From eb3fb727c31dd348a63992d22a35558e031174f9 Mon Sep 17 00:00:00 2001 From: James O'Beirne Date: Mon, 9 Oct 2023 14:07:19 -0400 Subject: BIP-0345: restrict trigger output to v1 witness Co-authored-by: Antoine Poinsot --- bip-0345.mediawiki | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'bip-0345.mediawiki') diff --git a/bip-0345.mediawiki b/bip-0345.mediawiki index e63e0a2..73b265e 100644 --- a/bip-0345.mediawiki +++ b/bip-0345.mediawiki @@ -46,7 +46,7 @@ usable for custodians of any size with minimal complication. A common configuration for an individual custodying Bitcoin is "single signature and passphrase" using a hardware wallet. A user with such a -configuration might concerned about the risk associated with relying on a +configuration might be concerned about the risk associated with relying on a single manufacturer for key management, as well as physical access to the hardware. @@ -268,7 +268,7 @@ After the stack is parsed, the following validation checks are performed: * Decrement the per-script sigops budget (see [https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki#user-content-Resource_limits BIP-0342]) by 60'''Why is the sigops cost for OP_VAULT set to 60?''' To determine the validity of a trigger output, OP_VAULT must perform an EC multiplication and hashing proportional to the length of the control block in order to generate the output's expected TapTweak. This has been measured to have a cost in the worst case (max length control block) of roughly twice a Schnorr verification. Because the hashing cost could be mitigated by caching midstate, the cost is 60 and not 100.; if the budget is brought below zero, script execution MUST fail and terminate immediately. * Let the output designated by be called ''triggerOut''. -* If the scriptPubKey of ''triggerOut'' is not a witness program of the same version and same tapleaf version as the currently executing script, script execution MUST fail and terminate immediately. +* If the scriptPubKey of ''triggerOut'' is not a version 1 witness program, script execution MUST fail and terminate immediately. * Let the script constructed by taking the and prefixing it with minimally-encoded data pushes of the leaf-update script data items be called the ''leaf-update-script''. ** Note: the leaf-update data items will be in the same order in the ''leaf-update-script'' as they appeared on the stack. * If the scriptPubKey of ''triggerOut'' does not match that of a taptree that is identical to that of the currently evaluated input, but with the leaf script substituted for ''leaf-update-script'', script execution when spending this output MUST fail and terminate immediately. -- cgit v1.2.3