BIP 347: OP_CAT in Tapscript#1525
Conversation
Co-authored-by: kallewoof <kalle.alm@gmail.com>
"If an if only has a single-statement then-clause, it can appear on the same line as the if, without braces. In every other case, braces are required, and the then and else clauses must appear correctly indented on a new line." Co-authored-by: kallewoof <kalle.alm@gmail.com>
Co-authored-by: kallewoof <kalle.alm@gmail.com>
Co-authored-by: kallewoof <kalle.alm@gmail.com>
|
Definitely looking forward to test drive this BIP. |
|
Can we get a BIP number assigned? Any blockers to doing this? |
kallewoof
left a comment
There was a problem hiding this comment.
Sorry, some more μ-nits. Fine with it as is though.
Co-authored-by: kallewoof <kalle.alm@gmail.com>
Co-authored-by: kallewoof <kalle.alm@gmail.com>
Co-authored-by: kallewoof <kalle.alm@gmail.com>
Co-authored-by: kallewoof <kalle.alm@gmail.com>
bip-???-cat.mediawiki
Outdated
|
|
||
| * Bitstream, a protocol for the atomic swap (fair exchange) of bitcoins for decryption keys, that enables decentralized file hosting systems paid in Bitcoin. While such swaps are currently possible on Bitcoin without OP_CAT they require the use of complex and computationally expensive Verifiable Computation cryptographic techniques. OP_CAT would remove this requirement on Verifiable Computation, making such protocols far more practical to build in Bitcoin. <ref>R. Linus, "BitStream: Decentralized File Hosting Incentivised via Bitcoin Payments", 2023, https://robinlinus.com/bitstream.pdf</ref> | ||
| * Tree Signatures provide a multisignature script whose size can be logarithmic in the number of public keys and can encode spend conditions beyond n-of-m. For instance a transaction less than 1KB in size could support tree signatures with a thousand public keys. This also enables generalized logical spend conditions. <ref> P. Wuille, "Multisig on steroids using tree signatures", 2015, https://blog.blockstream.com/en-treesignatures/</ref> | ||
| * Post-Quantum Lamport Signatures in Bitcoin transactions. Lamport signatures merely require the ability to hash and concatenate values on the stack. <ref>J. Rubin, "[bitcoin-dev] OP_CAT Makes Bitcoin Quantum Secure [was CheckSigFromStack for Arithmetic Values]", 2021, https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-July/019233.html</ref> |
There was a problem hiding this comment.
Lamport signatures in tapscript aren't actually quantum secure because the taptweak still relies on EC operations.
There was a problem hiding this comment.
As far as I know it is an open question if the taptweak based commitment is quantum secure or not. This BIP could not take a position on this question. I will reword this to fix any confusion.
There was a problem hiding this comment.
You're right, I spoke too soon.
There was a problem hiding this comment.
I'm glad you brought this up. I wouldn't want the BIP to be seen as making an authoritative statement on this question. Let me know if you think my change addresses the issue or not.
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
Co-authored-by: Vojtěch Strnad <43024885+vostrnad@users.noreply.github.com>
|
Hi! No spam intended. As a layman, the comments on this merged commit sound scary: In simple terms, what would the comments of the contributors on this article? |
Mail list discussions here: https://groups.google.com/g/bitcoindev/search?q=OP_CAT https://groups.google.com/g/bitcoindev/c/cWSU3yaDdhM/m/dkz9DAT7AAAJ
Pull request here (draft, unmerged): |
This BIP defines OP_CAT a new tapscript opcode which allows the concatenation of two values on the stack. This opcode would be activated via a soft fork by redefining the opcode OP_SUCCESS126.
See our implementation PR in bitcoin-inquisition: bitcoin-inquisition/bitcoin#39