📅 Original date posted:2021-04-16
📝 Original message:Good morning Christopher,
> >> But more importantly, adding limitations on OP_RETURN transactions is not helpful. Users who want to embed arbitrary data in their transactions can always do so by encoding their data inside the values of legacy multi-signature scriptpubkeys (pubkeys can be generated without knowing the private key in order to encode non-key related data). Not only can users do this, users have done this in the past. However, this behaviour is problematic because such multi-signature "data" scriptpubkeys are indistinguishable from "real" multisignature scriptpubkeys, and thus must be kept in the UTXO set. This differs from outputs using OP_RETURN which are provably unspendable, and therefore can be safely omitted from the UTXO set.
>
> This sounds like a good justification to remove the legacy multi-signature capabilities as well.
The same technique can be used on P2PKH as well --- the "pubkey hash" need not be a hash of a public key, it can be a 20-byte commitment, or even an ASCII message like "ZmnSCPxj is the best" (20 characters, I counted).
There is nothing that *can* check if the hash of a public key is indeed the hash of a public key unless you actually reveal the public key.
If you need a 32-byte commitment, a P2WSH would work --- again the "script hash" need not be a hash of a script, it can be any 32-byte commitment.
In all these cases you have to waste 547 satoshi, but that tends to be small compared to tx fees currently.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5…3ms3l
2023-06-07 18:31:35
in reply to nevent1q…lvpk
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lSeen on
wss://relay.noswhere.comPublished at
2023-06-07 18:31:35Event JSON
{
"id": "952ce1a339ec8b4124d61331050e342ee4987a0962a5138d9bbe3c0ce093c371",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686162695,
"kind": 1,
"tags": [
[
"e",
"05257ee76521a4b0a7a99d485b789d700ff2df92d74daa2032d8f5697bc9d8ff",
"",
"root"
],
[
"e",
"efd4e1a0b14197df92b98e8aa3b5457919ab09725ff8356f381dce067d5aecb8",
"",
"reply"
],
[
"p",
"ee55eb03423bd4db01d5c92ad434d52c602d9da1de37ed37cc5bf7d2a13a4cab"
]
],
"content": "📅 Original date posted:2021-04-16\n📝 Original message:Good morning Christopher,\n\n\u003e \u003e\u003e But more importantly, adding limitations on OP_RETURN transactions is not helpful. Users who want to embed arbitrary data in their transactions can always do so by encoding their data inside the values of legacy multi-signature scriptpubkeys (pubkeys can be generated without knowing the private key in order to encode non-key related data). Not only can users do this, users have done this in the past. However, this behaviour is problematic because such multi-signature \"data\" scriptpubkeys are indistinguishable from \"real\" multisignature scriptpubkeys, and thus must be kept in the UTXO set. This differs from outputs using OP_RETURN which are provably unspendable, and therefore can be safely omitted from the UTXO set.\n\u003e\n\u003e This sounds like a good justification to remove the legacy multi-signature capabilities as well.\n\nThe same technique can be used on P2PKH as well --- the \"pubkey hash\" need not be a hash of a public key, it can be a 20-byte commitment, or even an ASCII message like \"ZmnSCPxj is the best\" (20 characters, I counted).\nThere is nothing that *can* check if the hash of a public key is indeed the hash of a public key unless you actually reveal the public key.\n\nIf you need a 32-byte commitment, a P2WSH would work --- again the \"script hash\" need not be a hash of a script, it can be any 32-byte commitment.\n\nIn all these cases you have to waste 547 satoshi, but that tends to be small compared to tx fees currently.\n\nRegards,\nZmnSCPxj",
"sig": "f03ee2cf994664e46793bf0ce15c13a583a43f13306e1582644c0ad30b2e10b90389d1ef069e82887e7e44e37f222114a9889956a2c3f75cd5973c945a86c0c6"
}