<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">* the general cost of any network-wide change, versus P2SH which is<br>
already analyzed by devs, rolled out and working<br>* the cost of updating everybody to relay this new transaction type,<br>
whereas P2SH Just Works already<br>fair -- I think that there may be a big benefit realizable with this kind of system.<br><br>
* cost of increasing rate of UTXO growth versus P2SH<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">This operation is similar in cost to multisig? Although I suppose there is the proposal to make all multisigs p2sh<br>
<br>
* the cost of P2SH output is predictable, versus less predictable outputs<br>
</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
* "default public", versus P2SH's "default private"<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">-- Can you elaborate on these?<br>
</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)"><br>I think part of the problem is that there is low incentive for development/cataloging of these useful types of script because there isn't a horizon on getting them broadcastable by nodes other than testnet? Even with pay to script hash it is still currently relegated to a subset of script types iirc (I think I'm wrong on this one maybe (hopefully) -- if so, let's get writing!)?<br>
<br><br><br></div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">Hmm... another idea... what about doing a p2sh with a switch statement, ie:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
OP_HASH160 <script set hash> OP_EQUAL<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">payable by:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
{signatures...} <scriptX> <<script1 hash>, <script2 hash>...<scriptN hash> in sorted order> OP_DUP<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
And then executed like a normal p2sh transaction except before the <scriptX> is run, the set of hashes is checked for set membership (can't find a concise way to express this, but it should be doable within the current framework of p2sh processing).<br>
</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
Which lets you select one of n scripts each 520 bytes long without bloating the utxo pool more than a p2sh, the cost being purely on disk. <br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
In theory, this could represent a space savings on disk longterm for regular p2sh. ie, if I have two 2 of 3 groups I want to be able to spend, this system would represent an overall space savings.<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">
<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">Adding some kind of "function-hash-pointer jump table / switch statement" could be pretty cool in terms of space savings as well as allowing for more complicated scripts to be built.<br>
</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)"><br>
</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 17, 2014 at 2:21 AM, Jeff Garzik <span dir="ltr"><<a href="mailto:jgarzik@bitpay.com" target="_blank">jgarzik@bitpay.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In a system like bitcoin, where the system has to keep running, you<br>
have to consider how to roll out upgrades, and the costs associated<br>
with that.<br>
* the general cost of any network-wide change, versus P2SH which is<br>
already analyzed by devs, rolled out and working<br>
* the cost of P2SH output is predictable, versus less predictable outputs<br>
* the cost of updating everybody to relay this new transaction type,<br>
whereas P2SH Just Works already<br>
* cost of increasing rate of UTXO growth versus P2SH<br>
* "default public", versus P2SH's "default private"<br>
<br>
It is true that publishing the script in the txout has the advantage<br>
of being easily audited by third parties scanning the blockchain, but<br>
in the interest of space efficiency you may accomplish the same thing<br>
by offering the script upon request out-of-band. The script is<br>
hash-sealed by the P2SH address, enabling perfect proof.<br>
<br>
Don't have a transcript handy, but these things are usually logged and<br>
google-searchable.<br>
<br>
In any case, it would be nice to get together and start building a<br>
"cookbook" of useful scripts like the ones you've been describing.<br>
The power of bitcoin scripts is only beginning to be explored. Use<br>
cases and examples are very helpful.<br>
<div><div><br>
<br>
<br>
On Thu, Jul 17, 2014 at 1:59 AM, Jeremy <<a href="mailto:jlrubin@mit.edu" target="_blank">jlrubin@mit.edu</a>> wrote:<br>
> Additional costs would be in terms of A) chance of user error/application<br>
> error -- proposed method is much simpler, as well as extra bytes for control<br>
> flow ( 4 per script if I am counting right).<br>
><br>
><br>
> The costs on a normal script do seem slightly more friendly, except this<br>
> method allows for hidden-till-spent permission groups, as well as as smaller<br>
> blockchain bloat overall (if scriptSig script has to store the logic for all<br>
> the potential permission group, it will be a larger script versus only<br>
> needing one permission group's script). An added benefit could also be in<br>
> blockchain analysis -- you can actively monitor the utxo pool for your known<br>
> associated scripts, whereas you couldn't for specialty scripts assembled per<br>
> group. Enables repeated spends with groups as a "cost object" w/o having to<br>
> recall all participants. ie, pay to the same perm groups as the other<br>
> employee did last time, but include me as a root this time.<br>
><br>
><br>
> Do you have a transcript of that chat by any chance? An interesting way to<br>
> do that would be to push the sigs onto the stack & have implicit orders,<br>
> then do expressions with their aliases, and then be able to assign "spending<br>
> groups".<br>
> ex:<br>
> code_sep<br>
> push script0<br>
> push script1<br>
> push script2<br>
> push script3<br>
> group_sep<br>
> mkgroup_2, 0,1 ; the id will be 4<br>
> mkgroup_3, 0,2,3 ; the id will be 5<br>
> mkUnionGroup_2, 4,5 ; the id will be 6<br>
> 2_of_3_group 0, 1, 2<br>
> mkIntersectionGroup_2 5, 6<br>
> complement_last ; complements last group, mutation<br>
> del_group 1 ; deletes the group #1, groups then reindex after<br>
> deletion (maybe the group was useful base class).<br>
> etc...<br>
> multisig check perm groups (checks if any groups on stack are valid from<br>
> script)<br>
><br>
><br>
> or even something like adding a little SAT scripting language with an eval.<br>
><br>
> push script0<br>
> push script1<br>
> push script2<br>
> push script3<br>
> push <a=(1 & 2 & 0), b=a-1, a | 3 | b ><br>
> eval<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Thu, Jul 17, 2014 at 12:52 AM, Jeff Garzik <<a href="mailto:jgarzik@bitpay.com" target="_blank">jgarzik@bitpay.com</a>> wrote:<br>
>><br>
>> On Wed, Jul 16, 2014 at 1:56 PM, Jeremy <<a href="mailto:jlrubin@mit.edu" target="_blank">jlrubin@mit.edu</a>> wrote:<br>
>> > Right now, this could be expressed multiple ways (ie, using an op_dup if<br>
>> > then else chain) , but all would incur additional costs in terms of<br>
>> > complicated control flows. Instead, I would propose:<br>
>><br>
>> Can you quantify "additional costs in terms of complicated control flows"?<br>
>><br>
>><br>
>> > There is an implication in terms of increased utxo pool bloat, but also<br>
>> > an<br>
>> > implication in terms of increased txn complexity (each 20 byte hash<br>
>> > allows<br>
>> > for a 500 byte script, only one of the 500 byte scripts has to be<br>
>> > permanently stored on blockchain).<br>
>><br>
>> When considering these costs, using a normal P2SH output + a script<br>
>> with OP_IF and friends seems more straightforward?<br>
>><br>
>> Doing boolean logic with multisig groups is quite possible, e.g.<br>
>> "group AND group", "group OR (group AND group)" etc. Definitely a<br>
>> valid use case. I discussed how to do this on IRC with gmaxwell<br>
>> several months ago. I call it "multi-multisig" for lack of a better<br>
>> name.<br>
><br>
><br>
><br>
><br>
> --<br>
> Jeremy Rubin<br>
<br>
<br>
<br>
</div></div><span><font color="#888888">--<br>
Jeff Garzik<br>
Bitcoin core developer and open source evangelist<br>
BitPay, Inc. <a href="https://bitpay.com/" target="_blank">https://bitpay.com/</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Jeremy Rubin</div>
</div></div>