📅 Original date posted:2023-05-01
🗒️ Summary of this message: The email discusses oversights in a previous email regarding a contract's embedded data and suggests a solution to store a hash instead. It also proposes a fix for a potential cheating scenario in a game played offline.
📝 Original message:Hi all,
I apologize for a couple of oversights in my last e-mail.
The first is that m_B can't be committed as-is in the contract's
embedded data, with the current semantics of OP_COCV, which
only allows 32-byte values. A solution could be to store its
hash SHA256(m_B), instead.
(I didn't test the Scripts, so there could be other bugs − hopefully the
general idea is clear, anyway)
On Mon, 1 May 2023 at 15:11, Salvatore Ingala <salvatore.ingala at gmail.com>
wrote:
> If the internal_pubkey is a musig-aggregated key of Alice and Bob,
> the game can be settled entirely offline after the first transaction.
> Simply, Bob communicates his move to Alice, Alice reveals her move to
> Bob, and they can settle the bet. The game would be played without
> any script being executed, therefore all transactions could look like
> any other P2TR, with the only possible fingerprinting being due to the
> input amounts.
>
This is incomplete: Alice can't trust Bob by revealing her move, as
he could then cheat on-chain and play a different move.
The fix should be straightforward, after adding the requirement that the
internal pubkey of [S1] is a musig2 of both players.
After Bob reveals his move (say, Rock), Alice will only agree to continue
the game off-chain if Bob pre-signs transactions for the state [S1] (where
m_B = Paper, and m_B = Scissors) that send all the money to Alice.
This guarantees that a cheating Bob is punished.
Best,
Salvatore Ingala
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230501/a850251d/attachment.html>;
Salvatore Ingala [ARCHIVE] /
npub1lp…c74n4
2023-06-07 23:21:08
in reply to nevent1q…v22a
Author Public Key
npub1lpkmxpl2zhk0w30vtdz7s64ml9644k785eggmjsjgs7wman3szzqac74n4Published at
2023-06-07 23:21:08Event JSON
{
"id": "8cf599608659079b0227e57be52bdef473e5a35653c0ae0fcc48cfbd6e9aa922",
"pubkey": "f86db307ea15ecf745ec5b45e86abbf9755adbc7a6508dca12443cedf6718084",
"created_at": 1686180068,
"kind": 1,
"tags": [
[
"e",
"500d1583685224e78093a7b1e94b55fe48ea9754e88e656744e0fa5e949018f0",
"",
"root"
],
[
"e",
"5644078cdb1bd2ff2646da4a36c661fc0bca2808fe1829e82e50332a49938b9f",
"",
"reply"
],
[
"p",
"f86db307ea15ecf745ec5b45e86abbf9755adbc7a6508dca12443cedf6718084"
]
],
"content": "📅 Original date posted:2023-05-01\n🗒️ Summary of this message: The email discusses oversights in a previous email regarding a contract's embedded data and suggests a solution to store a hash instead. It also proposes a fix for a potential cheating scenario in a game played offline.\n📝 Original message:Hi all,\n\nI apologize for a couple of oversights in my last e-mail.\n\nThe first is that m_B can't be committed as-is in the contract's\nembedded data, with the current semantics of OP_COCV, which\nonly allows 32-byte values. A solution could be to store its\nhash SHA256(m_B), instead.\n\n(I didn't test the Scripts, so there could be other bugs − hopefully the\ngeneral idea is clear, anyway)\n\nOn Mon, 1 May 2023 at 15:11, Salvatore Ingala \u003csalvatore.ingala at gmail.com\u003e\nwrote:\n\n\u003e If the internal_pubkey is a musig-aggregated key of Alice and Bob,\n\u003e the game can be settled entirely offline after the first transaction.\n\u003e Simply, Bob communicates his move to Alice, Alice reveals her move to\n\u003e Bob, and they can settle the bet. The game would be played without\n\u003e any script being executed, therefore all transactions could look like\n\u003e any other P2TR, with the only possible fingerprinting being due to the\n\u003e input amounts.\n\u003e\n\nThis is incomplete: Alice can't trust Bob by revealing her move, as\nhe could then cheat on-chain and play a different move.\n\nThe fix should be straightforward, after adding the requirement that the\ninternal pubkey of [S1] is a musig2 of both players.\nAfter Bob reveals his move (say, Rock), Alice will only agree to continue\nthe game off-chain if Bob pre-signs transactions for the state [S1] (where\nm_B = Paper, and m_B = Scissors) that send all the money to Alice.\nThis guarantees that a cheating Bob is punished.\n\nBest,\nSalvatore Ingala\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230501/a850251d/attachment.html\u003e",
"sig": "253d20b0d0625be271914f5385d9726791f7033f9accf8fce91dbc97cc83cd168f680c13fb6edebf7e3de1b71340061b3cdb4cc7a4e83982e1909106c081472d"
}