Bitcoin Forum
May 28, 2023, 01:44:35 PM *
News: Latest Bitcoin Core release: 24.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: P2WSH Multisig and Timelock question  (Read 122 times)
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 02, 2023, 05:16:26 AM
Last edit: March 02, 2023, 01:34:55 PM by cedricfung
Merited by Welsh (5), hugeblack (4), o_e_l_e_o (4), pooya87 (2), ETFbitcoin (1), DdmrDdmr (1)
 #1

I'm working on a wallet solution to use 2/3 multisig with timelock.

A and B can spend the UTXO together before the timelock, but C can only spend the UTXO with A or B after the timelock expires.

So I wrote the script as below, is it correctly implemented as the requirement?

Code:
OP_IF
2
OP_ELSE
4194311 OP_CHECKSEQUENCEVERIFY OP_DROP
key_C OP_CHECKSIGVERIFY
1
OP_ENDIF
key_A key_B 2 OP_CHECKMULTISIG

Thank you
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1685281475
Hero Member
*
Offline Offline

Posts: 1685281475

View Profile Personal Message (Offline)

Ignore
1685281475
Reply with quote  #2

1685281475
Report to moderator
pooya87
Legendary
*
Offline Offline

Activity: 3094
Merit: 8944



View Profile
March 02, 2023, 11:49:04 AM
Merited by o_e_l_e_o (4), Welsh (2), ETFbitcoin (1), cedricfung (1)
 #2

Looks correct to me but you can always test things like this on the TestNet to be more sure, specially when it comes to setting the time value in the timelock.
Also what you called "OP_PUSHNUM_2" and "OP_PUSHNUM_1" should be OP_2 and OP_1 respectively with 0x52 and 0x51 as their byte representations.

.
..WHIRLWIND..
█████████████████████████
████████▄▄▀▀▀▀▀▄▄████████
█████▄██▀▀▄▄▀▀▀▄▄▄███████
██████▀██▀▄▀██▄▄▄▀▀▄████
█████▀████▄▄▀▄▀████
████████████████
████████████████
████████████████
█████▄████▀▀▄▀▄████
██████▄██▄▀▄██▀▀▀▄▄▀████
█████▀██▄▄▀▀▄▄▄▀▀▀███████
████████▀▀▄▄▄▄▄▀▀████████
█████████████████████████
.
.. No Fee ......Ultimate Privacy   
||.
...MIX NOW...
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 02, 2023, 01:02:44 PM
 #3

Thank you, the bitcoin-cli script ASM is

Code:
OP_IF 2 OP_ELSE 4194311 OP_CHECKSEQUENCEVERIFY OP_DROP key_C OP_CHECKSIGVERIFY 1 OP_ENDIF key_A key_B 2 OP_CHECKMULTISIG

I used the number 2 and 1, not OP_2 or OP_1, as I understand from the tutorial https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line/blob/master/10_4_Scripting_a_Multisig.md#create-a-raw-multisig

According to this tutorial https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line/blob/master/11_3_Using_CSV_in_Scripts.md#create-a-csv-relative-time

I calculated the relative lock time of 1 hour as below

Code:
nSequence = (1 << 22) | (3600 >> 9)
=> 4194311

But one thing confused me is the miniscript sample https://bitcoin.sipa.be/miniscript/

For 90 days, it uses 12960 in miniscript, and the compiled sequence is a032, that's too small a number.
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 02, 2023, 01:26:02 PM
 #4

For the nSequence value in the miniscript example, it's using relative block number instead of time, that's why it's such a small number.
Jason Brendon
Member
**
Offline Offline

Activity: 116
Merit: 64


View Profile
March 13, 2023, 06:39:32 AM
 #5

very impressive.
But can people tell all the spend conditions from the blockchain?
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2520
Merit: 6232


DO NOT store your coin on third-party service!


View Profile
March 13, 2023, 12:37:19 PM
 #6

very impressive.
But can people tell all the spend conditions from the blockchain?

For P2WSH and P2SH, everyone will know spend condition/redeem script after the coin has been spent. If you don't want that, consider P2TR instead.

.Sinbad.io.MIXER......
██████████████████████▀▀░▄░▄░▀▀██████████████████████
███████████████▀███▀▀▄▀█░▄▀▄░█▀▄▀▀███▀███████████████
██████████████░░░▄▄▀▀░░░▀▄▄▄▀░░░▀▀▄▄░░░██████████████
███▀▀██████████░░░░░░▄▀▀▄▄▄▄▄▀▀▄░░░░░░██████████▀▀███
██░█▄░▀▀█████████▄▄▄░░▄▀░▀█░░▀▄░░▄▄▄█████████▀▀░▄█░██
███▄▄░▀░▄░▀▀██▀▀▀▀█▄▄░▀██▀▐█▄█▀░▄▄█▀▀▀▀██▀▀░▄░▀░▄▄███
█████░██▄▄▀░▄░░▀▀▄██▀▌░▀░▄▄░░▀░▐▀██▄▀▀░░▄░▀▄▄██░█████
██████▄▀▀▀▀▀▄▄▄▀▀▄▄▄▄░░░░░▀░▀░░░▄▄▄▄▀▀▄▄▄▀▀▀▀▀▄██████
███████████████▀▀░░▀▀░░░░░░░░░░░▀▀░░▀▀███████████████
████████████▀▄▄███▀▀▀▄█▄▀░░░▀▄█▄▀▀▀███▄▄▀████████████
██████████▀▄█▀▀▄▄▄███▀▀▄▄▄░▄▄▄▀▀███▄▄▄▀▀█▄▀██████████
███████▀▀▄█████▀▀▀▄▄▄███████████▄▄▄▀▀▀█████▄▀▀███████
██▀▀░░░▀▀▀▀▀▄▄▄███████████████████████▄▄▄▄▀▀▀▀░░░▀▀██
......PROTECTING.YOUR.PRIVACY.........MIX.NOW.........
Jason Brendon
Member
**
Offline Offline

Activity: 116
Merit: 64


View Profile
March 14, 2023, 06:44:38 AM
 #7

very impressive.
But can people tell all the spend conditions from the blockchain?

For P2WSH and P2SH, everyone will know spend condition/redeem script after the coin has been spent. If you don't want that, consider P2TR instead.

taproot? what wallet can send coins from taproot addresses to others?
NotATether
Legendary
*
Offline Offline

Activity: 1246
Merit: 5334


Defend Bitcoin and its PoW: bitcoincleanup.com


View Profile WWW
March 14, 2023, 07:20:30 AM
 #8

In the timelock branch:

Code:
key_C OP_CHECKSIGVERIFY
1
OP_ENDIF
key_A key_B 2 OP_CHECKMULTISIG

You would have to put C's signature in the last cosigner of the output in order for the script to work properly, correct?

Other than that, this script looks well-formed to me.

taproot? what wallet can send coins from taproot addresses to others?

Sparrow Wallet can do that. I think maybe Bitcoin Core can do that now too, because Ordinals claim to use that feature. And it's always possible to construct Taproot transactions with spend paths by hand if you are sufficiently masochist  Smiley


cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 14, 2023, 09:25:35 AM
 #9

In the timelock branch:

Code:
key_C OP_CHECKSIGVERIFY
1
OP_ENDIF
key_A key_B 2 OP_CHECKMULTISIG

You would have to put C's signature in the last cosigner of the output in order for the script to work properly, correct?

Yes, when timelock expired, to spend the output with key_C, the script is like

Code:
<empty> sig_A sig_C <empty> WITNESS

Is this correct?
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2520
Merit: 6232


DO NOT store your coin on third-party service!


View Profile
March 14, 2023, 10:30:40 AM
 #10

o me.

taproot? what wallet can send coins from taproot addresses to others?

Sparrow Wallet can do that. I think maybe Bitcoin Core can do that now too, because Ordinals claim to use that feature. And it's always possible to construct Taproot transactions with spend paths by hand if you are sufficiently masochist  Smiley



I just checked my Bitcoin Core (v24.0.1) and it has Taproot support which can be generated on tab "Receive" and choose "Bech32m (Taproot)" on drop-down list. But for custom scripting, i expect you'll need to use CLI and create script manually. And for information purpose, Wasabi wallet also support Taproot although IIRC it lacks some feature for power user.

.Sinbad.io.MIXER......
██████████████████████▀▀░▄░▄░▀▀██████████████████████
███████████████▀███▀▀▄▀█░▄▀▄░█▀▄▀▀███▀███████████████
██████████████░░░▄▄▀▀░░░▀▄▄▄▀░░░▀▀▄▄░░░██████████████
███▀▀██████████░░░░░░▄▀▀▄▄▄▄▄▀▀▄░░░░░░██████████▀▀███
██░█▄░▀▀█████████▄▄▄░░▄▀░▀█░░▀▄░░▄▄▄█████████▀▀░▄█░██
███▄▄░▀░▄░▀▀██▀▀▀▀█▄▄░▀██▀▐█▄█▀░▄▄█▀▀▀▀██▀▀░▄░▀░▄▄███
█████░██▄▄▀░▄░░▀▀▄██▀▌░▀░▄▄░░▀░▐▀██▄▀▀░░▄░▀▄▄██░█████
██████▄▀▀▀▀▀▄▄▄▀▀▄▄▄▄░░░░░▀░▀░░░▄▄▄▄▀▀▄▄▄▀▀▀▀▀▄██████
███████████████▀▀░░▀▀░░░░░░░░░░░▀▀░░▀▀███████████████
████████████▀▄▄███▀▀▀▄█▄▀░░░▀▄█▄▀▀▀███▄▄▀████████████
██████████▀▄█▀▀▄▄▄███▀▀▄▄▄░▄▄▄▀▀███▄▄▄▀▀█▄▀██████████
███████▀▀▄█████▀▀▀▄▄▄███████████▄▄▄▀▀▀█████▄▀▀███████
██▀▀░░░▀▀▀▀▀▄▄▄███████████████████████▄▄▄▄▀▀▀▀░░░▀▀██
......PROTECTING.YOUR.PRIVACY.........MIX.NOW.........
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 14, 2023, 12:16:11 PM
 #11

I just checked my Bitcoin Core (v24.0.1) and it has Taproot support which can be generated on tab "Receive" and choose "Bech32m (Taproot)" on drop-down list. But for custom scripting, i expect you'll need to use CLI and create script manually. And for information purpose, Wasabi wallet also support Taproot although IIRC it lacks some feature for power user.

I think no wallets support real custom scripting yet, at least Bitcoin Core is only able to watch those custom script address, can't spend from them.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 2520
Merit: 6232


DO NOT store your coin on third-party service!


View Profile
March 14, 2023, 01:08:39 PM
 #12

I just checked my Bitcoin Core (v24.0.1) and it has Taproot support which can be generated on tab "Receive" and choose "Bech32m (Taproot)" on drop-down list. But for custom scripting, i expect you'll need to use CLI and create script manually. And for information purpose, Wasabi wallet also support Taproot although IIRC it lacks some feature for power user.

I think no wallets support real custom scripting yet, at least Bitcoin Core is only able to watch those custom script address, can't spend from them.

But since Bitcoin Core support Output Descriptors[1], spending should be possible[2] if you know how to convert the script into descriptors. Although it's still not real custom scripting since AFAIK descriptors due to limited support of opcodes.

[1] https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md
[2] https://bitcoin.stackexchange.com/a/99541

.Sinbad.io.MIXER......
██████████████████████▀▀░▄░▄░▀▀██████████████████████
███████████████▀███▀▀▄▀█░▄▀▄░█▀▄▀▀███▀███████████████
██████████████░░░▄▄▀▀░░░▀▄▄▄▀░░░▀▀▄▄░░░██████████████
███▀▀██████████░░░░░░▄▀▀▄▄▄▄▄▀▀▄░░░░░░██████████▀▀███
██░█▄░▀▀█████████▄▄▄░░▄▀░▀█░░▀▄░░▄▄▄█████████▀▀░▄█░██
███▄▄░▀░▄░▀▀██▀▀▀▀█▄▄░▀██▀▐█▄█▀░▄▄█▀▀▀▀██▀▀░▄░▀░▄▄███
█████░██▄▄▀░▄░░▀▀▄██▀▌░▀░▄▄░░▀░▐▀██▄▀▀░░▄░▀▄▄██░█████
██████▄▀▀▀▀▀▄▄▄▀▀▄▄▄▄░░░░░▀░▀░░░▄▄▄▄▀▀▄▄▄▀▀▀▀▀▄██████
███████████████▀▀░░▀▀░░░░░░░░░░░▀▀░░▀▀███████████████
████████████▀▄▄███▀▀▀▄█▄▀░░░▀▄█▄▀▀▀███▄▄▀████████████
██████████▀▄█▀▀▄▄▄███▀▀▄▄▄░▄▄▄▀▀███▄▄▄▀▀█▄▀██████████
███████▀▀▄█████▀▀▀▄▄▄███████████▄▄▄▀▀▀█████▄▀▀███████
██▀▀░░░▀▀▀▀▀▄▄▄███████████████████████▄▄▄▄▀▀▀▀░░░▀▀██
......PROTECTING.YOUR.PRIVACY.........MIX.NOW.........
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
March 14, 2023, 02:08:25 PM
 #13

I just checked my Bitcoin Core (v24.0.1) and it has Taproot support which can be generated on tab "Receive" and choose "Bech32m (Taproot)" on drop-down list. But for custom scripting, i expect you'll need to use CLI and create script manually. And for information purpose, Wasabi wallet also support Taproot although IIRC it lacks some feature for power user.

I think no wallets support real custom scripting yet, at least Bitcoin Core is only able to watch those custom script address, can't spend from them.

But since Bitcoin Core support Output Descriptors[1], spending should be possible[2] if you know how to convert the script into descriptors. Although it's still not real custom scripting since AFAIK descriptors due to limited support of opcodes.

[1] https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md
[2] https://bitcoin.stackexchange.com/a/99541

Bitcoin Core supports custom script with output descriptors, that's the miniscript from blockstream, it has full capability to support all popular opcodes. But still, most of output descriptors support in Bitcoin Core are limited to watch only, the core devs have some ongoing issues to solve this.

https://github.com/bitcoin/bitcoin/pull/24149 This PR makes miniscript completely solvable in Bitcoin Core, merged last month, and it's just the miniscript support in the code level, not full bitcoin-cli support yet, maybe in a few months.
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
Today at 12:04:15 PM
 #14

Now it looks like full descriptors support arrived with Bitcoin Core 25.0 https://github.com/bitcoin/bitcoin/releases/tag/v25.0

So now I'm going to use this descriptor script to achieve the same goal.

Code:
wsh(thresh(2,pk(A),s:pk(B),sj:and_v(v:pk(C),n:older(1728))))
cedricfung (OP)
Jr. Member
*
Offline Offline

Activity: 41
Merit: 17


View Profile
Today at 12:06:40 PM
 #15

Now it looks like full descriptors support arrived with Bitcoin Core 25.0 https://github.com/bitcoin/bitcoin/releases/tag/v25.0

So now I'm going to use this descriptor script to achieve the same goal.

Code:
wsh(thresh(2,pk(A),s:pk(B),sj:and_v(v:pk(C),n:older(1728))))

This produces the asm

Code:
A OP_CHECKSIG OP_SWAP
B OP_CHECKSIG OP_ADD OP_SWAP OP_SIZE OP_0NOTEQUAL
OP_IF
C OP_CHECKSIGVERIFY 1728 OP_CHECKSEQUENCEVERIFY OP_0NOTEQUAL
OP_ENDIF
OP_ADD 2 OP_EQUAL
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!