OP_IF usage for multisig about rust-bitcoin HOT 9 OPEN

Have you considered using Miniscript for this policy? There is a crate rust-miniscript that can do these sorts of script constructions for you.

But to answer your specific question, it looks like you have two CHECKSIGs and one CHECKSIGADD in your second branch, and I think teh second CHECKSIG should be a CSA.

from rust-bitcoin.

I think branch is just better at everything. The only exception I can imagine is if you had something smaller than 32 B. Like OP_CSV. But since all keys are at least 32B long and a transaction without a key can be spent by anyone such thing would be useless.

from rust-bitcoin.

Thanks! I tried that but end up with

RPC error: {\"code\":-26,\"message\":\"non-mandatory-script-verify-flag (OP_IF/NOTIF argument must be minimal in tapscript)\"}"

from rust-bitcoin.

I'm not sure what to make of that. The code you posted does not put any non-minimal data into IF, NOTIF, or the end of the script execution.

from rust-bitcoin.

I think I figured out the problem, using a minimal example

a simple multisig with Alice/Bob

Case 1:

	let wallet_script = Builder::new()
                .push_opcode(opcodes::OP_TRUE)
		.push_opcode(all::OP_IF)
			.push_x_only_key(&bob.public_key().into())
			.push_opcode(all::OP_CHECKSIGVERIFY) 
			.push_opcode(opcodes::OP_TRUE)
		.push_opcode(all::OP_ELSE)
			.push_x_only_key(&alice.public_key().into())
			.push_opcode(all::OP_CHECKSIGVERIFY) 
			.push_opcode(opcodes::OP_TRUE)
		.push_opcode(all::OP_ENDIF)
		.into_script();

Works when spending like this

	let wit = Witness::from_vec(vec![
		schnorr_sig_bob.to_vec(),
		wallet_script.to_bytes(),
		actual_control.serialize(),
	]);

If I switch OP_TRUE to OP_FALSE then only Alice can sign the transaction

So the goal is to remove the OP_TRUE/OP_TRUE from the script and put it inside the spend script. Thats the idea I got from here (https://youtu.be/yU3Sr07Qnxg?feature=shared&t=2589)

But I'm not sure how to push true/false into the spend script so that its picked up by OP_IF

I tried

	let wit = Witness::from_vec(vec![
		schnorr_sig_bob.to_vec(),
		vec![1],
		wallet_script.to_bytes(),
		actual_control.serialize(),
	]);

but run into Invalid Schnorr signature error

from rust-bitcoin.

If you're providing a different script when signing than actually goes in the transaction, then you'll get an invalid signature.

But I strongly encourage you to look at rust-miniscript which will just do this all for you.

from rust-bitcoin.

@3ierratango I think what you're trying to achieve would be better done using taproot where you simply specify the branches individually and not worry about OP_IF. You'd also save a bunch of fees.

from rust-bitcoin.

@3ierratango I think what you're trying to achieve would be better done using taproot where you simply specify the branches individually and not worry about OP_IF. You'd also save a bunch of fees.

Great idea, got it working. Whats the downside of using branch vs script. I looked at docs and the idea I get is we use a script when we need to verify some data (like a secret share) but to acheive a multisig solution a script vs branch model makes no difference. Am I correct in this understanding?

from rust-bitcoin.

I looked at docs and the idea I get is we use a script when we need to verify some data (like a secret share)

I'm curious what docs suggest this. It's a pretty obscure usecase. But yes, if you need your script to come with proof-of-publication of some data, that data needs to be directly in the script.

Other than that, as Kix says the "tradeoff" is that a branch is always 32 bytes while a script could sometimes be smaller.

from rust-bitcoin.