Author: Christian Decker 2019-10-03 11:08:29
Published on: 2019-10-03T11:08:29+00:00
Christian Decker via bitcoin-dev has renewed interest in eltoo, a proof-of-concept implementation and discussions regarding clean abstractions for off-chain protocols. It is time to revisit the `sighash_noinput` proposal (BIP-118), and AJ's `bip-anyprevout` proposal. There are some open questions that remain to be addressed such as general agreement on the usefulness of noinput/anyprevoutanyscript/anyprevout; strong support or opposition to the chaperone signatures; and the same for output tagging/explicit opt-in. Also, there is an important open question that was missed from this list: do we really understand what the dangers of noinput/anyprevout-style constructions actually are? According to Anthony Towns, anyprevout signatures make the address you're signing for less safe, which may cause you to lose funds when additional coins are sent to the same address; this can be avoided if handled with care. Being able to guarantee that an address can never be signed for with an anyprevout signature is valuable. Therefore, having it be opt-in at the tapscript level, rather than a sighash flag available for key-path spends is valuable. Receiving funds spent via an anyprevout signature does not involve any qualitatively new double-spending/malleability risks. As such, output tagging is also unnecessary, and there is no need for users to mark anyprevout spends as "tainted" in order to wait for more confirmations than normal before considering those funds safe. In addition, Christian Decker likes the option of hidden nature of the opt-in via pubkey prefix while reading Towns' proposal. This scheme could be extendable to opt into all sighash flags the outpoint would like to allow. It might be good to have a public testnet where they can demo every weird noinput/anyprevout case anyone can think of, and just work out if they need any extra code/tagging/whatever to keep those fake exchanges/merchants from losing money. However, it will not ensure that every possible corner case is handled and from experience it seems that people are unwilling to invest a lot of time testing on a network unless their money is on the line.
Updated on: 2023-06-02T20:34:49.919666+00:00