[Simplicity] Simplicity's first transaction

Russell O'Connor roconnor at blockstream.io
Wed Sep 18 01:46:55 AEST 2019 

Hi everyone,

I'd like to give an update on Simplicity development.  We have reached a
small milestone last week where we have created and redeemed a Simplicity
TXO on an Elements regtest instance.

A few weeks ago, we created a simplicity branch on Elements[1] that pulls
in the Simplicity project[2] as a subtree and does an experimental
integration into Elements.  For this experimental development, we created
an improper segwit version, "version 31" for Simplicity addresses.  The
payload of this segwit version 31 address contains a commitment Merkle root
of a Simplicity program to control the UTXO.  A Simplicity UTXO is redeemed
by providing a serialized Simplicity program as the sole element of the
segwit witness stack.  In order for the transaction to be valid, the
provided Simplicity program's commitment Merkle root must match the one in
the address, and the Simplicity program must execute without failure.  For
more details about commitment Merkle roots and the serialization format,
see the Simplicity Tech Report[3].

I've posted a gist[4] that illustrates my first Simplicity transaction in
Elements regtest.  The second output of tx
5f1a02019de32faa3722acaa35524ee2d99ff4d0611763fc02a7e31caf875271 sends ¤1
to the Simplicity segwit address
ert1lp3z0u3ur7t8hlfnneh28sn0u0fpwcr6f4zwtk7d4ejzn0994zhusfelwg0.  This is
the address for a Simplicity commitment Merkle root of
0c44fe4783f2cf7fa673cdd4784dfc7a42ec0f49a89cbb79b5cc853794b515f9, which is
the root of the 'CheckSigHashAll' Simplicity program for elements with the
public key 0300000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
(see [6]).  The 'CheckSigHashAll' program creates a custom 'sigAll'[7]
transaction digest using the elements specific transaction introspection
primitives of Simplicity.  The program then requires a Schnorr signature on
that digest with the committed public key.  The input of tx
33cb976d29e072d64b67b40dda4655f022b1ced1e12ef452884e3e55f2dfc067 redeems
this Simplicity UTXO by providing the serialization in the txinwitness
field of this Simplicity program along with the required signature.

Do not be put off by the 15K in witness data.  Discounted jets have not
been implemented yet, so the witness includes a complete description of the
Schnorr signature verification function written in raw Simplicity.  Once
discounted jets are in place, that description can be replaced by a handful
of bits to denote that specific function.  The verification time will also
be reduced commensurately with a discounted jet is in place.

While I'm very happy with this achievement, there is still much development
work ahead.  In addition to developing a library of useful jets, we also
still need to implement several anti-witness-malleability feature, and
anti-DoS features in order to make the implementation suitable for
operation on an adversarial network.  This includes implementing various
resource usage bound and/or costs.

Of course, more documentation and tooling surrounding Simplicity is needed
as well.  The above redemption transaction was essentially hand edited hex
with the signature made by doing calculations using an elliptic curve
calculator.

Moreover this experimental integration into Elements will not be
Simplicity's final form.  Currently the integration is using an improper
segwit version, but this is only out of an abundance of caution.  I could
switch to a random unused (proper) version of segwit if that is needed for
other tool support (perhaps PBST will demand a proper Segwit version).
Ultimately Simplicity is going to end up as a tapleaf version[8] rather
than a segwit version though.  But until we get a taproot implementation in
Elements, we will continue to do experimental development using a segwit
version.

I'll keep everyone updated as we make further progress.

[1]https://github.com/ElementsProject/elements/tree/simplicity
[2]https://github.com/ElementsProject/simplicity
[3]https://github.com/ElementsProject/simplicity/blob/pdf/Simplicity-TR.pdf
[4]
https://gist.github.com/roconnor-blockstream/2d0c3e340b7f17178984a71786280537
[5]
https://github.com/ElementsProject/simplicity/blob/36aaf50eb179e72aad29d7246535ba808909b6f8/Haskell/Simplicity/Elements/Programs/CheckSigHashAll.hs#L112
[6]
https://github.com/ElementsProject/simplicity/blob/0db68c5a6dfb7cf54d110f566e20ff1f55098d58/C/primitive/elements/checkSigHashAllTx1.c
[7]
https://github.com/ElementsProject/simplicity/blob/36aaf50eb179e72aad29d7246535ba808909b6f8/Haskell/Simplicity/Elements/Programs/CheckSigHashAll.hs#L112
[8]https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/simplicity/attachments/20190917/83ed323f/attachment.htm>

More information about the Simplicity mailing list