summaryrefslogtreecommitdiff
path: root/fd/0d3cd1c351cf61e87288f3e752562f89a84132
blob: ef7cf6be3f3b81f168924395edcd9a1a52552dd0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
Delivery-date: Thu, 25 Apr 2024 04:45:19 -0700
Received: from mail-yw1-f188.google.com ([209.85.128.188])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBAABBSEEVGYQMGQEJRL7CKI@googlegroups.com>)
	id 1rzxXT-0002tc-Bo
	for bitcoindev@gnusha.org; Thu, 25 Apr 2024 04:45:19 -0700
Received: by mail-yw1-f188.google.com with SMTP id 00721157ae682-618891b439esf13469247b3.3
        for <bitcoindev@gnusha.org>; Thu, 25 Apr 2024 04:45:18 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714045513; cv=pass;
        d=google.com; s=arc-20160816;
        b=LoS7JdOaE8/+VksL1BlppWhEzNljcO7vZD+V5GzQd7oc8viyfnWBEC7eWD2SOLsLlG
         jx1uS7owUL3YPzyNNiQzcdJ6KOjgjUusO6Vl2NXRu7OygnS8hxAVIMn5TFayXLLMWoli
         c4igogRyo1QY52CPp3JfUX8Yl3GqoJPWiAdu/F04o3lP/M+rszYmwbj34sfvuqzYl2I6
         I+Q56d0D0G1lomtaDISNhBs/WYwMZMVYQbyqWF2ZUd169yNvfJAOICHbG2hYbop4vLbA
         HxOb+b3ZyHe9hankpxkXvHOAoBs0SCOitpvX4WcP1/QtsotrQtRIBmc65991vQy1AONO
         5Q4g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:to:from:date:sender
         :dkim-signature;
        bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=;
        fh=+C00It3dlWmyYTn4Qwcn+IUSf8cw4eY4sJA4W3pP5g0=;
        b=WXrCfp/mqSq2++UGEVzoz81trXd1jP1bQNvQvNPXhXCKYGRqr9Riru7O8BKo6mFqU2
         +F4VEFy3m3RV9a+xpcvwxXBLIohCPWcYTTctOQKzbZufAFgKG7romhD5/Gp+Myb2Tkuc
         4tVraUtxIYhilJOUD9O6J3mCXExD5Fpp77aoYktW7an2QA3DzE8PQjI7fNITgZTAavgC
         3cKRJQ3EeHkzmoRvFIvMasvjJTg4tu45xFux5qUc+Mn2DlUDjsjESbsjs8JzlveDO+NY
         cMf0YzLehSOUee7rFQhh+3HCo3fUhiKJu6oenn+7+ELpOzJfOQJdzvCD30/vaD0Ij9Xh
         aOpA==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj;
       spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1714045513; x=1714650313; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:to:from:date:sender:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=;
        b=UYmY7+mwSTDHDIE8L4IoEMJzCueelZRKhNEcX0yhlwLqxanK3zWjNQh3P05zlqshxU
         j+wRo47FmXtsl89e8fbGD61JTflEWjtPT7ItiVE5249QkccCxHBKcHq2kyreBvD17RNp
         2GIwvoAqLnukma7Eb2tnH0z5DQ9h28udjyRRyr8WbjskId2MwKtnjjFfAunp6v7sJAzk
         xxwq8wwrWJwnMrH3QCAXKHP97nLpjl1Sfw+2hI8qaoOO6ena1l0hU00U7gOZD9ydXH+u
         qEdYgXpv61RohRweRWmeX69rW2PFGYW6vTSHnjEcK+gdWz/ZHyMOK5QgzgSu1PJF6HBg
         igvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714045513; x=1714650313;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YN2H+KTQSDo+MFdQkBWrEtyyza9lJsCzKvgExArx1Tg=;
        b=SCmDqa4zhy90UbCYfwEEtPxX2wFMqBHWprQSbmb2kGEcC7DSRmWL6wjSL0OX5do1lS
         WsnCSDCoXzmZo88SX4HHiwXK38Fhqn5x5iU1GiHzy3sXjF10D6axpfqR9MborWs8YXFj
         b5jdZw0XX4QCTIKdCCTXwkXeXQghiHyJ1NFjdk9dWfx22QMvrX83DK6Z8+NRWSEjSWDQ
         4XLGZPtrTwTlMSXeRLPoZEK982DTIEZWZ1ZRKvbmTrgFA71wNS7idqBxR1Yv24M+yNHH
         cKCvscDVo4a2eg4obR/FNX5oJ9mUw8mNM6fzq+tLUywYA8oyCjHyb8T5/5m4arjsddxv
         o90A==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVpmPhqXKXn2HhXZkocyOoGx7znqMiCjUIuYvjybkLNhG8UjvwKKRCcoBYb99eZGv+Fx3/3jgKJYYtvQX1RowbxtqQ2dFo=
X-Gm-Message-State: AOJu0Yy2oGotUVOJS6uMS20vGVz9JGGKRGq0Cz3UPRiunJXg+CyZWWLY
	qYbQaYm4dZhvtTQK6f9WoBhWG46lKAXAd0zuhowTssHkOLU/niWV
X-Google-Smtp-Source: AGHT+IFOE4FdeAPsnW9sUHwX7eDW90QZySSmvLrkxjOnEJBpf+Am5WoFDQCwyvpsrBemVFoNQ2CfYQ==
X-Received: by 2002:a05:690c:6182:b0:61a:d4b6:6108 with SMTP id hj2-20020a05690c618200b0061ad4b66108mr5332189ywb.30.1714045513053;
        Thu, 25 Apr 2024 04:45:13 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:622a:1a86:b0:439:618a:91b with SMTP id
 d75a77b69052e-43a3aa4f7b7ls12960661cf.0.-pod-prod-02-us; Thu, 25 Apr 2024
 04:45:11 -0700 (PDT)
X-Received: by 2002:ac8:51cd:0:b0:439:9a0c:4d77 with SMTP id d13-20020ac851cd000000b004399a0c4d77mr17140qtn.0.1714045511795;
        Thu, 25 Apr 2024 04:45:11 -0700 (PDT)
Received: by 2002:a05:620a:4625:b0:790:6237:7247 with SMTP id af79cd13be357-79098e2c826ms85a;
        Thu, 25 Apr 2024 04:44:46 -0700 (PDT)
X-Received: by 2002:a05:622a:1914:b0:439:8c44:86ad with SMTP id w20-20020a05622a191400b004398c4486admr8887364qtc.26.1714045485836;
        Thu, 25 Apr 2024 04:44:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1714045485; cv=none;
        d=google.com; s=arc-20160816;
        b=ayxs8ORPjL7sNDDO2X/hThlp+BdYs+sHZHBTUMDEFjM7CtxaUJ7+x9PXss8CVZreEi
         1Hxb8gKnXOcTR8oltoeOjL8jSWzW6OJga0+002jdsw7whYnh4vwgvEo1DkzncmsH7ko/
         9aDEdcJdPnFdOhH5J69iCbqEdPR4edOUJHzlSw+FSQ82G+Dgk6KFjTWeQoIPwWqE9PAx
         LQQ+VqK1oo7kNZ/MZcuoEDJa3xJ4nZ8g4SLkJXvF62fHYsZpPprqtXb1/Crd+LgyS3I/
         WArTr9N1FaCN/jVR51Q5YBuqnzRh79sAsDoSM1WxrpQxMVVnJXtydW7cr38ZjpOGZCid
         4oaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:to:from:date:dkim-signature;
        bh=xMopDkxzD2LxnjfffgPSbWC5mrajKO1D0XyxXU7kF3M=;
        fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
        b=Ynde0u+IO92Xzb+qrXQvd6H9Imaqum9CsLPesNmgPCAbTJM9R8tBJdW1i4sIlxLN9g
         NDoK4luyonb4TzJRspf31IRVCAxfr3VNRCeF3MhmL1myRFY6D9ohrn1Ul3aYYuRog3M0
         hO/CFFRwNUpkaTQMK6Oy+pTDJuerYS8y5rsBw/WUoPf1cY7MNl5Ulhd51G+dNbBWq//G
         fd1n16Pp+wYj8iN3ji3902CL8fj/1OCPvKuYDXVfu86EQ6es4Pz3LHzTIQBbaz3ZJqaH
         psFO5jfDN9TVxRbDdQ2f56nIY46BMtSf70akhw3neci0B9vxYn3PHOLWzZ17aD96qyQA
         Ja3g==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj;
       spf=pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
Received: from mail.wpsoftware.net ([66.183.0.205])
        by gmr-mx.google.com with ESMTP id dj20-20020a05622a4e9400b00439085c647csi1644101qtb.0.2024.04.25.04.44.45
        for <bitcoindev@googlegroups.com>;
        Thu, 25 Apr 2024 04:44:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of apoelstra@wpsoftware.net designates 66.183.0.205 as permitted sender) client-ip=66.183.0.205;
Received: from camus (camus-andrew.lan [192.168.0.190])
	by mail.wpsoftware.net (Postfix) with ESMTPSA id 093044009B
	for <bitcoindev@googlegroups.com>; Thu, 25 Apr 2024 11:44:45 +0000 (UTC)
Date: Thu, 25 Apr 2024 11:44:40 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] BIP for OP_CHECKSIGFROMSTACK
Message-ID: <ZipCKAcV49-xPhSs@camus>
References: <ZinmVPFt9VQn8QLF@console>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="OoC1cQBOMjISW3fx"
Content-Disposition: inline
In-Reply-To: <ZinmVPFt9VQn8QLF@console>
X-Original-Sender: apoelstra@wpsoftware.net
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@mail.wpsoftware.net header.s=default header.b=DIrBDTXj;
       spf=pass (google.com: domain of apoelstra@wpsoftware.net designates
 66.183.0.205 as permitted sender) smtp.mailfrom=apoelstra@wpsoftware.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wpsoftware.net
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)


--OoC1cQBOMjISW3fx
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline

On Wed, Apr 24, 2024 at 10:12:52PM -0700, Brandon Black wrote:
> Hello list,
> 
> Back in 2021, Jeremy wrote[0] about bringing OP_CHECKSIGFROMSTACK (or
> OP_CHECKDATASIG) to bitcoin. That email proposed adopting the
> specification from Bitcoin Cash for Bitcoin, but it is not directly
> suitable, as it verifies DER encoded ECDSA signatures and not R||S
> encoded BIP340 Schnorr signatures. The BIP here included, and proposed
> for the BIPs repository[2] is a bitcoin-specific design for
> OP_CHECKSIGFROMSTACK and OP_CHECKSIGFROMSTACKVERIFY. It further differs
> from Jeremy's email by specifying the repurposing of a NOP (NOP5) for
> OP_CHECKSIGFROMSTACKVERIFY to bring data signature verification to all
> script types, not only tapscript (although this is subject to
> change)[1].
>

Thanks for this detailed writeup. This all looks good to me. In
particular it's nice to have the BIP-342 upgrade feature (unknown
pubkeys are OP_SUCCESS) and support for batch verification (invalid
signatures are required to be the empty vector).

One minor open question is whether CSFS should exactly share the set of
public keys that CHECKSIG does. That is, should it be possible in a
future softfork to give CSFS a new type of pubkey that CHECKSIG does not
support, or vice-versa.

This doesn't actually need to be answered as part of a CSFS proposal; it
can be decided later when we have a usecase for this upgrade path. But
it may affect the choice of language when talking about the opcode so
it's worth thinking about whether we should assume it's possible for the
pubkey types to diverge. (For my part I say they should stay the same;
it's hard to imagine otherwise, and given that the proposal initially
uses exactly the set of pubkeys that CHECKSIG does, feels very pedantic
to suggest that they're different.)

-- 
Andrew Poelstra
Director, Blockstream Research
Email: apoelstra at wpsoftware.net
Web:   https://www.wpsoftware.net/andrew

The sun is always shining in space
    -Justin Lewis-Webster

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZipCKAcV49-xPhSs%40camus.

--OoC1cQBOMjISW3fx
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEkPnKPD7Je+ki35VexYjWPOQbl8EFAmYqQicACgkQxYjWPOQb
l8Exywf/SysZh8Aj+T0CgXdUNKRNzVU6IvqkhsBatNOL9HrzovmWgXqDXoVtNKCp
Tk+A4G77BFCrnXRXPDwaya2EfWL0MU2rYSYn238zqacz+trT2uT71WFp+0/MX4K9
I2OcvKlC2IC6DxssB0+Tb/3vIIrMCisSQfdzXsFsX+lOoGsCXuimAp5ev6y0WrS+
VmjYOeccrbOGAOyVFNsDv1If1ScslWTn6wi2gQJeJPo4ZafyJoh5Bb5MRxCVvEoh
fM2LB7FvwW/mE4Ai0/8cuHzrC/LafyJS+56QzCifJayGQzudWBVyOVCXcS6z2x3R
IS4hXsNHdhncw5Ebz/wxnl0gTwHD1w==
=0e96
-----END PGP SIGNATURE-----

--OoC1cQBOMjISW3fx--