📅 Original date posted:2011-12-29
🗒️ Summary of this message: OP_EVAL rollout on main network may be delayed, but deploying it on testnet quickly can allow for real-life application testing and adjustments.
📝 Original message:> RE: delaying EVAL rollout: I could live with rolling out just BIP 11
> (up-to-3-signature-CHECKMULTISIG as 'standard' transactions) and
> delaying EVAL rollout on the main network, but I worry that will just
> encourage people to delay thoroughly reviewing/testing for a couple of
> months, and we'll be right back here at the beginning of March.
How about releasing it on testnet first? If you want "less smart" people
such as myself to help test, well I don't think I would get anywhere if
I tried to abstractly reason about every possibility. Low-level testing
is certainly important, but for me "thorough testing" requires an actual
network of nodes (running different clients) and applications capable of
creating and verifying real OP_EVAL transactions.
My suggestion would be: Deploy OP_EVAL on testnet quickly, let's build
some real-life applications and if it works well, /then /let's pull the
trigger for mainnet. If some issues or improvements arise, we'll have a
chance to adjust it and try again.
I don't think this is too conservative or paranoid. I think this is a
textbook use case for testnet.
On 12/29/2011 7:00 PM, Gavin Andresen wrote:
> RE: preventing OP_EVAL from executing the result of calculations:
>
>> This is not adequate:<data> OP_SHA256 OP_EVAL runs random code that is more> than 5 bytes.
> Good point, the rule should be "OP_EVAL shall fail if asked to execute
> 8 or fewer bytes."
>
> RE: this minor disadvantage:
>
>>> OP_EVALs are not executed, and so the code associated with them does
>>> not have to be part of the transaction, if they are in the
>>> non-executed branch of an OP_IF. That could be good for privacy, and
>>> could be good for reducing block-chain size.
>> I don't understand the above paragraph.
> It is the "Either This or That can redeem" case that motivated me to
> allow 2-deep EVAL recursion.
>
> Start with the most straightforward code for doing "this or that" (in
> pseudocode):
>
> scriptSig:<sigs> <either the code for This or the code for That>
> scriptPuKey:
> IF<hash of code> EQUALS hash of This or hash of That:
> EVAL
> ELSE
> fail validation
> ENDIF
>
> That can be done with CODESEPARATOR/CODEHASH.
>
> But if you want to then bundle that up so the scriptPubKey is a
> standard 'pay to script', you get:
>
> scriptSig:<sigs> <either the code for This or the code for That>
> <serialized IF... code from above>
> scriptPubKey: ... standard DUP HASH160<> EQUALVERIFY EVAL
>
> To be backwards compatible with old clients the scriptSig would have to be:
>
> <hash1> <hash2> <sigs> CODESEPARATOR this_or_that_code
> CODEHASH
> CODESEPARATOR
> IF<hash of code> does not equal hash2:
> fail verification
> ENDIF
>
> That could only be done if the definition of CODEHASH was modified to
> hash only the stuff between CODESEPARATORS instead of hashing from
> CODESEPARATOR to the end of the scriptSig.
>
> RE: static analysis:
>
>> Yes, but maybe there is other static analysis miners may want to do. I
>> can't imagine every scenario.
> The vast majority of miners are "discouraging" (not relaying or
> putting into blocks) anything besides 'standard' transaction types.
>
> Until somebody smarter than me (like Russell) has done a deep analysis
> of Script and all of its opcodes, I don't think that should change.
> The standard transaction types are easy to reason about, and the
> standard types extended with OP_EVAL are also easy to reason about--
> you can template-match them to find out how many ECDSA operations a
> CHECKMULTISIG will do, etc.
>
> Again, in practice, I don't think EVAL as proposed is a danger.
>
> RE: delaying EVAL rollout: I could live with rolling out just BIP 11
> (up-to-3-signature-CHECKMULTISIG as 'standard' transactions) and
> delaying EVAL rollout on the main network, but I worry that will just
> encourage people to delay thoroughly reviewing/testing for a couple of
> months, and we'll be right back here at the beginning of March.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111229/6e7f0034/attachment.html>;
Stefan Thomas [ARCHIVE] /
npub1f8…ap20e
2023-06-07 02:53:38
in reply to nevent1q…mp7j
Author Public Key
npub1f8c8h5evqyy29yp6p7jelyzw6vfwp6jz05exn66l4ygwkj57ytzqmap20eSeen on
wss://relay.nostr.bandPublished at
2023-06-07 02:53:38Event JSON
{
"id": "3d7b9c7c10623147c8d783049fbf1ccbdf59def9243da736289896579545898d",
"pubkey": "49f07bd32c0108a2903a0fa59f904ed312e0ea427d3269eb5fa910eb4a9e22c4",
"created_at": 1686106418,
"kind": 1,
"tags": [
[
"e",
"9a940b93a02313cdd87199fd3d7a873bc06ba92e835205564dcc696f8e0046db",
"",
"root"
],
[
"e",
"4d0b149f3f2166a99fc5576c32c51fd2201d0bd774ec365cb2dbb50652ede3e4",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2011-12-29\n🗒️ Summary of this message: OP_EVAL rollout on main network may be delayed, but deploying it on testnet quickly can allow for real-life application testing and adjustments.\n📝 Original message:\u003e RE: delaying EVAL rollout: I could live with rolling out just BIP 11\n\u003e (up-to-3-signature-CHECKMULTISIG as 'standard' transactions) and\n\u003e delaying EVAL rollout on the main network, but I worry that will just\n\u003e encourage people to delay thoroughly reviewing/testing for a couple of\n\u003e months, and we'll be right back here at the beginning of March.\n\nHow about releasing it on testnet first? If you want \"less smart\" people \nsuch as myself to help test, well I don't think I would get anywhere if \nI tried to abstractly reason about every possibility. Low-level testing \nis certainly important, but for me \"thorough testing\" requires an actual \nnetwork of nodes (running different clients) and applications capable of \ncreating and verifying real OP_EVAL transactions.\n\nMy suggestion would be: Deploy OP_EVAL on testnet quickly, let's build \nsome real-life applications and if it works well, /then /let's pull the \ntrigger for mainnet. If some issues or improvements arise, we'll have a \nchance to adjust it and try again.\n\nI don't think this is too conservative or paranoid. I think this is a \ntextbook use case for testnet.\n\n\nOn 12/29/2011 7:00 PM, Gavin Andresen wrote:\n\u003e RE: preventing OP_EVAL from executing the result of calculations:\n\u003e\n\u003e\u003e This is not adequate:\u003cdata\u003e OP_SHA256 OP_EVAL runs random code that is more\u003e than 5 bytes.\n\u003e Good point, the rule should be \"OP_EVAL shall fail if asked to execute\n\u003e 8 or fewer bytes.\"\n\u003e\n\u003e RE: this minor disadvantage:\n\u003e\n\u003e\u003e\u003e OP_EVALs are not executed, and so the code associated with them does\n\u003e\u003e\u003e not have to be part of the transaction, if they are in the\n\u003e\u003e\u003e non-executed branch of an OP_IF. That could be good for privacy, and\n\u003e\u003e\u003e could be good for reducing block-chain size.\n\u003e\u003e I don't understand the above paragraph.\n\u003e It is the \"Either This or That can redeem\" case that motivated me to\n\u003e allow 2-deep EVAL recursion.\n\u003e\n\u003e Start with the most straightforward code for doing \"this or that\" (in\n\u003e pseudocode):\n\u003e\n\u003e scriptSig:\u003csigs\u003e \u003ceither the code for This or the code for That\u003e\n\u003e scriptPuKey:\n\u003e IF\u003chash of code\u003e EQUALS hash of This or hash of That:\n\u003e EVAL\n\u003e ELSE\n\u003e fail validation\n\u003e ENDIF\n\u003e\n\u003e That can be done with CODESEPARATOR/CODEHASH.\n\u003e\n\u003e But if you want to then bundle that up so the scriptPubKey is a\n\u003e standard 'pay to script', you get:\n\u003e\n\u003e scriptSig:\u003csigs\u003e \u003ceither the code for This or the code for That\u003e\n\u003e \u003cserialized IF... code from above\u003e\n\u003e scriptPubKey: ... standard DUP HASH160\u003c\u003e EQUALVERIFY EVAL\n\u003e\n\u003e To be backwards compatible with old clients the scriptSig would have to be:\n\u003e\n\u003e \u003chash1\u003e \u003chash2\u003e \u003csigs\u003e CODESEPARATOR this_or_that_code\n\u003e CODEHASH\n\u003e CODESEPARATOR\n\u003e IF\u003chash of code\u003e does not equal hash2:\n\u003e fail verification\n\u003e ENDIF\n\u003e\n\u003e That could only be done if the definition of CODEHASH was modified to\n\u003e hash only the stuff between CODESEPARATORS instead of hashing from\n\u003e CODESEPARATOR to the end of the scriptSig.\n\u003e\n\u003e RE: static analysis:\n\u003e\n\u003e\u003e Yes, but maybe there is other static analysis miners may want to do. I\n\u003e\u003e can't imagine every scenario.\n\u003e The vast majority of miners are \"discouraging\" (not relaying or\n\u003e putting into blocks) anything besides 'standard' transaction types.\n\u003e\n\u003e Until somebody smarter than me (like Russell) has done a deep analysis\n\u003e of Script and all of its opcodes, I don't think that should change.\n\u003e The standard transaction types are easy to reason about, and the\n\u003e standard types extended with OP_EVAL are also easy to reason about--\n\u003e you can template-match them to find out how many ECDSA operations a\n\u003e CHECKMULTISIG will do, etc.\n\u003e\n\u003e Again, in practice, I don't think EVAL as proposed is a danger.\n\u003e\n\u003e RE: delaying EVAL rollout: I could live with rolling out just BIP 11\n\u003e (up-to-3-signature-CHECKMULTISIG as 'standard' transactions) and\n\u003e delaying EVAL rollout on the main network, but I worry that will just\n\u003e encourage people to delay thoroughly reviewing/testing for a couple of\n\u003e months, and we'll be right back here at the beginning of March.\n\u003e\n\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111229/6e7f0034/attachment.html\u003e",
"sig": "eeae151a5d8a20d3373dc26b01fa5a6e0fa4835b8ff0b434e232fb0dfb1a14f3d28f5f29b80098e644020b210c431ba2c2a2eb689a16f32fdd1196027e80e503"
}