1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
|
Return-Path: <gsanders87@gmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 7F515C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 30 Apr 2022 11:15:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 6133C40103
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 30 Apr 2022 11:15:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0.127
X-Spam-Level:
X-Spam-Status: No, score=0.127 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.975,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Authentication-Results: smtp2.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id z3HU44pQ_SGf
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 30 Apr 2022 11:15:36 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com
[IPv6:2607:f8b0:4864:20::b32])
by smtp2.osuosl.org (Postfix) with ESMTPS id 45E1B40022
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 30 Apr 2022 11:15:36 +0000 (UTC)
Received: by mail-yb1-xb32.google.com with SMTP id v59so18565987ybi.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 30 Apr 2022 04:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=g6qLXtlg5rfxbhrJ05ClUs+4DTst0wkJrwT03O7wyN8=;
b=hn47i9dYSlZc/xIMxCASuX6XRmNgZ9ERxPRiocvXNcmH82X8nklUlWpVT7Sm1GV9o3
b71kSk8kKQmK7pXn/DFb7j8a2q5T/QkC4YngK84x4JPj8ujUeQ/OUoxyxN4SF53/R0cQ
AEOmcGw4nvdmRu6vFOZ8bezRYVIQ4YOEj3RyQt+gYRTXoofgkZqGXiS7pE9zAAuRhG9V
vmqbSsLTW6bcO68KX7VHwwlSn9lBxwGmV6fjoMJduemORZnLy+83UTbjxYBdZpOVbou5
rJYLd53q16WWN/HuXowawBxbbMikNchaUGMXAkVFzPG0Soxz4JaJay4P92UJ3QS2joXe
DMLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=g6qLXtlg5rfxbhrJ05ClUs+4DTst0wkJrwT03O7wyN8=;
b=HzAXWHGWlYx/ZDCYC58f8njYT9TjBlEkseEtTjXtVlA3PE/1/1SToy1k/YIzRYkeV9
SxYaCEC5xcpXmCVEBpAJKGgg+mSqdOVIuDS3o1ysOAPa4bf/PsC5pJCRc8rL6D7ywZES
+32m0Aqe7EfxUsgNvRCGKZJyOKPVMr+L8UZ2p8epkCL2jaf93a+CJwQ+qMilk4m92Zv8
VIwTJeibgD6iPOlXUCXMBrCqGwYKmcdfL4t2h8uOpnT2MXjsCV+EYZe/DseYgQTjV39X
o2Rdx4+jbkYxxfYIUczRNXYKLph3ShNmJVj4Yx3HG79BrpkWMEgL4AWZXUUDMM2fxCCT
iOHw==
X-Gm-Message-State: AOAM533KXRkFXUL36Le//Q+gTH0+phyYqtmNuJK5dTRyuF9LTmrRhFyG
JOolLnKV6NdeV7TEKI5zErGmUclIkvhM2/sz4Co=
X-Google-Smtp-Source: ABdhPJya7wyXmqnqBm80sY82tmpA7yKPJZpPh5D23Z2p6+/XZKoBmoG/mKBrrYD+L+xG4L0cbYGPljQe0H74shnnOtY=
X-Received: by 2002:a05:6902:708:b0:649:3c01:51d9 with SMTP id
k8-20020a056902070800b006493c0151d9mr3757150ybt.160.1651317334914; Sat, 30
Apr 2022 04:15:34 -0700 (PDT)
MIME-Version: 1.0
References: <p3P0m2_aNXd-4oYhFjCKJyI8zQXahmZed6bv7lnj9M9HbP9gMqMtJr-pP7XRAPs-rn_fJuGu1cv9ero5i8f0cvyZrMXYPzPx17CxJ2ZSvRk=@protonmail.com>
<CAGXD5f1KgDzY5sc-zknHYUSiSa7kWsXOHkg7kDakY3Kh5QtxTQ@mail.gmail.com>
In-Reply-To: <CAGXD5f1KgDzY5sc-zknHYUSiSa7kWsXOHkg7kDakY3Kh5QtxTQ@mail.gmail.com>
From: Greg Sanders <gsanders87@gmail.com>
Date: Sat, 30 Apr 2022 07:15:25 -0400
Message-ID: <CAB3F3DtJ0mGBfaRodBW17BOwGVfG3bO9zNjb1XqPCbs4Zq4D0w@mail.gmail.com>
To: Nadav Ivgi <nadav@shesek.info>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000028b8d705dddd473d"
Subject: Re: [bitcoin-dev] ANYPREVOUT in place of CTV
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Apr 2022 11:15:38 -0000
--00000000000028b8d705dddd473d
Content-Type: text/plain; charset="UTF-8"
The proposed use case for the ANYSCRIPT part of APOAS explicitly doesn't
commit to amount, so I'd also assume it not be re-added or at least be able
to be opened out.
On Sat, Apr 30, 2022, 4:47 AM Nadav Ivgi via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi darosior,
>
> It's interesting to note that APOAS|SINGLE (with the ANYONECANPAY
> behaviour and without covering the spent input index) has some interesting
> uses for cases where the covenant only needs to restrict a single output
> (so useful for e.g. vaults or spacechains, but not for batch channels or
> congestion control).
>
> For example in the vault use-case, it makes it possible to bump fees on
> the unvault tx by adding more inputs and a change output, as well as
> unvault multiple vaulted outputs in a single transaction.
>
> For spacechains, it makes it possible to add the spaceblock hash OP_RETURN
> and pay fees directly in the tx chain, instead of having to use an
> additional tx to prepare an output that gets spent in the tx chain (see
> the diagram in [0]).
>
> > via `sha_sequences` and maybe also `sha_amounts`
>
> CTV does not commit to the input amounts. This has some practical
> implications:
>
> 1. If it is committed, sending an even slightly incorrect amount will make
> the covenant-encumbered spend path unusable.
>
> With CTV, sending a slightly lower amount results in slightly lower fees,
> while any extra gets spent/burned on fees. The covenant spend path only
> becomes unusable if the amount is too low to cover for the outputs (+relay
> fee for it to also be standard).
>
> 2. The ability to allow for additional inputs with unknown amounts makes
> it possible to fee-bump the covenant spending transaction (with whole utxos
> and no change). You can have one tapleaf for spending the covenant output
> alone, and another one for attaching an extra fee input to it.
>
> This also makes it possible to resolve the under-payment issue described
> in (1), by adding an input that covers the original intended amount.
>
> So my suggestion would be to either not cover `sha_amounts` in the msg
> hash, or to make it optional behind a flag.
>
> shesek
>
> [0] https://github.com/fiatjaf/simple-ctv-spacechain
>
> On Fri, Apr 22, 2022 at 2:23 PM darosior via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> I would like to know people's sentiment about doing (a very slightly
>> tweaked version of) BIP118 in place of
>> (or before doing) BIP119.
>>
>> SIGHASH_ANYPREVOUT and its precedent iterations have been discussed for
>> over 6 years. It presents proven and
>> implemented usecases, that are demanded and (please someone correct me if
>> i'm wrong) more widely accepted than
>> CTV's.
>>
>> SIGHASH_ANYPREVOUTANYSCRIPT, if its "ANYONECANPAY" behaviour is made
>> optional [0], can emulate CTV just fine.
>> Sure then you can't have bare or Segwit v0 CTV, and it's a bit more
>> expensive to use. But we can consider CTV
>> an optimization of APO-AS covenants.
>>
>> CTV advocates have been presenting vaults as the flagship usecase.
>> Although as someone who've been trying to
>> implement practical vaults for the past 2 years i doubt CTV is necessary
>> nor sufficient for this (but still
>> useful!), using APO-AS covers it. And it's not a couple dozen more
>> virtual bytes that are going to matter for
>> a potential vault user.
>>
>> If after some time all of us who are currently dubious about CTV's stated
>> usecases are proven wrong by onchain
>> usage of a less efficient construction to achieve the same goal, we could
>> roll-out CTV as an optimization. In
>> the meantime others will have been able to deploy new applications
>> leveraging ANYPREVOUT (Eltoo, blind
>> statechains, etc..[1]).
>>
>>
>> Given the interest in, and demand for, both simple covenants and better
>> offchain protocols it seems to me that
>> BIP118 is a soft fork candidate that could benefit more (if not most of)
>> Bitcoin users.
>> Actually i'd also be interested in knowing if people would oppose the
>> APO-AS part of BIP118, since it enables
>> CTV's features, for the same reason they'd oppose BIP119.
>>
>>
>> [0] That is, to not commit to the other inputs of the transaction (via
>> `sha_sequences` and maybe also
>> `sha_amounts`). Cf
>> https://github.com/bitcoin/bips/blob/master/bip-0118.mediawiki#signature-message
>> .
>>
>> [1] https://anyprevout.xyz/ "Use Cases" section
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--00000000000028b8d705dddd473d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">The proposed use case for the ANYSCRIPT part of APOAS exp=
licitly doesn't commit to amount, so I'd also assume it not be re-a=
dded or at least be able to be opened out.=C2=A0</div><br><div class=3D"gma=
il_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Sat, Apr 30, 2022, 4:47 =
AM Nadav Ivgi via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linux=
foundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></d=
iv><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left=
:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>Hi darosior,<br></d=
iv><div></div><div><br></div><div></div><div><div>It's interesting to n=
ote that <span style=3D"font-family:monospace">APOAS|SINGLE</span> (with th=
e <span style=3D"font-family:monospace">ANYONECANPAY</span> behaviour and w=
ithout covering the spent input index) has some interesting uses for cases =
where the covenant only needs to restrict a single output (so useful for e.=
g. vaults or spacechains, but not for batch channels or congestion control)=
.</div><div><br></div><div>For example in the vault use-case, it makes it p=
ossible to bump fees on the unvault tx by adding more inputs and a change o=
utput, as well as unvault multiple vaulted outputs in a single transaction.=
<br></div><div><br></div><div>For spacechains, it makes it possible to add =
the spaceblock hash OP_RETURN and pay fees directly in the tx chain, instea=
d of having to use an additional tx to prepare an output that gets spent in=
the tx chain=C2=A0 (see the diagram in [0]).</div><div></div></div><div><b=
r></div><div>> via `sha_sequences` and maybe also `sha_amounts`</div><di=
v><br></div><div>CTV does not commit to the input amounts. This has some pr=
actical implications:<br></div><div><br></div><div>1. If it is committed, s=
ending an even slightly incorrect amount will make the covenant-encumbered =
spend path unusable.</div><div><br></div><div>With CTV, sending a slightly =
lower amount results in slightly lower fees, while any extra gets spent/bur=
ned on fees. The covenant spend path only becomes unusable if the amount is=
too low to cover for the outputs (+relay fee for it to also be standard).<=
br></div><div><br></div><div>2. The ability to allow for additional inputs =
with unknown amounts makes it possible to fee-bump the covenant spending tr=
ansaction (with whole utxos and no change). You can have one tapleaf for sp=
ending the covenant output alone, and another one for attaching an extra fe=
e input to it.</div><div><br></div><div>This also makes it possible to reso=
lve the under-payment issue described in (1), by adding an input that cover=
s the original intended amount.<br></div><div><br></div><div>So my suggesti=
on would be to either not cover `sha_amounts` in the msg hash, or to make i=
t optional behind a flag.</div><div></div><div><br></div><div>shesek</div><=
div><br></div><div>[0] <a href=3D"https://github.com/fiatjaf/simple-ctv-spa=
cechain" target=3D"_blank" rel=3D"noreferrer">https://github.com/fiatjaf/si=
mple-ctv-spacechain</a></div></div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr" class=3D"gmail_attr">On Fri, Apr 22, 2022 at 2:23 PM darosior via =
bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" ta=
rget=3D"_blank" rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a=
>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px=
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I w=
ould like to know people's sentiment about doing (a very slightly tweak=
ed version of) BIP118 in place of<br>
(or before doing) BIP119.<br>
<br>
SIGHASH_ANYPREVOUT and its precedent iterations have been discussed for ove=
r 6 years. It presents proven and<br>
implemented usecases, that are demanded and (please someone correct me if i=
'm wrong) more widely accepted than<br>
CTV's.<br>
<br>
SIGHASH_ANYPREVOUTANYSCRIPT, if its "ANYONECANPAY" behaviour is m=
ade optional [0], can emulate CTV just fine.<br>
Sure then you can't have bare or Segwit v0 CTV, and it's a bit more=
expensive to use. But we can consider CTV<br>
an optimization of APO-AS covenants.<br>
<br>
CTV advocates have been presenting vaults as the flagship usecase. Although=
as someone who've been trying to<br>
implement practical vaults for the past 2 years i doubt CTV is necessary no=
r sufficient for this (but still<br>
useful!), using APO-AS covers it. And it's not a couple dozen more virt=
ual bytes that are going to matter for<br>
a potential vault user.<br>
<br>
If after some time all of us who are currently dubious about CTV's stat=
ed usecases are proven wrong by onchain<br>
usage of a less efficient construction to achieve the same goal, we could r=
oll-out CTV as an optimization.=C2=A0 In<br>
the meantime others will have been able to deploy new applications leveragi=
ng ANYPREVOUT (Eltoo, blind<br>
statechains, etc..[1]).<br>
<br>
<br>
Given the interest in, and demand for, both simple covenants and better off=
chain protocols it seems to me that<br>
BIP118 is a soft fork candidate that could benefit more (if not most of) Bi=
tcoin users.<br>
Actually i'd also be interested in knowing if people would oppose the A=
PO-AS part of BIP118, since it enables<br>
CTV's features, for the same reason they'd oppose BIP119.<br>
<br>
<br>
[0] That is, to not commit to the other inputs of the transaction (via `sha=
_sequences` and maybe also<br>
`sha_amounts`). Cf <a href=3D"https://github.com/bitcoin/bips/blob/master/b=
ip-0118.mediawiki#signature-message" rel=3D"noreferrer noreferrer" target=
=3D"_blank">https://github.com/bitcoin/bips/blob/master/bip-0118.mediawiki#=
signature-message</a>.<br>
<br>
[1] <a href=3D"https://anyprevout.xyz/" rel=3D"noreferrer noreferrer" targe=
t=3D"_blank">https://anyprevout.xyz/</a> "Use Cases" section<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--00000000000028b8d705dddd473d--
|
