Author: Olaoluwa Osuntokun 2022-04-16 02:43:08
Published on: 2022-04-16T02:43:08+00:00
The author proposes a concrete scheme to ensure that the commitment is in a unique place within the Taro tree and that it doesn't exist anywhere else in the transaction. The proposed scheme uses inclusion and non-inclusion proofs to construct and verify this property, taking advantage of the tagged hash scheme used in Taproot. The Taro commitment is required to be in the leftmost or rightmost position of the tree due to the sorting of siblings before hashing them into a parent. The scheme has different cases depending on the length of the control block proof and the type of the sibling. The author also suggests that a standardized algorithm for constructing a taproot tree given a set of script leaves is missing in the ecosystem. The btcsuite libraries use a simple algorithm, but the Taro commitment is demanding regarding commitment space, as it wants the highest position in the tree. However, the impact for items in the script tree itself isn't too bad. The author thinks that if applications/protocols start making more structured commitments in the tapscript tree, it may make sense to roll out a distinct BIP that carves out an explicit structure/split. For example, a new standard could be created that pushes all the actual scripts to the "left" and everything else to the "right", using whatever tree structure we want, so we aren't bound by the sorting quirk. If each project picks some 32-byte value, then another SMT can be used to place each root commitment in a unique location in the tree. Maybe something like this also becomes the basis of future consensus-critical commitments (utxo commitments, etc, etc)?
Updated on: 2023-05-22T18:50:07.941571+00:00