Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Mark Friedenbach via bitcoin-dev
There is no harm in the value being a maximum off by a few bytes. > On Sep 22, 2017, at 2:54 PM, Sergio Demian Lerner > wrote: > > If the variable size increase is only a few bytes, then three possibilities > arise: > > - one should allow signatures to be zero

Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Mark Friedenbach via bitcoin-dev
You generally know the witness size to within a few bytes right before signing. Why would you not? You know the size of ECDSA signatures. You can be told the size of a hash preimage by the other party. It takes some contriving to come up with a scheme where one party has variable-length

Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Sergio Demian Lerner via bitcoin-dev
> > There are other solutions to this problem that could have been taken > instead, such as committing to the number of items or maximum size of > the stack as part of the sighash data, but cleanstack was the approach > taken. The lack of signed maximum segwit stack size was one of the

Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Mark Friedenbach via bitcoin-dev
> On Sep 22, 2017, at 1:32 PM, Sergio Demian Lerner > wrote: > > > > There are other solutions to this problem that could have been taken > instead, such as committing to the number of items or maximum size of > the stack as part of the sighash data, but cleanstack

Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Sergio Demian Lerner via bitcoin-dev
But generally before one signs a transaction one does not know the signature size (which may be variable). One can only estimate the maximum size. On Fri, Sep 22, 2017 at 6:11 PM, Mark Friedenbach wrote: > > On Sep 22, 2017, at 1:32 PM, Sergio Demian Lerner < >

Re: [bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

2017-09-22 Thread Sergio Demian Lerner via bitcoin-dev
If the variable size increase is only a few bytes, then three possibilities arise: - one should allow signatures to be zero padded (to reach the maximum size) and abandon strict DER encoding - one should allow spare witness stack elements (to pad the size to match the maximum size) and remove

[bitcoin-dev] Sidechains: Mainstake

2017-09-22 Thread ZmnSCPxj via bitcoin-dev
Good morning bitcoin-dev, I have yet another sidechain proposal: https://zmnscpxj.github.io/sidechain/mainstake/index.html I make the below outlandish claims in the above link: 1. While a 51% mainchain miner theft is still possible, it will take even longer than in drivechains (either months