bitcoin-dev

Should Graftroot be optional?

Should Graftroot be optional?

Original Postby Andrew Poelstra

Posted on: May 24, 2018 12:39 UTC

The discussion on bitcoin-dev mailing list is about guaranteeing that the original script is followed as promised in scenarios where not all stakeholders hold one of the private keys required to sign.

While mandatory graftroot would not allow signing stakeholders to take the coins, even if there are non-signing script conditions that must be followed, to use Taproot the top-level public key needs to be unusable, making it also unusable for Graftroot. The concern is not with the ability to move funds to an address under new rules but providing a transparent guarantee that the original script is followed. To achieve this in Taproot, the top-level key needs to be disabled, which will disable Graftroot as well. It is suggested that any context where Graftroot seems dangerous, there needs to be a reason why the ability to create transactions is not dangerous.