Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign-to-contract commitments standards #118

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,3 +166,4 @@ Game theory | Game-theoretical setups for trustless protocols
[81]: lnpbp-0081.md
[85]: https://github.com/LNP-BP/client_side_validation/blob/master/strict_encoding/src/bitcoin.rs
[86]: https://github.com/internet2-org/aluvm-spec
[92]: lnpbp-0092.md
87 changes: 87 additions & 0 deletions lnpbp-0092.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
```
LNPBP: 0092
Vertical: Bitcoin protocol
Title: Deterministic embedding of cryptographic commitments into bitcoin
transaction input
Author: Dr Maxim Orlovsky <[email protected]>
Comments-URI: https://github.com/LNP-BP/lnpbps/pulls/<____>
Status: Draft
Type: Standards Track
Created: 2021-11-15
Finalized: not yet
License: CC0-1.0
```

- [Abstract](#abstract)
- [Background](#background)
- [Motivation](#motivation)
- [Design](#design)
- [Specification](#specification)
- [Compatibility](#compatibility)
- [Rationale](#rationale)
- [Reference implementation](#reference-implementation)
- [Acknowledgements](#acknowledgements)
- [References](#references)
- [Copyright](#copyright)
- [Test vectors](#test-vectors)


## Abstract

The proposal standardizes sign-to-contract commitmnets in bitcoin transaction
inputs, proposing a robust and efficient scheme. It defines commitment and
verification protocol, scope of applicable conditions when the commitment
can be created and provides specific of client-side data structures used for
keeping and validating commitment proofs.


## Background


## Motivation


## Design

Sing-to-contract commitments are embedded into transaction outputs depending
on the type of the spent `scriptPubkey` and fields in the spending input.
For always-single-public key types (P2PK, P2PKH, P2WPKH, P2TR key path spending,
P2WPKH-in-P2SH) the only signature present in the `sigScript` or `witness`
will contain the commitment. For script-based types (bare scripts, native P2SH,
P2WSH-in-P2SH, P2WSH and P2TR script path spendings), which may have from
zero to any number of signatures a more elaborated scheme is used, where
sign-to-contract commitment is embedded into any single signature, but the
verification of the commitment is made against the sum of all signature
nonces. Commitment procedure in this case also requires provable tweaking
of other signature nonces with their own tagged hashes.

The commitment procedure results in creation of additional data structure,
*extra-transaction commitment proof*, which must be kept on the client-side
and is required for the commitment validation procedure.

This commitment scheme does not support script spendings when the tx input
contains no signatures, as well as P2TR script path spendings containing either
Annex or using non-BIP-342 (TapSCript) scripting. In this cases commiter shell
use other commitment schemes (like LNPBP-2) ensuring proper signalling like
it is done in LNPBP-10 scheme.


## Specification


## Compatibility


## Rationale

## Reference implementation

## Acknowledgements

## References

## Copyright

This document is licensed under the Creative Commons CC0 1.0 Universal license.

## Test vectors