On Fri, Jun 05, 2026 at 05:54:50PM +1000, Anthony Towns wrote: > On Thu, Jun 04, 2026 at 11:01:25AM +0000, Peter Todd wrote: > > Note that you can design a message signing scheme where you can use a > > pubkey to > > sign a merkle tree of messages. In the case of a transaction, multiple > > conflicting versions of the transaction with different fee rates. > > There's a balance to be had between what's considered part of the message > signing scheme versus what's part of the scripting language. > > The scheme above could also be thought of as signing a single message > "spend this utxo is valid if this script's conditions are meant", > where the script is "or(fee <= 0.5, and(nSequence >= 100, fee <= 1.0), > and(nSequence >= 1000, fee <= 30.0))"
No, that's a very different scheme. Also, I believe it is vulnerable to miners simply picking the best possible fee rate for them; nSequence isn't big enough to avoid being guessed. Indeed, I neglected to point out something important in the above: you probably want to include secret nonces (or similar) in each individual branch of the signature tree, to ensure that different versions of it can't be brute forced. Thus to reveal a new option for miners, you make public a previously secret nonce. 128-bits would be sufficiently large to prevent brute-forcing. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aiaTyHPHzrj3iZ_8%40petertodd.org.
signature.asc
Description: PGP signature
