379: Miniscript #1610
379: Miniscript #1610
Conversation
|
Was wondering whether @sipa, @apoelstra, @sanket1729, @darosior might want to review this? |
|
For the most part this looks great to me. In 3282c75:
|
|
@apoelstra I think it's roughly right. Non-canonical (dis)satisfactions are ones that are valid by script semantics (and thus need to be taken into account when they're available to malleators, e.g.), but can be proven to never be used by the specified non-malleable satisfaction algorithm. |
Fixed
This was a deliberate decision to split the discussion/reasoning/explanation of things away from the specification. The types are explained in the discussion section since an implementor does not need to understand what each type means in order to implement miniscript. |
|
@sipa ok, rereading the text, I understand it now, but I think it's worded in a confusing way. The text says "are not necessary to produce correct witnesses", but the surrounding text is not about the satisfaction algorithm and it's not clear who they're "not necessary" to. My read of it was that they weren't necessary to the spec, in which case, why are they listed, and why aren't they necessary. I think the text in your comment (they are provably unused by the satisfaction algorithm but they are legal according to consensus rules and available to malleators) is much better.
Ok, yeah, that's reasonable. I rescind my request then. |
|
ACK d2f8b25 except that I'd still like the first occurrence of "non-canonical" to be changed to have a clearer definition. |
Suggest some words please? |
should be
|
bip-miniscript.md
Outdated
| Every miniscript expression has one of four basic types: "**B**" (base), "**V**" (verify), | ||
| "**K**" (key) and "**W**" (wrapped). Then there are 6 type modifiers which guarantee additional | ||
| properties: "**z**" (zero arg), "**o**" (one-arg), "**n**" (nonzero), "**d**" | ||
| (dissatisfiable), "**u**" (unit) and "**k**" (no timelock mixing). |
There was a problem hiding this comment.
The typing rules for timelock mixing don't seem to be included here.
There was a problem hiding this comment.
Hmm, it seems like representing them in the table might be complicated since it depends on the arguments to the older and after fragments.
There was a problem hiding this comment.
How about adding as a small description as suggested here?
|
ACK c868e9e other than the locktime rule. I think that, after the correctness table, we should add some text like: "Additionally there is one global correctness rule: every I think it makes sense for this to appear outside of the table because all the rules in the table are local, in the sense that once you see a fragmet you know whether it's legal or not. Vs this thing which is a global rule that breaks composability. Maybe we should recommend people always use height-based timelocks to avoid running afoul of this rule? |
|
@apoelstra That's too strong, I think. It is only groups that get anded/threshed together that cannot conflict in their height vs time constraints. Pure disjunctions can make distinct choices. In that sense it is not a global constraint, but a local one just like the other type properties. |
|
Ah, yes, you're right. It's a local constraint on the conjunctions and thresholds I guess. |
|
@achow101 @murchandamus I have this on my review list for this weekend. |
I think adding 5 new type properties in the table will pollute(add too many things in the row) the existing properties and confuse people. For the sake of completeness, we can write a description of how "k" property is computed and link to the source c++ code for details. How about adding a line after the table:
|
I agree
I've added a line similar to this, with slightly different wording. |
should be changed to Sanket's original |
I find it confusing that the type is Updated the sentence. |
achow101
force-pushed
the
miniscript
branch
2 times, most recently
from
ca38488
to
50f39f7
Compare
|
If we're not going to include "k" as a property in the tables, then I don't think it needs a letter. It can just be described. It's not the only type property that doesn't have a letter: "validity" and "nonmalleability" also fall in that category. |
|
I've removed the |
|
I would suggest this wording: " Timelock Type MixingThere is one additional correctness property that Miniscript programs must satisfy: the four timelock types (absolute time-based, absolute height-based, relative time-based and relative height-based) must not be mixed in an incompatible way. Specifically, within the Outside of these combinators, it is legal to mix height-based and time-based timelocks, and it is always legal to mix absolute and relative timelocks (even if one is height-based and the other is time-based). I think trying to split height/time and absolute/relative into "types" and "categories" is too hard to describe clearly and that it's easier to exhaustively list all four possibilities and how the can be mixed. |
|
In the Bitcoin Core implementation malleability and timelock mixing (as well as resource limit checks) are not part of "validity", but of "sanity". The distinction being that valid-but-insane miniscripts can be parsed, and the satisfaction algorithm can be run for it, and if it succeeds the result can be a valid transaction. Sanity additionally guarantees that the resulting policy of the actually emitted script will match the apparent policy. The idea is that when designing scripts you probably only want sane ones, but if somehow you're confronted with an insane but valid one after the fact (e.g., it already holds funds), the code shouldn't fail at the parsing stage preventing you from attempting to sign it anyway. Do we want to make that distinction clear in the BIP? |
|
Similar in rust-miniscript -- though we've generalized things a bit so that the caller can (if they want to use the annoying form of the API) individually toggle all of the "sanity" checks. The exact definition of "sane" feels ad-hoc and hard to remember and usually I need to check the source code of the default rust-miniscript parser to see which flags it has set/unset. IMHO we shouldn't bother making this distinction in the BIP, and just consider insane parsers to be "extensions" or nonstandard. Though maybe we could add a sentence saying it's possible to do this. |
|
@apoelstra I'm not sure. The sanity checks are arguably more complicated (or at least similarly complicated) to all the validity checks combined. If we want to only treat sane scripts as BIP-valid-miniscript, then I think it should be fully specified in the BIP (including e.g. stack limit analysis). |
Nvm, misunderstood that sentence |
|
Updated the timelock mixing text |
|
Assigned BIP 379. |
achow101
force-pushed
the
miniscript
branch
2 times, most recently
from
47c18fe
to
db144fe
Compare
Co-Authored-By: Antoine Poinsot <[email protected]>
I'll let @bigspider do that in a separate pr. |
|
ACK 4b321d7 @sipa yeah, agreed. It does seem like the sanity checks are a big deal and should be specified. I don't know if they belong here (though it is weird that we have included timelock mixing and put it under "correctness" but not included any other discussion of sanity). On the other hand, because of the complexity and lack of written specification of the sanity rules (and also I'm not thrilled with the names "sane"/"insane" which were kinda funny when we came up with them, but are awkward to use because "insane" has the wrong connotations when we really mean something like "contains branches that are not verified to be sane"), I don't want to hold up this PR/BIP for it. Nor do I want to have a big discussion on Github which really sucks for long discussions. I wonder if we should accept this BIP as-is and then move to the ML to propose an extension to it (which would be strictly additive and could be folded into the same BIP) for the sanity rules. The only question is what to do with the current timelock-mixing text, which IMHO looks good to me other than possibly it shouldn't be labelled "correctness". |
There was a problem hiding this comment.
Format looks complete. @sipa @darosior @sanket1729 sign-off?
|
Rebased for #1540 and merged manually. |
No description provided.