Jason Dreyzehner bitjson

  Layer: Relay Policy 
  Title: Standard Priority and Doublespend Proof
  Author: @im_uname <[email protected]>, Tom Zander <[email protected]>
  Created: 2018-07-16
  Last updated: 2018-08-09
  License: IDGAF

Using PGP signatures with bitcoin script OP_CHECKDATASIG

Dr. Mark B. Lundeberg, 2018 August 30 bitcoincash:qqy9myvyt7qffgye5a2mn2vn8ry95qm6asy40ptgx2

Since version 2.1, GnuPG is able to use the very same secp256k1 elliptic curve signature algorithm (ECDSA) as used in bitcoin. Quite soon Bitcoin Cash will add a new script opcode OP_CHECKDATASIG that is able to check signatures not just on the containing transaction, but also on arbitrary data. For fun, let's try to intersect the two signature systems and see what can be done!

Background

OP_CHECKDATASIG signatures

Solving the 0-conf problem using forfeits

by /u/awemany

Overview

The problem of ensuring good security for unconfirmed transactions in Bitcoin is repeatedly discussed in the community. Right now these so-called 0-conf transactions are usually expected to be of low risk in the case of small amounts and face-to-face interaction of merchant and customer.

Quadratic sighash remains in Segwitv0/BCH/BSV digest algorithms.

Mark Lundeberg 2018 Oct 17

Abstract: Both BCH post-forkday signatures and the BIP143 Segwit signatures are ostensibly designed to remove the 'quadratic hashing problem', however as I will show, they are still vulnerable for long scripts. Back-of-the-envelope calculations show that it will become a serious concern if the existing script limits are relaxed.

Facts

Every OP_CHECKSIG requires hashing a potentially large amount of data, limited only by the size of scriptCode. The precise length is 159 + len(scriptCode) for scriptCodes longer than 255 bytes, up to 65535 bytes.
Since many OP_CHECKSIG calls are possible within a given script, this means transactions can be made where the required hashing time is quadratic in the length of script. (though, see the non-push opcod

Questions and concerns about ZCF
https://gist.github.com/awemany/619a5722d129dec25abf5de211d971bd

1

In "Creating a Zero Conf Forfeit transaction", it is mentioned that :

... a transaction that has the following structure:

Inputs: [P2PKH inputs 1] ... [P2PKH input I]

Outputs: [any-type-output 1] ... [any-type-output O] [Forfeit Output]

It's quite common to see smart contract constructions like this:

OP_IF
    <clause 1 conditions>
    <pubkey1> OP_CHECKSIG
OP_ELSE
    <clause 2 conditions>
    <pubkey2> OP_CHECKSIG
OP_ENDIF

Two new features are coming to Bitcoin Cash soon, hopefully in the May 2019 upgrade. I'd like to take the time to explain why I'm so excited about them. In short, we will be able to do:

Payment channels hidden as ordinary payments.
Atomic swaps hidden as ordinary payments.
Lightning-style payment channel networks too, if we want.
Secure chains of unconfirmed transactions involving multiple parties (layer 2).

That all may sound incredible, and I'm going to explain in this document how it is so.

--- Mark B. Lundeberg, 2019 Jan 29 bitcoincash:qqy9myvyt7qffgye5a2mn2vn8ry95qm6asy40ptgx2

	// - required node.js >= 10.0.0
	// $ npm i elliptic
	// $ node --harmony-bigint --experimental-modules check-secp256k1.mjs

	import crypto from "crypto";
	import elliptic from "elliptic";

	import {EC, ECC, secp256k1, a2bi, bi2a, randint} from "./ecc.mjs";

	// With real standard curve: secp256k1

	package main

	import (
	"fmt"
	"github.com/btcsuite/btcd/btcec"
	"encoding/hex"
	"crypto/sha256"
	"github.com/btcsuite/btcd/txscript"
	"github.com/cpacia/bchutil"
	"github.com/btcsuite/btcd/chaincfg"

	{
	"description": "Definition file for Bitcoin Script Templates",
	"$schema": "http://json-schema.org/draft-07/schema#",
	"$id": "http://p2sh.cash/bst.schema.json",
	"title": "Bitcoin Script Template (BST) JSON Schema",
	"type": "object",
	"properties": {
	"v":{
	"description": "BST schema version",
	"type": "integer",