bitcoin-dev

Signing a Bitcoin Transaction with Lamport Signatures (no changes needed)

Signing a Bitcoin Transaction with Lamport Signatures (no changes needed)

Original Postby David A. Harding

Posted on: May 7, 2024 04:11 UTC

In a recent exchange between Antoine Riard and Andrew Poelstra, with involvement from Matthew Zipkin and Ethan Heilman on the Bitcoin Development Mailing List, an intriguing discussion unfolded about the intricacies of implementing ECDSA and Schnorr signatures within the Bitcoin scripting language, Tapscript.

Andrew Poelstra's inquiry centered on the validation process of ECDSA signatures in transactions that utilize fixed-size Schnorr signatures, specifically through the OP_CHECKSIG operation. He presented a scenario suggesting if a Lamport signature, which commits to an ECDSA signature, is used as a controlling signature, it might be safe to disclose the private key for the ECDSA signature. This approach assumes that constructing a Schnorr signature with identical private key, nonce, and message commitment parameters as the ECDSA signature, and its validation by OP_CHECKSIG, confirms the transaction's authenticity.

Poelstra further explored the possibility of implementing both ECDSA and Schnorr signatures within Tapscript, highlighting potential for functionality akin to OP_CSFS and OP_CAT operations. These operations would theoretically enable covenants in Bitcoin without necessitating Lamport signatures or reliance solely on ECDSA. His analysis suggests a path towards enhanced script capabilities and introspection within Bitcoin's scripting framework, but also reveals the complexity and potential confusion surrounding these cryptographic and scripting innovations. The conversation reflects ongoing efforts to evolve Bitcoin's scripting abilities, aiming for increased security and flexibility in transaction verification and execution mechanisms.