Author: Pieter Wuille 2018-10-24 02:22:24
Published on: 2018-10-24T02:22:24+00:00
Pieter Wuille, a Bitcoin Core developer, proposed a new construction called "g'root" to solve the problem of recursive-taproot-without-revealing-intermediary-scripts. The structure combines the concepts of Pedersen Commitments and taproot, resulting in an equation P = a*G + s*G2 + H(a*G+s*G2, Q)*G. Here, "a" is a private key (pubkey A) while "s" is a hash of additional conditions for spending with pubkey A. "Q" is an alternative method of spending. G'root removes the distinction between pay-to-pubkey and pay-to-script constructions and offers an easy way to construct a softfork-safe cross-input aggregation system. It also restricts a future cross-input signature aggregation system to only apply to companion keys which are not subject to potential changes to the scripting language. Wuille suggested deploying schnorr/taproot/mast first and adding graftroot/aggregation later. He named generalised taproot as "g'root".
Updated on: 2023-05-20T17:28:17.332838+00:00