It's CCV o'clock!
I opened a draft PR to bitcoin-inquisition to activate OP_CHECKCONTRACTVERIFY (BIP-443).
https://github.com/bitcoin-inquisition/bitcoin/pull/102
Please help by reviewing, if you can!
Bitcoin doesn't work without entropy.
But entropy implies information content.
It's from my nostr:nprofile1qqs0zqyq74avavecxlreqte2ugu5hc7q867qwg386pmeflmd00hdnhqgl4q0e 2024 talk "Entropy, miniscript and hardware signers", exploring what entropy means for the UX of signing devices.
Full video here: https://youtu.be/IYOswKz5QAo
This slide summarizes the fundamental reason why forbidding data embeddings on-chain either:
- fails miserably, or
- destroys Bitcoin.
I guess I'll start running v31 today
Fiat money runs on Poof of Work.
You worked, you got paid... and poof, it's gone.
Users should (mostly) not see them, either.
Although, that's not yet possible as they need to be able to inspect them during wallet creation/registration.
Although, I think that only covers single-sig?
Great, thanks for sharing!
We'll have a separate discussion about getting rid of addresses, but that requires more infrastructure before it's feasible :)
I think it indeed works in many cases, although adding some attribute that suggest an action (like 'draft', 'unfinished', etc.) might be useful to guide into the next step.
Unpopular (?) opinion: banish the term 'PSBT' from the UI of software wallets (and hardware signers).
It's just a file format. Image-editing tools don't tell you "load JPEG/PNG/..." – it's "Load image".
'Transaction draft'? 'Unfinished transaction'? Just 'transaction'?
All roads lead to CCV.
Or at least this one does.
https://github.com/bitcoin/bips/blob/master/bip-0443.mediawiki
I bought an RTX 5090.
What are the coolest self-hosted AI things you guys are doing?
This guy's good – Guinness world record of first merged PRs
https://blossom.primal.net/1dcf5dec93f5e37a9f39e138a95a0f83b239b2379ca6d68b241ddcb2ca5d095c.mp4
I agree it has a lot in common. I think it will need orders of magnitude more economic activity in order to bring the same market dynamics that made the early internet work.
It might succeed.
I fixed the typo for my amethyst friends.
Now that's a type of chaos for sure!
(also, how to bring an 'edit' feature to nostr, so I can fix typos 😅)
Internet up the early 2000s was about finding order in chaos. Lots of energy was bottom-up. Search engines and aggregators would just help you find it; and finding the good content did sometimes feel like uncovering a secret treasure.
How to bring back the chaos?
Just a misunderstanding
Seen in ₿ali
Honored to sit right next to nostr:nprofile1qqsy2ga7trfetvd3j65m3jptqw9k39wtq2mg85xz2w542p5dhg06e5qpzdmhxue69uhhvct4d36zu6tjd9ejuar0w3mpq9 on the scoreboard! I'll try again tomorrow :)
EUR people wondering why is everyone talking about ATH
I'm gonna shill this blog post I wrote some time back: https://www.ledger.com/blog/towards-a-trustless-bitcoin-wallet-with-miniscript
If you don't trust a signing device, it's really hard to meaningfully use it without additional devices - I don't think creative paths can help much. For example, a device could lie about the xpubs you ask.
I was thinking about 2 things...
1. The coldcard's co-signing feature https://coldcard.com/docs/coldcard-cosigning/
2. Their satscard/tapsigner.
In both cases, you could have the device generate a master key that you will never know. Only the device knows it (I might be wrong about the co-signing feature).
With the tapsigner, you give it a chaincode, and that _theoretically_ gives you a key that you know Coinkite would never know.
You can export the XPUB of m/0' (I think) and it will have your chaincode in it.
But... Since the rest of the derivation path is hardened in a typical key, you can't verify that the xpub for a typical wallet is derived using your chaincode.
So....
What if, just for that one key in a multisig setup, you don't use the typical derivation path so that you can confirm that it uses your chaincode, and since the change and index are not hardened, it still works as expected.
Just trying to think about how you can Guarantee that neither the manufacturer or yourself knows the private key.
> Just trying to think about how you can Guarantee that neither the manufacturer or yourself knows the private key
What for? I see footguns in this scheme, but I don't quite see the benefits.
In general, I think that both cosigners and blind signers are unlikely to make much much sense in multisig setups - much more useful in miniscript wallets, where you can do more 'experimental' stuff with the primary spending path, while keeping recovery paths straightforward.
Question for anyone with multisig knowledge.
Maybe nostr:nprofile1qqs20zdyp8lh35mh99835hf7fv55aq9duugce3t8p9g7dmp4a2n4vnqpy3mhxw309a6k6cnjv4kz6vfww3skjmrzx9nrxdeww3ejumn9wsargwp58qhs6tvrgm nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7nxasma nostr:nprofile1qqsq72qednk3qf970n4n67cegvmmlrepu7ks4zlgqwc7cznu2t5jdhspz4mhxue69uhkummnw3ezummcw3ezuer9wchsdx53qg?
Based on
https://www.unchained.com/blog/bitcoin-wallet-configurations
Considering that a multisig backup file includes the fingerprint and derivation path along with each pubkey, is it possible to have just one of your private keys not have a standard derivation path?
I.E. I want my wallet to be P2WSH but I want one of the keys to have a derivation path of
```
m/0'
```
Could wallets figure out what I want from this?
The derivation paths doesn't really change anything in the meaning of the policy, so as long as it's a path you can export from your signer, everything will work.
(some devices might have path restrictions for xpubs they export, though - so using standard patterns maximizes compatibility)
What is your goal?
How many hours long is the talk? 🤣
I will be at nostr:nprofile1qqsphtcc46rrelvptfm4c2y58k85alnam0lfu773mgwdmtynka0zspspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcd55m55 in Vegas with a session on `OP_CHECKCONTRACTVERIFY`.
What should I talk about?
Yep, you can definitely have multiple invisible cosigners!
For example, one could be self-hosted if you have an always-online machine.
Of course, since MuSig2 is an AND of all the cosigners, having more increases the chance of at least one of them failing, so in practice I expect a single cosigner managed by a professional entity to be a very popular option. In that direction, an interesting thing to explore is: how private can this be? It should be possible to combine MuSig2 with Schnorr blind signing, so that the cosigner doesn't necessarily have to learn about your transactions, while still being able to check predicates in them (this paper does it for single-sig: https://eprint.iacr.org/2022/1676 but smarter people tell me it should be generalizable for MuSig/FROST).
"MuSig2 is the cherry on top of the taproot cake"
I'm somewhat of a poet myself.
Read about Ledger Bitcoin app's support of MuSig2 in this blog post - written with the legend Yannick Seurin in person.
Not sure why people think Merkle trees are hard.
When Ruben Somsen writes a gist, you know it's going to be good:
https://gist.github.com/RubenSomsen/a61a37d14182ccd78760e477c78133cd
On improving IBD time.
What would be needed in order to make zaps work with bolt12-supporting wallets like Phoenix?
I have Phoenix wallet in the phone, and an nostr:nprofile1qqsw5t3us9xs3gmclzjm37hvk2yy6pv9t96utjjttsj794hexc5x79qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhs4njjxr node at home - it feels like this should be a solvable problem!
I shall not be zappable until I figure how to do it self-custodially, but I've been lazy 😅