Published on: 2021-07-04T13:10:36+00:00
ZmnSCPxj wrote an email discussing the cleverness of using `OP_ADD` for implementing `OP_CHECKSIGFROMSTACK`, but mentioned that enabling `OP_ADD` is more of an argument against it. Despite this, `OP_ADD` is still enabled in Bitcoin, limited to 32 bits. He also discussed the possibility of implementing the "Lamport-sign the EC sig" idea, which would mean Bitcoin is already quantum-safe, but it has a lousy quantum-safe signing scheme.Jeremy proposed using arithmetic operations with Lamport signatures to enable signing operations. This implementation uses a bitwise expansion of a number and a Lamport signature for arbitrary values representable in small binary numbers. However, ZmnSCPxj noted that enabling `OP_ADD` could lead to single-use-only signatures and discouraged pubkey reuse.A member of the Bitcoin Development mailing list asked about using Schnorr signatures for complex arithmetic operations without involving the network or nodes. Another member confirmed it was possible and suggested signing the signature made with checksig with the Lamport, but there are some crypto assumption gotchas. They also discussed implementing Lamport signatures for arbitrary values representable in small binary numbers, showing a concrete example of a 16-bit sequence lock. They noted that Merkle signatures would be smaller for the pubkey, but much larger for the signature, making the script more complicated and expensive.Jeremy Rubin proposed using Lamport signatures in script for arithmetic values by using a binary expanded representation. He explained the approach through Python code and translated it into bitcoin script. The signer generates a key as a list of pairs of hash images, and the validation checks for no left-out values. A concrete use case is post-hoc signing a sequence lock. ZmnSCPxj expressed confusion over the syntax used in Rubin's code and suggested replacing the ` operator with actual numbers. He also mentioned that enabling OP_ADD can implement Lamport signatures for arbitrary values representable in small binary numbers, but Merkle signatures would have a larger signature size.Rubin proposed using Lamport signatures in script for arithmetic values by using a binary expanded representation. He explained the process through Python code and translated it into bitcoin script. A concrete use case is provided for post-hoc signing a sequence lock. The approach allows Lamport signatures for arbitrary values representable in small binary numbers. Merkle signatures were considered as an alternative, but the simplicity of the SCRIPT and no advantage in pushing the size towards the signature rather than the pubkey made the proposed approach preferred.Jeremy Rubin shared a technique for doing a Lamport signature in script for arithmetic values using a binary expanded representation. He posted about it in his blog, providing Python code and a bitcoin script translation. The technique involves expanding a number into its bitwise representation and using a Lamport signature. It can be used for certain applications like bonding contracts, but it can be bulky and expensive. Keys can be reused across scripts, but signatures may only be constructed one time to prevent unintended values.
Updated on: 2023-08-02T04:19:06.621353+00:00