Good morning Greg,
> On Wed, Jun 20, 2018 at 12:12 PM, ZmnSCPxj via bitcoin-dev > > bitcoin-dev@lists.linuxfoundation.org wrote: > > > This has the advantage that the Graftroot signature commits to a single > > outpoint and cannot be used to spend all outpoints that happen to pay to > > the same `P` public key. > > If it isn't possible to make a graftroot signature independent of the > > outpoint then the functionality is greatly reduced to the point of > > largely mooting it-- because you could no longer prepare the grafts > > before the coins to be spent existed, and meaning you must stay online > > and sign new grafts as coins show up. In my view graft's two main > > gains are being able to delegate before coins exist and making the > > conditional transfer atomic (e.g. compared to just pre-signing a > > transaction). Making outpoint binding optional, so that you could > > choose to either sign for particular outputs or in a blanket way would > > be a lot more useful. > Perhaps `SIGHASH_NOINPUT` can do this? One can argue that the option to not commit a signature to refer to a specific outpoint is orthogonal to the option to Graftroot, so having a separate flag for that makes sense. The proposal could then be: 1. Define a transaction `nVersion` reserved for Graftroot. Transactions with that `nVersion` are disallowed in blocks. 2. If a next-SegWit-version P2WPKH (or P2WPK) is spent, and the top witness stack item is a signature with `SIGHASH_GRAFTROOT` flag, then this is a Graftroot spend. 3. The signature signs an imaginary 1-input 1-output tx, with the input copied from the spending tx, the output value being the entire output being spent, and the output `scriptPubKey` being the Graftroot script (second to top witness stack). The imaginary tx has the Graftroot-reserved `nVersion`. 4. The Graftroot signature has its other flags `SIGHASH_NOINPUT` evaluated also when verifying it signs the imaginary tx. 5. The Graftroot signature and the Graftroot script are popped and the script executed in the context of the original Graftroot-spending tx. This lets users select whether committing to a specific outpoint is needed or not, independently of Graftroot. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
