Author: Rusty Russell 2018-12-20 23:17:15
Published on: 2018-12-20T23:17:15+00:00
The discussion revolves around the use of OP_CODESEPARATOR and its relevance in taproot. The argument is that OP_CODESEPARATOR may not be necessary as it can make scripts more complex and no wallet requires it. However, there is a proposal that suggests using the new sighash to always commit to the same H(script) instead of truncated scriptCode so that hashing only needs to be done once even if the script is very large. This proposal could be useful for NOINPUT with MASKEDSCRIPT, which will commit to the H(masked_script) instead of H(script). The semantics of CODESEPARATOR do not change as the sighash also commits to the position of the last executed CODESEPARATOR, making it still work for scripts without CODESEPARATOR. However, if NOINPUT does not commit to H(masked_script), it could still commit to the position of the last executed CODESEPARATOR but may be unreliable and non-useful except for "I reused keys for multiple outputs" oops.
Updated on: 2023-06-13T15:26:14.799583+00:00