12020-03-05T00:17:23 <aj> itym "mallyability", and "tranzaxions" isn't a 1-char change :)
22020-03-05T00:19:24 <aj> sipa: but if you set SIGHASH_MUST_BE_ALL_SEGWIT, that just means you have 0% chance of successful spend if some input is malleable, rather than x% where x is whatever the chance of malleation actually occuring is? is that actually helpful?
32020-03-05T00:20:09 <sipa> aj: "one or more"
42020-03-05T00:20:52 <aj> "ct"->"x" isn't a 1-char change though?
52020-03-05T00:21:40 <aj> tranzaxxions maybe?
62020-03-05T00:21:47 <aj> god that sounds cool
72020-03-05T00:22:00 <sipa> i like it.
82020-03-05T00:24:24 <aj> (hmm. if you prove that a theorem is equivalent to some axiom (ie {A,B,C} -> T, but {A,B,T} -> C also), does that make the theorem a trans-axiom?)
92020-03-05T00:39:35 <aj> so i think the idea is, we have confirmed inputs A,B,..; I'm signing A with taproot, creating T which spends A,B,.., and I want to create a child tx S which spends T:0, but I can't do that safely if one of the inputs A,B,.. was non-segwit, because it's sig could change turning T into T' with a different txid.
102020-03-05T00:40:40 <aj> but... if that's the case, I don't know what T's txid is in the first place until I see an initial signature for the non-segwit input (or the p2sh input even if it is segwit!) and once i've seen the signed tx to calculate the txid T, i'll know if those signatures were segwit or not
112020-03-05T00:42:13 <roconnor> Usually you'd create T, create S, sign S, sign input A on T.
122020-03-05T00:42:39 <aj> but i at least need all the p2sh scripts for T to be revealed before i can create S
132020-03-05T00:44:00 <aj> (at which point i can observe whether T is all segwit or not, and abort if i'm unhappy)
142020-03-05T00:44:15 *** pinheadmz has joined ##taproot-bip-review
152020-03-05T00:44:47 <roconnor> for p2sh inputs yes. It's a good observation that the txid of T is creating committing to the sigscripts.
162020-03-05T00:46:05 <roconnor> you can tell if thos sigscripts are of the empty shape or p2sh shape, but neither one of those facts commits to the UTXO being segwit or not.
172020-03-05T00:46:39 <roconnor> *scriptsigs
182020-03-05T00:47:03 <roconnor> I can never remember the terminology.
192020-03-05T00:49:42 <aj> you only have to validate the p2sh hash not the full scriptsig (ie signature checking or actual logic) to check if things are segwit or not
202020-03-05T00:50:37 <aj> (you need the scriptpubkey to validate against, but we commit to those anyway so you should have them)
212020-03-05T00:52:29 <roconnor> AFAIU the concern is we don't have the scriptpubkeys.
222020-03-05T00:53:31 <roconnor> (but maybe I'm wrong)
232020-03-05T00:54:34 <roconnor> Isn't proving a scriptpubkey is belongs to an outpoint is tedious?
242020-03-05T00:54:35 <aj> ah, you're right
252020-03-05T00:57:01 <aj> i was thinking it was committed to directly via sha_prevouts/etc, but it's not
262020-03-05T00:57:31 <roconnor> I mean, we could do that...
272020-03-05T00:57:49 <sipa> in taproot sighash we commit to the sPK
282020-03-05T00:57:58 <aj> our sPK, not the other sPKs
292020-03-05T00:58:02 <sipa> but only the one being spent
302020-03-05T00:58:04 <sipa> right
312020-03-05T00:59:29 *** pinheadmz has quit IRC
322020-03-05T01:00:00 <sipa> that's... not crazy
332020-03-05T01:00:09 <sipa> we already commit to all input amounts
342020-03-05T01:00:19 <sipa> we could as well commit to the entire utxos
352020-03-05T01:01:03 <roconnor> hash each scriptpubkey and hash those hashes?
362020-03-05T01:01:57 <sipa> just turn the hash-of-all-input-amounts-concatenated to hash-of-all-CTxOuts-being-spent-concatenated
372020-03-05T01:02:13 <roconnor> oh right
382020-03-05T01:02:29 <roconnor> well, that makes fee calculation kinda annoying.
392020-03-05T01:02:39 <sipa> how so?
402020-03-05T01:02:41 <roconnor> having to process all these scripts in the way.
412020-03-05T01:03:00 <sipa> they don't affect fee calculation?
422020-03-05T01:03:19 <roconnor> well the do affect verify that the hash commits to the alledged values.
432020-03-05T01:03:31 <aj> if you just care about the fees, having to deal with a raw pay2multisig script as well as the 8 byte value could be obnoxious?
442020-03-05T01:04:22 <sipa> roconnor: i don't understand how any of this is related to fee calculation
452020-03-05T01:05:14 <aj> it's the fee commitment, not the calculation per se?
462020-03-05T01:05:18 <roconnor> Today in taproot, to compute the fees you are signing you need to add up all the outputs and then have someone tell you all the input values, and then concatenate all the inputs values and compute the hash.
472020-03-05T01:05:52 <sipa> ah
482020-03-05T01:05:52 <roconnor> in your proposal you have to have someone tell you all the input values and all the script pubkeys, which are arbitrary long, and concatenate them all together and compute the hash.
492020-03-05T01:06:07 <sipa> and you mean this would force signers to be told all prevout sPKs
502020-03-05T01:06:44 <sipa> i see
512020-03-05T01:07:00 <sipa> intermediary hashing may help
522020-03-05T01:07:21 <roconnor> the hash of hashes lets you even check one scriptpubkey instead of all of them.
532020-03-05T01:07:39 <roconnor> Although it seems in most cases you'd want to check all of them or none of them.
542020-03-05T01:08:55 <aj> clearly this calls for a merkle sum tree of ctxouts-being-spent
552020-03-05T01:09:47 <aj> (hmm, does everyone use "clearly" for "the following isn't clear at all", or was that unique to some random maths book i read back in the day?)
562020-03-05T01:10:01 <roconnor> I use it that way.
572020-03-05T01:10:34 <sipa> i think "Hence, ..." is clearer (pun intended)
582020-03-05T01:11:06 <roconnor> I always thought it was a math joke from reading "clearly" in math proofs that are not clear at all.
592020-03-05T01:11:35 <roconnor> so maybe it is a math thing?
602020-03-05T01:11:56 <aj> math things are the best things
612020-03-05T01:15:53 <sipa> how to find the mathematician in the room?
622020-03-05T01:16:13 <sipa> yell out loud "Let epsilon be an arbitrary number smaller than 0"
632020-03-05T01:16:51 <sipa> i'm sure you can find alternatives for other math domains
642020-03-05T01:17:08 <roconnor> What are the current rules around p2sh-wrapped-segwit-Vn? They are non-malleable but anyone can spend?
652020-03-05T01:17:48 <sipa> by non-malleable you mean "txid does not commit to the witness" ?
662020-03-05T01:17:59 <sipa> that's a vacuous statement i think if anyone can spend them :p
672020-03-05T01:18:28 <roconnor> I mean that the scriptsig must be fixed but anyone can spend by submitting any witness value.
682020-03-05T01:18:36 <sipa> correct
692020-03-05T01:18:39 <sipa> also non-standard
702020-03-05T01:18:57 <sipa> but valid with any witness by consensus (bip 341 does not affect their validity at all)
712020-03-05T01:19:59 <roconnor> AFAICT signing the scriptpubkeys gives enough information to check if the txid is malleable or not. I mean, it is a bit of a pain to check, but not signifcantly worse than other checks.
722020-03-05T01:20:12 <roconnor> like the fee check.
732020-03-05T01:23:25 <roconnor> assuming you have the p2sh scriptsigs, which are needed to compute the txid that you are trying to determine if it is malleable or not.
742020-03-05T01:23:29 <instagibbs> roconnor, sorry if replaying the convo, but you'd still need things like redeemscripts
752020-03-05T01:23:35 <instagibbs> ok
762020-03-05T01:23:39 <instagibbs> jynx
772020-03-05T01:25:51 *** pinheadmz has joined ##taproot-bip-review
782020-03-05T01:26:14 <instagibbs> it makes checking for native segwit outputs really easy, at least, if you're requiring that
792020-03-05T01:31:37 <roconnor> segwit scriptpubkeys are all bounded in size, so you can immediately reject anyone trying to fill the scriptpubkeys with nonsense for those who are checking this malleability condition.
802020-03-05T01:37:24 <instagibbs> wallets could reject as needed as well. PSBTs already carry all this info
812020-03-05T02:14:15 *** pinheadmz has quit IRC
822020-03-05T02:29:19 *** pinheadmz has joined ##taproot-bip-review
832020-03-05T02:40:24 *** belcher has quit IRC
842020-03-05T02:40:49 *** pinheadmz has quit IRC
852020-03-05T04:25:33 *** sipa has quit IRC
862020-03-05T04:31:00 *** sipa has joined ##taproot-bip-review
872020-03-05T05:09:30 *** ncantu has quit IRC
882020-03-05T05:10:14 *** ncantu has joined ##taproot-bip-review
892020-03-05T05:16:38 *** pinheadmz has joined ##taproot-bip-review
902020-03-05T05:59:17 *** soju has joined ##taproot-bip-review
912020-03-05T06:06:55 *** pinheadmz has quit IRC
922020-03-05T06:36:03 *** ncantu has quit IRC
932020-03-05T06:36:25 *** ncantu has joined ##taproot-bip-review
942020-03-05T08:38:59 *** soju has quit IRC
952020-03-05T09:07:19 *** jonatack has quit IRC
962020-03-05T09:07:29 *** real_or_random has quit IRC
972020-03-05T09:35:19 *** jnewbery_ has joined ##taproot-bip-review
982020-03-05T09:38:44 *** jnewbery has quit IRC
992020-03-05T09:43:18 *** jonatack has joined ##taproot-bip-review
1002020-03-05T09:43:18 *** real_or_random has joined ##taproot-bip-review
1012020-03-05T10:03:27 *** jnewbery_ has quit IRC
1022020-03-05T10:09:30 *** jnewbery has joined ##taproot-bip-review
1032020-03-05T11:06:42 *** belcher has joined ##taproot-bip-review
1042020-03-05T11:46:46 *** michaelfolkson has joined ##taproot-bip-review
1052020-03-05T11:47:13 *** michaelfolkson has quit IRC
1062020-03-05T13:55:23 *** belcher has quit IRC
1072020-03-05T13:55:47 *** belcher has joined ##taproot-bip-review
1082020-03-05T14:02:43 *** belcher has quit IRC
1092020-03-05T14:03:02 *** belcher has joined ##taproot-bip-review
1102020-03-05T14:06:28 *** michaelfolkson has joined ##taproot-bip-review
1112020-03-05T14:11:06 *** jonatack has quit IRC
1122020-03-05T14:19:40 *** molly has quit IRC
1132020-03-05T14:42:30 *** mol has joined ##taproot-bip-review
1142020-03-05T14:49:29 *** jonatack has joined ##taproot-bip-review
1152020-03-05T14:57:48 *** luke-jr has quit IRC
1162020-03-05T14:59:43 *** michaelfolkson has quit IRC
1172020-03-05T15:01:44 *** michaelfolkson has joined ##taproot-bip-review
1182020-03-05T15:06:43 *** mol has quit IRC
1192020-03-05T15:12:23 *** molly has joined ##taproot-bip-review
1202020-03-05T15:25:52 *** luke-jr has joined ##taproot-bip-review
1212020-03-05T15:58:20 *** michaelfolkson has quit IRC
1222020-03-05T16:09:42 *** michaelfolkson has joined ##taproot-bip-review
1232020-03-05T16:10:27 *** michaelfolkson has joined ##taproot-bip-review
1242020-03-05T16:58:11 *** ncantu has quit IRC
1252020-03-05T17:00:23 *** ncantu has joined ##taproot-bip-review
1262020-03-05T17:11:52 *** ncantu has quit IRC
1272020-03-05T17:12:30 *** ncantu has joined ##taproot-bip-review
1282020-03-05T17:17:37 *** pinheadmz has joined ##taproot-bip-review
1292020-03-05T17:31:29 *** pinheadmz has quit IRC
1302020-03-05T17:37:51 *** ncantu has quit IRC
1312020-03-05T17:38:27 *** ncantu has joined ##taproot-bip-review
1322020-03-05T18:10:07 *** michaelfolkson has quit IRC
1332020-03-05T19:03:34 *** elichai2 has quit IRC
1342020-03-05T19:03:47 *** elichai2 has joined ##taproot-bip-review
1352020-03-05T20:29:06 *** michaelfolkson has joined ##taproot-bip-review
1362020-03-05T20:41:02 *** ncantu has quit IRC
1372020-03-05T20:42:25 *** ncantu has joined ##taproot-bip-review
1382020-03-05T20:42:31 *** michaelfolkson has quit IRC
1392020-03-05T20:48:47 *** michaelfolkson has joined ##taproot-bip-review
1402020-03-05T20:49:15 *** ncantu has quit IRC
1412020-03-05T20:50:40 *** ncantu has joined ##taproot-bip-review
1422020-03-05T20:52:25 *** ncantu has joined ##taproot-bip-review
1432020-03-05T20:53:41 *** michaelfolkson has quit IRC
1442020-03-05T21:01:56 *** ncantu has quit IRC
1452020-03-05T21:03:19 *** ncantu has joined ##taproot-bip-review
1462020-03-05T21:07:06 *** michaelfolkson has joined ##taproot-bip-review
1472020-03-05T21:07:19 *** michaelfolkson has quit IRC
1482020-03-05T21:11:53 *** pinheadmz has joined ##taproot-bip-review
1492020-03-05T22:37:49 *** belcher has quit IRC