bitcoin-dev

Should Graftroot be optional?

Should Graftroot be optional?

Original Postby ZmnSCPxj

Posted on: May 23, 2018 06:15 UTC

ZmnSCPxj proposes modifying the Taproot equation to make Graftroot optional and combining Taproot and Graftroot.

He suggests using a one-level Merkle tree, where one branch enables or disables Graftroot and the other branch is an ordinary script. This increases Taproot spends by a hash and Graftroot spends by a point, signature, and hash. ZmnSCPxj raises concerns about signing arbitrary messages and making Graftroot optional while ensuring that the simple-signing case will not be a vulnerability for wallets.