- 
                Notifications
    You must be signed in to change notification settings 
- Fork 60
Description
Just opening this issue to have a URL to share until I and/or another contributor get around to implementing a demo of cross-input signature aggregation in detached signatures, presumably as part of a v5 transaction format proposal. Also implicit/optional sequence numbers (but not locktime to avoid disincentivizing re-org resistance), probably some solution for fractional satoshis, maybe implied OP_RETURNs, and compactUint everything else. (And consider enabling or requiring v5 TXs to support UTXO Hash Sets.)
A key goal is to reduce the size/cost of CashFusion transactions, e.g. the largest one so far was ~40KB, with 261 inputs and 114 outputs1. Replacing each signature in this TX with a reference to a detached signature (e.g. OP_1) would save 261 * 64 = 16,704 bytes (minus the aggregated, detached signature itself), bringing the transaction size down to ~24KB (41% savings). The savings are also greater for transactions with more inputs than outputs, so the overall effect will also encourage (privacy-preserving) UTXO set consolidation.
Also worth noting that we could save an additional 261 * 33 = 8,613 bytes (down to ~15KB, for 62% total savings) if all inputs switched to P2PK rather than P2PKH. Between the funding output (the change output of the last TX) and fusion input, each user saves 24 bytes of public key hash and P2PKH overhead.
There are some privacy considerations on the P2PK usage: you don't want to leak which output is the "change" if you're paying to P2PKH, but if the funding transaction was already using PayJoin, there was no meaningful cost to negotiating P2PK addresses rather than P2PKH. We can also expect 1) network wide P2PK usage to increase due to the cost savings and 2) if some popular wallets support both P2PK and P2PKH (esp. mixed use) the difference stops being useful as a privacy-breaking heuristic (wallets could even juggle funds between them to throw off naive trackers).
Chaingraph Queries
Paste into https://try.chaingraph.cash/:
 {
  transaction(
    where: {
      hash: {
        _eq: "\\xf55237e16408134f6ff21c75c857f0db38dc106a7bf2572af3717475cbefdf02"
      }
    }
  ) {
    hash
    input_count
    output_count
    size_bytes
    encoded_hex
}Result:
{
  "data": {
    "transaction": [
      {
        "hash": "\\xf55237e16408134f6ff21c75c857f0db38dc106a7bf2572af3717475cbefdf02",
        "input_count": "261",
        "output_count": "114",
        "size_bytes": "40703",
        "encoded_hex": "[... snip ... ]"
      }
    ]
  }
}Note: until we improve performance of this sort of query, you need a trusted instance to find/filter CashFusion transactions:
query CashFusionTxs {
  search_output_prefix(
    args: { locking_bytecode_prefix_hex: "6a0446555a00" }
    limit: 100
  ) {
    transaction_hash
    transaction {
      input_count
      output_count
      size_bytes
      block_inclusions {
        block {
          hash
          height
        }
      }
    }
  }
}