Author: Gregory Maxwell 2018-01-23 00:30:06
Published on: 2018-01-23T00:30:06+00:00
Merkelized ScriptPubKeys, also known as MAST, is gaining popularity due to its efficiency and privacy benefits. Mark Friedenbach suggests that any contract with a fixed participant set can be represented as an OR between an N-of-N and a more complex contract. To make fancier contract use cases indistinguishable from the most common and boring payments, there was a suggestion to include a dummy branch for the rest of the tree in ordinary checksig-only scripts. However, Taproot, a delegating CHECKSIG, can make the special case of a top-level "threshold-signature OR arbitrary-conditions" indistinguishable from a normal one-party signature without any overhead at all. In this method, Alice && Bob or CSV-timelock && Bob can form a 2 of 2 signature for P if they agree on the resolution of their contract. Alternatively, someone who provides the network with C (the original combined pubkey), S, and does whatever S requires can satisfy the script.The construction allows anonymity sets for fixed party smart contracts by making them look like the simplest possible payments. There is no overhead in the common case, invoking any sketchy or impractical techniques, requiring extra rounds of interaction between contract participants, or requiring durable storage of other data. The verification computational complexity of signature path is obviously the same as any other plain signature.
Updated on: 2023-05-20T04:51:54.407092+00:00