgTYVL+PqcOzTnpQ8TWzC7FOS+hOqJIx2GJMXBQl
j0Tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=ZFnKcKeD6kpy1vkKlJ5NdBlDHdgv85Jtl/6guABWqdg=;
b=uHmRby7HUnBH+GsUuUGK5SNG7jzWrC6u8WUoY907rn4BWRLogpH2yPGO+LMB0K2k+Y
JFmLzdWU4/9FH2W6DRyBcW24wtWW3ZrSVUsAMzSYFqTvM000gVvTYNfnOJECDYkTvulW
/toqcYzt0FoKDRanBKfvJM2/EhwSo9nxctZKTyCcu6446PJZw1u0+uhnnKxrYu9iOdhI
T9RWrYM7FIPpP0srW28qA0ZOKLX0/K0YOVzZchMj8lFCbYGgVW5aroIZXIuul8RKDgR9
UEGDquCbQlxC0t9wkSmqC/jvMpx07C0t84ExQgEOfV5LgBTeG7TDMSahxsVG4O4MnfJc
iJaw==
X-Gm-Message-State: AHPjjUjNc4R9SONlqoCgICE73yDjbc3n34rgAPIZlo24IhO4awhPBKlm
9uzoXItGPJDx+/m+n5TPaUnUMF1qSmM=
X-Google-Smtp-Source: AOwi7QBV83bUqcjwXj9IXKJLGLAAWUcLoYZ9z1nJ6anFR2JjH+FWJ16PNd3cTzwOMezEJJLlqUQb7g==
X-Received: by 10.99.115.28 with SMTP id o28mr3258064pgc.374.1505935760327;
Wed, 20 Sep 2017 12:29:20 -0700 (PDT)
Received: from ?IPv6:2601:647:4600:9c66:ad56:e3e4:8af6:2572?
([2601:647:4600:9c66:ad56:e3e4:8af6:2572])
by smtp.gmail.com with ESMTPSA id 89sm9292476pfn.75.2017.09.20.12.29.18
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 20 Sep 2017 12:29:18 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Friedenbach <mark@friedenbach.org>
In-Reply-To: <B8C5E7EF-9062-4431-9B63-06FF855B1D78@xbt.hk>
Date: Wed, 20 Sep 2017 12:29:17 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <34163C93-5F2C-4DC8-9FB2-7E28805C0184@friedenbach.org>
References: <5B6756D0-6BEF-4A01-BDB8-52C646916E29@friedenbach.org>
<C623794E-F061-4C7A-B05D-378798ED2BF7@friedenbach.org>
<201709190309.08669.luke@dashjr.org>
<B8C5E7EF-9062-4431-9B63-06FF855B1D78@xbt.hk>
To: Johnson Lau <jl2012@xbt.hk>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 20 Sep 2017 22:54:58 +0000
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] cleanstack alt stack & softfork improvements
(Was: Merkle branch verification & tail-call semantics for generalized
MAST)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2017 19:29:22 -0000
> On Sep 19, 2017, at 10:13 PM, Johnson Lau <jl2012@xbt.hk> wrote:
>=20
> If we don=E2=80=99t want this ugliness, we could use a new script =
version for every new op code we add. In the new BIP114 (see link =
above), I suggest to move the script version to the witness, which is =
cheaper.
To be clear, I don=E2=80=99t think it is so much that the version should =
be moved to the witness, but rather that there are two separate version =
values here =E2=80=94 one in the scriptPubKey which specifies the format =
and structure of the segwit commitment itself, and another in the =
witness which gates functionality in script or whatever else is used by =
that witness type. Segwit just unfortunately didn=E2=80=99t include the =
latter, an oversight that should be corrected on the on the next upgrade =
opportunity.
The address-visible =E2=80=9Cscript version=E2=80=9D field should =
probably be renamed =E2=80=9Cwitness type=E2=80=9D as it will only be =
used in the future to encode how to check the witness commitment in the =
scriptPubKey against the data provided in the witness. Upgrades and =
improvements to the features supported by those witness types won=E2=80=99=
t require new top-level witness types to be defined. Defining a new =
opcode, even one with modifies the stack, doesn=E2=80=99t change the =
hashing scheme used by the witness type.
v0,32-bytes is presently defined to calculate the double-SHA256 hash of =
the top-most serialized item on the stack, and compare that against the =
32-byte commitment value. Arguably it probably should have hashed the =
top two values, one of which would have been the real script version. =
This could be fixed however, even without introducing a new witness =
type. Do a soft-fork upgrade that checks if the witness redeem script is =
push-only, and if so then pop the last push off as the script version =
(>=3D 1), and concatenate the rest to form the actual redeem script. We =
inherit a little technical debt from having to deal with push limits, =
but we avoid burning v0 in an upgrade to v1 that does little more than =
add a script version.
v1,32-bytes would then be used for a template version of MAST, or =
whatever other idea comes along that fundamentally changes the way the =
witness commitment is calculated.
Mark=
|
