[bitcoin-dev] Should Graftroot be optional?

Pieter Wuille pieter.wuille at gmail.com
Fri Jun 1 00:25:04 UTC 2018

On Fri, May 25, 2018 at 3:14 AM, Johnson Lau <jl2012 at xbt.hk> wrote:
> A graftroot design like this is a strict subset of existing signature checking rules. If this is dangerous, the existing signature checking rules must be dangerous.

While you may be right in this situation, I'm not sure that conclusion
follows from your argument. Whether or not a construction is safe does
not just depend on the consensus rules, but also on how it is used.
Otherwise you could as well argue that since OP_TRUE is possible right
now which is obviously insecure, nothing more dangerous can be
accomplished through any soft fork.

The best argument for why Graftroot does not need to be optional I
think was how Greg put it: "since the signer(s) could have signed an
arbitrary transaction instead, being able to delegate is strictly less



More information about the bitcoin-dev mailing list