1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
Return-Path: <salvatore.ingala@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 7E733C002A
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 1 May 2023 21:15:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id 4AAC3410BD
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 1 May 2023 21:15:34 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4AAC3410BD
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20221208 header.b=UKWk4sia
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id DQ0zoKGkvo4p
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 1 May 2023 21:15:33 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org BDD75410DE
Received: from mail-oo1-xc29.google.com (mail-oo1-xc29.google.com
[IPv6:2607:f8b0:4864:20::c29])
by smtp4.osuosl.org (Postfix) with ESMTPS id BDD75410DE
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 1 May 2023 21:15:32 +0000 (UTC)
Received: by mail-oo1-xc29.google.com with SMTP id
006d021491bc7-54ca586a3b4so340866eaf.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 01 May 2023 14:15:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1682975731; x=1685567731;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:from:to:cc:subject:date:message-id:reply-to;
bh=vqEXm1kqYTOGrpikkkeRN+MLDOZ+4xj1o3qXkke3/XE=;
b=UKWk4siasthTzOhrh6V98p/hIfgbQTo2uN5rwEXTN4qOy1wgf3Bq7zSCpRkhizL5xq
rgjsJVGZoqrfhX8bskIY6DPysP3PUQqM6s8QVNhNi+A8H2WUAUUiibfoPKhAi5D2jdlR
DnVSAnGilzR39OFIVl83X4XKG/MxsajC6YIKlqecAR1J674gWvxsZ4OsrqHNjxCsNP9N
gxxtSJP+zArCJiNCX6BrICDdkH3W4SvJWnHq7DEVyPTn2nBRIuChgt+S4NFvYmoYpvgf
XiHCHWb44bkX+Mk5ESFRqnvej83OfLNJghy2g769v2ZvLxtlSLSLvg6zxSkkAH0JhLri
3a1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1682975731; x=1685567731;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=vqEXm1kqYTOGrpikkkeRN+MLDOZ+4xj1o3qXkke3/XE=;
b=CtMJD/BJbmG0AEpbBzWFsBXx1eq2V4yorNuD2xKOqBKR/MqjS9CKr+J0hwEOq5xv6p
W5cCeyV9d+MQcDf/zNt4Pm/ugaJM3EHmq3JsP9MCNGOHP2Ywhud9OzPSrloaIeokhMOI
5Wt1praecxKsEIOAUt631K9KKssRyRwWQZo+45zqXrebq055wmIEJaBS2we5kPiJRupK
SLdtlFDW12TVjwZY2fsJOihoWFoi09/bvH8HwPNEnrK1J5vPYFNzuRlSzXWLNnmYRBue
4Mc3ijlhs9iytOnoKyhz4Nl+pFFMPs4WI5uC/RGRpeHL5OdCmdoTp1sFlluX32UqreKA
ZsaA==
X-Gm-Message-State: AC+VfDy0Rv5FW6K7WrxCppULzj5GCndRafNSOujGVIIXSWqchhBbIq0/
4kbfC6cGbiQBKwopiXoiwqlFxEZXVdR8PmyosdGBEv/URUc=
X-Google-Smtp-Source: ACHHUZ5cMmcuyTwr4dAGPtkUjNk5XEM3m2PqqySSqRqHdZr/UGQFiEVqfM8DJVO/x6PKpM7frK/X45TcMRqzNOhjASE=
X-Received: by 2002:a4a:5810:0:b0:54c:ab6f:4b3 with SMTP id
f16-20020a4a5810000000b0054cab6f04b3mr371555oob.5.1682975731348; Mon, 01 May
2023 14:15:31 -0700 (PDT)
MIME-Version: 1.0
References: <CAMhCMoH9uZPeAE_2tWH6rf0RndqV+ypjbNzazpFwFnLUpPsZ7g@mail.gmail.com>
<CALZpt+GVe0XTdWqV=LAcOj=nq+k2DEFqc+sKyxAujLDBR7bYbQ@mail.gmail.com>
<CAMhCMoEONv3jriBU3qwm0pt75iF_sgra1H2Z4rOF8u+e7hs_cw@mail.gmail.com>
<0f352f70-c93a-614f-e443-67d198ec2c26@protonmail.com>
<7f3674d1-c1ad-9a82-e30f-7cf24d697faf@protonmail.com>
<CAMhCMoGabEASO9CGc1hAMpYZn4nWH5D8XFs3eFcSSFAitSFUGA@mail.gmail.com>
<CAGpPWDZkUYW=Qb763TPzUa6yUf217nh0Bo+O9Qyf=WS2pUQUYA@mail.gmail.com>
<CAD3i26AXZKDCH3odhCjpMwzOTGQKSFqH9S+5N9UXNTb7CJHONA@mail.gmail.com>
<CAMhCMoFgto3Bu5+yEoqn1Jf8fNd+EQK-t_H3TKR2=3RXe8FdcQ@mail.gmail.com>
In-Reply-To: <CAMhCMoFgto3Bu5+yEoqn1Jf8fNd+EQK-t_H3TKR2=3RXe8FdcQ@mail.gmail.com>
From: Salvatore Ingala <salvatore.ingala@gmail.com>
Date: Mon, 1 May 2023 23:15:20 +0200
Message-ID: <CAMhCMoGdZsDO2eZYMf+G36gc5=-SB0HxHXbRSPx5OaCOjo5_Dw@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000a1f74305faa85255"
X-Mailman-Approved-At: Mon, 01 May 2023 22:43:22 +0000
Subject: Re: [bitcoin-dev] Merkleize All The Things
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 21:15:34 -0000
--000000000000a1f74305faa85255
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi all,
I apologize for a couple of oversights in my last e-mail.
The first is that m_B can't be committed as-is in the contract's
embedded data, with the current semantics of OP_COCV, which
only allows 32-byte values. A solution could be to store its
hash SHA256(m_B), instead.
(I didn't test the Scripts, so there could be other bugs =E2=88=92 hopefull=
y the
general idea is clear, anyway)
On Mon, 1 May 2023 at 15:11, Salvatore Ingala <salvatore.ingala@gmail.com>
wrote:
> If the internal_pubkey is a musig-aggregated key of Alice and Bob,
> the game can be settled entirely offline after the first transaction.
> Simply, Bob communicates his move to Alice, Alice reveals her move to
> Bob, and they can settle the bet. The game would be played without
> any script being executed, therefore all transactions could look like
> any other P2TR, with the only possible fingerprinting being due to the
> input amounts.
>
This is incomplete: Alice can't trust Bob by revealing her move, as
he could then cheat on-chain and play a different move.
The fix should be straightforward, after adding the requirement that the
internal pubkey of [S1] is a musig2 of both players.
After Bob reveals his move (say, Rock), Alice will only agree to continue
the game off-chain if Bob pre-signs transactions for the state [S1] (where
m_B =3D Paper, and m_B =3D Scissors) that send all the money to Alice.
This guarantees that a cheating Bob is punished.
Best,
Salvatore Ingala
--000000000000a1f74305faa85255
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Hi all,</div><div><br></div><div>I apologize for a co=
uple of oversights in my last e-mail.</div><div><br></div><div>The first is=
that m_B can't be committed as-is in the contract's</div><div>embe=
dded data, with the current semantics of OP_COCV, which</div><div>only allo=
ws 32-byte values. A solution could be to store its</div><div>hash SHA256(m=
_B), instead.</div><div><br></div><div>(I didn't test the Scripts, so t=
here could be other bugs =E2=88=92 hopefully the</div><div>general idea is =
clear, anyway)</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Mon, 1 May 2023 at 15:11, Salvatore Ingala <<a href=
=3D"mailto:salvatore.ingala@gmail.com">salvatore.ingala@gmail.com</a>> w=
rote:</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"lt=
r"><div dir=3D"ltr"><div>If the internal_pubkey is a musig-aggregated key o=
f Alice and Bob,<br>the game can be settled entirely offline after the firs=
t transaction.<br>Simply, Bob communicates his move to Alice, Alice reveals=
her move to<br>Bob, and they can settle the bet. The game would be played =
without<br>any script being executed, therefore all transactions could look=
like</div><div>any other P2TR,=C2=A0with the only possible fingerprinting =
being due to the</div><div>input amounts.<br></div></div></div></blockquote=
><div><br></div><div>This is incomplete: Alice can't trust Bob by revea=
ling her move, as</div><div>he could then cheat on-chain and play a differe=
nt move.</div><div><br></div><div>The fix should be straightforward, after =
adding the requirement that the</div><div>internal pubkey of [S1] is a musi=
g2 of both players.</div><div>After Bob reveals his move (say, Rock), Alice=
will only agree to continue</div><div>the game off-chain if Bob pre-signs =
transactions for the state [S1] (where</div><div>m_B =3D Paper, and m_B =3D=
Scissors) that send all the money to Alice.</div><div>This guarantees that=
a=C2=A0cheating Bob is punished.<br></div><div><br></div><div>Best,</div><=
div>Salvatore Ingala</div><div><br></div></div></div>
--000000000000a1f74305faa85255--
|