scriptless scripts
play

Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net - PowerPoint PPT Presentation

Jan 29, 2023 •377 likes •794 views

Scriptless Scripts Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net March 4, 2017 Scriptless Scripts Introduction Scriptless Scripts? Scriptless scripts: magicking digital signatures so that they can only be created by

  1. Scriptless Scripts Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net March 4, 2017

  2. Scriptless Scripts Introduction “Scriptless Scripts”? Scriptless scripts: magicking digital signatures so that they can only be created by faithful execution of a smart contract.

  3. Scriptless Scripts Introduction “Scriptless Scripts”? Scriptless scripts: magicking digital signatures so that they can only be created by faithful execution of a smart contract. Limited in power, but not nearly as much as you might expect

  4. Scriptless Scripts Introduction “Scriptless Scripts”? Scriptless scripts: magicking digital signatures so that they can only be created by faithful execution of a smart contract. Limited in power, but not nearly as much as you might expect Mimblewimble is a blockchain design that supports only scriptless scripts, and derives its privacy and scaling properties from this.

  5. Scriptless Scripts Introduction Why use Scriptless Scripts? Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and enforce their execution

  6. Scriptless Scripts Introduction Why use Scriptless Scripts? Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and enforce their execution These scripts must be downloaded, parsed, validated by all full nodes on the network.

  7. Scriptless Scripts Introduction Why use Scriptless Scripts? Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and enforce their execution These scripts must be downloaded, parsed, validated by all full nodes on the network. Have little intrinsic structure to be compressed or aggregated

  8. Scriptless Scripts Introduction Why use Scriptless Scripts? Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and enforce their execution These scripts must be downloaded, parsed, validated by all full nodes on the network. Have little intrinsic structure to be compressed or aggregated The details of the script are visible forever and compromise privacy and fungibility.

  9. Scriptless Scripts Introduction Why use Scriptless Scripts? Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and enforce their execution These scripts must be downloaded, parsed, validated by all full nodes on the network. Have little intrinsic structure to be compressed or aggregated The details of the script are visible forever and compromise privacy and fungibility. With scriptless scripts, the only visible things are public keys (i.e. uniformly random curvepoints) and digital signatures.

  10. Scriptless Scripts Introduction Schnorr Signatures Support Scriptless Scripts Schnorr signatures: signer has a secret key x , ephemeral secret key k . Publishes a public key xG .

  11. Scriptless Scripts Introduction Schnorr Signatures Support Scriptless Scripts Schnorr signatures: signer has a secret key x , ephemeral secret key k . Publishes a public key xG . A signature is the ephemeral public key kG as well as s = k − ex where e = H ( kG � xG � message ).

  12. Scriptless Scripts Introduction Schnorr Signatures Support Scriptless Scripts Schnorr signatures: signer has a secret key x , ephemeral secret key k . Publishes a public key xG . A signature is the ephemeral public key kG as well as s = k − ex where e = H ( kG � xG � message ). Verified by checking sG = kG − exG

  13. Scriptless Scripts Introduction Schnorr Signatures Support Scriptless Scripts Schnorr signatures: signer has a secret key x , ephemeral secret key k . Publishes a public key xG . A signature is the ephemeral public key kG as well as s = k − ex where e = H ( kG � xG � message ). Verified by checking sG = kG − exG ECDSA signatures (used in Bitcoin) have the same shape, but s lacks some structure and e commits to only the message.

  14. Scriptless Scripts Scriptless scripts in the wild Simplest (Sorta) Scriptless Script OP RETURN outputs are used in Bitcoin to encode data for purpose of timestamping

  15. Scriptless Scripts Scriptless scripts in the wild Simplest (Sorta) Scriptless Script OP RETURN outputs are used in Bitcoin to encode data for purpose of timestamping Instead, replace the public key (or emphemeral key) P with P + Hash ( P � m ) G .

  16. Scriptless Scripts Scriptless scripts in the wild Simplest (Sorta) Scriptless Script OP RETURN outputs are used in Bitcoin to encode data for purpose of timestamping Instead, replace the public key (or emphemeral key) P with P + Hash ( P � m ) G . Replacing the public key is called “pay to contract” and is used by Elements and Liquid to move coins onto a sidechain.

  17. Scriptless Scripts Scriptless scripts in the wild Simplest (Sorta) Scriptless Script OP RETURN outputs are used in Bitcoin to encode data for purpose of timestamping Instead, replace the public key (or emphemeral key) P with P + Hash ( P � m ) G . Replacing the public key is called “pay to contract” and is used by Elements and Liquid to move coins onto a sidechain. Replacing the emphemeral key is called “sign to contract” and can be used to append a message commitment in any ordinary transaction with zero network overhead.

  18. Scriptless Scripts Scriptless scripts in the wild Simplest (Sorta) Scriptless Script OP RETURN outputs are used in Bitcoin to encode data for purpose of timestamping Instead, replace the public key (or emphemeral key) P with P + Hash ( P � m ) G . Replacing the public key is called “pay to contract” and is used by Elements and Liquid to move coins onto a sidechain. Replacing the emphemeral key is called “sign to contract” and can be used to append a message commitment in any ordinary transaction with zero network overhead. Works with Schnorr or ECDSA

  19. Scriptless Scripts Scriptless scripts in the wild multi-Signatures in Scriptless Script By adding Schnorr signature keys, a new key is obtained which can only be signed with with the cooperation of all parties.

  20. Scriptless Scripts Scriptless scripts in the wild multi-Signatures in Scriptless Script By adding Schnorr signature keys, a new key is obtained which can only be signed with with the cooperation of all parties. Can be generalized to m -of- n by all parties giving m -of- n shares to all others so they can cooperatively replace missing parties.

  21. Scriptless Scripts Scriptless scripts in the wild multi-Signatures in Scriptless Script By adding Schnorr signature keys, a new key is obtained which can only be signed with with the cooperation of all parties. Can be generalized to m -of- n by all parties giving m -of- n shares to all others so they can cooperatively replace missing parties. (Don’t try this at home: some extra precautions are needed to prevent adversarial choice of keys.)

  22. Scriptless Scripts Scriptless scripts in the wild multi-Signatures in Scriptless Script By adding Schnorr signature keys, a new key is obtained which can only be signed with with the cooperation of all parties. Can be generalized to m -of- n by all parties giving m -of- n shares to all others so they can cooperatively replace missing parties. (Don’t try this at home: some extra precautions are needed to prevent adversarial choice of keys.) Works with Schnorr only.

  23. Scriptless Scripts Scriptless scripts in the wild moSt exSpressive Scriptless Script Zero-Knowledge Contingent payments: sending coins conditioned on the recipient providing the solution to some hard problem.

  24. Scriptless Scripts Scriptless scripts in the wild moSt exSpressive Scriptless Script Zero-Knowledge Contingent payments: sending coins conditioned on the recipient providing the solution to some hard problem. Recipient provides a hash H and a zk-proof that the preimage is the encryption key to a valid solution. Sender puts coins in a script that allows claimage by revealing the preimage.

  25. Scriptless Scripts Scriptless scripts in the wild moSt exSpressive Scriptless Script Zero-Knowledge Contingent payments: sending coins conditioned on the recipient providing the solution to some hard problem. Recipient provides a hash H and a zk-proof that the preimage is the encryption key to a valid solution. Sender puts coins in a script that allows claimage by revealing the preimage. Use the signature hash e in place of H and now you have a scriptless script ZKCP: a single digital signature which cannot be created without the signer solving some arbitrary (but predetermined) problem for you.

  26. Scriptless Scripts Scriptless scripts in the wild moSt exSpressive Scriptless Script Zero-Knowledge Contingent payments: sending coins conditioned on the recipient providing the solution to some hard problem. Recipient provides a hash H and a zk-proof that the preimage is the encryption key to a valid solution. Sender puts coins in a script that allows claimage by revealing the preimage. Use the signature hash e in place of H and now you have a scriptless script ZKCP: a single digital signature which cannot be created without the signer solving some arbitrary (but predetermined) problem for you. Must be done as a multisig between sender and receiver so that the sender can enforce what e is.

  27. Scriptless Scripts Scriptless scripts in the wild Simultaneous Scriptless Scripts Executing separate transactions in an atomic fashion is traditionally done with preimages: if two transactions require the preimage to the same hash, once one is executed, the preimage is exposed so that the other one can be too.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net May 10, 2017 Scriptless Scripts

Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net May 10, 2017 Scriptless Scripts

Scriptless Scripts Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net May 10, 2017 Scriptless Scripts Introduction Scriptless Scripts? Scriptless scripts: magicking digital signatures so that they can only be created by

298 views • 15 slides
Scriptless Scripts Andrew Poelstra Research Director, Blockstream scriptless@wpsoftware.net May

Scriptless Scripts Andrew Poelstra Research Director, Blockstream scriptless@wpsoftware.net May

Scriptless Scripts Andrew Poelstra Research Director, Blockstream scriptless@wpsoftware.net May 18, 2018 1 / 11 Mimblewimble and Scriptless Scripts Mimblewimble, proposed in 2016 by Tom Elvis Jedusor No scripts, only signatures. What

509 views • 11 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler February 17, 2019 Blind Signatures in Scriptless Scripts Jonas Nick

607 views • 24 slides
Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4,

Blind Signatures Ecash Fair Exchange Blind Coinswaps Tokens Conclusion Blind Signatures in Scriptless Scripts Jonas Nick jonasd.nick@gmail.com @n1ckler September 4, 2018 Blind Signatures in Scriptless Scripts Jonas Nick

374 views • 22 slides
Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net January 10, 2018

Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net January 10, 2018

Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net January 10, 2018 1 / 25 What is a Blockchain? For our purposes, a blockchain is a Merkleized linked list of commitments, called blocks , along with rules restricting

385 views • 25 slides
Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net June 15, 2017 1

Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net June 15, 2017 1

Mimblewimble and Scriptless Scripts Andrew Poelstra grindelwald@wpsoftware.net June 15, 2017 1 / 30 Overview / What is Mimblewimble? Mimblewimble is an anonymously-originated design for a blockchain-based ledger that is very different from

958 views • 30 slides
Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com

Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com

Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com https://nickler.ninja @n1ckler Objective: Increase Robustness Privacy Scalability Consensus Scriptless Scripts approach: different payment types

897 views • 24 slides
More Schnorr Tricks for Bitcoin Yannick Seurin Agence nationale de la scurit des systmes

More Schnorr Tricks for Bitcoin Yannick Seurin Agence nationale de la scurit des systmes

Bitcoin Script Schnorr Taproot Scriptless Scripts Discreet Log Contracts Conclusion More Schnorr Tricks for Bitcoin Yannick Seurin Agence nationale de la scurit des systmes dinformation November 22, 2018 BlockSem Seminar

3.68k views • 175 slides
scripts.mit.edu Quentin Smith scripts@mit.edu Student Information Processing Board October 29,

scripts.mit.edu Quentin Smith scripts@mit.edu Student Information Processing Board October 29,

Services Backend Further Info scripts.mit.edu Quentin Smith scripts@mit.edu Student Information Processing Board October 29, 2019 Quentin Smith scripts@mit.edu scripts.mit.edu Services Backend Further Info Outline Services 1 Web Mail

897 views • 42 slides
perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post

perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post

perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post process scripts 2 PERF SCRIPTS | JIRI OLSA COUNTING perf stat CPU 0 CPU 1 CPU 2 start $ perf stat -e ' cycles,instructions ' WORKLOAD

1.2k views • 59 slides
Using Python for shell scripts Peter Hill Using Python for shell scripts | January 2018 | 1/29

Using Python for shell scripts Peter Hill Using Python for shell scripts | January 2018 | 1/29

Using Python for shell scripts Peter Hill Using Python for shell scripts | January 2018 | 1/29 Outline Advantages/disadvantages of Python Running a parameter scan example Command line arguments Working with filesystem paths Working with

554 views • 29 slides
Collaboration Scripts for CSCL Frank Fischer, Ingo Kollar, Christof Wecker Introduction

Collaboration Scripts for CSCL Frank Fischer, Ingo Kollar, Christof Wecker Introduction

Collaboration Scripts for CSCL Frank Fischer, Ingo Kollar, Christof Wecker Introduction www.kloster-seeon.de 2 Outline 1. Internal collaboration scripts 2. External collaboration scripts 3 Internal collaboration scripts What they are play

247 views • 24 slides
Listing Presentation Scripts Agent Scripts & Dialogues Listing Presentation Script for Real

Listing Presentation Scripts Agent Scripts & Dialogues Listing Presentation Script for Real

Listing Presentation Scripts Agent Scripts & Dialogues Listing Presentation Script for Real Estate Agents Learn the listing presentation scripts and dialogues that top agents use in listing consultations to list more homes for sale. An

325 views • 4 slides
COMP 2718: Shell Scripts: Part 1 By: Dr. Andrew Vardy Outline Shell Scripts: Part 1 Hello

COMP 2718: Shell Scripts: Part 1 By: Dr. Andrew Vardy Outline Shell Scripts: Part 1 Hello

COMP 2718: Shell Scripts: Part 1 By: Dr. Andrew Vardy Outline Shell Scripts: Part 1 Hello World Shebang! Example Project Introducing Variables Variable Names Variable Facts Arguments Exit Status Branching:

526 views • 36 slides
What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode

What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode

What is Unicode? Universal Character Set All of the major scripts Sinhala Unicode Simple and consistent manner Developer Workshop Alphabetic, syllabic and ideographic scripts Version 4.0 Muthu Nedumaran 50,000

686 views • 4 slides
SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements

SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements

SQL110 Transact SQL Essentials Scripts Doug Shook Scripts Series of SQL Statements Grouped into batches Batches are executed when a GO statement is hit Why are these batches necessary? Certain commands cannot be

452 views • 21 slides
Written-out Talk Scripted Talker University of Careful Planning May 1, 1894 But vertical motion

Written-out Talk Scripted Talker University of Careful Planning May 1, 1894 But vertical motion

Written-out Talk Scripted Talker University of Careful Planning May 1, 1894 But vertical motion predominates in reading for those who have really acquired the skill. Robert Bringhurst, The Elements of Typographic Style , version 3.2 (Point

432 views • 9 slides
Integrated care for people with HIV OHTN HIV Endgame Claire Kendall Presenter disclosure I

Integrated care for people with HIV OHTN HIV Endgame Claire Kendall Presenter disclosure I

Integrated care for people with HIV OHTN HIV Endgame Claire Kendall Presenter disclosure I have no relationships with commercial interests to disclose. Success: Improvements in HIV care 4 Burchell et. al (2015) Problem: Fragmentation of

750 views • 71 slides
Public Agenda Item #7.1 Review ew o of 2019 ERS Accomplish shments August 21, 2019 Porter

Public Agenda Item #7.1 Review ew o of 2019 ERS Accomplish shments August 21, 2019 Porter

Public Agenda Item #7.1 Review ew o of 2019 ERS Accomplish shments August 21, 2019 Porter Wilson, Executive Director Machelle Pharr, Chief Financial Officer Support Our Members Retirement Income Security Issued more than $2.5 billion

257 views • 6 slides
WoT Runtime, Scripting, Bindings Zoltan Kis, Intel WoT Runtime WoT RT Script 1 Things Things

WoT Runtime, Scripting, Bindings Zoltan Kis, Intel WoT Runtime WoT RT Script 1 Things Things

WoT Runtime, Scripting, Bindings Zoltan Kis, Intel WoT Runtime WoT RT Script 1 Things Things Process view WoT RT: one process Bindings: separate processes TDs System APIs / OS Kernel Script n System APIs Socket

359 views • 4 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Batch Systems Running your jobs on an HPC machine Outline What are batch systems? Why are

Batch Systems Running your jobs on an HPC machine Outline What are batch systems? Why are

Batch Systems Running your jobs on an HPC machine Outline What are batch systems? Why are they needed? How to run jobs on an HPC machine via a batch system: Concepts Resource scheduling and job execution Job submission

543 views • 31 slides
Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo

Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo

b a L y t i r u c e S r Cross-Channel Scripting e t u p m Impact on Embedded Web Interfaces o C d r o f Hristo Bojinov Elie Bursztein Dan Boneh n a Stanford Computer Security Lab t S Cross-channel scripting

1.09k views • 68 slides
Behavior Trees: Three Ways of Cultivating Game AI BEHAVIOR TREES APPLIED! Halo 3 & ODST

Behavior Trees: Three Ways of Cultivating Game AI BEHAVIOR TREES APPLIED! Halo 3 & ODST

Alex J. Champandard Michael Dawe David Hernandez-Cerpa AiGameDev.com Big Huge Games LucasArts Behavior Trees: Three Ways of Cultivating Game AI BEHAVIOR TREES APPLIED! Halo 3 & ODST [PROTOTYPE] Spore GTA: Chinatown Wars

769 views • 44 slides

More recommend