Author: Luke Dashjr 2017-09-21 04:11:49
Published on: 2017-09-21T04:11:49+00:00
In a message on the Bitcoin development mailing list, Johnson Lau discussed how OP_RETURNTRUE does not work well with signature aggregation. Signature aggregation combines (pubkey, message) pairs in a transaction and verifies them with one signature. However, for old nodes, the script terminates at OP_RETURNTRUE, and it will not collect the (pubkey, message) pair. Lau suggests that if they use a softfork to transform OP_RETURNTRUE into OP_17, new nodes will collect the (pubkey, message) pair and try to aggregate with other pairs, resulting in a hardfork. Luke Dashjr responded that this is a problem for signature aggregation to address, not a problem for OP_RETURNTRUE. Dashjr suggested that signature aggregation could be set up upfront and have the Script verify inclusion of keys in the aggregation. Another approach, according to Dashjr, would be to create any op code with an OP_NOP. For example, if they want OP_MUL, they could have OP_MULVERIFY, which verifies if the 3rd stack item is the product of the top 2 stack items.
Updated on: 2023-06-12T18:55:53.040658+00:00