Skip to content

Instantly share code, notes, and snippets.

@RubenSomsen RubenSomsen/BMM.md
Last active Dec 31, 2019

Embed
What would you like to do?
Blind Merged Mining with covenants ( sighash_anyprevout / op_ctv )

Blind Merged Mining with covenants ( sighash_anyprevout / op_ctv )

Blind Merged Mining (BMM) is the idea of committing the hash of another blockchain into a unique location on the Bitcoin blockchain, and paying a Bitcoin fee to miners for the privilege of deciding this hash and capturing the fees inside the other blockchain. Since miners don’t have to know what the hash represents and are simply incentivized to choose the highest bidder, it requires no extra validation on their part (“blind”). This idea was originally conceived of by Paul Sztorc, but required a specific soft fork. [0]

In essence, BMM is a mechanism that allows external blockchains (altcoins, tokens) to outsource their mining to the Bitcoin blockchain. Instead of burning electricity with ASICs, they pay bitcoins to miners, who in turn will perform Proof-of-Work (PoW) for the privilege of obtaining this payment. This increases the total PoW on the Bitcoin blockchain, which adds to the security of the Bitcoin network. It's an easy consensus mechanism to implement, and simple to mine, only requiring full node software for both chains and some bitcoins.

While it may be hard to justify this as a soft fork, it turns out that the inclusion of sighash_anyprevout (previously sighash_noinput) into Bitcoin is sufficient to make BMM work, because, as noted by Anthony Towns [1], sighash_anyprevout allows for the creation of op_checktemplateverify (op_ctv, previously op_securethebag) style covenants [2]. With that, we can generate the following without any trusted setup:

  • A long string of sighash_anyprevout transactions, each only spendable by the next (the spending signature is placed in the output script, making it a covenant)
  • RBF enabled and signed with sighash flags single, anyonecanpay, and anyprevout, allowing the addition of inputs and outputs in order to pay fees (similar to fees in eltoo [3])
  • A relative locktime of one block, ensuring only one transaction gets mined per block

A complete transaction flow diagram can be found here: https://gist.github.com/RubenSomsen/5e4be6d18e5fa526b17d8b34906b16a5#file-bmm-svg

(Note that op_ctv instead of sighash_anyprevout would require the use of CPFP, because all outputs need to be pre-defined.)

This setup generates a unique location for the hash, which can be freely competed for by anyone with the help of RBF. The hash can be committed into the fee paying output via taproot. If the block corresponding to the hash is not revealed or invalid, then the BMM block simply gets orphaned, just like in Sztorc’s proposal.

While the Bitcoin blockchain will be unaware of the BMM chain, the opposite does not have to be true. This enables some interesting possibilities. For instance, you could make a conditional BMM token transfer that only goes through if a specific Bitcoin transaction occurs within a certain period of time, thus enabling atomic swaps (especially useful when combined with asset issuance/colored coins/pegged tokens). It would also be possible to create contracts based on Bitcoin’s hashrate and such.

It seems inevitable that this chain will need some kind of native token in order to pay for fees. This makes me uneasy. The fairest and least speculation-inducing method I can think of is a perpetual one-way peg, where at any time 1 BTC can be burned for 1 token, essentially preserving the 21M coin limit. Coins that are burned will never return, benefiting all BTC holders equally. Holding BTC will always be preferable, because the option to move is always open to you. This should disincentivize speculation -- it only makes sense to move coins if they serve an immediate purpose.

Given the lack of a block subsidy, there may not be enough impetus to move the chain forward instead of enacting a reorg. However, BMM reorgs are somewhat unique in that they will have to compete for the same unique location that the original chain is using. A 10-block reorg would take 100 minutes on average to catch up, during which the original chain won’t move forward. If fee pressure of new transactions is targeted exclusively towards the original chain during this time [4], there would be forward pressure that makes reorgs more expensive. Whether this mitigation is sufficient is an open question.

Finally, it is worth asking whether BMM interferes too much with the existing incentive structure of Bitcoin. I don’t have a clear answer, but it should be noted that a much more inefficient version of BMM is already possible today. One could simply use up lots of block space instead of specifying a unique location for the hash, as demonstrated by Veriblock [5]. I therefore believe that the same argument as adding data via op_return applies here -- if it’s not supported, more wasteful methods may be utilized instead.

Some technical details (thanks to Anthony Towns for providing his insights):

  • Since the exact signature is committed to ahead of time, private key security is actually irrelevant. You can simply use G to replace both R and P instead of the usual s = r + e*p. This means anyone can easily pre-compute all the sighash_anyprevout signatures with s = 1 + e.

  • Assuming taproot, the spending script will be inside a taproot leaf, meaning there is a key spend path which should be made unusable in order to enforce the covenant. This can be achieved with a NUMS such as hashToCurve(G) = H, which can then be used as the internal taproot key T = H + hash(H||bmm_hash)*G.

-- Ruben Somsen

[0] https://github.com/bitcoin/bips/blob/master/bip-0301.mediawiki

[1] https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg08075.html

[2] https://github.com/JeremyRubin/bips/blob/ctv-v2/bip-ctv.mediawiki

[3] https://blockstream.com/eltoo.pdf

[4] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-September/016352.html

[5] https://twitter.com/lopp/status/1081558829454802945

<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1358px" height="582px" viewBox="-0.5 -0.5 1358 582" content="&lt;mxfile host=&quot;www.draw.io&quot; modified=&quot;2019-12-25T00:59:44.442Z&quot; agent=&quot;Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36&quot; etag=&quot;hLkrSUJMxQ-UOAfCt51I&quot; version=&quot;12.4.3&quot; pages=&quot;1&quot;&gt;&lt;diagram name=&quot;Page-1&quot; id=&quot;5f0bae14-7c28-e335-631c-24af17079c00&quot;&gt;7VxtU9u4Fv41mYGdKePXEH9sUmB7d6GdhnbLfrmj2EqsW9tybRmS/fV79GY7kYGUJuBb0mkhOnrXOXqecySlA3eSLi8KlMeXNMLJwLGi5cB9N3Ac23JH8ItLVlLijywpWBQkkqKWYEr+wbqmklYkwqWSSRGjNGEkXxeGNMtwyNZkqCjo3XqxOU2iNUGOFtgQTEOUmNK/SMRiKXUsq5H/jskiVj27etwzFH5bFLTKVHcDx52LPzI7RbopVb6MUUTvWiL3bOBOCkqZ/JQuJzjhS7u+auf35NbDLnDGtqngBrZv4ZE3mtv+yLPCN6qFW5RUainYEtJKXLKVXqFbXDACC/Y2IYsMRIzmA3eMVCrBc+h/XOYoJNnimue9GzWCP0X2O6eRfFKLaQtZjHLeTVjNME9K84A1dscRKUDfhPJOSlrx5RzPacamamQepGOWJrw8fBSqwHyylmxXrjZPhDQlofqcoBlOxrXuJjShBWRlNBP9s4J+q+3AVj2eo5Qk3Ly/4CJCGdIDUYN1TFXotYWVw8uWSKnmAtMUs2IFRVTucHTiyzpqG516WnDXWKWr91bcssjawpDaCYu69cYc4IOyiC2twzOsg4Ai3koDsUrEaBmTgTNMuPJnBXxa8E9HOVqhGegHNgifHspWsLLHhk31RHGNGYegOwwNjnegzNGmMm2vS5uw4qY2/R0o076+uiGL5dcP1+e31/9hyfRm9r5ju8Oe2kKj8BulfMMLeUkWtUBlW+slLoz8ye9nkz+m7y9elxGYW7oPVuB2g75zAP0XAH3PAIpnRv1OE3ki8r+y7e1bfdze/gHkn9UKhr2k+tNukHcPIP8CIB8YQNEHkB8dQH4b3Tl93N7BAeSf1Qpsu5dcr9GppQYcLbAGUVqwmC5ohpKzRrqhnZbaHtMHKthbftq2ITsnfNBS1TytdMFpAmeRrkFznElJqzyktOaG2ysYLwn7qsbMP9/w1kAXMvVuqRvniVXdE6z313aiVYsnm2oipevdaztAWkWIH9CNsg1YkQVmD5RTMMz19qAlFjhBjNyuH1l2WZSq+pESGHJzIGHGosNAS3QzclKqZvsgcaMxk9A6GpMzNxoDg0CrVrGcFyiNrVDP/Cd2hxnpakTkJrW2b4bfK6oz3khHRYDpMF82mRpFPxYYyiwy2ES8jQL8HvhA5/BjfHnJlV6grETCv4GZWUdQOEZlzEtDWXE0NnDG9dlYiLJcrEktzAt8yxHdgZlbn8bn3EAyfqgWSVFtDNAXSXFCw296BHxnOtaMi47FJOSMYQXlpDURbOAGACFbhwMJwBsoMIfNuyHa8BU3HcqURJHAnbuYMDwFN5H3eFeg3MCiXXjjwZpZuiZCByO3w8vaG0IPDwjdV4QOtkRo+/R5INruODVuUPtHMdp2Tc/VbO3lQdqMVDELT/aAT7U/+LII1aUXP+hwJb2uaHBvOGVGFLvhyrMlxA+C8QQ7cXZEjKEwlqSJ4N8c82yS5ZzwLEaV2KBSQY2CcgGVZHUW86phjLIF1nWBN2VLVwf6c0yzGgbeM9qVbnjzIMozNHA4iHqBK2Z32IODqHoeh5Ooh5RnOAee3UUbz3sC4TiG7g4nUfu0AnMP98IMzIuFVxTmWCeeq9M3g1Zs0x3oQOIjLiBsF0axn+Dn0aBGF9x3UGM4u15zbvqjIY1p+mZbLx7QOKZr8wq2wr2G+GgUrhlk34boeTu0RPPZRi9N0XwL0HasZoSF0LfJzZevi1JNXZ72gFGH9ztW1knwkPquXpf6OmihD/ozz7VMXkgSkpe4HaAmtIruOSxoKXEjKt7BIvq2vxkadr9RsDtPpfa2iuYjBXMVG0ILE1SW3Ibbi/WUw+hml/Ba/6vSXPO33gH3bZwIlXFd8fnPtDVsPOr/udaWtNtS/kMb6GfZ2bhR9N0ns7PvGogw6h87u+bRGCA3/5ILQ0TcGyKhyFx8QYRnpClhKc7qU1J5+qluFsXxqpTIk1NxBdg6Al0jCEt0aH0Y6EtH3srRh8HpBP7O0vS/PH3820Vn4L4huY4JHy10h9QxrUhXGfkOExP3lfLcNkQ8c8aHOC8wTlZyVjkEQjx7DhTD7Y3x6Xwan//ClwD+yNm0UNcxGSvo2HCjDTveHdaayPrrxy3/HzeV2wb13paY/rNg7e/wLYkZSr3wW5IETf6eOmfvZ2UxDj7c3sbTYdzxWLLP3tzICjbW1Bl1eXO+H3R4c8EDBrEtwnQuonnH+LmU93gLnOECMUEAF7JrTWZ5NfuGVzWHAFqEXJxiJDlSvKCpyQUQPazAuHFdnz/UQawqsHyJU1OfXVMfPgamsRSLiR+ZIFwgYRxCRUlhMxyiquxoV1eS/CypDKqSqClbX0keIVHwFmcoY7zbbdhV9BYWJGe6qzwBW5L9GG5CgtFczofXk0tXAmBGwqgEt5YxrZJIU3GKxEirrCrV1/YUBfN2rz5fTnU/tIhwoX0PnAFdh80U9aRkhHpdL7NqoOVkCInwM9Sgt3QzrqjSKmKqhzsibE7MIiLzOS6kcyQdCQz7hU+e3zd2KbCtr7Yyzdrr/ox1BDb4puCmUQKGHv/CbkqgYa5+TjXsigl930QR2x/uCUVs02/+4ZjwnijtxPHXKP0RQm/O/7XDcNNyJbqdh506AQ+hbE8CuxEQDzeG0dA59XwrGK5TvRmXbf2+ydIj1MYZbBvjPcEpSCdfx2eYfjn7PJzcxd/L6ov1seP7tBq1ylyw0RPfzNRXndmszFtYCIOUDff+EYsBMR0mf/8rBXdNr762mT08YoFk898vSLNo/osL9+xf&lt;/diagram&gt;&lt;/mxfile&gt;" onclick="(function(svg){var src=window.event.target||window.event.srcElement;while (src!=null&amp;&amp;src.nodeName.toLowerCase()!='a'){src=src.parentNode;}if(src==null){if(svg.wnd!=null&amp;&amp;!svg.wnd.closed){svg.wnd.focus();}else{var r=function(evt){if(evt.data=='ready'&amp;&amp;evt.source==svg.wnd){svg.wnd.postMessage(decodeURIComponent(svg.getAttribute('content')),'*');window.removeEventListener('message',r);}};window.addEventListener('message',r);svg.wnd=window.open('https://www.draw.io/?client=1&amp;lightbox=1&amp;edit=_blank');}}})(this);" style="cursor:pointer;"><defs/><g><path d="M 137.5 -40.5 L 347.5 -40.5 L 357.5 -30.5 L 357.5 339.5 L 147.5 339.5 L 137.5 329.5 L 137.5 -40.5 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,247.5,149.5)" pointer-events="all"/><path d="M 147.5 339.5 L 147.5 -30.5 L 137.5 -40.5 M 147.5 -30.5 L 357.5 -30.5" fill="none" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,247.5,149.5)" pointer-events="all"/><g transform="translate(62.5,55.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="24" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-decoration: underline; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">tx 1</div></div></foreignObject><text x="12" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana" text-decoration="underline">tx 1</text></switch></g><rect x="77.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(90.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="124" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">in: 1 satoshi<br />(payable by anyone)</div></div></foreignObject><text x="62" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">in: 1 satoshi&lt;br&gt;(payable by anyone)</text></switch></g><rect x="257.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(263.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="138" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">out: 1 satoshi<br />&lt;sig&gt; &lt;G&gt; CHECKSIG</div></div></foreignObject><text x="69" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">out: 1 satoshi&lt;br&gt;&lt;sig&gt; &lt;G&gt; CHECKSIG</text></switch></g><path d="M 557.5 -40.5 L 767.5 -40.5 L 777.5 -30.5 L 777.5 339.5 L 567.5 339.5 L 557.5 329.5 L 557.5 -40.5 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,667.5,149.5)" pointer-events="all"/><path d="M 567.5 339.5 L 567.5 -30.5 L 557.5 -40.5 M 567.5 -30.5 L 777.5 -30.5" fill="none" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,667.5,149.5)" pointer-events="all"/><g transform="translate(482.5,55.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="24" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-decoration: underline; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">tx 2</div></div></foreignObject><text x="12" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana" text-decoration="underline">tx 2</text></switch></g><rect x="497.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(534.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="75" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">in: 1 satoshi<br />G</div></div></foreignObject><text x="38" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">in: 1 satoshi&lt;br&gt;G</text></switch></g><rect x="677.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(683.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="138" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">out: 1 satoshi<br />&lt;sig&gt; &lt;G&gt; CHECKSIG</div></div></foreignObject><text x="69" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">out: 1 satoshi&lt;br&gt;&lt;sig&gt; &lt;G&gt; CHECKSIG</text></switch></g><path d="M 977.5 -40.5 L 1187.5 -40.5 L 1197.5 -30.5 L 1197.5 339.5 L 987.5 339.5 L 977.5 329.5 L 977.5 -40.5 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,1087.5,149.5)" pointer-events="all"/><path d="M 987.5 339.5 L 987.5 -30.5 L 977.5 -40.5 M 987.5 -30.5 L 1197.5 -30.5" fill="none" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,1087.5,149.5)" pointer-events="all"/><g transform="translate(902.5,55.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="24" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-decoration: underline; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">tx 3</div></div></foreignObject><text x="12" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana" text-decoration="underline">tx 3</text></switch></g><rect x="917.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(954.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="75" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">in: 1 satoshi<br />G</div></div></foreignObject><text x="38" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">in: 1 satoshi&lt;br&gt;G</text></switch></g><rect x="1097.5" y="109.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(1103.5,120.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="138" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">out: 1 satoshi<br />&lt;sig&gt; &lt;G&gt; CHECKSIG</div></div></foreignObject><text x="69" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">out: 1 satoshi&lt;br&gt;&lt;sig&gt; &lt;G&gt; CHECKSIG</text></switch></g><path d="M 828 135 L 915.76 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 899.88 143.5 L 916.88 135 L 899.88 126.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="58" y="0" width="983" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(59.5,1.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="929" height="17" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 930px; white-space: nowrap; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><font style="font-size: 16px">Pre-signed string of BMM transactions (sighash single + anyonecanpay + anyprevout, RBF enabled, relative timelock of one block):</font></div></div></foreignObject><text x="465" y="15" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">&lt;font style="font-size: 16px"&gt;Pre-signed string of BMM transactions (sighash single + anyonecanpay + anyprevout, RBF enabled, relative timelock of one block):&lt;/font&gt;</text></switch></g><path d="M 1248 135 L 1315.76 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 1299.88 143.5 L 1316.88 135 L 1299.88 126.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="1317.5" y="124.5" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(1327.5,128.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="20" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 20px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">etc.</div></div></foreignObject><text x="10" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">etc.</text></switch></g><rect x="58" y="290" width="694" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(59.5,291.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="665" height="17" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 666px; white-space: nowrap; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><font style="font-size: 16px">Example of M attaching a fee input to a BMM transaction and sending the change to output N:</font></div></div></foreignObject><text x="333" y="15" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">&lt;font style="font-size: 16px"&gt;Example of M attaching a fee input to a BMM transaction and sending the change to output N:&lt;/font&gt;</text></switch></g><path d="M 137.5 249.5 L 347.5 249.5 L 357.5 259.5 L 357.5 629.5 L 147.5 629.5 L 137.5 619.5 L 137.5 249.5 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,247.5,439.5)" pointer-events="all"/><path d="M 147.5 629.5 L 147.5 259.5 L 137.5 249.5 M 147.5 259.5 L 357.5 259.5" fill="none" stroke="#000000" stroke-miterlimit="10" transform="rotate(90,247.5,439.5)" pointer-events="all"/><g transform="translate(62.5,345.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="24" height="12" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-decoration: underline; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">tx 4</div></div></foreignObject><text x="12" y="12" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana" text-decoration="underline">tx 4</text></switch></g><rect x="77.5" y="384.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(114.5,395.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="75" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">in: 1 satoshi<br />G</div></div></foreignObject><text x="38" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">in: 1 satoshi&lt;br&gt;G</text></switch></g><rect x="257.5" y="384.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(263.5,395.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="138" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">out: 1 satoshi<br />&lt;sig&gt; &lt;G&gt; CHECKSIG</div></div></foreignObject><text x="69" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">out: 1 satoshi&lt;br&gt;&lt;sig&gt; &lt;G&gt; CHECKSIG</text></switch></g><path d="M 17.5 409.5 L 48 410 L 75.76 410" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 59.88 418.5 L 76.88 410 L 59.88 401.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 407.5 409.5 L 475.26 409.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 459.38 418 L 476.38 409.5 L 459.38 401" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="77.5" y="444.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(116.5,455.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="72" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">in: 1 bitcoin<br />M</div></div></foreignObject><text x="36" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">in: 1 bitcoin&lt;br&gt;M</text></switch></g><rect x="257.5" y="444.5" width="150" height="50" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(285.5,455.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="93" height="27" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Verdana; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">out: 0.9 bitcoin<br />N</div></div></foreignObject><text x="47" y="20" fill="#000000" text-anchor="middle" font-size="12px" font-family="Verdana">out: 0.9 bitcoin&lt;br&gt;N</text></switch></g><path d="M 582 389.5 C 520 389.5 504.5 439.5 554.1 449.5 C 504.5 471.5 560.3 519.5 600.6 499.5 C 628.5 539.5 721.5 539.5 752.5 499.5 C 814.5 499.5 814.5 459.5 775.75 439.5 C 814.5 399.5 752.5 359.5 698.25 379.5 C 659.5 349.5 597.5 349.5 582 389.5 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 407.5 469.5 L 565.24 440.65" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 570.4 439.7 L 564.14 444.4 L 565.24 440.65 L 562.88 437.52 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="571.5" y="397" width="190" height="85" fill="none" stroke="none" pointer-events="all"/><g transform="translate(572.5,397.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="188" height="84" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 188px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">N contains a taproot commitment to the hash of the BMM block:<br />N = O + hash(O||bmm_hash)*G<br /><br />This location is unique, and can be freely competed for with RBF.</div></div></foreignObject><text x="94" y="48" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">[Not supported by viewer]</text></switch></g><path d="M 408 135 L 495.76 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 479.88 143.5 L 496.88 135 L 479.88 126.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 938.25 322.25 C 826.45 322.25 798.5 395 887.94 409.55 C 798.5 441.56 899.12 511.4 971.79 482.3 C 1022.1 540.5 1189.8 540.5 1245.7 482.3 C 1357.5 482.3 1357.5 424.1 1287.63 395 C 1357.5 336.8 1245.7 278.6 1147.88 307.7 C 1078 264.05 966.2 264.05 938.25 322.25 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="911" y="321.5" width="355" height="156" fill="none" stroke="none" pointer-events="all"/><g transform="translate(911.5,328.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="353" height="142" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 353px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Using generator G as the pubkey and nonce means anyone can calculate the signatures (s = 1 + e). This is not insecure, because the signature is committed inside the output (a covenant).<br /><br />The script is placed in a taproot leaf. The key spend path should be made unusable with a NUMS in order to enforce the covenant: T = NUMS + hash(NUMS||taproot)*G<br /><br />Note that T will be different for every tx, because the committed signature for every tx is unique (non-recursive).</div></div></foreignObject><text x="177" y="77" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">[Not supported by viewer]</text></switch></g><path d="M 332.5 159.5 L 993.56 320" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 998.66 321.24 L 991.04 322.99 L 993.56 320 L 992.69 316.18 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="52" y="561" width="694" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(53.5,562.5)"><switch><foreignObject style="overflow:visible;" pointer-events="all" width="5" height="17" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 6px; white-space: nowrap; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><span style="font-size: 16px"> </span></div></div></foreignObject><text x="3" y="15" fill="#000000" text-anchor="middle" font-size="12px" font-family="Helvetica">[Not supported by viewer]</text></switch></g></g></svg>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.