Author: Johnson Lau 2017-09-08 09:21:22
Published on: 2017-09-08T09:21:22+00:00
The proposed tail-call execution semantics BIP requires an "unclean stake", which is invalid in BIP141 except for legacy P2SH. This presents a challenge with sigOp counting as it cannot be counted without executing the script, resulting in lost static analysability. This issue was one of the reasons why OP_EVAL was rejected. One alternative is to make sigOp a per-input limit instead of per-block limit.Witness script versioning is fully compatible with P2SH and BIP173, meaning existing wallets will have no problem paying to BIP114. The minimal BIP114 could be really simple, with just two new script features added to the bitcoin protocol: MERKLE-BRANCH-VERIFY (MBV) and tail-call execution semantics.MERKLE-BRANCH-VERIFY allows script authors to select values from a pre-determined set committed to in the scriptPubKey without revealing unused elements for privacy and smaller script sizes. Tail-call execution semantics allows a single level of recursion into a subscript, providing properties similar to P2SH while being more flexible. These features together enable a range of applications such as tree signatures and a generalized MAST useful for constructing private smart contracts.Mark Friedenbach has written three BIPs to describe these features and their implementation, including Fast Merkle Trees, MERKLEBRANCHVERIFY, and Tail-call execution semantics. While there is one piece of feedback that has not been incorporated yet, Mark believes that the implementation of these features is simple enough and the use cases compelling enough to roll out these features before the end of the year.
Updated on: 2023-05-20T03:43:01.571912+00:00