Scripts and Wallets

Reading

Content	Time (min)
Bitcoin Script: Past and Future	35
Script: A Mini Programming Language	15
Scripts (general & simple)	40
Miniscript: Streamlined Bitcoin Scripting	15
(optional) Using the Chain for What Chains are Good For	30
The Battle for P2SH	40
HD Wallets	15
Mnemonic Code Converter	x
Coin Selection	25
An Introduction to Bitcoin Core Fee Estimation	15
Fee Bumping and RBF	25
(optional) PSBT with Andrew Chow	25
(optional) Native Descriptor Wallets - gist or presentation	15 or 20
Schnorr Signatures & The Inevitability of Privacy in Bitcoin	20
(optional) MuSig-DN: Schnorr Multisignatures with Verifiably Deterministic Nonces	15
Taproot Explained (video)	15
Overview of the Taproot & Tapscript BIPs	25
Scriptless Scripts	15
(optional) Optech Series: Preparing for Taproot	70
(optional) On Building Consensus and Speedy Trial	25

Optional Practical Exercise

• Taproot, sighash, timelock transaction exercises (chapters 3-5)
• Taproot workshop by Bitcoin Optech Group (3+ hours)

Discussion Questions

SCRIPT

1. John Newbery talks about verification vs. computation, and he bring it up as a big reason why he thinks bitcoin can scale but is skeptical about ethereum. Is there a qualitative difference between verification and computation? And is it the fact that ethereum is capable of performing arbitrary computation that makes the whole thing difficult to scale, or is it that specifically smart contracts that require arbitrary computation won’t be able to scale (as in those contracts would be very expensive to run)?

Output Descriptors

1. What is the benefit of using output descriptors?

2. How does miniscript interact with descriptors?

HD Wallets

1. What is the difference between child and hardened child addresses?

2. Why is the internal chain not visible outside of the wallet if it uses public derivation?

Coin Selection

1. Is coin age ever a consideration for coin selection?

2. Coin selection can expose a wallet by observing how the wallet selects its inputs, are there any efforts to standardize coin selection into a library of sorts so there's a standard?

Fee Bumping and RBF

1. Is there way to ensure that a transaction will be processed? What tools are available to ensure a stuck transaction (due to low fees) gets processed?

2. While inconvenient, could a stuck transaction lead to a loss of funds?

Schnorr signatures

1. How are schnorr signatures reducing a transaction's data footprint?

2. How can validation of schnorr signatures be sped up?

3. Why may schnorr signatures incentivize multi-spender transactions?

4. What makes Schnorr signatures shorter?

5. Why do schnorr signatures need a nonce?

6. What is the risk of nonce-generation on a limited-entropy device like a hardware wallet? How can that risk be overcome with deterministic nonce generation?

Taproot

1. What makes Pay to Taproot more private than previous output formats?

2. What are the difficulties and benefits of switching to Pay to Taproot addresses?

3. Why does tapscript not support OP_CHECKMULTISIG?

4. What is the purpose of TaggedHashes?

(optional) The softfork bundle

1. Would it be possible to implement Taproot without schnorr signatures or schnorr outputs without Taproot?

2. How did the Bitcoin network settle on using Speedy Trial to activate Taproot?

(optional) Native segwit output and bech32 addresses

1. What's the difference between "native segwit" and "bech32(m)"?

2. Should wallets allow sending to bech32m addresses?