andytoshi changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | This channel is logged. | For logs and more information, visit https://bitcoin.ninja
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
mol_ has quit [Ping timeout: 260 seconds]
mol has joined #bitcoin-wizards
maluk_ has quit [Ping timeout: 260 seconds]
maluk_ has joined #bitcoin-wizards
jadijadi has quit [Remote host closed the connection]
jadi has joined #bitcoin-wizards
jonatack has quit [Ping timeout: 246 seconds]
jonatack has joined #bitcoin-wizards
mol has quit [Ping timeout: 264 seconds]
proofofkeags has joined #bitcoin-wizards
jadi has quit [Remote host closed the connection]
mol has joined #bitcoin-wizards
mol has quit [Read error: Connection reset by peer]
mol has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 272 seconds]
mol has quit [Ping timeout: 246 seconds]
TheoStorm has joined #bitcoin-wizards
TheoStorm has quit [Ping timeout: 272 seconds]
TheoStorm has joined #bitcoin-wizards
fkinglag has quit [Ping timeout: 260 seconds]
jeremyrubin has joined #bitcoin-wizards
fkinglag has joined #bitcoin-wizards
mryandao has joined #bitcoin-wizards
mryandao_ has quit [Remote host closed the connection]
jonatack has quit [Quit: jonatack]
jonatack has joined #bitcoin-wizards
jonatack has quit [Read error: Connection reset by peer]
jonatack has joined #bitcoin-wizards
jonatack has quit [Client Quit]
jonatack has joined #bitcoin-wizards
jonatack has quit [Client Quit]
jonatack has joined #bitcoin-wizards
copumpkin has quit [Remote host closed the connection]
copumpkin has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
<Chris_Stewart_5>
andytoshi: Working my way through your OP_CAT blog posts. I have a question wrt to 'Then in principle, we could do a very simple sort of covenant: one where the user provides the hash of all the transaction data and the script checks a signature on this using both'
<Chris_Stewart_5>
Are you referring to the BIP143 hash for signature checking?
jonatack has quit [Read error: Connection reset by peer]
jonatack has joined #bitcoin-wizards
<andytoshi>
Chris_Stewart_5: yeah
<andytoshi>
err, in that post i think i'm using bip341
<Chris_Stewart_5>
andytoshi: Ok, so basically your transaction can have a convenant wrt to anything that is _not_ committed to in that digest? At least wrt to the hypothetical situation of having OP_CSFS (checksigfromstack) but no OP_CAT?
<Chris_Stewart_5>
Basically, you are losign me here
<Chris_Stewart_5>
>It turns out this sort of covenant can’t work, for a technical reason: the transaction data that CHECKSIG checks always includes the txid of the previous transaction
<Chris_Stewart_5>
The previous transaction (crediting/funding tx) should be pre-determined as it has to be referenced in the outpoints, no?
* jeremyrubin
coughs in checktemplateverify
jonatack has quit [Quit: jonatack]
<jeremyrubin>
andytoshi: not to be a citations-lease annoyance, but I would be happy to provide you to a bunch of links about vaults that might make sense to add to your post
<andytoshi>
i'd rather not cite a youtube vid because i can't quickly skim them
<andytoshi>
so i don't have any way of determining their content
<jeremyrubin>
gotcha -- it's a live demo of software for managing smart contract vaults -- you can link to https://youtu.be/UgIEJeJg_ik?t=330 for that segment
<Chris_Stewart_5>
In the words of the infamous homer simpson, doh!
<Chris_Stewart_5>
Also maybe this was just my lack of understanding, but I didn't realize OP_CAT can be used to _destruct_ concatenations along with construct them
<andytoshi>
lol maybe i should just link to these -wizards logs
<jeremyrubin>
The last point I'd make is that roconnor's "just do cat and checksig" proposal v.s. CTV is kinda funny because CTV was particularly designed to work nicely with OP_CAT s.t. you can pass parameters in to dynamically contstruct outputs
<jeremyrubin>
So part of why (IMO) it fell flat is that CTV + CAT is simpler than CAT + CHECKSIGFROMSTACK
<andytoshi>
oh that's a neat point
<jeremyrubin>
so the goal of "do this simpler thing" was not simpler
<Chris_Stewart_5>
one nit from the blog post, 'transaction hash' is sort of vague. I'm not sure if you are targetting less sophisticated users or something, but it would be nice to know _which_ hash? Tx hash could mean txid in my mind, which is what you aren't referring to i believe?
<jeremyrubin>
i had a similar convo with BlueMatt a year or so ago about covenants for payment pools -- not sure where matt's head is on it now, but you can do all the templating logic to construct your next txn, and it turns out no matter what you need something like CTV to finally enforce it
<jeremyrubin>
and CTV doesn't (ab)use the signature system, which is OK because why bother with EC math to effectively just check a hash
<jeremyrubin>
it's not exactly citable since repo is still closed, but I'm hoping to get https://github.com/sapio-lang/sapio/invitations releasable by the end of the month (just added you)
<andytoshi>
Chris_Stewart_5: yeah, good point, i'm (usually) referring to sighash
<andytoshi>
which is a bit obscure and i shuold be explicit about it
<jeremyrubin>
it's built to be able to handle both CTV-like and recursive covenants
<andytoshi>
jeremyrubin: perhaps you could write a blog post describing how ctv would super-power cat
<andytoshi>
and be strictly better than checksigfromstack+cat (if that is indeed your view)
<jeremyrubin>
I'm not positive that OP_CAT + CTV enables recursion though. I don't think I ever proved that it does
<jeremyrubin>
Which is sort of intentional.
<jeremyrubin>
There's a archive post (I'll find somewhere) about designing CTV to enable a minimum amount
<jeremyrubin>
and then making it flexible to permit extending it as a base opcode when we want more
<jeremyrubin>
E.g., if we want recursion we should add OP_SPENDING_FROM_INPUT
<andytoshi>
you can do a hacky sort of recursion with just cat :P
<andytoshi>
and taproot
<jeremyrubin>
I was trying to follow it exactly but it seems it didn't work end-to-end?
<andytoshi>
if it doesn't work i'm interested to hear it
<jeremyrubin>
maybe I misread but you seemed to be saying it doesn't work
<andytoshi>
it'll be a while before i can work on implementing it, i'm working on stuff on elements now where i have real checksigfromstack and can directly do recursion
<andytoshi>
jeremyrubin: i can do finite state machines
<jeremyrubin>
lemme re-read
<andytoshi>
so i don't have full recursion, but i have enough recursion to do vaults
<jeremyrubin>
yeah that's the main one I was looking at
<andytoshi>
the "transaction preimaging" section is the hacky scheme
<jeremyrubin>
BTW you should try out Sapio -- I'm still figuring out licensing crap -- but you can impl the CTVEmulator trait for CheckSigFromStackCovenenatScript and it will work on elements for FSM programming today
<BlueMatt>
jeremyrubin: "not sure where matt's head is on it now" <-- still think we should deliberately enable recursion so that we can get the benefits of it and focus on making it clean, vs accidentally having it via cat, but, eh, I dont have time to work on it, so I'm not gonna stand in anything's way.
<andytoshi>
the benefit of cat is just that it's such an insanely small diff
<jeremyrubin>
andytoshi: shastream op is better tho imo :/
<jeremyrubin>
also a small diff :)
justan0theruser has joined #bitcoin-wizards
<andytoshi>
mm i think it's 3 ops :P initialize, stream, finalize?
<andytoshi>
maybe 2
<jeremyrubin>
nah
<jeremyrubin>
doesn't have to be
<andytoshi>
and people would want you to do it for all the hashes, for completeness
<jeremyrubin>
you can just have a b c 3 shatream
<andytoshi>
i guess not, you can get hash256 by double-sha'ing
<andytoshi>
and ripemd160 is probably reasonable to just stop supporting in new stuff cuz it's too short
<jeremyrubin>
sha1 tho
<andytoshi>
that's probably even easier to refuse to support :P
<jeremyrubin>
in case you want to check if two things are the same but maybe a little bit different
justanotheruser has quit [Ping timeout: 264 seconds]
rockhouse1 has joined #bitcoin-wizards
<jeremyrubin>
andytoshi: "
<jeremyrubin>
there is no way (that I can find) to compute
<jeremyrubin>
a taproot commitment in Script+`CAT`, at least not without knowing the discrete
<jeremyrubin>
logarithm of the commitment.
<jeremyrubin>
oops line formatting :/
Emcy_ has joined #bitcoin-wizards
ryan-c` has joined #bitcoin-wizards
pinheadmz_ has joined #bitcoin-wizards
<jeremyrubin>
but uh that sounds like you're saying it can't be done which is where I got confused
Emcy_ has quit [Remote host closed the connection]
Emcy_ has joined #bitcoin-wizards
<jeremyrubin>
BTW the "value switching" is how CTV is intended to be used w/ taproot
<andytoshi>
ah yes, so you _can_ do the limited form of recursion where you're always sending back to the same taproot output
<jeremyrubin>
"In any case, a user is more likely to, given Tapscript's API, compile any code with multiple OP_CHECKOUTPUTSHASHVERIFY operations into separate branches. "
thrasher`_ has joined #bitcoin-wizards
Chris_Stewart_5 has quit [*.net *.split]
IGHOR has quit [*.net *.split]
grubles has quit [*.net *.split]
shesek has quit [*.net *.split]
pinheadmz has quit [*.net *.split]
ryan-c has quit [*.net *.split]
nickler has quit [*.net *.split]
thrasher` has quit [*.net *.split]
adiabat_ has quit [*.net *.split]
rockhouse has quit [*.net *.split]
Hansie has quit [*.net *.split]
harrigan- has quit [*.net *.split]
Emcy has quit [*.net *.split]
marcoagn1 has quit [*.net *.split]
justinmoon has quit [*.net *.split]
bswartz has quit [*.net *.split]
ryan-c` is now known as ryan-c
rockhouse1 is now known as rockhouse
Hansie3 is now known as Hansie
nickler has joined #bitcoin-wizards
spinza has quit [Read error: Connection reset by peer]
CubicEarth has quit [Ping timeout: 246 seconds]
Chris_St1 has quit [Quit: WeeChat 2.8]
Chris_Stewart_5 has joined #bitcoin-wizards
pinheadmz_ has quit [Quit: ZNC 1.8.2+deb1+bionic2 - https://znc.in]
spinza has joined #bitcoin-wizards
CubicEarth has joined #bitcoin-wizards
adiabat_ has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
pinheadmz has joined #bitcoin-wizards
marcoagn1 has joined #bitcoin-wizards
bswartz has joined #bitcoin-wizards
bswartz has joined #bitcoin-wizards
<darosior>
Fwiw regarding revault we moved from re-vault to https://github.com/revault . Reading the blog posts now, interestingly i was thinking last week that we could emulate Revault's cosigning servers with something like a customizable CTV and NOINPUT but that's handwavy..
<jeremyrubin>
darosior: I have the oposite setup
<jeremyrubin>
I make Sapio (soon (TM)) have a CTV EMulator that is pluggable with either CTV or a configurable signing server federation :)
<jeremyrubin>
CTV Emulator is just a rust trait so anyone can make their own custom kind if they want
<darosior>
jeremyrubin: what makes it the opposite setup ?
<jeremyrubin>
You are looking to emulate signing servers with CTV, I am emulating CTV with signing servers :)
<darosior>
Oh, yes hehe :)
<darosior>
But CTV only (or a custom template flavour) does not work as our anti-replay oracles act at spending time, not pre-signing time