Re: [bitcoin-dev] BIP for OP_VAULT
Hi Gents, > > I don't think replacing the internal-public-key makes sense -- if it > was immediately spendable via the keypath before there's no reason for > it not to be immediately spendable now. > > Slavishly following the current proposal was the idea to make sure all > functionality was captured; I agree with this change. I think we do need to replace the internal key with a hardcoded NUMS point to allow us to batch multiple vault inputs which might have different internal keys but the same OP_FLU/OP_VAULT_TRIGGER script to the same time+template-restricted output. I like that in James' current PR proposal we can explicitly batch via the implied input/output summation rules while avoiding address reuse. If we can retain some or all of that, I think it would be good for on chain efficiency and potentially privacy. My thoughts on batching: Many inputs with different internal keys can be combined to satisfy the total output value for a single output, as long as their scriptpubkeys with FLU and NUMS internal key are equal This enables avoiding address reuse within the vault. Many inputs with the same scriptpubkey can be combined to satisfy a single CTV output template. This allows a user to unfsck themselves if they initiate a withdrawal that cannot be satisfied because they didn't send enough sats to satisfy their template. Best, --Brandon ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] BIP for OP_VAULT
In ordinary use cases, you wouldn't clawback; that would only be in the extreme case of the wallet being compromised. So typical usage would just be receive -> send, like wallets currently do. Luke On 3/13/23 10:56, Greg Sanders wrote: Didn't finish sentence: but in practice would end up with pretty similar usage flows imho, and as noted in PR, would take a different wallet paradigm, among other technical challenges. On Mon, Mar 13, 2023 at 10:55 AM Greg Sanders wrote: Hi Luke, Can you elaborate why the current idealized functionality of deposit -> trigger -> withdrawal is too complicated for everyday use but the above deposit -> withdrawal -> resolve(claim/clawback) wouldn't be? I admit at a high level it's a fine paradigm, but in practice would end Let's ignore implementation for the discussion, since that's in flux. Cheers, Greg On Sat, Mar 11, 2023 at 3:53 PM Luke Dashjr via bitcoin-dev wrote: I started reviewing the BIP, but stopped part way through, as it seems to have a number of conceptual issues. I left several comments on the PR (https://github.com/bitcoin/bips/pull/1421#pullrequestreview-1335925575), but ultimately I think it isn't simplified enough for day-to-day use, and would harm privacy quite a bit. Instead, I would suggest a new approach where: 1) Joe receives funds with a taproot output like normal. 2) Joe sends funds to Fred, but Fred cannot spend them until N blocks later (covenant-enforced relative locktime). Ideally, this should use/support a taproot keypath spend somehow. It would be nice to blind the particular relative locktime somehow too, but that may be too expensive. 2b) If Joe's funds were stolen, Joe can spend Fred's UTXO within the N block window to a recovery output. Unfortunately, the implementation details for this kind of setup are non-obvious and will likely require yet another address format (or at least recipient-wallet changes), but certainly seems within the scope of possibility. Thoughts? Luke On 2/13/23 16:09, James O'Beirne via bitcoin-dev wrote: > Since the last related correspondence on this list [0], a number of > improvements have been made to the OP_VAULT draft [1]: > > * There is no longer a hard dependence on package relay/ephemeral > anchors for fee management. When using "authorized recovery," all > vault-related transactions can be bundled with unrelated inputs and > outputs, facilitating fee management that is self contained to the > transaction. Consequently, the contents of this proposal are in theory > usable today. > > * Specific output locations are no longer hardcoded in any of the > transaction validation algorithms. This means that the proposal is now > compatible with future changes like SIGHASH_GROUP, and > transaction shapes for vault operations are more flexible. > > --- > > I've written a BIP that fully describes the proposal here: > > https://github.com/jamesob/bips/blob/jamesob-23-02-opvault/bip-vaults.mediawiki > > The corresponding PR is here: > > https://github.com/bitcoin/bips/pull/1421 > > My next steps will be to try for a merge to the inquisition repo. > > Thanks to everyone who has participated so far, but especially to AJ and > Greg for all the advice. > > James > > [0]: > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021318.html > [1]: https://github.com/bitcoin/bitcoin/pull/26857 > > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Ephemeral Anchors: Fixing V3 Package RBF againstpackage limit pinning
After getting neutral to negative feedback on the choice, I have switched to OP_TRUE on the BIP and implementation. Cheers, Greg On Sat, Feb 4, 2023 at 11:03 AM Peter Todd wrote: > On Fri, Feb 03, 2023 at 09:07:29PM -0500, Greg Sanders wrote: > > I'm not particularly persuaded, but also not wedded to either idea. > > > > Fixed up tests for the OP_TRUE case here: > > https://github.com/instagibbs/bitcoin/tree/ephemeral-anchors-true > > Thanks. > > Looking through that, I think a lot of those test cases don't actually > need to > be changed to OP_2, as they aren't trying to test anything related to > standardness. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] BIP for OP_VAULT
Didn't finish sentence: but in practice would end up with pretty similar usage flows imho, and as noted in PR, would take a different wallet paradigm, among other technical challenges. On Mon, Mar 13, 2023 at 10:55 AM Greg Sanders wrote: > Hi Luke, > > Can you elaborate why the current idealized functionality of deposit -> > trigger -> withdrawal is too complicated for > everyday use but the above deposit -> withdrawal -> > resolve(claim/clawback) wouldn't be? I admit at a high level > it's a fine paradigm, but in practice would end > > Let's ignore implementation for the discussion, since that's in flux. > > Cheers, > Greg > > On Sat, Mar 11, 2023 at 3:53 PM Luke Dashjr via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> I started reviewing the BIP, but stopped part way through, as it seems >> to have a number of conceptual issues. >> >> I left several comments on the PR >> (https://github.com/bitcoin/bips/pull/1421#pullrequestreview-1335925575), >> >> but ultimately I think it isn't simplified enough for day-to-day use, >> and would harm privacy quite a bit. >> >> Instead, I would suggest a new approach where: >> >> 1) Joe receives funds with a taproot output like normal. >> 2) Joe sends funds to Fred, but Fred cannot spend them until N blocks >> later (covenant-enforced relative locktime). Ideally, this should >> use/support a taproot keypath spend somehow. It would be nice to blind >> the particular relative locktime somehow too, but that may be too >> expensive. >> 2b) If Joe's funds were stolen, Joe can spend Fred's UTXO within the N >> block window to a recovery output. >> >> Unfortunately, the implementation details for this kind of setup are >> non-obvious and will likely require yet another address format (or at >> least recipient-wallet changes), but certainly seems within the scope of >> possibility. >> >> Thoughts? >> >> Luke >> >> >> On 2/13/23 16:09, James O'Beirne via bitcoin-dev wrote: >> > Since the last related correspondence on this list [0], a number of >> > improvements have been made to the OP_VAULT draft [1]: >> > >> > * There is no longer a hard dependence on package relay/ephemeral >> > anchors for fee management. When using "authorized recovery," all >> > vault-related transactions can be bundled with unrelated inputs and >> > outputs, facilitating fee management that is self contained to the >> > transaction. Consequently, the contents of this proposal are in theory >> > usable today. >> > >> > * Specific output locations are no longer hardcoded in any of the >> > transaction validation algorithms. This means that the proposal is now >> > compatible with future changes like SIGHASH_GROUP, and >> > transaction shapes for vault operations are more flexible. >> > >> > --- >> > >> > I've written a BIP that fully describes the proposal here: >> > >> > >> https://github.com/jamesob/bips/blob/jamesob-23-02-opvault/bip-vaults.mediawiki >> > >> > The corresponding PR is here: >> > >> > https://github.com/bitcoin/bips/pull/1421 >> > >> > My next steps will be to try for a merge to the inquisition repo. >> > >> > Thanks to everyone who has participated so far, but especially to AJ and >> > Greg for all the advice. >> > >> > James >> > >> > [0]: >> > >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021318.html >> > [1]: https://github.com/bitcoin/bitcoin/pull/26857 >> > >> > ___ >> > bitcoin-dev mailing list >> > bitcoin-dev@lists.linuxfoundation.org >> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> ___ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] BIP for OP_VAULT
Hi Luke, Can you elaborate why the current idealized functionality of deposit -> trigger -> withdrawal is too complicated for everyday use but the above deposit -> withdrawal -> resolve(claim/clawback) wouldn't be? I admit at a high level it's a fine paradigm, but in practice would end Let's ignore implementation for the discussion, since that's in flux. Cheers, Greg On Sat, Mar 11, 2023 at 3:53 PM Luke Dashjr via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I started reviewing the BIP, but stopped part way through, as it seems > to have a number of conceptual issues. > > I left several comments on the PR > (https://github.com/bitcoin/bips/pull/1421#pullrequestreview-1335925575), > but ultimately I think it isn't simplified enough for day-to-day use, > and would harm privacy quite a bit. > > Instead, I would suggest a new approach where: > > 1) Joe receives funds with a taproot output like normal. > 2) Joe sends funds to Fred, but Fred cannot spend them until N blocks > later (covenant-enforced relative locktime). Ideally, this should > use/support a taproot keypath spend somehow. It would be nice to blind > the particular relative locktime somehow too, but that may be too > expensive. > 2b) If Joe's funds were stolen, Joe can spend Fred's UTXO within the N > block window to a recovery output. > > Unfortunately, the implementation details for this kind of setup are > non-obvious and will likely require yet another address format (or at > least recipient-wallet changes), but certainly seems within the scope of > possibility. > > Thoughts? > > Luke > > > On 2/13/23 16:09, James O'Beirne via bitcoin-dev wrote: > > Since the last related correspondence on this list [0], a number of > > improvements have been made to the OP_VAULT draft [1]: > > > > * There is no longer a hard dependence on package relay/ephemeral > > anchors for fee management. When using "authorized recovery," all > > vault-related transactions can be bundled with unrelated inputs and > > outputs, facilitating fee management that is self contained to the > > transaction. Consequently, the contents of this proposal are in theory > > usable today. > > > > * Specific output locations are no longer hardcoded in any of the > > transaction validation algorithms. This means that the proposal is now > > compatible with future changes like SIGHASH_GROUP, and > > transaction shapes for vault operations are more flexible. > > > > --- > > > > I've written a BIP that fully describes the proposal here: > > > > > https://github.com/jamesob/bips/blob/jamesob-23-02-opvault/bip-vaults.mediawiki > > > > The corresponding PR is here: > > > > https://github.com/bitcoin/bips/pull/1421 > > > > My next steps will be to try for a merge to the inquisition repo. > > > > Thanks to everyone who has participated so far, but especially to AJ and > > Greg for all the advice. > > > > James > > > > [0]: > > > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021318.html > > [1]: https://github.com/bitcoin/bitcoin/pull/26857 > > > > ___ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev