📅 Original date posted:2023-02-07
🗒️ Summary of this message: Discussion on the variable size of Taproot spends and the possibility of allowing complex P2TR outputs into coinjoins, with potential DoS attacks.
📝 Original message:On Tue, Feb 07, 2023 at 11:36:58AM +0200, Nadav Ivgi via bitcoin-dev wrote:
> > Since Taproot (more generally any kind of MAST) spends have variable size
>
> Isn't this the case with any arbitrary script execution? Non-taproot
This is even been true for P2PKH inputs: you can double the space of your
scriptSigs by using uncompressed pubkeys instead of compressed pubkeys.
> If the goal is to only allow registering simple singlesig-encumbered UTXOs
> like P2(W)PKH, the participants could be asked to prove that their P2TR
> output commits to an unspendable script path [0].
Technically, only the last person to sign needs to prove this in advance.
Everyone else can prove it with their signatures.
This distinction could be useful to support coinjoin participants spending
complex P2TR outputs into coinjoins, a perfectly valid use-case in theory so
long as they're paying appropriate fees. Though due to how difficult it is to
validate scripts reliably outside the consensus code base, allowing this for
arbitrary scripts could lead to DoS attacks where someone takes advantage of a
bug in script execution to create an invalid transaction.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230207/03253ed3/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2…a2np2
2023-06-07 23:19:25
in reply to nevent1q…lf7a
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 23:19:25Event JSON
{
"id": "eb4045900808ef5c674157fa89ee6e0649f0d3c27f0014b9c7b705fc7b78f349",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686179965,
"kind": 1,
"tags": [
[
"e",
"1cb271826c48de88a6304ac8ffedd6340167a6ad4b82c11ba779c915dfc4192e",
"",
"root"
],
[
"e",
"76b41068ee28f219d249387522eaabc0e05823a5563b818ddf6458a4c7389655",
"",
"reply"
],
[
"p",
"4a9c50edfac56c5e90e382fdea7977edd0a5a46b6be7aad0461ae0075d9d2407"
]
],
"content": "📅 Original date posted:2023-02-07\n🗒️ Summary of this message: Discussion on the variable size of Taproot spends and the possibility of allowing complex P2TR outputs into coinjoins, with potential DoS attacks.\n📝 Original message:On Tue, Feb 07, 2023 at 11:36:58AM +0200, Nadav Ivgi via bitcoin-dev wrote:\n\u003e \u003e Since Taproot (more generally any kind of MAST) spends have variable size\n\u003e \n\u003e Isn't this the case with any arbitrary script execution? Non-taproot\n\nThis is even been true for P2PKH inputs: you can double the space of your\nscriptSigs by using uncompressed pubkeys instead of compressed pubkeys.\n\n\u003e If the goal is to only allow registering simple singlesig-encumbered UTXOs\n\u003e like P2(W)PKH, the participants could be asked to prove that their P2TR\n\u003e output commits to an unspendable script path [0].\n\nTechnically, only the last person to sign needs to prove this in advance.\nEveryone else can prove it with their signatures.\n\nThis distinction could be useful to support coinjoin participants spending\ncomplex P2TR outputs into coinjoins, a perfectly valid use-case in theory so\nlong as they're paying appropriate fees. Though due to how difficult it is to\nvalidate scripts reliably outside the consensus code base, allowing this for\narbitrary scripts could lead to DoS attacks where someone takes advantage of a\nbug in script execution to create an invalid transaction.\n\n-- \nhttps://petertodd.org 'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 833 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230207/03253ed3/attachment.sig\u003e",
"sig": "41ec2e1add416b1cd3f7a8220ebf79abb8289357747b9fd094cc8e0ee429bf57e4233cf6543f5103e7e1f26c0a26b8cb3786e5b98839ba9a2210cdb18c96a097"
}