Author: jl2012 at xbt.hk 2016-04-18 19:03:07
Published on: 2016-04-18T19:03:07+00:00
A proposal was made on the bitcoin-dev mailing list to remove the OP_CHECKPRIVPUBPAIR opcode and instead use OP_CAT and OP_CHECKSIGVERIFY. The proposal involves two parties, Bob and Alice, agreeing upon a random secret nonce, k, and calculating r in the same way as signing a transaction. The script consists of SIZE, ADD, SWAP, CAT, CAT, SWAP, CAT, CECHKSIGVERIFY, and CHECKSIG. To redeem, Bob must provide k, s, and sighash, which allows Alice to recover the prikey-x with a k-reuse exploit. The next generation of CHECKSIG would have cleaner scripting if DER encoding were removed. Using r=x coordinate of pubkey-x with k=prikey-x could reduce witness size if Alice and Bob do not mind exposing prikey-x. This proposal has been deemed useful for lightning network. A patch to the reference client may be coded up but segregated witness is likely to take priority for soft-fork slot usage.
Updated on: 2023-06-11T04:00:12.941299+00:00