Why Nostr? What is Njump?
2023-06-07 23:18:25
in reply to

James O'Beirne [ARCHIVE] on Nostr: 📅 Original date posted:2023-01-18 🗒️ Summary of this message: Three changes ...

📅 Original date posted:2023-01-18
🗒️ Summary of this message: Three changes have been implemented based on suggestions from Greg Sanders and AJ Towns, improving the proposal for Bitcoin vaults. These changes include improved privacy and efficiency, the ability to manage remaining vault balances separately, and the introduction of a replacement parameter for recovery processes. The author plans to make minor updates to the paper and start writing a BIP draft.
📝 Original message:I've implemented three changes based on suggestions from Greg Sanders
and AJ Towns.

I've segmented the changes into commits that should be
reasonable to follow, even though I'll probably rearrange the commit
structure later on.

1. Greg's suggestion: OP_UNVAULT outputs can now live behind
scripthashes. This means that the lifecycle of a vault can live entirely
within, say, Taproot. In this case the only thing that would reveal
the operation of the vault would be the content of the witness stack
when triggering an unvault or recovering. So I think no real privacy
benefits over the previous scheme, but certainly some efficiency ones
since we're moving more content from the scriptPubKey into the witness.

Commit here:
https://github.com/bitcoin/bitcoin/pull/26857/commits/cd33d120c67cda7eb5c6bbfe3a1ea9fb6c5b93d1

2. AJ's suggestion: unvault trigger transactions can now have an extra
"revault" output that redeposits some balance to the same vault
scriptPubKey from which it came. This is nice because if the delay
period is long, you may want to manage a remaining vault balance
separately while the spent balance is pending an unvault.

Commit here:
https://github.com/bitcoin/bitcoin/pull/26857/commits/cf3764fb503bc17c4438d1322ecf780b9dc3ef30

3. AJ's suggestion: instead of specifying <recovery-spk-hash>, introduce
a replacement parameter: <recovery-params>. This contains the same
target recovery sPK hash as before, but the remaining bytes contain a
scriptPubKey that functions as authorization for the recovery process.
This allows users to optionally avoid the risk of "recovery replays" at
the expense of having to maintain a recovery key. Users can opt out of
this by passing OP_TRUE for the recovery sPK. I guess maybe I could even
support just omitting an sPK altogether for the legacy behavior.

Commit here:
https://github.com/bitcoin/bitcoin/pull/26857/commits/fdfd5e93f96856fbb41243441177a40ebbac6085


The suggestions were good ones, and I think they've improved the
proposal.

My next steps are to do minor updates to the paper and start writing a
BIP draft.

Thanks to achow for the valuable feedback, which I'm still mulling on.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230118/a1c7719a/attachment.html>;
Author Public Key
npub1dpdfw74plzm03mzglkdegp3hqn6qs9yffqefa5kh98mru49nrg7szymz3t