📅 Original date posted:2018-06-26
📝 Original message:hello,
in general, I agree with my colleague Tomas, the proposed changes are
good and achieve the most important things that we wanted. We'll review
the proposal in more detail later.
For now a couple minor things I have run into:
- valid test vector 2 ("one P2PKH input and one P2SH-P2WPKH input")
seems broken, at least its hex version; a delimiter seems to be missing,
misplaced or corrupted
- at least the first signing vector is not updated, but you probably
know that
- BIP32 derivation fields don't specify size of the "master public key",
which would make it un-parsable :)
- "Transaction format is specified as follows" and its table need to be
updated.
I'm still going to argue against the key-value model though.
It's true that this is not significant in terms of space. But I'm more
concerned about human readability, i.e., confusing future implementers.
At this point, the key-value model is there "for historical reasons",
except these aren't valid even before finalizing the format. The
original rationale for using key-values seems to be gone (no key-based
lookups are necessary). As for combining and deduplication, whether key
data is present or not is now purely a stand-in for a "repeatable" flag.
We could just as easily say, e.g., that the high bit of "type" specifies
whether this record can be repeated.
(Moreover, as I wrote previously, the Combiner seems like a weirdly
placed role. I still don't see its significance and why is it important
to correctly combine PSBTs by agents that don't understand them. If you
have a usecase in mind, please explain.
ISTM a Combiner could just as well combine based on whole-record
uniqueness, and leave the duplicate detection to the Finalizer. In case
the incoming PSBTs have incompatible unique fields, the Combiner would
have to fail anyway, so the Finalizer might as well do it. Perhaps it
would be good to leave out the Combiner role entirely?)
There's two remaining types where key data is used: BIP32 derivations
and partial signatures. In case of BIP32 derivation, the key data is
redundant ( pubkey = derive(value) ), so I'd argue we should leave that
out and save space. In case of partial signatures, it's simple enough to
make the pubkey part of the value.
Re breaking change, we are proposing breaking changes anyway, existing
code *will* need to be touched, and given that this is a hand-parsed
format, changing `parse_keyvalue` to `parse_record` seems like a small
matter?
---
At this point I'm obliged to again argue for using protobuf.
Thing is: BIP174 *is basically protobuf* (v2) as it stands. If I'm
succesful in convincing you to switch to a record set model, it's going
to be "protobuf with different varint".
I mean this very seriously: (the relevant subset of) protobuf is a set
of records in the following format:
<record type><varint field length><field data>
Record types can repeat, the schema specifies whether a field is
repeatable or not - if it's not, the last parsed value is used.
BIP174 is a ad-hoc format, simple to parse by hand; but that results in
_having to_ parse it by hand. In contrast, protobuf has a huge
collection of implementations that will do the job of sorting record
types into relevant struct fields, proper delimiting of records, etc.
...while at the same time, implementing "protobuf-based-BIP174" by hand
is roughly equally difficult as implementing the current BIP174.
N.B., it's possible to write a parser for protobuf-BIP174 without
needing a general protobuf library. Protobuf formats are designed with
forwards- and backwards- compatibility in mind, so having a hand-written
implementation should not lead to incompatibilities.
I did an experiment with this and other variants of the BIP174 format.
You can see them here:
[1] https://github.com/matejcik/bip174-playground
see in particular:
[2] https://github.com/matejcik/bip174-playground/blob/master/bip174.proto
The tool at [1] does size comparisons. On the test vectors, protobuf is
slightly smaller than key-value, and roughly equal to record-set, losing
out a little when BIP32 fields are used.
(I'm also leaving out key-data for BIP32 fields.)
There's some technical points to consider about protobuf, too:
- I decided to structure the message as a single "PSBT" type, where
"InputType" and "OutputType" are repeatable embedded fields. This seemed
better in terms of extensibility - we could add more sections in the
future. But the drawback is that you need to know the size of
Input/OutputType record in advance.
The other option is sending the messages separated by NUL bytes, same as
now, in which case you don't need to specify size.
- in InputType, i'm using "uint32" for sighash. This type is not
length-delimited, so non-protobuf consumers would have to understand it
specially. We could also declare that all fields must be
length-delimited[1] and implement sighash as a separate message type
with one field.
- non-protobuf consumers will also need to understand both protobuf
varint and bitcoin compact uint, which is a little ugly
best regards
matejcik
[1] https://developers.google.com/protocol-buffers/docs/encoding#structure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180626/a1c4e6e5/attachment.sig>;
matejcik [ARCHIVE] /
npub18g…sgac3
2023-06-07 20:13:12
in reply to nevent1q…eklz
Author Public Key
npub18g04tf4qudcsna6qfcrm55s39axx3ymrunr65gxen4rctm0zv24sasgac3Published at
2023-06-07 20:13:12Event JSON
{
"id": "85fa468e0f4aecb57f50f78a889ee5b5bac64e46c749d4121c15e2e212cc3980",
"pubkey": "3a1f55a6a0e37109f7404e07ba52112f4c689363e4c7aa20d99d4785ede262ab",
"created_at": 1686161592,
"kind": 1,
"tags": [
[
"e",
"cde3c2f1af5ec4e3200e32c7fdbcba54b58741a9d65d38dd383e78325ee0ffcd",
"",
"root"
],
[
"e",
"c9589b3c52165ff6544aa57619826675c1f8168170d598ab95bada14ab00e17c",
"",
"reply"
],
[
"p",
"75fdfdb61750de444c31286deb53bedfff4351d5a85d3d66cc6b36e95fa21d06"
]
],
"content": "📅 Original date posted:2018-06-26\n📝 Original message:hello,\n\nin general, I agree with my colleague Tomas, the proposed changes are\ngood and achieve the most important things that we wanted. We'll review\nthe proposal in more detail later.\n\nFor now a couple minor things I have run into:\n\n- valid test vector 2 (\"one P2PKH input and one P2SH-P2WPKH input\")\nseems broken, at least its hex version; a delimiter seems to be missing,\nmisplaced or corrupted\n- at least the first signing vector is not updated, but you probably\nknow that\n- BIP32 derivation fields don't specify size of the \"master public key\",\nwhich would make it un-parsable :)\n- \"Transaction format is specified as follows\" and its table need to be\nupdated.\n\n\nI'm still going to argue against the key-value model though.\n\nIt's true that this is not significant in terms of space. But I'm more\nconcerned about human readability, i.e., confusing future implementers.\nAt this point, the key-value model is there \"for historical reasons\",\nexcept these aren't valid even before finalizing the format. The\noriginal rationale for using key-values seems to be gone (no key-based\nlookups are necessary). As for combining and deduplication, whether key\ndata is present or not is now purely a stand-in for a \"repeatable\" flag.\nWe could just as easily say, e.g., that the high bit of \"type\" specifies\nwhether this record can be repeated.\n\n(Moreover, as I wrote previously, the Combiner seems like a weirdly\nplaced role. I still don't see its significance and why is it important\nto correctly combine PSBTs by agents that don't understand them. If you\nhave a usecase in mind, please explain.\nISTM a Combiner could just as well combine based on whole-record\nuniqueness, and leave the duplicate detection to the Finalizer. In case\nthe incoming PSBTs have incompatible unique fields, the Combiner would\nhave to fail anyway, so the Finalizer might as well do it. Perhaps it\nwould be good to leave out the Combiner role entirely?)\n\nThere's two remaining types where key data is used: BIP32 derivations\nand partial signatures. In case of BIP32 derivation, the key data is\nredundant ( pubkey = derive(value) ), so I'd argue we should leave that\nout and save space. In case of partial signatures, it's simple enough to\nmake the pubkey part of the value.\n\nRe breaking change, we are proposing breaking changes anyway, existing\ncode *will* need to be touched, and given that this is a hand-parsed\nformat, changing `parse_keyvalue` to `parse_record` seems like a small\nmatter?\n\n---\n\nAt this point I'm obliged to again argue for using protobuf.\n\nThing is: BIP174 *is basically protobuf* (v2) as it stands. If I'm\nsuccesful in convincing you to switch to a record set model, it's going\nto be \"protobuf with different varint\".\n\nI mean this very seriously: (the relevant subset of) protobuf is a set\nof records in the following format:\n\u003crecord type\u003e\u003cvarint field length\u003e\u003cfield data\u003e\nRecord types can repeat, the schema specifies whether a field is\nrepeatable or not - if it's not, the last parsed value is used.\n\nBIP174 is a ad-hoc format, simple to parse by hand; but that results in\n_having to_ parse it by hand. In contrast, protobuf has a huge\ncollection of implementations that will do the job of sorting record\ntypes into relevant struct fields, proper delimiting of records, etc.\n...while at the same time, implementing \"protobuf-based-BIP174\" by hand\nis roughly equally difficult as implementing the current BIP174.\n\nN.B., it's possible to write a parser for protobuf-BIP174 without\nneeding a general protobuf library. Protobuf formats are designed with\nforwards- and backwards- compatibility in mind, so having a hand-written\nimplementation should not lead to incompatibilities.\n\nI did an experiment with this and other variants of the BIP174 format.\nYou can see them here:\n[1] https://github.com/matejcik/bip174-playground\nsee in particular:\n[2] https://github.com/matejcik/bip174-playground/blob/master/bip174.proto\n\nThe tool at [1] does size comparisons. On the test vectors, protobuf is\nslightly smaller than key-value, and roughly equal to record-set, losing\nout a little when BIP32 fields are used.\n(I'm also leaving out key-data for BIP32 fields.)\n\nThere's some technical points to consider about protobuf, too:\n\n- I decided to structure the message as a single \"PSBT\" type, where\n\"InputType\" and \"OutputType\" are repeatable embedded fields. This seemed\nbetter in terms of extensibility - we could add more sections in the\nfuture. But the drawback is that you need to know the size of\nInput/OutputType record in advance.\nThe other option is sending the messages separated by NUL bytes, same as\nnow, in which case you don't need to specify size.\n\n- in InputType, i'm using \"uint32\" for sighash. This type is not\nlength-delimited, so non-protobuf consumers would have to understand it\nspecially. We could also declare that all fields must be\nlength-delimited[1] and implement sighash as a separate message type\nwith one field.\n\n- non-protobuf consumers will also need to understand both protobuf\nvarint and bitcoin compact uint, which is a little ugly\n\nbest regards\nmatejcik\n\n\n[1] https://developers.google.com/protocol-buffers/docs/encoding#structure\n\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 819 bytes\nDesc: OpenPGP digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180626/a1c4e6e5/attachment.sig\u003e",
"sig": "6d8111b2f15cf1e0d99b57165eab6ff4683ea4e59368a4275d869b08de84b98af1d848d79dcf33ccaa943a331caabb87c1935da1a42d727d6b62f3e92bc85755"
}