Re: [bitcoin-dev] [dlc-dev] CTV dramatically improves DLCs
Thibaut, CSFS might have independent benefits, but in this case CTV is not being used in the Oracle part of the DLC, it's being used in the user generated mapping of Oracle result to Transaction Outcome. So it'd only be complimentary if you came up with something CSFS based for the Oracles. Best, Jeremy On Thu, Jan 27, 2022 at 12:59 AM Thibaut Le Guilly via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi, > > Lloyd, thanks for this excellent writeup. I must say that indeed using CTV > seems like it would very much lower the complexity of the DLC protocol (and > it seems like APO would also work, thanks Jonas for pointing that out). > Though thinking about it, I can't help wondering if the ideal op code for > DLC wouldn't actually be CHECKSIGFROMSTACK? It feels to me that this would > give the most natural way of doing things. If I'm not mistaken, this would > enable simply requiring an oracle signature over the outcome, without any > special trick, and without even needing the oracle to release a nonce in > advance (the oracle could sign `event_outcome + event_id` to avoid > signature reuse). I must say that I haven't studied covenant opcodes in > detail yet so is that line of thinking correct or am I missing something? > > Cheers, > > Thibaut > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] [dlc-dev] CTV dramatically improves DLCs
Hi, Lloyd, thanks for this excellent writeup. I must say that indeed using CTV seems like it would very much lower the complexity of the DLC protocol (and it seems like APO would also work, thanks Jonas for pointing that out). Though thinking about it, I can't help wondering if the ideal op code for DLC wouldn't actually be CHECKSIGFROMSTACK? It feels to me that this would give the most natural way of doing things. If I'm not mistaken, this would enable simply requiring an oracle signature over the outcome, without any special trick, and without even needing the oracle to release a nonce in advance (the oracle could sign `event_outcome + event_id` to avoid signature reuse). I must say that I haven't studied covenant opcodes in detail yet so is that line of thinking correct or am I missing something? Cheers, Thibaut On Wed, Jan 26, 2022 at 1:27 AM Jonas Nick via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Thank you, that's an interesting application of OP_CTV. > > Perhaps worth pointing out that this does not require OP_CTV but could > also be > enabled by other covenant constructions. For example, it seems like > ANYPREVOUT-based covenants provide similar benefits. The script of the > Taproot > leaves could be set to > > CHECKSIGVERIFY CHECKSIGVERIFY > > where is an ANYPREVOUTANYSCRIPT signature of the CET for public key > P = G. > When using nonce R = G, signature creation has negligible computational > cost (s > = 1 + H(R, P, m)). A downside compared to CTV is the additional overhead > of 64 > witness bytes (). > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] [dlc-dev] CTV dramatically improves DLCs
Thank you, that's an interesting application of OP_CTV. Perhaps worth pointing out that this does not require OP_CTV but could also be enabled by other covenant constructions. For example, it seems like ANYPREVOUT-based covenants provide similar benefits. The script of the Taproot leaves could be set to CHECKSIGVERIFY CHECKSIGVERIFY where is an ANYPREVOUTANYSCRIPT signature of the CET for public key P = G. When using nonce R = G, signature creation has negligible computational cost (s = 1 + H(R, P, m)). A downside compared to CTV is the additional overhead of 64 witness bytes (). ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev