> NACK, for exactly this reason. It's hard to predict what kind of math will be > needed in the future for future signature algorithms. With taproot, we include > bare pubkeys in scriptPubKeys for a good reason. It's quite possible that > we'll > want to do something similar with >520byte pubkeys for some future signature > > algorithm (e.g. quantum hard) or some other difficult to predict technical > upgrade (the spendableness of scriptPubKeys with >520bytes isn't relevant to > > this discussion).
No matter how large a pubkey script you need, you can just delegate to the witness if you have a cryptographically secure hash function. Hard to even imagine needing anywhere near 4096 bits for that. The going assumption for quantum algos is they could halve the bit strength of a hash function, but SHA512 seems quiet robust even under worst assumptions. And it's not enough to find ANY collision for a script or some Merkle root. Putting the unlocking conditions into the UTXO set does not seem like a healthy idea to me anyhow. BR, moonsettler PS: No hard opinion on temporary vs final restrictions. I wouldn't worry about it. Sent with Proton Mail secure email. On Friday, October 3rd, 2025 at 5:51 PM, Peter Todd <[email protected]> wrote: > On Thu, Oct 02, 2025 at 01:42:06PM -0700, PortlandHODL wrote: > > > Proposing: Softfork to after (n) block height; the creation of outpoints > > with greater than 520 bytes in the ScriptPubkey would be consensus invalid. > > > > This is my gathering of information per BIP 0002 > > > > After doing some research into the number of outpoints that would have > > violated the proposed rule there are exactly 169 outpoints. With only 8 > > being non OP_RETURN. I think after 15 years and not having discovered use > > for 'large' ScriptPubkeys; the reward for not invalidating them at the > > consensus level is lower than the risk of their abuse. > > > > - > > *Reasons for * > > - Makes DoS blocks likely impossible to create that would have any > > sufficient negative impact on the network. > > > Further restricting v0 scripts is sufficient to achieve this goal. We do not > need to actually prohibit >520 byte pushes. > > > - Leaves enough room for hooks long term > > - Would substantially reduce the divergence between consensus and > > relay policy > > - Incredibly little use onchain as evidenced above. > > - Could possibly reduce codebase complexity. Legacy Script is largely > > considered a mess though this isn't a complete disablement it should reduce > > the total surface that is problematic. > > - Would make it harder to use the ScriptPubkey as a 'large' > > datacarrier. > > - Possible UTXO set size bloat reduction. > > > > - *Reasons Against * > > - Bitcoin could need it in the future? Quantum? > > > NACK, for exactly this reason. It's hard to predict what kind of math will be > needed in the future for future signature algorithms. With taproot, we include > bare pubkeys in scriptPubKeys for a good reason. It's quite possible that > we'll > want to do something similar with >520byte pubkeys for some future signature > > algorithm (e.g. quantum hard) or some other difficult to predict technical > upgrade (the spendableness of scriptPubKeys with >520bytes isn't relevant to > > this discussion). > > > - Users could just create more outpoints. > > > The second reason for my NACK. It makes no significant difference whether or > not data is contiguous or split across multiple outputs. All the same concerns > about arbitrary data ("spam") exist and will continue to be argued over even > if > we do a soft-fork to prohibit this. All we'll done is have used up valuable > dev > and political resources. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > > -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/aN_N4i4zZ5Dt8TdG%40petertodd.org. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ONFWceYdQT0aizGwn2vyyzdr2RZ9GlQ7vAfNfIRRO_IGsTaX-l3bghNiygjXmccG8UJO_7pxrAr2ZKbUrlvNrAZ83EfyPjzuAR26J7xp4bw%3D%40protonmail.com.
