Author: Pieter Wuille 2019-05-23 02:06:42
Published on: 2019-05-23T02:06:42+00:00
Pieter, a Bitcoin Core developer, suggests removing the final non-false value requirement in Tapscript specification and instead requiring an empty stack upon completion. He argues that this would not only remove a potential malleability vector but also simplify the development of Bitcoin Script. Furthermore, the conjunction of two policies could be implemented by the simple concatenation of Bitcoin Scripts, while the disjunction of policies could be achieved through multiple Merkle branches under taproot ability. In response, John Newbery agrees with Pieter's suggestion to make pay-to-taproots the same cost as P2WSH, which is currently more expensive than necessary due to encoding the y value of public key P. He proposes four options for setting y signs for internal key P and taproot output key Q and prefers option (4), which reduces the size of a taproot output by one byte, making it the same size as a P2WSH output. Additionally, they discuss whether to support P2SH-nested TR in Taproot. Pieter believes that there may be minimal fungibility improvement by not having another bit (P2SH or not) that can leak some information about the software used, while John sees no significant advantages.
Updated on: 2023-05-20T20:18:40.829745+00:00