1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
Delivery-date: Tue, 07 May 2024 07:38:03 -0700
Received: from mail-qt1-f186.google.com ([209.85.160.186])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBRHZ5CYQMGQEBHTOT7Q@googlegroups.com>)
id 1s4LxD-0008Ca-Is
for bitcoindev@gnusha.org; Tue, 07 May 2024 07:38:03 -0700
Received: by mail-qt1-f186.google.com with SMTP id d75a77b69052e-43dacacbd14sf5124111cf.0
for <bitcoindev@gnusha.org>; Tue, 07 May 2024 07:38:03 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715092677; cv=pass;
d=google.com; s=arc-20160816;
b=hgkNU8JEE2ef2gwxKKrDlF+9G7bJLwLz+R5JLpsRGKt7qhy6ymz1FzpDWx5KfgupNT
5TRipi8w/C2YiF+QmNHJCj+Y3/gZjMuGjvagOJLd+DaPHF2RUIUVrzC7g2A8oQVi/ySI
8M41y77LrfA9BYcvJTNfcPQ4HIyXnSBtvRSVwy5HwiUokAUAZ43ZQhl+Df8z7tzYWdBg
kH5ubJmAC1TfUMqZPyczHhksMFIb+Hha00h71P6jyKYziZEJtAnh877D8BtALtnnuvtC
0KoOLo8Asa9jyWS7U60wLHvbxTUWfiSC2eLRDmKgqQzynfJExraQjhl7iG7AWzqtEmYn
10QQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:content-disposition
:mime-version:references:message-id:subject:cc:to:from:date:sender
:dkim-signature;
bh=awFQfZLqcoifTv9iNhz6QlSMyykCvWMBmDxxIajnrBA=;
fh=b6yJOE8ynFZyWRYaa0DrIMVZJs2GXmTSFOuTbjdRbx4=;
b=iLWXWZzm1KHLxbUJP2zctU5nVHk2XXv0oJVmfp7qjr12P8B6otNY9RdB1vXv44W7LQ
wsdayqd58PJSbkq7RjU/vTGOsfIlOtpZ5MgO57H7r6N39XVzp5cYBJqCuCuU+GYie3qb
PrMww0CJLVS+KBS3tq42x6sdJgq4r9vNtEX8xaygzE1TnH7EKf3VnICVGCx0A/a83tpK
Ui8wtZSkU8Bun5KL0WFYl5/FM64hAv+ljA+RWi88BHHwPjDS71T+S/JVE1N1V3sn/DGj
MkL2EO321V6TuNnr8/zROFZp8YiFhqit4/pQYErK/RLJF0fDV/z1ihazxX5KDP8vjWJu
9QVA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=KhWHlqkV;
spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1715092677; x=1715697477; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:sender:from:to:cc
:subject:date:message-id:reply-to;
bh=awFQfZLqcoifTv9iNhz6QlSMyykCvWMBmDxxIajnrBA=;
b=GU3LBYUoCJ9w8I5aBOlV+0rAdxAav9SiTkHdcwAHHCfg8+MGGQQZOAteD/yY0eCdKU
fhO2KRnt+t3/p455qZysPVumFrXn7TJjPLD9R6+b06ydfEDCro/lKd4S+FlP/I6rvdmb
DSJBJocHlzFf1pE7NZShbs8XkuCbhYdWnYGZ4f2qxjNWU/Koy23rdWv5YgjA3ccGNDuQ
0RMv2jkCnnibDPVY3OT1mZMpbH4d2gpoRWVu31Ctw2VODtXyeuaWOepoV+USJPg2bjdM
XOigIj9oiM7Wxi3WQLJbX4nF9etGkXoVEsBy6zYWJiGsu7SaZiV9dXdvxQAU50ER7apg
cFGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1715092677; x=1715697477;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=awFQfZLqcoifTv9iNhz6QlSMyykCvWMBmDxxIajnrBA=;
b=G2e0Q5UIpUJiyIU4NGh5wZ4+ocyYBB8TXslUmHka+YZzeSn5R4rRc8BfXdKwTa8/NU
x2APKbcZ4rzgpgy+GAhoPG7PghFRTSyL6pxFpEJX9784WNBJrBh0KrAmoLPYuhhkRbIp
aZW6tgxNvFMWzon1FjIg7r8/ccZyO4nzKzM32Jjale3PaS5G532qCO/PAuZN1IrNiIBD
jyO8Sb3Nztxd77LgMph7Y842FAO9aMzJpZu5vC/kceYoM/3VZhwG7pE4WDruNw1frIaJ
/jO3hd3Vo1z5BMW9KxpR4BqhhsWIOs1e6xstPaNGOaJbQVT6VdcBA6byvLDI2/HL0X/2
x7vQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVTtGXHsqIgKJhTd1h1TV4PLt3w9yz68GQ24BYKT+PQBJeRcNsbqyaGncp2sF6w9goRrGsgVA7+HrB71bcxpMnCNUX+m+o=
X-Gm-Message-State: AOJu0Yz207URZSSTQicDETIWcGYX9zZN4TJwzIxud2IQhJOYGcgzJMB7
4gPRB+O8EhTC6xtb4OyJ3QhLjxXa/03ZnwMjdtHtmWLWumJXuYyq
X-Google-Smtp-Source: AGHT+IFPJPIAlh+aOflpJZukahbTtqfCkYAko1gBgy18RpWyNwrVmcNvG5cv8G+NSHXZjjzyXFbtsQ==
X-Received: by 2002:a05:622a:255:b0:43b:6fb:8bfd with SMTP id c21-20020a05622a025500b0043b06fb8bfdmr15271607qtx.20.1715092677307;
Tue, 07 May 2024 07:37:57 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ac8:5a45:0:b0:43a:b15a:f8c9 with SMTP id d75a77b69052e-43ca74cb24als67849981cf.0.-pod-prod-07-us;
Tue, 07 May 2024 07:37:55 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVFIlcQE7M4gWtzHMBn/TQY7yxUYkdoFVSxDUh1xfR/sos/i0ee0aw0vaqeQDN+BuvaYFvgKBqdU7ZoLp0b5RyR7c2oL0TwSKC2n/8=
X-Received: by 2002:ac8:5714:0:b0:439:de63:29e5 with SMTP id 20-20020ac85714000000b00439de6329e5mr154792qtw.5.1715092675749;
Tue, 07 May 2024 07:37:55 -0700 (PDT)
Received: by 2002:a05:620a:2943:b0:790:ee24:5a3f with SMTP id af79cd13be357-792a740b183ms85a;
Tue, 7 May 2024 07:34:05 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCV9WJA8TKpzH393PsgUz25xn9GEYpNaHdEBswgYrxirOzEzSd7qRhyspGkk39yjDjHSl62XxeLOhn+6bowIWwGIl1MEyTQwxHifVHQ=
X-Received: by 2002:a05:6214:ca1:b0:690:c568:8dc9 with SMTP id 6a1803df08f44-6a15147122amr20966d6.36.1715092445055;
Tue, 07 May 2024 07:34:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1715092445; cv=none;
d=google.com; s=arc-20160816;
b=YCa/Pfr4NVdJo8efhqtnwMtoJbRSpmtQBX1BrnokfDckBsELIlWCzD3kIDI0D84IVC
/FWtwKsFCTYrFYjXzTMqYLiHHcv3XAvVREPWJNNCLEgxJIz5qja4mQ1DeyVi1+l4dGyQ
ZGXRHOt30IqwREtUfMMvN67X7FMSD3Jn18kvhCenwgQgqSAWnJZNJdmoowZ6/WKGrmol
TTzfPAyDHGj5QIv6shS/TTE46PDyMVy4FsdkGa7Y0AWf72dehkHycZwQU4w8PV/Dq4n8
1DnPhFF5XlxVUlP4uRPdbSMN2y7kLKdh3v4kkS7AdOiD1ZA7pFTdenrnF5PbmqdDPH6W
H52g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=in-reply-to:content-disposition:mime-version:references:message-id
:subject:cc:to:from:date:dkim-signature;
bh=xu63A44Ve6OQJZHakZZpz1GUbooKxIwmlNp6qSDhZUg=;
fh=F4Yi2qrZGojr5/AC+8Po021ePc+eBwPeJPP1rn5BI+w=;
b=MaaQeFYSzIF2G8YmndZ8OdVW52Js+2h39wXSpMgPUw3+Gi7kG+ekGAmp9M57oRQ2Cw
79//7PWsk6JOEPC8+/gfNV+s91xsHENYSfFA+4Nd3Jhh0UsXZcKeUs6BKRP/BB3LVFk3
D0zW/zrag+qLaWLlozvzYtBO6qcrS/b/WAwgTVYMB33LhWXjK4IuY41L6alA3DQDoHw9
VOL51N18aOez9ltWxtrlGPxu3D2EWCVQlb4LmD7kb5FdsqnB0CplUhlVMey+YOV1jpjf
d3LO6g6P5FsoH+nuGBl9RNBjDHQ2gIkBXjd7ESbcANN2rsS+CwPtKn0fjbUI3DbM9jUL
ywaw==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=KhWHlqkV;
spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
Received: from mail.wpsoftware.net ([66.183.0.205])
by gmr-mx.google.com with ESMTP id h2-20020a0ceec2000000b006a0e8c815ccsi930236qvs.3.2024.05.07.07.34.04
for <bitcoindev@googlegroups.com>;
Tue, 07 May 2024 07:34:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) client-ip=66.183.0.205;
Received: from camus (camus-andrew.lan [192.168.0.190])
by mail.wpsoftware.net (Postfix) with ESMTPSA id A1C2840119;
Tue, 7 May 2024 14:34:03 +0000 (UTC)
Date: Tue, 7 May 2024 14:34:02 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: "David A. Harding" <dave@dtrt.org>
Cc: Matthew Zipkin <pinheadmz@gmail.com>, Ethan Heilman <eth3rs@gmail.com>,
Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Signing a Bitcoin Transaction with Lamport
Signatures (no changes needed)
Message-ID: <Zjo72iTDYjwwsXW3@camus>
References: <CAEM=y+XyW8wNOekw13C5jDMzQ-dOJpQrBC+qR8-uDot25tM=XA@mail.gmail.com>
<CA+x5asTOTai_4yNGEgtKEqAchuWJ0jGDEgMqHFYDwactPnrgyw@mail.gmail.com>
<ZjD-dMMGxoGNgzIg@camus>
<47711dc4ffe9d661e8321b05b6adab4e@dtrt.org>
<ZjkJ0fPyzuAPTLWS@camus>
<a5a86fcd50e2cdbdf40a12ac9463a828@dtrt.org>
<ZjkqIzPSFLc0GJJ1@camus>
<93b8ed39b0aa3955eb9cb99f9fc5aae9@dtrt.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="mEX4VOIzkLALve3E"
Content-Disposition: inline
In-Reply-To: <93b8ed39b0aa3955eb9cb99f9fc5aae9@dtrt.org>
X-Original-Sender: apoelstra@wpsoftware.net
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@mail.wpsoftware.net header.s=default header.b=KhWHlqkV;
spf=pass (google.com: domain of apoelstra@wpsoftware.net designates
66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
--mEX4VOIzkLALve3E
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
On Mon, May 06, 2024 at 06:11:48PM -1000, David A. Harding wrote:
> On 2024-05-06 09:06, Andrew Poelstra wrote:
> > You can implement ECDSA. It will just take a *lot* of opcodes.
>
> I'll accept that as a given, but how do you know that a given ECDSA
> signature actually commits to the transaction that contains it if
> OP_CHECKSIG only operates on fixed-size schnorr signatures?
>
You need to connect your Lamport signature to an ECDSA CHECKSIG (in a
pre-Taproot output). So what I'm depending on here is that it's possible
to "copy the signature" from a pre-Taproot spend to a post-Taproot spend
by using Lamport signatures and some anti-equivocation scheme.
In pre-Taproot we confirm that the signature matches the pattern of
OP_SIZE outputs. In post-Taproot we reconstruct the signature and
constrain the transaction, checking that it spends *both* the
pre-Taproot and the post-Taproot output.
> Is this what you're describing: if the controlling signature is a lamport
> signature that commits to an ECDSA signature, it's safe to disclose the
> private key for the ECDSA signature; when you don't have to worry about
> private key disclosure, it's safe to construct a schnorr signature that uses
> the same private key, nonce, and message commitment as the ECDSA signature;
> if that schnorr signature makes OP_CHECKSIG return true, then you know the
> message is the current transaction?
>
Nope, in this scheme we are avoiding Schnorr signatures entirely.
> That still leaves me confused. If ECDSA can be implemented within
> tapscript, then I would expect that schnorr could also be implemented within
> tapscript; that gives you an OP_CSFS equivalent. If being able to implement
> ECDSA in tapscript allows introspection, then I would expect implementing
> schnorr in tapscript would allow introspection; that gives you an OP_CAT
> equivalent. If you have OP_CSFS and OP_CAT, you have covenants and there's
> no need for lamport signatures or ECDSA.
>
Implementing ECDSA in Tapscript *only* allows introspection in
conjunction with the ability to force a user to spend a Tapscript output
alongside a pre-Tapscript output containing the same ECDSA signature.
And I am waving my hands and saying that I think you can force this by
using covenant tricks.
> Apologies for my remaining confused in the face of something that's probably
> obvious,
>
Lol. This whole thing is kinda insane.
--
Andrew Poelstra
Director, Blockstream Research
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
The sun is always shining in space
-Justin Lewis-Webster
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/Zjo72iTDYjwwsXW3%40camus.
--mEX4VOIzkLALve3E
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEkPnKPD7Je+ki35VexYjWPOQbl8EFAmY6O9kACgkQxYjWPOQb
l8EFfQf/boOSPm4BCCqmGVXWPH0Wy67XLECT4+xnDLjHOsAmb+zxwX8N0f4q9+29
6jVU16heUhZFOZNAyxiTRIp+82stqWrEh3vaXvVZTybYMbc60cmSGD1Q+BuIUdwi
0mC1Nk29eA+xx2om4QuS8VuzybkuoybLyyk7QPrXk9qWVtf/zcpMWEDdZtBnzQ2J
3ccDWRJVsByCH9f56Ns6G15Cga8GgIm7ARLV8329FXExGNWi9GQGEJ7gLaPneNGE
/OA849XVUSM3iuschKMEc8JTOHzVpF9SNohsueUEKMeHjTNrLL6SG2v5yH+k/fQB
4cpmjgUgs+pcVw8fpVsGCnAcxFBtpw==
=hRRJ
-----END PGP SIGNATURE-----
--mEX4VOIzkLALve3E--
|
