summaryrefslogtreecommitdiff
path: root/93/3694d0090cba39fb5c896d01a1a162a12dc77c
blob: 64068ef9f262cda530b7bb7f26e42936bbf38a3f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
Return-Path: <jlrubin@mit.edu>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 12672C000B
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 24 Apr 2021 22:29:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id ED2C083B9F
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 24 Apr 2021 22:29:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id CiJj2tcxiLEP
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 24 Apr 2021 22:29:53 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 5E2DE83B9C
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 24 Apr 2021 22:29:53 +0000 (UTC)
Received: from mail-il1-f169.google.com (mail-il1-f169.google.com
 [209.85.166.169]) (authenticated bits=0)
 (User authenticated as jlrubin@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 13OMToCO027671
 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 24 Apr 2021 18:29:51 -0400
Received: by mail-il1-f169.google.com with SMTP id a9so1623655ilh.9
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 24 Apr 2021 15:29:51 -0700 (PDT)
X-Gm-Message-State: AOAM530etsSwlyHfj15xe7c437/4TlXDaMEFdfPTmwHNnqt0yZMFyzBE
 N/vGKZNLj0je+dowN8Zx+UHB8LoC9dl0vG4tk2o=
X-Google-Smtp-Source: ABdhPJyYff6xQ6I8ZGhJvpwI9uFhjlouVhOhBZnxRxCgTTTHWiVYFsi8OZO2xds0KsyaxwC33M6hHs9UrTjR5yOLe+U=
X-Received: by 2002:a92:6e0e:: with SMTP id j14mr7916613ilc.90.1619303390702; 
 Sat, 24 Apr 2021 15:29:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAD5xwhj7jXSrdbfFJTYw-UzGgZTF0kz-Vr61juF0gJGLf2EKqQ@mail.gmail.com>
 <20210423181550.xri2ravlwfe3vpc6@ganymede>
 <CAD5xwhgnL_u1hS99HPTMBfQbRohgmajzNX4XiGYnN9mZDqjC7g@mail.gmail.com>
 <20210424215900.nufcy6uzjzompdbs@ganymede>
In-Reply-To: <20210424215900.nufcy6uzjzompdbs@ganymede>
From: Jeremy <jlrubin@mit.edu>
Date: Sat, 24 Apr 2021 15:29:39 -0700
X-Gmail-Original-Message-ID: <CAD5xwhjP7OiZj4J-Tmt0YiXY16v+_qmEcV6F9G9oAZkEqi8kCg@mail.gmail.com>
Message-ID: <CAD5xwhjP7OiZj4J-Tmt0YiXY16v+_qmEcV6F9G9oAZkEqi8kCg@mail.gmail.com>
To: "David A. Harding" <dave@dtrt.org>
Content-Type: multipart/alternative; boundary="00000000000062f15a05c0bf7319"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Pre-BIP] Motivating Address type for OP_RETURN
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Apr 2021 22:29:55 -0000

--00000000000062f15a05c0bf7319
Content-Type: text/plain; charset="UTF-8"

I guess in the interest of being clear; I don't particularly want a
OP_RETURN address either, they're just annoying to program around, and they
exist historically, as well as perhaps in the future.

Maybe people will start using the annex space to add any metadata required?
E.g. stealth addresses. I kinda hope not, but probably will be proposed as
a SF since it's much cheaper (witness + no amount) and per-input vs. per-tx.

It's interesting that they can be created with any length... i guess any
script can be an op return if you make it long enough...
--
@JeremyRubin <https://twitter.com/JeremyRubin>
<https://twitter.com/JeremyRubin>


On Sat, Apr 24, 2021 at 3:00 PM David A. Harding <dave@dtrt.org> wrote:

> On Sat, Apr 24, 2021 at 01:05:25PM -0700, Jeremy wrote:
> > I meant the type itself is too wide, not the length of the value. As in
> > Script can represent things we know nothing about.
>
> I guess I still don't understand your concern, then.  If script can
> represent things we know nothing about, then script commitments such as
> P2SH, P2WSH, and P2TR also represent things we know nothing about.  All
> you know is what container format they used.  For P2PK, bare multisig,
> OP_RETURN, and other direct uses of scriptPubKey, that container format
> is "bare" (or whatever you want to call it).
>
> > Btw: According to... Oh wait... You?
> >
> https://bitcoin.stackexchange.com/questions/35878/is-there-a-maximum-size-of-a-scriptsig-scriptpubkey
> > the max size is 10k bytes.
>
> I'm not sure what I knew at the time I wrote that answer, but the 10,000
> byte limit is only applied when EvalScript is run, which only happens
> when the output is being spent.  I've appended to this email a
> demonstration of creating a 11,000 byte OP_RETURN on regtest (I tried
> 999,000 bytes but ran into problems with bash's maximum command line
> length limit).  I've updated the answer to hopefully make it more
> correct.
>
> > Is it possible/easy to, say, using bech32m make an inappropriate message
> in
> > the address? You'd have to write the message, then see what it decodes to
> > without checking, and then re encode? I guess this is worse than hex?
>
> If someone wants to abuse bech32m, I suspect they'll do it the same way
> people have abused base58check[1], by using the address format's
> alphabet directly.  E.g., you compose your message using only
> the characters qpzry9x8gf2tvdw0s3jn54khce6mua7l and then append
> the appropriate checksum.
>
> [1]
> https://en.bitcoin.it/wiki/P2SH%C2%B2#The_problem:_storing_data_in_hashes
>
> > But it seems this is a general thing... If you wanted an inappropriate
> > message you could therefore just use bech32m addressed outputs.
>
> Yes, and people have done that with base58check.  IsStandard OP_RETURN
> attempts to minimize that abuse by being cheaper in two ways:
>
> 1. More data allowed in scriptSig, e.g. 80 byte payload (81 actually, I
>    think) for OP_RETURN versus 40 bytes for a BIP141 payload.
>    Maximizing payload size better amortizes the overhead cost of the
>    containing transaction and the output's nValue field.
>
> 2. Exemption from the dust limit.  If you use a currently defined
>    address type, the nValue needs to pay at least a few thousand nBTC
>    (few hundred satoshis), about $0.15 USD minimum at $50k USD/BTC.  For
>    OP_RETURN, the nValue can be 0, so there's no additional cost beyond
>    normal transaction relay fees.
>
> Although someone creating an OP_RETURN up to ~1 MB with miner support
> can bypass the dust limit, the efficiency advantage remains no matter
> what.
>
> > One of the nice things is that the current psbt interface uses a blind
> > union type whereby the entires in an array are either [address, amount]
> or
> > ["data", hex]. Having an address type would allow more uniform handling,
> > which is convenient for strongly typed RPC bindings (e.g. rust bitcoin
> uses
> > a hashmap of address to amount so without a patch you can't create op
> > returns).
>
> I don't particularly care how the data in PSBTs are structured.  My mild
> opposition was to adding code to the wallet that exposes everyday users
> to OP_RETURN addresses.
>
> > I would much prefer to not have to do this in a custom way, as opposed
> > to a way which is defined in a standard manner across all software
> > (after all, that's the point of standards).
>
> I'm currently +0.1 on the idea of an address format of OP_RETURN, but I
> want to make sure this isn't underwhelmingly motivated or will lead to a
> resurgence of block chain graffiti.
>
> -Dave
>
> ## Creating an 11,000 byte OP_RETURN
>
> $ bitcoind -daemon -regtest -acceptnonstdtxn
> Bitcoin Core starting
>
> $ bitcoin-cli -regtest -generate 101
> {
>   "address": "bcrt1qh9uka5z040vx2rc3ltz3tpwmq4y2mt0eufux9r",
>   "blocks": [
> [...]
> }
>
> $ bitcoin-cli -regtest send '[{"data": "'$( dd if=/dev/zero bs=1000
> count=11 | xxd -g0 -p | tr -d '\n' )'"}]'
> 11+0 records in
> 11+0 records out
> 11000 bytes (11 kB, 11 KiB) copied, 0.000161428 s, 68.1 MB/s
> {
>   "txid":
> "ef3d396c7d21914a2c308031c9ba1857694fc33df71f5a349b409ab3406dab51",
>   "complete": true
> }
>
> $ bitcoin-cli -regtest getrawmempool
> [
>   "ef3d396c7d21914a2c308031c9ba1857694fc33df71f5a349b409ab3406dab51"
> ]
>
> $ bitcoin-cli -regtest -generate 1
> {
>   "address": "bcrt1qlzjd90tkfkr09m867zxhte9rqd3t03wc5py5zh",
>   "blocks": [
>     "2986e9588c5bd26a629020b1ce8014d1f4ac9ac19106d216d3abb3a314c5604b"
>   ]
> }
>
> $bitcoin-cli -regtest getblock
> 2986e9588c5bd26a629020b1ce8014d1f4ac9ac19106d216d3abb3a314c5604b 2 | jq
> .tx[1].txid
> "ef3d396c7d21914a2c308031c9ba1857694fc33df71f5a349b409ab3406dab51"
>

--00000000000062f15a05c0bf7319
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#000000">I guess in the interest o=
f being clear; I don&#39;t particularly want a OP_RETURN address either, th=
ey&#39;re just annoying to program around, and they exist historically, as =
well as perhaps in the future.</div><div class=3D"gmail_default" style=3D"f=
ont-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></=
div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-=
serif;font-size:small;color:#000000">Maybe people will start using the anne=
x space to add any metadata required? E.g. stealth addresses. I kinda hope =
not, but probably will be proposed as a SF since it&#39;s much cheaper (wit=
ness=C2=A0+ no amount) and per-input vs. per-tx.<br></div><div class=3D"gma=
il_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small=
;color:#000000"><br></div><div class=3D"gmail_default" style=3D"font-family=
:arial,helvetica,sans-serif;font-size:small;color:#000000">It&#39;s interes=
ting that they can be created with any length... i guess any script can be =
an op return if you make it long enough...<br clear=3D"all"></div><div><div=
 dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><=
div dir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRubin" target=3D=
"_blank">@JeremyRubin</a><a href=3D"https://twitter.com/JeremyRubin" target=
=3D"_blank"></a></div></div></div><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Sat, Apr 24, 2021 at 3:00 PM David=
 A. Harding &lt;<a href=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>&gt; wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sat, Apr 2=
4, 2021 at 01:05:25PM -0700, Jeremy wrote:<br>
&gt; I meant the type itself is too wide, not the length of the value. As i=
n<br>
&gt; Script can represent things we know nothing about. <br>
<br>
I guess I still don&#39;t understand your concern, then.=C2=A0 If script ca=
n<br>
represent things we know nothing about, then script commitments such as<br>
P2SH, P2WSH, and P2TR also represent things we know nothing about.=C2=A0 Al=
l<br>
you know is what container format they used.=C2=A0 For P2PK, bare multisig,=
<br>
OP_RETURN, and other direct uses of scriptPubKey, that container format<br>
is &quot;bare&quot; (or whatever you want to call it).<br>
<br>
&gt; Btw: According to... Oh wait... You?<br>
&gt; <a href=3D"https://bitcoin.stackexchange.com/questions/35878/is-there-=
a-maximum-size-of-a-scriptsig-scriptpubkey" rel=3D"noreferrer" target=3D"_b=
lank">https://bitcoin.stackexchange.com/questions/35878/is-there-a-maximum-=
size-of-a-scriptsig-scriptpubkey</a><br>
&gt; the max size is 10k bytes.<br>
<br>
I&#39;m not sure what I knew at the time I wrote that answer, but the 10,00=
0<br>
byte limit is only applied when EvalScript is run, which only happens<br>
when the output is being spent.=C2=A0 I&#39;ve appended to this email a<br>
demonstration of creating a 11,000 byte OP_RETURN on regtest (I tried<br>
999,000 bytes but ran into problems with bash&#39;s maximum command line<br=
>
length limit).=C2=A0 I&#39;ve updated the answer to hopefully make it more<=
br>
correct.<br>
<br>
&gt; Is it possible/easy to, say, using bech32m make an inappropriate messa=
ge in<br>
&gt; the address? You&#39;d have to write the message, then see what it dec=
odes to<br>
&gt; without checking, and then re encode? I guess this is worse than hex?<=
br>
<br>
If someone wants to abuse bech32m, I suspect they&#39;ll do it the same way=
<br>
people have abused base58check[1], by using the address format&#39;s<br>
alphabet directly.=C2=A0 E.g., you compose your message using only<br>
the characters qpzry9x8gf2tvdw0s3jn54khce6mua7l and then append<br>
the appropriate checksum.<br>
<br>
[1] <a href=3D"https://en.bitcoin.it/wiki/P2SH%C2%B2#The_problem:_storing_d=
ata_in_hashes" rel=3D"noreferrer" target=3D"_blank">https://en.bitcoin.it/w=
iki/P2SH%C2%B2#The_problem:_storing_data_in_hashes</a><br>
<br>
&gt; But it seems this is a general thing... If you wanted an inappropriate=
<br>
&gt; message you could therefore just use bech32m addressed outputs.<br>
<br>
Yes, and people have done that with base58check.=C2=A0 IsStandard OP_RETURN=
<br>
attempts to minimize that abuse by being cheaper in two ways:<br>
<br>
1. More data allowed in scriptSig, e.g. 80 byte payload (81 actually, I<br>
=C2=A0 =C2=A0think) for OP_RETURN versus 40 bytes for a BIP141 payload.<br>
=C2=A0 =C2=A0Maximizing payload size better amortizes the overhead cost of =
the<br>
=C2=A0 =C2=A0containing transaction and the output&#39;s nValue field.<br>
<br>
2. Exemption from the dust limit.=C2=A0 If you use a currently defined<br>
=C2=A0 =C2=A0address type, the nValue needs to pay at least a few thousand =
nBTC<br>
=C2=A0 =C2=A0(few hundred satoshis), about $0.15 USD minimum at $50k USD/BT=
C.=C2=A0 For<br>
=C2=A0 =C2=A0OP_RETURN, the nValue can be 0, so there&#39;s no additional c=
ost beyond<br>
=C2=A0 =C2=A0normal transaction relay fees.<br>
<br>
Although someone creating an OP_RETURN up to ~1 MB with miner support<br>
can bypass the dust limit, the efficiency advantage remains no matter<br>
what.<br>
<br>
&gt; One of the nice things is that the current psbt interface uses a blind=
<br>
&gt; union type whereby the entires in an array are either [address, amount=
] or<br>
&gt; [&quot;data&quot;, hex]. Having an address type would allow more unifo=
rm handling,<br>
&gt; which is convenient for strongly typed RPC bindings (e.g. rust bitcoin=
 uses<br>
&gt; a hashmap of address to amount so without a patch you can&#39;t create=
 op<br>
&gt; returns).<br>
<br>
I don&#39;t particularly care how the data in PSBTs are structured.=C2=A0 M=
y mild<br>
opposition was to adding code to the wallet that exposes everyday users<br>
to OP_RETURN addresses.<br>
<br>
&gt; I would much prefer to not have to do this in a custom way, as opposed=
<br>
&gt; to a way which is defined in a standard manner across all software<br>
&gt; (after all, that&#39;s the point of standards).<br>
<br>
I&#39;m currently +0.1 on the idea of an address format of OP_RETURN, but I=
<br>
want to make sure this isn&#39;t underwhelmingly motivated or will lead to =
a<br>
resurgence of block chain graffiti.<br>
<br>
-Dave<br>
<br>
## Creating an 11,000 byte OP_RETURN<br>
<br>
$ bitcoind -daemon -regtest -acceptnonstdtxn<br>
Bitcoin Core starting<br>
<br>
$ bitcoin-cli -regtest -generate 101<br>
{<br>
=C2=A0 &quot;address&quot;: &quot;bcrt1qh9uka5z040vx2rc3ltz3tpwmq4y2mt0eufu=
x9r&quot;,<br>
=C2=A0 &quot;blocks&quot;: [<br>
[...]<br>
}<br>
<br>
$ bitcoin-cli -regtest send &#39;[{&quot;data&quot;: &quot;&#39;$( dd if=3D=
/dev/zero bs=3D1000 count=3D11 | xxd -g0 -p | tr -d &#39;\n&#39; )&#39;&quo=
t;}]&#39;<br>
11+0 records in<br>
11+0 records out<br>
11000 bytes (11 kB, 11 KiB) copied, 0.000161428 s, 68.1 MB/s<br>
{<br>
=C2=A0 &quot;txid&quot;: &quot;ef3d396c7d21914a2c308031c9ba1857694fc33df71f=
5a349b409ab3406dab51&quot;,<br>
=C2=A0 &quot;complete&quot;: true<br>
}<br>
<br>
$ bitcoin-cli -regtest getrawmempool<br>
[<br>
=C2=A0 &quot;ef3d396c7d21914a2c308031c9ba1857694fc33df71f5a349b409ab3406dab=
51&quot;<br>
]<br>
<br>
$ bitcoin-cli -regtest -generate 1<br>
{<br>
=C2=A0 &quot;address&quot;: &quot;bcrt1qlzjd90tkfkr09m867zxhte9rqd3t03wc5py=
5zh&quot;,<br>
=C2=A0 &quot;blocks&quot;: [<br>
=C2=A0 =C2=A0 &quot;2986e9588c5bd26a629020b1ce8014d1f4ac9ac19106d216d3abb3a=
314c5604b&quot;<br>
=C2=A0 ]<br>
}<br>
<br>
$bitcoin-cli -regtest getblock 2986e9588c5bd26a629020b1ce8014d1f4ac9ac19106=
d216d3abb3a314c5604b 2 | jq .tx[1].txid<br>
&quot;ef3d396c7d21914a2c308031c9ba1857694fc33df71f5a349b409ab3406dab51&quot=
;<br>
</blockquote></div>

--00000000000062f15a05c0bf7319--