Author: ZmnSCPxj 2019-03-13 06:41:47
Published on: 2019-03-13T06:41:47+00:00
The author discusses the use of NONINPUT signatures in Bitcoin and how they can be used to prevent cheating. They propose an alternative solution that involves requiring every script to have a valid signature that commits to the input, which would cost more than a key path spend. This method would also provide a "PUSH_TAPROOT_KEY" opcode to push the taproot key to stack, saving 33B from pushing P as a literal. The author also discusses the concept of output tagging and suggests that if a NONINPUT sig is restricted and cannot be used to spend an "ordinary" 2-of-2, this is output tagging regardless of the exact mechanism. They propose a solution that would ideally keep historical data of whether on-chain coin was used in Lightning as little as possible, while still allowing for a common cooperative close. To work around this issue, the author suggests adding a "kickoff" transaction that spends the eltoo setup transaction, with the kickoff kept off-chain until a non-cooperative close is needed. However, this would complicate fees. The author concludes by suggesting that alternatives to these proposals may exist.
Updated on: 2023-06-02T17:53:44.226694+00:00