On 2024-11-19 (Tue) at 16:38:21 +0000, moonsettler wrote:
> I think we should discuss back-porting tapscript instead of coming up with a
> further divergent set of opcodes.
>
> To sum up earlier discussion with Brandon, we could:
>
> * Use a single upgradeable NOP for OP_TAPSCRIPTVERIFY
> * <s1> .. <sn> | <faux-control-block> <tapscript> CTAPV
> * Isolated execution environment
> * Gets the entire stack below the top 2 elements
> * Fails if it fails, does nothing if internal script succeeds.
> * Require the last opcode executed by the script interpreter to be a push
> opcode, fails otherwise
>
> The faux control block can be just a few bytes mainly for tapscript version.
Few additional points that came up in discussing this with moon earlier:
* Compared to enabling tapscript without a key spend path (i.e.
potential for quantum resistance) via a new witnessv1 program length
or a new witness version, this approach will be similar in weight.
* The biggest challenge with this approach that I came up with is the
need to clean up the stack after execution (to satisfy witness v0
clean stack).
* To keep it simple, it probably makes sense to make it a 1-primary
argument opcode where the argument is `<tapscript||version>` to
prevent the version from coming from spend-time witness elements.
Best,
--Brandon
--
You received this message because you are subscribed to the Google Groups
"Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/bitcoindev/ZzzohFCFjJebA8_2%40console.
