>
>>
>> Some way to sign an additional script (not committed to by the witness
>> program) seems like it could be a trivial addition.
>
> It seems to me the annex can be used for this, by having it contain both the
> script and the signature somehow concatenated.
This is not possible since
> Therefore, the input==output check is sufficient: if I use the same
> set of signers for an input and an output, I can be sure that the
> change goes to the same multisig wallet.
This is sufficient, in a simple case.
I consider cases where spending from different wallets ('wallet
hello,
On 07. 05. 19 15:40, Dmitry Petukhov via bitcoin-dev wrote:
> At the setup phase, hardware wallet can sign a message that consists of
> xpubs of participants, and some auxiliary text. It can use the key
> derived from the master key, with path chosen specifically for this
> purpose.
This
On Monday 06 May 2019 20:17:09 Luke Dashjr via bitcoin-dev wrote:
> Some way to sign an additional script (not committed to by the witness
> program) seems like it could be a trivial addition.
This would be especially useful for things like OP_CHECKBLOCKATHEIGHT:
Good morning Sjors, sorry everyone for the double-posting...
> I believe this is the "hash to a point" technique.
>
> The scalar behind the above point cannot be known, unless either the hash
> function is broken, or ECDLP is broken.
> (perhaps a better cryptographer can give the proper
Good morning Sjors,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Wednesday, May 8, 2019 4:42 AM, Sjors Provoost via bitcoin-dev
wrote:
> Hey Pieter,
>
> I think this is a reasonable collection of changes that make sense in
> combination. Some initial feedback and
Good morning Luke,
> Is there any way to use the Taproot construct here while retaining external
> script limitations that the involved party(ies) cannot agree to override?
> For example, it is conceivable that one might wish to have an unconditional
> CLTV enforced in all circumstances.
Thanks for the comments so far!
I'm going to respond to some of the comments here. Things which I plan
to address with changes in the BIP I'll leave for later.
On Mon, 6 May 2019 at 13:17, Luke Dashjr wrote:
> Tagged hashes put the tagging at the start of the hash input. This means
>
On Mon, May 06, 2019 at 08:17:09PM +, Luke Dashjr via bitcoin-dev wrote:
> Some way to sign an additional script (not committed to by the witness
> program) seems like it could be a trivial addition.
Aside: if you want to commit to something extra *with* the witness
program, you could use
