Skip to content

Commit

Permalink
Add bip-csfs.
Browse files Browse the repository at this point in the history
  • Loading branch information
reardencode committed Dec 30, 2023
1 parent 9c57fac commit c3f78f6
Showing 1 changed file with 90 additions and 0 deletions.
90 changes: 90 additions & 0 deletions bip-csfs.mediawiki
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
<pre>
BIP: TBD
Layer: Consensus (soft fork)
Title: CHECKSIGFROMSTACK
Author: Brandon Black <[email protected]>
Comments-Summary: No comments yet.
Status: Draft
Type: Standards Track
Created: 2023-12-22
License: PD
</pre>

==Abstract==

This BIP describes two new opcode for the purpose of checking cryptographic
signatures in bitcoin scripts against data other than bitcoin transactions.

==Specification==

We propose replacing OP_NOP5 in bitcoin script with
'''OP_CHECKSIGFROMSTACKVERIFY'''. When verifying taproot script spends having
leaf version 0xc0 (as defined in BIP342), we propose '''OP_CHECKSIGFROMSTACK'''
to replace '''OP_SUCCESS188''' (0xbc).

'''OP_CHECKSIGFROMSTACK''' and '''OP_CHECKSIGFROMSTACKVERIFY''' have identical
semantics to '''OP_CHECKSIG''' and '''OP_CHECKSIGVERIFY''' respectively,
except:

* On success the arguments to '''OP_CHECKSIGFROMSTACKVERIFY''' are left unchanged on the stack.
* They read (or pop, respectively) 3 arguments (rather than 2) from the stack in the following order: '''&lt;pubkey&gt; &lt;data&gt; &lt;sig&gt;'''
* Signatures must not have a sighash byte appended
* The message being verified is '''&lt;data&gt;'''
** '''&lt;data&gt;''' may be any length.
** For ECDSA signature verification '''&lt;data&gt;''' is SHA256 hashed before being used as the message.
==Resource Limits==

These opcodes are treated identically to other signature checking opcodes and
count against the various sigops limits in their respective script types.

==Motivation==

===LN Symmetry===

When combined with '''OP_CHECKTEMPLATEVERIFY''' (BIP119/CTV),
'''OP_CHECKSIGFROMSTACK''' (CSFS) can be used in Lightning Symmetry channels.
The construction '''OP_CHECKTEMPLATEVERIFY &lt;pubkey&gt; OP_CHECKSIGFROMSTACK''' is
logically equivalent to '''&lt;bip118_pubkey&gt; OP_CHECKSIG''' and a signature over
'''SIGHASH_ALL|SIGHASH_ANYPREVOUTANYSCRIPT'''. The '''OP_CHECKSIGFROMSTACK'''
construction is 8 vBytes larger.

===Delegation===

Using a script like:
'''OP_DUP &lt;pubkey&gt; OP_CHECKSIGFROMSTACK OP_DROP OP_CHECKSIG'''
A script can delegate signing to another key.

==Reference Implementation==

A reference implementation is provided in provided here:

https://github.com/brandonblack/bitcoin/commit/fd57785b99442df092488135752112586597b756

==Backward Compatibility==

By constraining the behavior of an OP_SUCCESS opcode and an OP_NOP opcode,
deployment of the BIP can be done in a backwards compatible, soft-fork manner.
If anyone were to rely on the OP_SUCCESS behavior of OP_SUCCESS188,
OP_CHECKSIGFROMSTACk would invalidate their spend.

==Deployment==

TBD

==Credits==

Reference implementation was made with reference to the implementation in
Elements and started by moonsettler.

==References==

[https://github.com/bitcoin/bips/blob/master/bip-0119.mediawiki BIP 119] CHECKTEMPLATEVERIFY

[https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] Taproot

[https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki BIP 342] Tapscript

==Copyright==

This document is placed in the public domain.

0 comments on commit c3f78f6

Please sign in to comment.