From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 06 Oct 2025 04:41:19 -0700 Received: from mail-ot1-f63.google.com ([209.85.210.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1v5jag-0007Uz-Nx for bitcoindev@gnusha.org; Mon, 06 Oct 2025 04:41:19 -0700 Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-7bf89feb9c1sf859734a34.2 for ; Mon, 06 Oct 2025 04:41:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1759750872; cv=pass; d=google.com; s=arc-20240605; b=K8rZFDepkBBjQA4Ta9fHfHUfo4wMmx8a/zOVfd6dioH4D7yGsUjtDy9NDbDoQSsh8W 3HYEBgmfdfNikOsGOpYyGzbeCSaO37C75j3TXsXdGxoz7tErT57QDMUHNze2FKIbu8CV ENCHRTjIH1Dl7Th24FA3MCJH/rYy5VnIgdQxif/44D1E8ctkMLpjzRt8Op9AOeCZgAct IyFsEvHgjRiS7w7s6sju9NncHT89jXawllPMsODl8yRDIXXzqPupeVhjLIVSKCJhVp+M lKRAxAg8KEz6UZ6HXDVCOVe4hkyYelKz0sFar974T9bY/9RF9WaftEes60Kp0+0tMaMB EIuA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :dkim-signature; bh=O0akixtrHEnF92V+Ug35e1gYVQx2cIAduUKTges7kXY=; fh=+0MsFaIQ0zdPxCzVW7JY3kfsValJ6WNjKUiNKI995CU=; b=JApADFluJL2ns0HPa9xlpsA/ytJQTX3XeSa8dTck6o3UfLPjit1qeQxloGV94PV7Et nh/+p4EdDAyN9/YuFcBQCdLZk0Qgut7H7G65GwzMsDtCmqf/RPnDyQNp95QrcZCi9OPt uGtxniH6H3oDd5pp3QO5gXe1p+kFIfWtjzxVYOj0aSO4JCAfNzJpIirvRWomC/Tc5xVg Syk2PwzyYp6WKwBl0s89hx4lrIEMWubq0/NOCuAXB7jf7x7On+hcgT3icPTo55iDU7sv PdrUU4BQfsTUdbq2nHMbkW9ely/P0ljhyGnxI/HKz8BY1/Fcb2PDRqtOcMUDdUA1XC27 o+Fw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1759750872; x=1760355672; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:from:to:cc :subject:date:message-id:reply-to; bh=O0akixtrHEnF92V+Ug35e1gYVQx2cIAduUKTges7kXY=; b=CxlLmVdDOWKjhnOHdeez3wb3Mn+ShulbrtfJoer2CAN7agYN610FxVs++YEuYYRATG DuYSHv2sL21eutxC1Y06PzXKNP/M+44kxKt1hAj3y9LTdjMO4+R2SyCY/kfFf7jlsZD2 1NZkgGhwjDBERzXE2kdu5fvd71D1yoR5jorWjgxEkwtFsTO38GEuI/KtKfjf4ZsPQ/5P KyQzKUVYLJ1rBBe0puYGEWYJhMhBkboYnYieg5KgYayzLdkOQqeLgeWYirVP5+dAeaIB ZYJHg1+Sw0zzTVghvEO+LVN90HzuibVPLONDDbT54g16EhqucB9Wit1ahxjnpuTLsJ5v ed/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759750872; x=1760355672; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=O0akixtrHEnF92V+Ug35e1gYVQx2cIAduUKTges7kXY=; b=SckIoS0TH3UAM5Iq3s5RgIfRS0LBQAtd4ZxiCUpE0SWb2sBeaTwcDCjVaMc/4r2NBX geCzB78pBPbkwSNdFqsOsRiiDwqiDcqK+r27yUSKPvr+L2MUjpCRmsINzhsq6SupYR0b Wd0Y53qjD4y3AnwyYlvZXw5L9kiRuftFfeJ187tLmQ2cm77eQd3sEzo45SWSfL4c14x3 gVswcZk8o0bOtOKmAVyKC2PGrExyCmLv+k6/NCWeAPKZXL2nAi0q27XwLJvoHcf+O7EY WFI5kGo4QBjmqQ3lUMITYcgOe2uFjDoxLFWk5cfIJFae12fbcWulRexo78gNXRaOD0SF 4gIg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUYP9goLUmtZQESvL74zQeMYWDd2J+HaKKTvzJUN2mWLpxdFpEncioc7ubFQ0sJ4zaZSyrvgyvK/qqW@gnusha.org X-Gm-Message-State: AOJu0YzpvGX5uAYMLW1yQkD+g5tNDwKnyHKy30A4RSBoJV7OcEY4CrYu ciKprfBY5CpkxRbjBOBiwjbjiRaEzodeCSOYp4isc4Wz4SNkuUq9ejZX X-Google-Smtp-Source: AGHT+IE/qslvsStJSbjS2zOq7fL/nrz1J3SrTR2xYc10QD0ar0QNi05n5m8z0PwEwbStBpotVmgaGQ== X-Received: by 2002:a05:6870:f146:b0:33f:455c:bfe1 with SMTP id 586e51a60fabf-3b0f4fbb299mr6433823fac.16.1759750872157; Mon, 06 Oct 2025 04:41:12 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="ARHlJd4glD4jJNAYJUmolZjewgdQRMek8b+CvBR0TUqEbcUg0g==" Received: by 2002:a05:687c:50:10b0:380:63e1:8c0c with SMTP id 586e51a60fabf-3ac0130d035ls1635791fac.1.-pod-prod-02-us; Mon, 06 Oct 2025 04:41:08 -0700 (PDT) X-Received: by 2002:a05:6808:22a6:b0:43d:24a5:e9ce with SMTP id 5614622812f47-43fc1857f05mr6571625b6e.45.1759750868087; Mon, 06 Oct 2025 04:41:08 -0700 (PDT) Received: by 2002:a05:620a:aa08:b0:82b:15c1:88e9 with SMTP id af79cd13be357-87a0f397c66ms85a; Mon, 6 Oct 2025 04:29:51 -0700 (PDT) X-Received: by 2002:a05:6214:4004:b0:872:e9b8:e950 with SMTP id 6a1803df08f44-879dc82c7a4mr146904086d6.44.1759750190436; Mon, 06 Oct 2025 04:29:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1759750190; cv=none; d=google.com; s=arc-20240605; b=CSqVCuOefUZrrKMbOrN0lVqMmaXAcVcRr3hgDRBRxJKb9WkoDEnOYSkMqZ3/LxDkgl c0c4lLySEiKCc6dFziG9m6O+zvFiDzh38v7MJok8juZAzlpv6EQwqXiO30ZSYXEv6s5H PKlWF7UaWL1XtjKHcl7p0aGAAQ47XC12kGoNcP27vmnKAyTKrLajxGTftRuKc21TD5F5 fqTYcucEyetkwVsdLOoGfNT1uDXsSFiDX+YZd6apqlj8ybnsPPKuJ7KT2srWIB5aeV1q HSqaCslLOYV8jK8yspHLAHiP09VwinlNoGH+/UPcy+wyCMCVgE+P97y1fQfWA0PeY5H2 aL6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date; bh=+p/SAAmxayMpO/dzr3+CS0NzM1Xk74Avd3KG6UA8R74=; fh=2Au7Q+0ofqLEIjZkA5VQCV+WqgBtcq+FeF2FoHbGrJU=; b=VCvMLzcs3CB/8AW44GYLmFhoB8lL55oRfoOValUcgWa9KdY1fvnvfDwupYVrYogiw7 bUCORBUvxXfw/P2tYGa1ObZeMY6GY5H1Ovi/yEtZu+bf/gXZl7qBppJbApUfZ5sCuf99 RlAYlYG/OAKdN8ey3KLe3rW+NmksEB7srx7XpMyIEEiJSdWoalgxj+Ho9ApBAVNDf6tm Qa1AYGkplBw2oSGR8hTQNiRHWq87c6L00/oJA3P5ec47hsn1h4hTqQaQnlOc0mAmldmv TCIwb5f9FvNhpfLINir2dCUi5WUc7ZxpBUyNufi+yXKgEOuFDQU385h80jH8RZFuIfxy KBFQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au Received: from cerulean.erisian.com.au (azure.erisian.com.au. [172.104.61.193]) by gmr-mx.google.com with ESMTPS id 6a1803df08f44-878bcfaf084si2613196d6.5.2025.10.06.04.29.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Oct 2025 04:29:50 -0700 (PDT) Received-SPF: pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) client-ip=172.104.61.193; Received: from aj@azure.erisian.com.au by cerulean.erisian.com.au with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1v5jPJ-0007ei-1f; Mon, 06 Oct 2025 21:29:46 +1000 Received: by email (sSMTP sendmail emulation); Mon, 06 Oct 2025 21:29:41 +1000 Date: Mon, 6 Oct 2025 21:29:41 +1000 From: Anthony Towns To: Rusty Russell Cc: bitcoindev@googlegroups.com, Julian Moik Subject: Re: [bitcoindev] [4/4] New Opcodes for Tapscript v2 Message-ID: References: <87y0q0m8vz.fsf@rustcorp.com.au> <87tt0om8uz.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline In-Reply-To: <87tt0om8uz.fsf@rustcorp.com.au> X-Spam_score: -0.0 X-Spam_bar: / X-Original-Sender: aj@erisian.com.au X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) On Sat, Sep 27, 2025 at 08:59:40PM +0930, Rusty Russell wrote: > ;OP_SEGMENT > : This opcode remains an NOP. But it makes script parts ''composable'': > > ;OP_BYTEREV > : This is the minimium requirement for constructing ordered Merkle trees as specified in Taproot. > > ;OP_ECPOINTADD > : Also required for constructing Taproot spends. The varops cost is the same as a CHECKSIG operation. > > ;OP_INTERNALKEY > Bitcoin script was developed long before Taproot: OP_ECPOINTADD and OP_BYTEREV are the minimal missing opcodes required for creating Taproot trees in script. If you're trying to construct a taproot address, the formula is roughly: T = IPK + H(IPK, ScriptRoot) * G The above arguably give you enough capacity to calculate most of that formula, but I don't see anything that gives the "* G" part. > - I don't see an immediate reason for OP_ECPOINTMUL, for example, but it would not be possible in script today (due to varops limits). Calculating T according to the above, rather than verifying the equation is true after being given all the values, means that you can't combine a bunch of similar calculations (including schnorr signature checks) into a batch validation, gaining some performance benefit. It may make more sense to have an ECPOINT_MULADD function, that verifies: a*B + c*D = 0 (point at infinity) where a,c are scalars and B,D are points, and OP_MULTI modifies that to a1*B1 + a2*B2 + .. + aN*BN = 0, where ai are scalars and Bi are points. Note that expressing "negative" values are probably desirable, particularly -G; eg the BIP340 signature equation becomes: s*(-G) + 1*R + H(..)*P = 0 in that model. The Taproot address check is: (+/-)1*T = 1*IPK + H(..)*G = 0 where the sign for T is taken from the control block. FWIW, bll does this with the `secp256k1_muladd` opcode, and example code for verifying a taproot script against a scriptPubKey is at https://github.com/ajtowns/bllsh/blob/master/examples/test-taproot Cheers, aj -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aOOoJfCFH85AUYtp%40erisian.com.au.