[Bitcoin-development] [RFC] Canonical input and output ordering in transactions
Rusty Russell
rusty at rustcorp.com.au
Mon Jun 15 21:01:04 UTC 2015
Mark Friedenbach <mark at friedenbach.org> writes:
> There's another important use case which you mentioned Greg, that also
> requires special exemption: compact commitments via mid-state compression.
>
> The use case is an OP_RETURN output sorted last, whose last N bytes are a
> commitment of some kind. A proof of the commitment can then use mid state
> compression to elide the beginning of the transaction.
>
> How do you make a special exemption for this category of outputs? I can't
> think of a very clean way of doing so that doesn't require an ugly
> advertising of sort-order exemptions.
Yes, we can suit any one use case, but not all of them.
For example, outputs shall be sorted by:
1. First byte (or 0 if script is zero length) minus 107.
2. The remainder of the script in lexographical order.
This would put OP_RETURN outputs last.
Though Peter Todd's more general best-effort language might make more
sense. It's not like you can hide an OP_RETURN transaction to make it
look like something else, so that transaction not going to be
distinguished by non-canonical ordering.
Cheers,
Rusty.
More information about the bitcoin-dev
mailing list