Hi Greg,

On Thu, Jun 15, 2023 at 12:39 PM Greg Sanders <gsander...@gmail.com> wrote:

> > Would it then still be necessary to restrict the annex to a maximum size?
> I think it's worth thinking about to protect the opt-in users, and can
> also be used for other anti-pinning efforts(though clearly not sufficient
> by itself for the many many pinning vectors we have :) )

Thinking about the most restrictive policy that would still enable
annex-vaults (which I believe has great potential for improving bitcoin
custody) and is in line with work already done, I get to:

* Opt-in annex (every input must commit to an annex even if its is empty)
-> make sure existing multi-party protocols remain unaffected
* Tlv format as defined in https://github.com/bitcoin/bips/pull/1381 ->
future extensibility
* Only allow tlv record 0 - unstructured data -> future extensibility
* Limit maximum size of the value to 256 bytes -> protect opt-in users

Unfortunately the limit of 126 bytes in
https://github.com/bitcoin-inquisition/bitcoin/pull/22 isn't sufficient for
these types of vaults. If there are two presigned txes (unvault and
emergency), those signatures would already take up 2*64=128 bytes. Then you
also want to store 32 bytes for the ephemeral key itself as the key can't
be reconstructed from the schnorr signature. The remaining bytes could be
used for a third presigned tx and/or additional vault parameters.

Can you think of remaining practical objections to making the annex
standard under the conditions listed above?


bitcoin-dev mailing list

Reply via email to