sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
Guest77252 has joined #bitcoin-wizards
rh0nj has quit [Remote host closed the connection]
rh0nj has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
bitconner has joined #bitcoin-wizards
bitconner has quit [Ping timeout: 264 seconds]
opdenkamp has quit [Quit: ZNC 1.6.5+deb1+deb9u1 - http://znc.in]
mn3monic has quit [Excess Flood]
mn3monic has joined #bitcoin-wizards
mn3monic has quit [Excess Flood]
mn3monic has joined #bitcoin-wizards
opdenkamp has joined #bitcoin-wizards
mn3monic has quit [Excess Flood]
mn3monic has joined #bitcoin-wizards
rusty has quit [Ping timeout: 252 seconds]
Belkaar has quit [Ping timeout: 252 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
michaelsdunn1 has joined #bitcoin-wizards
michaelsdunn1 has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
Krellan has quit [Ping timeout: 264 seconds]
Krellan has joined #bitcoin-wizards
Guest77252 has quit [Ping timeout: 240 seconds]
rusty has quit [Ping timeout: 240 seconds]
Zenton has quit [Ping timeout: 264 seconds]
wfbarksdale has quit [Remote host closed the connection]
wfbarksdale has joined #bitcoin-wizards
bitconner has joined #bitcoin-wizards
bitconner has quit [Ping timeout: 240 seconds]
wfbarksdale has quit [Read error: Connection timed out]
wfbarksdale has joined #bitcoin-wizards
wfbarksdale has quit [Ping timeout: 240 seconds]
wfbarksdale has joined #bitcoin-wizards
wfbarksdale has quit [Read error: Connection timed out]
phwalkr has joined #bitcoin-wizards
wfbarksdale has joined #bitcoin-wizards
wfbarksdale has quit [Ping timeout: 244 seconds]
rh0nj has quit [Remote host closed the connection]
luke-jr has quit [Excess Flood]
luke-jr has joined #bitcoin-wizards
setpill has joined #bitcoin-wizards
setpill has quit [Client Quit]
setpill has joined #bitcoin-wizards
thrmo has quit [Quit: gone]
wfbarksdale has joined #bitcoin-wizards
setpill has quit [Ping timeout: 250 seconds]
setpill has joined #bitcoin-wizards
deusexbeer has quit [Ping timeout: 264 seconds]
bitconner has joined #bitcoin-wizards
bitconner has quit [Ping timeout: 276 seconds]
luke-jr has quit [Excess Flood]
luke-jr has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
berndj-blackout has joined #bitcoin-wizards
berndj has quit [Ping timeout: 268 seconds]
berndj-blackout is now known as berndj
kenshi84_ has joined #bitcoin-wizards
kenshi84 has quit [Ping timeout: 264 seconds]
Guyver2 has joined #bitcoin-wizards
thrmo has joined #bitcoin-wizards
vcorem has joined #bitcoin-wizards
thrmo has quit [Ping timeout: 256 seconds]
thrmo has joined #bitcoin-wizards
davec has quit [Ping timeout: 268 seconds]
davec has joined #bitcoin-wizards
spinza has quit [Quit: Coyote finally caught up with me...]
thrmo has quit [Quit: gone]
phwalkr has quit [Quit: Leaving...]
thrmo has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
thrmo has quit [Ping timeout: 256 seconds]
thrmo has joined #bitcoin-wizards
FLeXO21 has quit []
rh0nj has joined #bitcoin-wizards
rusty has quit [Ping timeout: 240 seconds]
wfbarksdale has quit [Remote host closed the connection]
Krellan has quit [Read error: Connection reset by peer]
ekrion has joined #bitcoin-wizards
Krellan has joined #bitcoin-wizards
stiell has quit [Ping timeout: 244 seconds]
son0p_ has joined #bitcoin-wizards
yongu has quit [Ping timeout: 246 seconds]
yongu has joined #bitcoin-wizards
yongu has joined #bitcoin-wizards
yongu has quit [Changing host]
laurentmt has quit [Quit: laurentmt]
wfbarksdale has joined #bitcoin-wizards
rodarmor_ is now known as rodarmor
wfbarksdale has quit [Ping timeout: 240 seconds]
<rodarmor>
Taproot uses `P = C + H(C||S)G`. Why does the hash commit to the combined pubkey? Is it so that a party can't be tricked into paying to what looks like a 2-2 multisig address, but which actually has a taproot script embedded in it?
<sipa>
Let's say we'd use P = C + H(S)G
<sipa>
So an output with point P in it exists.
<rodarmor>
So far so good
<sipa>
Now you can reveal any arbitrary S' together with C' = P - H(S)G, to spend S'
<sipa>
The C inside the hash makes sure that there is only one pair (C,S) that can be revealed for a given point.
<sipa>
Without it, it's not a sound commitment.
<rodarmor>
What's S'?
<sipa>
anything you choose
<sipa>
including OP_TRUE
<sipa>
which would permit you to spend the coins without satsifying any additional conditions
Krellan has quit [Ping timeout: 272 seconds]
<rodarmor>
Should that be: C' = P - H(S')G, as in, you tweak P with the desired script S'?
<sipa>
oh, yes :)
<sipa>
so you reveal (P - H("OP_TRUE"), "OP_TRUE") instead of (P,C)
<sipa>
sorry
<sipa>
so you reveal (P - H("OP_TRUE")G, "OP_TRUE") instead of (P,C)
<rodarmor>
Okay, sweet, just wanted to make sure I wasn't missing anything
<sipa>
so clearly this is not a commitment, as you can trivially open it for another value than the one committed to
<rodarmor>
Okay, great, I think I've got it now. Thank you!