📅 Original date posted:2023-01-17
🗒️ Summary of this message: A proposal to encourage address reuse for vaults may prevent combining vaults when spending normally, requiring multiple transactions. A solution is suggested to use a single vout for multiple inputs.
📝 Original message:On Mon, Jan 16, 2023 at 11:47:09PM +0000, Andrew Chow via bitcoin-dev wrote:
> It seems like this proposal will encourage address reuse for vaults,
(That is listed as an explicit goal: "A single vault scriptPubKey should
be able to "receive" multiple deposits")
> However the current construction makes it impossible to spend these
> vaults together. Since OP_VAULT requires the recovery script of the
> unvault output to match what's provided in the input,
I don't think this part is a big problem -- the recovery path requires
revealing a secret, but if you separate that secret from the recovery
path sPK, you could vary the secret. ie:
unvault1 delay recovery1 VAULT
unvault2 delay recovery2 VAULT
where recovery1 = SHA256(SHA256(secret1), rSPK) and recovery2 =
SHA256(SHA256(secret2), rSPK), and both are spendable when the top stack
element is secretN and the first output pays at least the sum of all
the OP_VAULT using inputs to rSPK. So batched recovery could work fine,
I think.
(If you're using the same "recovery" parameter to each VAULT, then
you're revealing which txs are in your vault at spend time, rather than
at receive time, which doesn't seem all that much better to me)
But the problem with this is it prevents you from combining vaults when
spending normally: so if you've got a bunch of vaults with 1 BTC each,
and want to spend 10 BTC on a house, you'll need to make 11 separate
transactions:
* 10 txs each spending a single vault utxo, satisfying
<uN> <delay> <rN> OP_VAULT
via the uN path, creating an output of
<outhash> <delay> <rN> OP_UNVAULT
* 1 tx spending all the OP_UNVAULT outputs to a common set of outputs
<uN>, with nSequence set to a relative timelock of at least <delay>
Whereas if you use an identical OP_VAULT script for all the utxos in
your vault, that can look like:
* 1 tx, spending all the vault utxos, to a single OP_UNVAULT output,
with the same <delay> <rN> that all the inputs share.
* 1 tx spending the OP_UNVAULT output after a delay
But maybe you can get the best of both worlds just by having the unvault
path for OP_VAULT require you to put the vout number for its corresponding
OP_UNVAULT output on the stack? Then if you're doing address reuse, you
use a single vout for multiple inputs; and if you're avoiding address
reuse, you use multiple outputs, and provide the mapping between inputs
and outputs explicitly.
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-07 23:18:22
in reply to nevent1q…cly9
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-07 23:18:22Event JSON
{
"id": "0809c53ab9a8420c6edbe23bab1264bf9b960980fc6b4f53aa2ae4a92e50b220",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686179902,
"kind": 1,
"tags": [
[
"e",
"a84542afe0efb7efffac7c1bbcfb71ebcb322bb4dd5fb2586b4f66533f300f6e",
"",
"root"
],
[
"e",
"1f12153d105cd9eb0d59b6a94c395396caba34488087349c8953445280103474",
"",
"reply"
],
[
"p",
"4a273da3c9ab85c096f859e6ca066d2fdfe762406cadc2f4d58aa75468aca8d0"
]
],
"content": "📅 Original date posted:2023-01-17\n🗒️ Summary of this message: A proposal to encourage address reuse for vaults may prevent combining vaults when spending normally, requiring multiple transactions. A solution is suggested to use a single vout for multiple inputs.\n📝 Original message:On Mon, Jan 16, 2023 at 11:47:09PM +0000, Andrew Chow via bitcoin-dev wrote:\n\u003e It seems like this proposal will encourage address reuse for vaults,\n\n(That is listed as an explicit goal: \"A single vault scriptPubKey should\nbe able to \"receive\" multiple deposits\")\n\n\u003e However the current construction makes it impossible to spend these\n\u003e vaults together. Since OP_VAULT requires the recovery script of the\n\u003e unvault output to match what's provided in the input,\n\nI don't think this part is a big problem -- the recovery path requires\nrevealing a secret, but if you separate that secret from the recovery\npath sPK, you could vary the secret. ie:\n\n unvault1 delay recovery1 VAULT\n unvault2 delay recovery2 VAULT\n\nwhere recovery1 = SHA256(SHA256(secret1), rSPK) and recovery2 =\nSHA256(SHA256(secret2), rSPK), and both are spendable when the top stack\nelement is secretN and the first output pays at least the sum of all\nthe OP_VAULT using inputs to rSPK. So batched recovery could work fine,\nI think.\n\n(If you're using the same \"recovery\" parameter to each VAULT, then\nyou're revealing which txs are in your vault at spend time, rather than\nat receive time, which doesn't seem all that much better to me)\n\nBut the problem with this is it prevents you from combining vaults when\nspending normally: so if you've got a bunch of vaults with 1 BTC each,\nand want to spend 10 BTC on a house, you'll need to make 11 separate\ntransactions:\n\n * 10 txs each spending a single vault utxo, satisfying\n \u003cuN\u003e \u003cdelay\u003e \u003crN\u003e OP_VAULT\n via the uN path, creating an output of\n \u003couthash\u003e \u003cdelay\u003e \u003crN\u003e OP_UNVAULT\n\n * 1 tx spending all the OP_UNVAULT outputs to a common set of outputs\n \u003cuN\u003e, with nSequence set to a relative timelock of at least \u003cdelay\u003e\n\nWhereas if you use an identical OP_VAULT script for all the utxos in\nyour vault, that can look like:\n\n * 1 tx, spending all the vault utxos, to a single OP_UNVAULT output,\n with the same \u003cdelay\u003e \u003crN\u003e that all the inputs share.\n\n * 1 tx spending the OP_UNVAULT output after a delay\n\nBut maybe you can get the best of both worlds just by having the unvault\npath for OP_VAULT require you to put the vout number for its corresponding\nOP_UNVAULT output on the stack? Then if you're doing address reuse, you\nuse a single vout for multiple inputs; and if you're avoiding address\nreuse, you use multiple outputs, and provide the mapping between inputs\nand outputs explicitly.\n\nCheers,\naj",
"sig": "be651d95c02d35b8e6efae5a9193b2a14268a8995765517cbc7470ff4b2dcf37909013a0df3dabd1e62fe4957742ef3ce6f338a02a249bb35b7f238d10bc74c4"
}