prusnak
commented
3 years ago I pinged Casa and Unchained Capital folks to chime in ...
Open andrewkozlik opened 3 years ago
prusnak
commented
3 years ago I pinged Casa and Unchained Capital folks to chime in ...
afsheenb
commented
3 years ago On behalf of Unchained: we've been discussing internally how best to implement multisig on Taproot and have a final meeting scheduled for mid-December. I'll report back and chime in with our plans then.
jlopp
commented
3 years ago Given the interactivity requirements of other tapscript constructions, I expect Casa will move forward with OP_CHECKSIGADD
andrewkozlik
commented
3 years ago Given the interactivity requirements of other tapscript constructions, I expect Casa will move forward with OP_CHECKSIGADD
@jlopp, would that be using a single OP_CHECKSIGADD-based k-of-n script or a k-of-k script for every combination of pubkeys? The advantages and disadvantages of the two are discussed in https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki#cite_note-5. If I am not mistaken, Casa uses 2-of-3 multisig and 3-of-5 multisig. On average the single OP_CHECKSIGADD-based k-of-n script is better in both cases in terms of the size of the resulting witnesses. But note the words "on average". If you optimize the Merkle tree for the happy path / typical use case, then the k-of-k script for every combination may be more optimal in terms of witness size for the happy path.
jlopp
commented
3 years ago Single OP_CHECKSIGADD-based k-of-n script, otherwise we'd have to change the UX to force users to either preselect which keys they're signing with, or have them sign multiple leaves of the tapscript.
afsheenb
commented
2 years ago Chiming in again after our meeting: we're hoping to support both of the two OP_CHECKSIGADD based approaches mentioned in BIP 342, with a preference for the k-of-k script (though we anticipate making use of the k-of-n script as well).
melroy89
commented
2 years ago Any update?
deepsimulation
commented
1 year ago Hi @prusnak,
Any update on this?
andrewtoth
commented
2 months ago Added the basic OP_CHECKSIGADD funtionality in https://github.com/trezor/trezor-firmware/pull/4159
nvk
commented
2 months ago I was tagged here but I don't see the comment.
andrewtoth
commented
2 months ago It was deleted just now after my comment.
prusnak
commented
2 months ago there was nothing in the comment, except for the tag - i considered it a spam, because it added no value to the discussion, so I deleted it
There are a number of options how to implement multisig with Taproot [1], so first we have to decide which one(s) we will implement. Using a single
OP_CHECKSIGADD-based script is the simplest and most similar to the way classic multisig works. Nevertheless we want to wait for Casa and Unchained Capital to see what they want to aim for.[1] https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki#cite_note-5