Author: Peter Todd 2023-02-07 12:50:13
Published on: 2023-02-07T12:50:13+00:00
On the Bitcoin-dev mailing list, a discussion about Taproot and MAST spending variable size was initiated. It was pointed out that this is not just true for Taproot but also for P2PKH inputs where scriptSigs can be doubled by using uncompressed pubkeys instead of compressed pubkeys. The participants could be asked to prove that their P2TR output commits to an unspendable script path to allow registering simple singlesig-encumbered UTXOs like P2(W)PKH. Technically, only the last person to sign needs to prove this in advance, while everyone else can prove it with their signatures. This distinction could be useful to support coinjoin participants spending complex P2TR outputs into coinjoins, a valid use-case as long as they pay appropriate fees. However, allowing arbitrary scripts could lead to DoS attacks, where someone takes advantage of a bug in script execution to create an invalid transaction.
Updated on: 2023-06-16T15:25:27.897804+00:00