Feed for tag: scriptless-scripts
Mast and Schnorr Signatures
Bitcoin’s development effort for the past few years has been focused on a few key concepts, privacy, scalability and efficiency. One of the first improvements was Segregated witness which is ushering in the rest, Lightning Network followed but was an effort in a different direction as it took transactions off-chain rather than optimizing the on-chain process. Some of the upcoming technologies aimed at optimizing this process are Schnorr Signatures and Merkelized Abstract Syntax Trees or MAST for short.
Scriptless Scripts With ECDSA

Pedro Moreno Sanchez via Bitcoin Dev linked the following paper, Multi-Hop Locks for Secure, Privacy-Preserving and Interoperable Payment-Channel Networks.

…my co-authors and I have been working hard to get ready an extended version of the paper for this work…

In this paper, we describe in detail the scriptless script (SS) ECDSA construction and formally prove its security and privacy guarantees. Additionally, we describe several other constructions of interest for the LN:

-The SS Schnorr, initially proposed by A. Poelstra. We formally describe the protocol and prove its security and privacy guarantees

-Interestingly, we show that it is possible to combine SS ECDSA and SS Schnorr without losing security or privacy. This allows interoperability between different implementations.

-A framework to combine script-based cryptographic locks using partially homomorphic one-way functions.

-Possible applications. For instance, SS ECDSA could be used today in Bitcoin to perform atomic swaps where the resulting transaction no longer reveals the cryptographic condition. Instead, it is embedded in a regular ECDSA signature. This provides several advantages such as reduced transaction size and better privacy/fungibility among others.

A cornerstone of their approach is to provide interoperability between different signature schemes. The utility of such an approach is a form of “cryptographic future-proofing” where if one scheme is broken there are fall-back functions that are still secure.