bitcoin-dev
Should Graftroot be optional?
Posted on: May 24, 2018 09:32 UTC
On May 24th, 2018, Gregory Maxwell raised concerns regarding the possibility of graftroot in Bitcoin transactions.
He pointed out that if graftroot is possible, it would mean that funds were paid to a public key and the holder(s) of the corresponding private key could sign without constraint, thus there wouldn't be any accountability regardless of graftroot. However, he agreed with the idea of sending funds constrained by a script without a public key ever existing at all. Despite not being an expert on the field, the author of the original message stated that they believe Pieter Wuille understood their points and addressed their concerns well. They only asked for the optional ability to prove that the constructions are not being used, as some uses require committing to an immutable script. The author suggested that such a proof does not need to be public, but it may be optionally. A private contract wouldn't publish these details, while a public commitment would do so.Overall, the author requested that the ability to prove the non-use of certain constructions be preserved for future implementations.