< bitcoin-git>
[bitcoin] jameshilliard opened pull request #10301: Check if sys/random.h is required for getentropy. (master...getentropy-rand) https://github.com/bitcoin/bitcoin/pull/10301
< afk11>
hey all. been looking at the MAST BIP and it got me wondering how jl2012 was able to do the hash-locked example. It's a good example for MAST (look what happens the DUP), and for parsing mutually exclusive execution pathways in general
< afk11>
anyways, I've come up with something that seems to allow one to produce the mutually exclusive branches for any script. Need to test it over more scripts 2bh, but it's coming along nicely
< afk11>
keeping in mind most bitcoin libraries only sign scripts that don't have any degrees of freedom with the pathway that's executed.. I'm starting out by iterating over script opcodes and making a tree out of possible execution pathways as they come
< afk11>
to do this, I start with a single node in the tree (the no logical ops case), and build up a vector of values of dependent ifs. for the above script, that's [true], [false, true], and [false, false] (same order jl2012 has them)
< afk11>
next, you need all the opcodes under that pathway.. I decided to do this separately to building the tree. Basically copy EvalScript, remove all opcodes but IF/ELSE/ENDIF/NOTIF, strip away some checks, and log all logical operations and opcodes where fExec==true. The mainStack is now only operated on by IF/ELSE/ENDIF/NOTIF, so you can pass in the vector of vchs representing the list above, ie, "\x01" for true, "" for false..
< afk11>
and that gets you a list of all opcodes in the script that you need to satisfy if you wished to sign it
< afk11>
I've only gotten as far as normal scripts, ie, bare or P2SH. MAST requires checking for side effects of earlier operations, and stripping away any where the predicate was failed.
< afk11>
if this should be in #bitcoin-dev please someone let me know
< afk11>
the general motivation behind all this is to allow signing of arbitrary scripts. you can only do that once you know if there are logical operations.. after that, looking at the opcodes just under that branch tells you what you need to satisfy in order to redeem using that branch
< afk11>
with the branch specific opcodes, you can then try to break up the script into pieces the signer can understand, and may support: hashlocks, csv/cltv checks (signer should know the current time), signature operations
< afk11>
I think using the [true], [false,true], [false, false] could be a good way of relating to another party to your script/payment channel which branch you are expecting them to sign. Wallets like Copay work by creating a proposed spend from a multisig address, and requesting signatures from others, and atm there isn't really a way to specify branches in a script agnostic way. Hardware wallets also may also face the same thing in the future
< afk11>
anyway, I think if wallets come to deal with scripts with logical operators, the innermost Sign() function should really be checking that the user isn't accidentally working on the wrong branch, hence the need for to designate the branch in a way the software can verify against later.
< afk11>
I don't want to use something like branch 1, 2, 3, because the allowed boolean values are specific to the script.
< NicolasDorier>
is there a way in Bitcoin Core to get an unused address ? I am tempted to call getnewaddress everytimes, but doing so would create big gap in by BIP32 path, which would make rescanning fail
< sipa>
bitcoin core doesn't support gaps or reconstruction from a seed at all
< sipa>
(yet)
< SopaXorzTaker>
dammit piqure
< SopaXorzTaker>
banned me from #bitcoin for posting a malware link, explicitly marked like this and obsured: [https://]malware[.]coin.stealer
< NicolasDorier>
sipa: I know, for now. jonasschnelli is working on it somewhere I saw recently. Anyway, do you know a way to get the latest unused address of the wallet ?
< NicolasDorier>
or any unused address
< NicolasDorier>
Another reason is that I provide a link to the user to send money to my address. And I don't want a user to generate a new address everytimes he hit F5 on my page
< NicolasDorier>
other solutions to do it of course
< NicolasDorier>
but if anything exist in core, would make life easier
< sipa>
NicolasDorier: getnewaddress...
< sipa>
NicolasDorier: or make your application cache a number of addresses ahead of time
< NicolasDorier>
sipa: Imagine I want to show the QR code of an unused address of my wallet in the profile page of whatever social media service. If I use getnewaddress, then everytimes someone make a request to the QR code, a new address will bloat up my wallet, leading to DOS eventually.
< NicolasDorier>
of course I can use the server generating the QR cache the latest created address and verify if not used
< sipa>
NicolasDorier: yes, so cache addresses in your application, and remove them when used?
< sipa>
there used to be a way in core get an unused address, which was only updated when a tx was seen to it
< sipa>
but that's very hard to not make different RPC clients get in eachother's way
< NicolasDorier>
ha ok I see
< NicolasDorier>
well yes I will cache the address on the server side, and just make a request to bitcoin core to know if it was used before returning it to the server