📅 Original date posted:2011-08-26
🗒️ Summary of this message: The proposal to whitelist the basic CHECKMULTISIG form seems uncontroversial, but there are some disadvantages to using it, such as the limit of 1000 in a block and the complexity of using HASH160 based addresses. The suggestion is to focus on a more general case to make it easier to validate and innovate with new scripts.
📝 Original message:>> Whitelisting the basic CHECKMULTISIG form (assuming it can be made to
>> work) seems uncontroversial, why not do it today?
>
> That seems like the right way forward.
>
> I just wrote a unit test and stepped through the CHECKMULTISIG code to
> see exactly what the bug is, and the offending line is:
> 797 int isig = ++i;
> 798 i += nSigsCount;
>
> It should be just int isig = i;
>
> The result is CHECKMULTISIG expects one extra item on the stack, so
> the workaround would be a standard transaction type of the form:
>
> scriptSig: OP_0 sig1...m
> scriptPubKey: m pubkey1...n n OP_CHECKMULTISIG
Right, that is the workaround in pull 319.
There is another disadvantage to CHECKMULTISIG - you currently can only
have 1000 of these in a block. This is because a CHECKMULTISIG is counted
as 20 sigop operations in GetSigOpCount, and you can have a maximum of
20000 sigops in a block (MAX_BLOCK_SIGOPS). This is in CheckBlock so
won't change anytime soon.
If you want to use HASH160 based addresses, CHECKMULTISIG looks even less
attractive. The shortest script with CHECKSIG is something like:
0
OVER 2SWAP CHECKSIG SWAP HASH160 {} EQUAL BOOLAND ADD // n times
m GREATERTHANOREQUAL
( thanks to coblee
https://gist.github.com/39158239e36f6af69d6f#gistcomment-47017 )
I think this is actually as short as the shortest you can do with
CHECKMULTISIG.
Another issue that came up during pull 319 discussion is whether to
support more general cases or more specific cases. For example, should we
optimize for the 1-of-2, 2-of-2 and 2-of-3 cases or should we just have
one script template for all m-of-n? I would propose focusing on a more
general case for the following reasons:
* It is easier to validate one general algorithm than an expanding set of
special-purpose functions. For example, I think the most people on this
list can validate the coblee script above for all n and m, but faced with
a bunch of special purpose scripts they might miss a bug.
* We don't have to expose the most general cases to the API, but it would
be nice if we didn't have to keep changing IsStandard as people find use
cases for 2-of-4, etc. With IsStandard remaining narrow, innovation with
new scripts is stifled because most client won't mine or relay
non-standard transactions.
* It would be less work for third-party software to track this
(blockexplorer, android wallet).
--
Bobby Groff
bgroff at lavabit.com [ARCHIVE] /
npub1ls…zmjm0
2023-06-07 02:19:01
in reply to nevent1q…wqls
Author Public Key
npub1lsuxxpc34zcm7966h6d59zamdhkztgum70t44ydyz8eqf9p9w2jq3zmjm0Published at
2023-06-07 02:19:01Event JSON
{
"id": "34c07f6b1259f422261791e8cb05873ea801f054038d36e34c547dd6f2785bf2",
"pubkey": "fc38630711a8b1bf175abe9b428bbb6dec25a39bf3d75a91a411f204942572a4",
"created_at": 1686104341,
"kind": 1,
"tags": [
[
"e",
"391ebcb8eb3f9b5884cfbf66f4a99b12c015cc93baa9452c114d68f52d1168ec",
"",
"root"
],
[
"e",
"bb042d76a913014c393fc844099ae42dc41a87cf841ed2c36bef8bfb3a2f96cb",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2011-08-26\n🗒️ Summary of this message: The proposal to whitelist the basic CHECKMULTISIG form seems uncontroversial, but there are some disadvantages to using it, such as the limit of 1000 in a block and the complexity of using HASH160 based addresses. The suggestion is to focus on a more general case to make it easier to validate and innovate with new scripts.\n📝 Original message:\u003e\u003e Whitelisting the basic CHECKMULTISIG form (assuming it can be made to\n\u003e\u003e work) seems uncontroversial, why not do it today?\n\u003e\n\u003e That seems like the right way forward.\n\u003e\n\u003e I just wrote a unit test and stepped through the CHECKMULTISIG code to\n\u003e see exactly what the bug is, and the offending line is:\n\u003e 797\t int isig = ++i;\n\u003e 798\t i += nSigsCount;\n\u003e\n\u003e It should be just int isig = i;\n\u003e\n\u003e The result is CHECKMULTISIG expects one extra item on the stack, so\n\u003e the workaround would be a standard transaction type of the form:\n\u003e\n\u003e scriptSig: OP_0 sig1...m\n\u003e scriptPubKey: m pubkey1...n n OP_CHECKMULTISIG\n\nRight, that is the workaround in pull 319.\n\nThere is another disadvantage to CHECKMULTISIG - you currently can only\nhave 1000 of these in a block. This is because a CHECKMULTISIG is counted\nas 20 sigop operations in GetSigOpCount, and you can have a maximum of\n20000 sigops in a block (MAX_BLOCK_SIGOPS). This is in CheckBlock so\nwon't change anytime soon.\n\nIf you want to use HASH160 based addresses, CHECKMULTISIG looks even less\nattractive. The shortest script with CHECKSIG is something like:\n\n0\nOVER 2SWAP CHECKSIG SWAP HASH160 {} EQUAL BOOLAND ADD // n times\nm GREATERTHANOREQUAL\n\n( thanks to coblee\nhttps://gist.github.com/39158239e36f6af69d6f#gistcomment-47017 )\n\nI think this is actually as short as the shortest you can do with\nCHECKMULTISIG.\n\nAnother issue that came up during pull 319 discussion is whether to\nsupport more general cases or more specific cases. For example, should we\noptimize for the 1-of-2, 2-of-2 and 2-of-3 cases or should we just have\none script template for all m-of-n? I would propose focusing on a more\ngeneral case for the following reasons:\n\n* It is easier to validate one general algorithm than an expanding set of\nspecial-purpose functions. For example, I think the most people on this\nlist can validate the coblee script above for all n and m, but faced with\na bunch of special purpose scripts they might miss a bug.\n\n* We don't have to expose the most general cases to the API, but it would\nbe nice if we didn't have to keep changing IsStandard as people find use\ncases for 2-of-4, etc. With IsStandard remaining narrow, innovation with\nnew scripts is stifled because most client won't mine or relay\nnon-standard transactions.\n\n* It would be less work for third-party software to track this\n(blockexplorer, android wallet).\n\n--\nBobby Groff",
"sig": "cb792881b5ee3f97a8a0b497ab989d2088cb1fe2ca822021fe950c19538c78aeef19bea63c5d7db2a00b7e7524d6f5bff5d8a8ff747c49085289d7f4952ce7e5"
}