📅 Original date posted:2016-09-20
📝 Original message:On Tuesday, September 20, 2016 5:15:45 PM Tom via bitcoin-dev wrote:
> As the title suggests, I would like to formally request the assignment of a
> BIP number for my FT spec.
Please open a pull request on the bitcoin/bips repo after this has been
discussed a bit on the ML.
Note that at least a basic backwards compatibility section is required for
assignment, especially since this appears to be a hard-fork proposal (if it is
meant as a soft-fork, please explain how that would work).
> ==Motivation==
>
> Token based file-formats are not new, systems like XML and HTMl use a
> similar system to allow future growth and they have been quite successful
> for decades in part because of this property.
There is already a binary-safe format called EBML. Why not use that as the
basis for this BIP?
> Next to that this protocol upgrade will re-order the data-fields which
> allows us to cleanly fix the malleability issue which means that future
> technologies like Lightning Network will depend on this BIP being deployed.
Note this won't fix malleability entirely, only third-party malleability (much
like segwit). The sender can always modify the transaction with more
inputs/outputs.
> |TxEnd || 0 ||BoolTrue || Required ||A marker that is the last
> byte in the txid calculation
The last byte in the txid calculation, or the last byte of the entire
transaction?
It seems from the later comments, that it is the end of the transaction as a
whole. Yet a separator between the txid and non-txid data would probably be
valuable, rather than hard-coding txid to skip signature types (which may be
unknown to old nodes, when extended).
> The OP_CHECKSIG is the most well known and, as its name implies, it
> validates a signature.
> In the new version of 'script' (version 2) the data that is signed is
> changed to be equivalent to the transaction-id. This is a massive
> simplification and also the only change between version 1 and version 2 of
> script.
This seems to be a major regression. What is the replacement for
SIGHASH_SINGLE and SIGHASH_ANYONECANPAY?
When revising OP_CHECKSIG, it would also be nice to add the ability to use
*only* a hash of the prevout's scriptPubKey in the input, so that *when* the
prevtx is malleated, the spending one remains valid. (This use case is
currently not supported.)
> === Serialization order===
>
> The tokens defined above have to be serialized in a certain order for the
> transaction to be well-formatted. Not serializing transactions in the
> order specified would allow multiple interpretations of the data which
> can't be allowed.
What happens if nodes encounter a different order in a block?
> Notice that the token ScriptVersion is currently not allowed because we
> don't have any valid value to give it. But if we introduce a new script
> version it would be placed in the outputs segment.
What happens if I put ScriptVersion=1 here?
> === Script v2 ===
>
> TODO: does check-multisig need its own mention?
Does multisig still require a dummy item on the stack?
> === Block-malleability ===
>
> For this reason the merkle tree is extended to include (append) the hash of
> the v4 transactions (and those alone) where the hash is taken over a
> data-blob that is build up from:
How should nodes know where in the merkle-tree the txids end, and the v4hashes
begin?
Luke
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 17:53:25
in reply to nevent1q…0w7f
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nPublished at
2023-06-07 17:53:25Event JSON
{
"id": "c98867732b248b876406614fb2bd53a763285c4ec5e2c32268b15aa84204e5dc",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686160405,
"kind": 1,
"tags": [
[
"e",
"1a569d98e0e6ce5c9d61181fddad681419ffdb691b73a42ccb4919035df06596",
"",
"root"
],
[
"e",
"bc9646964a1d89e38594d093d9776c71c06887ef46f1daf27862768310278e0a",
"",
"reply"
],
[
"p",
"bc4b5c3c366f36f93aa3e261f5c7832ecb85137537baf5e8f00a4321e85f0477"
]
],
"content": "📅 Original date posted:2016-09-20\n📝 Original message:On Tuesday, September 20, 2016 5:15:45 PM Tom via bitcoin-dev wrote:\n\u003e As the title suggests, I would like to formally request the assignment of a\n\u003e BIP number for my FT spec.\n\nPlease open a pull request on the bitcoin/bips repo after this has been \ndiscussed a bit on the ML.\n\nNote that at least a basic backwards compatibility section is required for \nassignment, especially since this appears to be a hard-fork proposal (if it is \nmeant as a soft-fork, please explain how that would work).\n\n\u003e ==Motivation==\n\u003e \n\u003e Token based file-formats are not new, systems like XML and HTMl use a\n\u003e similar system to allow future growth and they have been quite successful\n\u003e for decades in part because of this property.\n\nThere is already a binary-safe format called EBML. Why not use that as the \nbasis for this BIP?\n\n\u003e Next to that this protocol upgrade will re-order the data-fields which\n\u003e allows us to cleanly fix the malleability issue which means that future\n\u003e technologies like Lightning Network will depend on this BIP being deployed.\n\nNote this won't fix malleability entirely, only third-party malleability (much \nlike segwit). The sender can always modify the transaction with more \ninputs/outputs.\n\n\u003e |TxEnd || 0 ||BoolTrue || Required ||A marker that is the last\n\u003e byte in the txid calculation\n\nThe last byte in the txid calculation, or the last byte of the entire \ntransaction?\n\nIt seems from the later comments, that it is the end of the transaction as a \nwhole. Yet a separator between the txid and non-txid data would probably be \nvaluable, rather than hard-coding txid to skip signature types (which may be \nunknown to old nodes, when extended).\n\n\u003e The OP_CHECKSIG is the most well known and, as its name implies, it\n\u003e validates a signature.\n\u003e In the new version of 'script' (version 2) the data that is signed is\n\u003e changed to be equivalent to the transaction-id. This is a massive\n\u003e simplification and also the only change between version 1 and version 2 of\n\u003e script.\n\nThis seems to be a major regression. What is the replacement for \nSIGHASH_SINGLE and SIGHASH_ANYONECANPAY?\n\nWhen revising OP_CHECKSIG, it would also be nice to add the ability to use \n*only* a hash of the prevout's scriptPubKey in the input, so that *when* the \nprevtx is malleated, the spending one remains valid. (This use case is \ncurrently not supported.)\n\n\u003e === Serialization order===\n\u003e \n\u003e The tokens defined above have to be serialized in a certain order for the\n\u003e transaction to be well-formatted. Not serializing transactions in the\n\u003e order specified would allow multiple interpretations of the data which\n\u003e can't be allowed.\n\nWhat happens if nodes encounter a different order in a block?\n\n\u003e Notice that the token ScriptVersion is currently not allowed because we\n\u003e don't have any valid value to give it. But if we introduce a new script\n\u003e version it would be placed in the outputs segment.\n\nWhat happens if I put ScriptVersion=1 here?\n\n\u003e === Script v2 ===\n\u003e \n\u003e TODO: does check-multisig need its own mention?\n\nDoes multisig still require a dummy item on the stack?\n\n\u003e === Block-malleability ===\n\u003e \n\u003e For this reason the merkle tree is extended to include (append) the hash of\n\u003e the v4 transactions (and those alone) where the hash is taken over a\n\u003e data-blob that is build up from:\n\nHow should nodes know where in the merkle-tree the txids end, and the v4hashes \nbegin?\n\nLuke",
"sig": "acfde156579f15f61662efbd3de83faaf34756719c1bbc490ec46031481328522fb482b79a7c08bf9c537871357d1624e067f28c3c8719d2f64682990ed67f94"
}